Skip to content

FAQs

FAQ

What is RLC-H?

Rocky Linux from CIQ - Hardened (RLC-H) is a security-hardened version of Rocky Linux designed for organizations that need enhanced security and compliance in their Linux environments. It includes enterprise-grade security hardening, threat detection, and compliance frameworks.

What do I get when I buy RLC-H?

RLC-H includes all the benefits of Rocky Linux from CIQ plus advanced security hardening features:

  • Security-hardened packages: Core system packages with security enhancements
  • Linux Kernel Runtime Guard (LKRG): Real-time kernel integrity checking
  • Enhanced malloc hardening: Protection against memory corruption attacks
  • Compliance frameworks: Pre-hardened images for DISA STIG, CIS, and FIPS 140-3
  • Advanced threat detection: Proactive protection against malicious threats
  • Stronger security policies: Enhanced password policies, SSH restrictions, and access controls
  • Supply chain validation: Packages verified by CIQ for secure deployment
  • Indemnification: Legal protection for claims of infringement related to open source software

How is RLC-H different from standard Rocky Linux?

RLC-H builds upon Rocky Linux with significant security enhancements:

  • Hardened core packages: glibc, OpenSSH, and other critical packages are security-hardened
  • Runtime security: LKRG provides continuous kernel integrity monitoring
  • Memory protection: Advanced malloc hardening prevents memory corruption attacks
  • Compliance ready: Pre-configured for security frameworks like DISA STIG and CIS
  • FIPS 140-3 certified: Cryptographic modules meet federal security standards
  • Enhanced policies: Stronger security policies throughout the system

How is RLC-H different from regular RLC?

RLC-H is the security-hardened version of Rocky Linux from CIQ (RLC):

  • RLC: Standard Rocky Linux with commercial guarantees and support
  • RLC-H: RLC plus comprehensive security hardening and compliance features

Both products include the same commercial backing, SLOs, and indemnification, but RLC-H adds advanced security features for high-security environments.

What security frameworks does RLC-H support?

RLC-H supports multiple security and compliance frameworks:

  • DISA STIG: Security Technical Implementation Guide compliance
  • CIS Benchmarks: Center for Internet Security hardening guidelines
  • FIPS 140-3: Federal Information Processing Standard cryptographic compliance
  • Common Criteria: International security evaluation standards

What is LKRG and why is it important?

Linux Kernel Runtime Guard (LKRG) is a security module that performs continuous integrity checking of the Linux kernel. It:

  • Detects kernel tampering: Identifies unauthorized changes to kernel code and data
  • Prevents privilege escalation: Blocks attempts to exploit kernel vulnerabilities
  • Provides real-time protection: Continuously monitors kernel integrity during runtime
  • Enhances security: Adds an additional layer of protection against advanced threats

What is malloc hardening?

Malloc hardening is a security enhancement that protects against memory corruption attacks by:

  • Preventing buffer overflows: Detecting and blocking attempts to overwrite memory
  • Protecting heap integrity: Ensuring memory allocation structures remain secure
  • Detecting use-after-free: Identifying attempts to access freed memory
  • Preventing memory leaks: Improving memory management security

Is support available for RLC-H?

Yes. Linux support from CIQ is available as an add-on for RLC-H, providing:

  • Professional support: Enterprise-grade technical support
  • Security expertise: Specialized knowledge of hardening features
  • Compliance assistance: Help with regulatory and compliance requirements
  • Custom configurations: Assistance with organization-specific security needs

What versions of RLC-H are available?

RLC-H is available based on Rocky Linux 9, with ongoing updates following the six-month minor release cycle. CIQ recommends updating at least once per week to get the latest security updates and hardening improvements.

Where do I get RLC-H?

RLC-H is available through:

  • CIQ Depot: Direct download from CIQ Portal
  • Cloud Marketplaces: Available on Azure (AWS, GCP, and OCI, coming soon)
  • Custom Images: Tailored images for specific compliance requirements

How do I migrate from standard Rocky Linux to RLC-H?

Migration from standard Rocky Linux to RLC-H typically requires:

  1. Backup your systems: Ensure you have complete backups before migration
  2. Plan the migration: Assess your current configuration and security requirements
  3. Install RLC-H: Deploy new RLC-H systems or perform in-place upgrades
  4. Configure security features: Enable and configure hardening features
  5. Validate compliance: Ensure your configuration meets security requirements

Professional migration services are available from CIQ to assist with complex migrations.

What hardware platforms are supported?

RLC-H supports the same hardware platforms as Rocky Linux:

  • x86_64: Intel and AMD 64-bit processors
  • aarch64: ARM 64-bit processors
  • Virtual machines: VMware, KVM, Xen, and other hypervisors
  • Cloud platforms: AWS, Azure, GCP, and other cloud providers

How do I get patches and updates?

Security patches and updates for RLC-H are delivered through:

  • Standard repositories: Use dnf update to get the latest packages
  • CIQ repositories: Access to hardening-specific updates and patches
  • Fast Track repository: Critical security updates when needed to meet SLOs

What happens if my subscription lapses?

If your RLC-H subscription lapses:

  • Repository access: You will lose access to CIQ repositories
  • Security updates: You will no longer receive hardening-specific updates
  • Support coverage: You will no longer be covered by CIQ support
  • Indemnification: Legal protections will no longer apply

Who should use RLC-H?

RLC-H is ideal for:

  • Government agencies: Organizations requiring high security standards
  • Financial services: Companies with strict compliance requirements
  • Healthcare organizations: Businesses handling sensitive patient data
  • Defense contractors: Organizations working with classified information
  • Critical infrastructure: Companies managing essential services
  • Any organization: Requiring the highest levels of Linux security

How much does RLC-H cost?

For current pricing information on RLC-H, please contact CIQ sales. Pricing typically depends on:

  • Number of systems: Scale of deployment
  • Support requirements: Level of professional support needed
  • Compliance needs: Specific regulatory requirements
  • Deployment model: On-premise, cloud, or hybrid deployments

Can I use RLC-H with containers?

Yes, RLC-H works excellently with containerized workloads:

  • Docker support: Full compatibility with Docker containers
  • Kubernetes: Optimized for Kubernetes orchestration
  • Security benefits: Container workloads benefit from host hardening
  • Compliance: Helps meet container security requirements

Is training available for RLC-H?

Yes, CIQ offers training programs for RLC-H including:

  • Administration training: System administration and configuration
  • Security training: Understanding and managing hardening features
  • Compliance training: Meeting regulatory requirements
  • Custom training: Tailored to your organization's specific needs

For more information about RLC-H pricing, licensing, training, and support options, please contact CIQ Sales or visit the CIQ website.