Rocky Linux from CIQ - Hardened

Enterprise Linux optimized for security & compliance.

Rocky Linux from CIQ - Hardened (RLC-H) is Enterprise Linux that is delivered securely, always up to date, and proactively protects apps and services from malicious threats.

A defense in depth starts with RLC-H.

Security for all workloads

RLC-H hardens the security of the OS for your workloads. It delivers hardened core packages that help minimize zero-day attacks, helps you stay ahead of security updates, and provides advanced threat detection capabilities.

Compliance for regulated deployments

RLC-H eliminates manual work so you can speed compliance, automate ongoing efforts and help meet audit requirements with pre-hardened images for frameworks like DISA STIG or CIS, along with FIPS 140-3 compliant packages.

Rocky Linux - built by the community; optimized, hardened and supported by CIQ.

Hardened packages

RLC-H includes patches and configuration changes for critical packages like glibc where we remove unsafe environment variables when crossing a privilege boundary.

OpenSSH

Another critical package hardened in RLC-H is OpenSSH, where we reduce its attack surface through removal of non-essential libraries.

LKRG threat detection and response

Linux Kernel Runtime Guard (LKRG) detects kernel vulnerability exploits and identifies and responds to unauthorized modifications of a running kernel and its security-critical data (notably including task credentials).

hardened_malloc

Security-focused general purpose memory allocator which implements secure heap allocation strategies and strengthens resistance against heap exploitation techniques.

Stronger passwords

RLC-H includes passwdqc for stronger password policies and yescrypt hashing for enhanced resistance to GPU password cracking.

Accelerated CVE mitigation

CIQ team delivers patches for especially important CVEs ahead of standard updates, significantly reducing exposure time.

Customizable security controls

RLC-H offers a control framework that includes a set of predefined facilities for password security and reduced exposure of local privileged programs (such as SUID root).

Package validation

All packages are CIQ-verified and cryptographically signed, ensuring package integrity from verified CIQ repositories. In addition to a checksum, each image ships with an SBOM.

Pre-remediated, compliance images.

You can also add pre-remediated and compliant images to RLC-H based on your compliance requirements. It provides pre-configured DISA-STIG or CIS security hardening and FIPS 140-3 compliant cryptographic modules.

Why RLC-H?

As the speed, sophistication, and volume of attacks on corporate systems accelerate, CISOs and IT security teams struggle to apply an effective and consistent Linux security policy across all their servers.

With RLC-H, you get Enterprise Linux and can be assured that it is delivered securely, configured correctly, and is proactively protecting your apps and services from malicious threats.

Proactive

Pre-configured against key threat vectors and delivers hardened memory and kernel integrity checking.

Current

Delivers the latest version of Rocky Linux and is actively updated with all updates and patches.

Speed

Use a pre-hardened Linux OS, so you eliminate the need to manually update a fleet of servers.

Includes CIQ support.

RLC-H comes with support from our team of experts who have decades experience securing Linux in some of the most demanding and stringent environments on the planet.

$8.8M

Avg. cost of a license violation.

CIQ indemnifies you against open-source license compliance risk.

76%

of codebases contain at least one vulnerability.

CIQ provides CVE patch SLAs and hardened security.

Includes indemnification.

Rocky Linux from CIQ comes with the protection and indemnification guarantees that eliminate your risk and liability in the case of legal issues against the open source software. CIQ is accountable and delivers the coverage to keep your legal and compliance teams satisfied.

Need long term support?

LTS can be added to RLC-H for specific point releases to enable you to stay compliant for over four additional years.

Get Rocky Linux from CIQ - Hardened.

Learn more about RLC-H

View all posts
Available Now: A Security focused Linux… and pre-configured compliance options

Available Now: A Security focused Linux… and pre-configured compliance options

Why Choose Rocky Linux from CIQ?

Why Choose Rocky Linux from CIQ?

Announcing Rocky Linux from CIQ - Hardened

Announcing Rocky Linux from CIQ - Hardened

What is Rocky Linux from CIQ (RLC)?

What is Rocky Linux from CIQ (RLC)?