Overview
Hardened Ubuntu 26.04 LTS - secure by default
Ubuntu 26.04 LTS hardened to CIS Level 1 and OpenSCAP-verified: SSH lockdown, fail2ban, auditd, automatic security updates, zero baked-in credentials, best-effort support by Verified Images.
Hardened Ubuntu 26.04 LTS - secure by default
CIS Level 1: 100% pass, OpenSCAP-verified
This is a repackaged open source software product wherein additional charges apply for best-effort support and ongoing security maintenance.
Verified Images publishes a hardened, production-ready build of Ubuntu 26.04 LTS (Resolute Raccoon). The image ships secure by default and stays current automatically, so you can launch trusted Linux infrastructure in minutes with a team standing behind it.
What's included:
- A security-hardened baseline aligned with the CIS Ubuntu Linux Benchmark, Level 1 (Server profile), independently verified with OpenSCAP (100% of applicable Level 1 controls pass; verification report available on request): SSH password authentication and root login are disabled, a kernel/network sysctl hardening profile is applied, password-aging and umask defaults are set, and no default passwords or SSH keys are baked in. This hardening also maps to system-hardening requirements in PCI DSS, NIST 800-53, and HIPAA technical safeguards. Verified Images is not affiliated with or certified by the Center for Internet Security; CIS Benchmarks is a trademark of CIS.
- SSH brute-force protection: fail2ban ships enabled with a tuned sshd jail, banning repeat offenders automatically without ever affecting legitimate key-based logins.
- Audit trail out of the box: auditd records changes to identity files, sudoers, and the SSH server configuration with searchable audit keys.
- Automatic security updates enabled out of the box (unattended-upgrades), keeping the OS patched against CVEs without manual intervention. Automatic reboots are off by default and can be enabled with a maintenance window of your choice (victl enable-auto-reboot).
- The victl management CLI: security status, a full hardening report, on-demand security updates, health checks, and the auto-reboot toggle, all in one command.
- A login banner showing hardening status, pending updates, and the victl quick reference.
- AWS Systems Manager (SSM) agent preinstalled for keyless, auditable instance management.
- Direct vendor support from Verified Images: deployment guidance, configuration help, patch and upgrade assistance, and troubleshooting, provided on a commercially reasonable, best-effort basis (no specific response time is guaranteed).
Ubuntu 26.04 LTS is a long-term support release maintained through 2031 (and to 2036 with Ubuntu Pro). Ubuntu is a trademark of Canonical Ltd.; Verified Images is not affiliated with or endorsed by Canonical.
Highlights
- Secure by default, verified - hardened to CIS Ubuntu Benchmark Level 1 and independently OpenSCAP-verified; SSH password/root login disabled, fail2ban, auditd audit trail, sysctl and login hardening, zero baked-in credentials.
- Stays patched, on your terms - unattended security updates out of the box, optional automatic reboot window, and the victl CLI for status, hardening reports, and on-demand updates; SSM agent preinstalled.
- Maintained and supported - security-maintained (rebuilt and re-verified on new CVEs) with best-effort vendor support from Verified Images: deployment, configuration, patching, and troubleshooting.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Cost/hour |
|---|---|
t3.small Recommended | $0.06 |
t3.micro | $0.05 |
t3.2xlarge | $0.40 |
t3.medium | $0.10 |
m5.xlarge | $0.25 |
m5.2xlarge | $0.40 |
t3.large | $0.16 |
t3.xlarge | $0.25 |
m5.4xlarge | $0.70 |
m5.large | $0.16 |
Vendor refund policy
Refunds are handled through AWS Marketplace in accordance with AWS Marketplace's standard refund policy. To request a refund, buyers should submit a request via AWS Marketplace. For product-related questions, contact support@verified-images.com .
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Initial release: hardened Ubuntu 26.04 LTS image with automatic security updates, SSH lockdown, fail2ban, auditd, victl CLI, and SSM agent preinstalled.
Additional details
Usage instructions
-
Launch this AMI from AWS Marketplace. Choose an instance type (t3.small recommended) and assign your own EC2 key pair for SSH access.
-
Security group: open TCP 22 (SSH) from your IP. No other ports are required by the base image.
-
Connect via SSH as the "ubuntu" user with your key pair: ssh -i /path/to/your-key.pem ubuntu@<public-ip> Password authentication and root login are disabled by design. Use "sudo" for privileged commands.
-
Automatic security updates are enabled (unattended-upgrades). No action needed; the OS patches itself for security updates. Manage and inspect the security posture with the built-in CLI: victl status (services, pending updates, reboot-pending state) victl hardening-report (everything this image hardens) sudo victl update-now (apply security updates immediately) sudo victl enable-auto-reboot 03:30 (optional automatic reboot window; off by default)
-
(Optional) Manage the instance without SSH keys using AWS Systems Manager: attach an IAM role with the AmazonSSMManagedInstanceCore policy, and the instance will appear in Systems Manager.
-
Support: email support@verified-images.com (best-effort; no guaranteed response time). Include your instance ID and a description of the issue.
Support
Vendor support
Support is provided by Verified Images (a DBA of CarmelTech LLC) via email at support@verified-images.com on a commercially reasonable, best-effort basis; no specific response time is guaranteed. Coverage includes deployment, configuration, security patching and upgrades, and troubleshooting of the image, plus ongoing security maintenance (the image is rebuilt and re-verified on new CVEs). Documentation is provided with the listing.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
