Rocky Linux from CIQ - Hardened

Stop Linux threats: employ proactive security

Rocky Linux from CIQ - Hardened (RLC-H) delivers trusted, always up to date Enterprise Linux with proactive threat protection for your applications and services.

Enterprise Linux - built by the Rocky community; optimized, hardened and supported by CIQ

Hardened packages

RLC-H includes patches and configs for key packages like glibc where we remove unsafe environment variables when crossing a privilege boundary.

OpenSSH

RLC-H hardens the OpenSSH package, reducing its attack surface through removal of non-essential libraries.

LKRG attack detection and response

RLC-H adds Linux Kernel Runtime Guard (LKRG) to detect kernel vulnerability exploits and identifies/responds to unauthorized modifications of a running kernel and its security-critical data

hardened_malloc

RLC-H adds a security-focused general purpose memory allocator which implements secure heap allocation strategies and strengthens resistance against heap exploitation techniques.

Stronger passwords

RLC-H includes passwdqc for stronger password policies and yescrypt hashing for enhanced resistance to GPU password cracking.

Accelerated CVE mitigation

CIQ team delivers patches for especially important CVEs ahead of standard updates, significantly reducing exposure time.

Custom security controls

RLC-H offers a control framework that includes a set of predefined facilities for password security and reduced exposure of local privileged programs (such as SUID root).

Package validation

All packages are CIQ-verified and cryptographically signed, ensuring package integrity from verified CIQ repositories. In addition to a checksum, each image ships with an SBOM.

RLC-H and Compliance for regulated deployments

RLC-H eliminates manual work so you can speed compliance, automate ongoing efforts and help meet audit requirements with pre-hardened images for frameworks like DISA STIG or CIS, along with FIPS 140-3 compliant cryptographic modules. You can also add pre-remediated and compliant images to RLC-H based on your compliance requirements.

Why RLC-H?

As the speed, sophistication, and volume of attacks on corporate systems accelerate, CISOs and IT security teams struggle to apply an effective and consistent Linux security policy across all their servers.

With RLC-H, you get Enterprise Linux and can be assured that it is delivered securely, configured correctly, and is proactively protecting your apps and services from malicious threats.

Proactive

Pre-configured against key threat vectors and delivers hardened memory and kernel integrity checking.

Current

Delivers the latest version of Rocky Linux and is actively updated with all updates and patches.

Speed

Use a pre-hardened Linux OS, so you eliminate the need to manually update a fleet of servers.

Includes CIQ support

RLC-H comes with support from our team of experts who have decades experience securing Linux in some of the most demanding and stringent environments on the planet.

$8.8M

Avg. cost of a license violation.

CIQ indemnifies you against open-source license compliance risk.

76%

of codebases contain at least one vulnerability.

CIQ provides CVE patch SLAs and hardened security.

Includes indemnification

Rocky Linux from CIQ comes with the protection and indemnification guarantees that eliminate your risk and liability in the case of legal issues against the open source software. CIQ is accountable and delivers the coverage to keep your legal and compliance teams satisfied.

Need long term support?

LTS can be added to RLC-H for specific point releases to enable you to stay compliant for over four additional years.

Get Rocky Linux from CIQ - Hardened

Also available on

Learn more about RLC-H

View all posts

Linux Security: a comparison of manual vs pre-hardening of the operating system

Deploy fast or deploy secure, and how to do both

Rocky Linux from CIQ – Hardened Now Available on All Three Major Cloud Marketplaces

The real danger of systemd-coredump CVE-2025-4598