Rocky Linux from CIQ – Hardened is a new take on Rocky Linux that’s not only fully supported by CIQ, but is also optimized to meet the most stringent security requirements.
We all know that Rocky Linux from CIQ, the successor to CentOS, is a rock-solid replacement for its predecessor, so it begs the question: Is there any improving the bulletproof nature of the distribution going forward?
Apparently, the answer – given from the Rocky Linux from CIQ folks in Reno, Nevada – is a resounding “yes.”
CIQ, the driver of modern software infrastructure for the age of AI, announced last week the availability of a preview of Rocky Linux from CIQ – Hardened, a version of Linux that has been optimized for environments with the most stringent security requirements.
These requirement include stronger password policies, memory corruption detection, kernel integrity checking, and SSH restrictions.
A webinar outlining the details of the release will be aired on Wednesday, March 19, 2025 at 11 am Pacific Time, followed by a preview on Thursday from the CIQ customer portal and the cloud marketplaces.
How did this next step in Rocky Linux come about?
“Converting Rocky Linux from CIQ to Rocky Linux from CIQ – Hardened is the latest milestone in a multi-decade journey, with many of the learnings coming from Openwall Linux and the initial packages in Rocky Linux from CIQ – Hardened being developed first for Rocky Linux as part of the RESF SIG/Security with CIQ’s support since mid-2023,” Brady Dibble, director of Product and Technical Program Management at CIQ told FOSS Force in an email exchange. “Now that we are commercializing this perspective and focus on hardening, development will only speed up.”
And the learning curve between the two distros is virtually non-existent, according to Dibble.
“Rocky Linux from CIQ – Hardened provides the familiar Enterprise Linux experience, with most of the complexity associated with hardening staying under the hood, so it’s not a big leap to set it up or to migrate from Rocky Linux to Rocky Linux from CIQ – Hardened now,” he explained. “The present mid-point in the journey may be the best opportunity to switch to Rocky Linux from CIQ – Hardened. Long-term security maintenance of systems should require less effort than that of non-hardened Enterprise Linux systems due to us providing pre-hardened package updates.”
Rocky Linux from CIQ – Hardened delivers Rocky Linux via secure supply chain and packages, pre-configured security, code level hardening that blocks commonly used exploit paths, automated security updates, enhanced threat detection, and premier support, all while maintaining API and application binary interface compatibility with the Enterprise Linux standard.
“The creation of Rocky Linux from CIQ – Hardened was a direct result of the countless conversations I have had with security-concerned IT executives,” Gregory Kurtzer, CEO of CIQ, and a founder of CentOS, said in a statement. “Organizations struggle to consistently thwart security attacks across their Linux environments where even a single exploit poses a major risk. Rocky Linux from CIQ – Hardened makes it harder for malicious attackers to break into critical software infrastructure by providing a more secure foundation and defense in depth while maintaining compatibility with the Enterprise Linux standard.”
A hardened operating system is typically the baseline of an overall strategy. However, attack vectors constantly change and ensuring consistent coverage across all systems is a challenge. Rocky Linux from CIQ – Hardened is built on the standard Rocky Linux from CIQ base and is delivered and validated via secure supply chain, with all security patches and updates applied promptly. In the case of any issues, the CIQ team provides support to help mitigate issues or troubleshoot problems.
As the speed, sophistication and volume of attacks on corporate systems accelerate, IT security teams struggle to apply an effective and consistent Linux security policy across all their servers. With Rocky Linux from CIQ – Hardened, they can deploy a trusted version of Linux and be assured that it is delivered securely, configured correctly, is up to date, and protects their apps and services from malicious threats.
Rocky Linux from CIQ – Hardened delivers a stable and secure platform, minimizing downtime and simplifying security management. It is ideal for sensitive infrastructure and allows organizations to focus on their core mission, not operating system maintenance.
In addition, users have access to the support and services from Linux experts that can not only troubleshoot issues, but proactively help them with their unique security requirements.
The CIQ team has researched common security threat vectors and have actively addressed limiting these in this version. The product delivers:
- System Level Hardening: Minimizes zero-day and CVE risks by eliminating many of the potential attack surfaces and common exploit vectors.
- Accelerated Risk Mitigation: Addresses security threats ahead of standard updates, significantly reducing exposure time.
- Strong Access Controls: Implements advanced password hashing, strict authentication policies and hardened access controls.
- Advanced Threat Detection: Detects sophisticated intrusions that evade traditional security with Linux Kernel Runtime Guard (LKRG).
- Simple Deployment: Delivers pre-hardened systems, saving time and resources on security configurations.
- Enterprise Linux: Compatible with the Enterprise Linux standards.
“I am excited to see the release of a security enhanced Linux distribution,” said Alexander Peslyak (also known as Solar Designer), lead for the Openwall GNU/*/Linux project for two decades and now an employee of CIQ. “While most distributions still fix individual CVEs one at a time, Rocky Linux from CIQ – Hardened will fix CVEs and also learn and introduce changes so it can proactively mitigate entire classes of similar bugs that are not yet discovered or patched.”
Be First to Comment