Glossary

Glossary of Terms - RLC-H¶

ASLR (Address Space Layout Randomization)¶

Security technique that randomly arranges the address space positions of key data areas to make it harder for attackers to predict target addresses for exploitation.

Checksum¶

A cryptographic hash (typically SHA256) used to verify the integrity of downloaded files, ensuring they have not been corrupted or tampered with.

CIQ Depot¶

CIQ Depot provides public and private products and repositories to customers of CIQ.

CIQ Extras Repository¶

Additional repository provided with RLC-H containing useful security tools, hardening scripts, and supplementary packages not found in standard repositories.

CIQ Portal¶

Integrated with CIQ Depot provides public and private products and repositories to customers of CIQ. The central portal for accessing RLC-H installation media, updates, and enterprise repositories with hardened security features.

Common Criteria¶

International standard for computer security certification that provides assurance that security products meet specific security requirements through rigorous evaluation.

Commercial Guarantee¶

Business-level commitments provided by CIQ for RLC-H services, including enhanced support response times, accelerated security update delivery, and system availability with security assurance.

Compliance Framework¶

Structured approach to meeting regulatory and security standards including FIPS 140-2, Common Criteria, and industry-specific compliance requirements with built-in controls and reporting.

Control Flow Integrity (CFI)¶

Security technique that prevents code-reuse attacks by ensuring that program execution follows the intended control flow graph, protecting against ROP and JOP attacks.

CVE (Common Vulnerabilities and Exposures)¶

Standardized identifiers for known security vulnerabilities that are tracked and patched in RLC-H security updates with accelerated response times.

DEP (Data Execution Prevention)¶

Hardware feature that marks certain areas of memory as non-executable, preventing code injection attacks by ensuring that data areas cannot be executed as code.

Depot Token¶

Authentication credential provided by CIQ for accessing private repositories and enterprise security features in CIQ Depot.

DNF¶

Dandified YUM (DNF) is the package manager used by Rocky Linux and RLC-H for installing, updating, and managing software packages with enhanced security verification.

Enterprise Repository¶

Commercial-grade software repositories managed by CIQ with guaranteed availability, performance, support, and enhanced security validation.

Fast Track Repository¶

Special CIQ repository containing urgent security patches and critical updates delivered ahead of regular update cycles when needed to meet enhanced SLOs.

FIPS 140-2¶

Federal Information Processing Standard for cryptographic modules that specifies security requirements for hardware and software components handling sensitive information.

GPG Key¶

GNU Privacy Guard cryptographic keys used to verify the authenticity and integrity of software packages in RLC-H repositories with enhanced key management.

Hardened Kernel¶

A Linux kernel with additional security patches, runtime protection mechanisms, and hardening features that reduce attack surface and provide enhanced protection against kernel-level exploits.

Indemnification¶

Legal protection provided by CIQ to RLC-H customers against claims of intellectual property infringement related to the use of open source software, with additional coverage for security-related issues.

ISO¶

An ISO file is an archive image of an optical disc, such as a CD or DVD, that contains all the necessary installation files for the Linux distribution.

Kernel Exploit Mitigation¶

Techniques and protections specifically designed to prevent and detect attempts to exploit vulnerabilities in the kernel, including runtime integrity checking and control flow protection.

LKRG (Linux Kernel Runtime Guard)¶

A kernel security module that performs runtime integrity checking of critical kernel structures and detects unauthorized modifications, providing protection against privilege escalation attacks and kernel exploits.

LTS (Long Term Support)¶

Extended support lifecycle for specific versions of RLC-H, providing security updates and critical fixes for extended periods with enhanced security monitoring.

Malloc Hardening¶

Memory allocation security enhancements that detect and prevent heap-based buffer overflows, use-after-free vulnerabilities, and other memory corruption attacks through hardened memory management.

Memory Protection¶

Hardware and software-based mechanisms that prevent unauthorized access to memory regions, including ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention), and stack canaries.

Migration¶

The process of transitioning from community Rocky Linux or other distributions to RLC-H while preserving data and configurations with security enhancements.

Package Validation¶

Enhanced process of cryptographic verification performed by CIQ to ensure all packages in RLC-H repositories are authentic, unmodified, and security-tested.

Privilege Escalation Protection¶

Security mechanisms designed to prevent unauthorized elevation of user privileges, including LKRG monitoring and enhanced access controls.

Repository¶

A storage location containing software packages and metadata that can be accessed by package managers for software installation and updates, with additional security validation for RLC-H.

Rocky Linux from CIQ - Hardened (RLC-H)¶

The security-hardened version of Rocky Linux that provides enhanced protection against runtime attacks, kernel exploits, and memory corruption vulnerabilities with commercial guarantees, service level objectives, and indemnification.

RPM¶

Red Hat Package Manager - the package format used by RLC-H and other Enterprise Linux distributions for software distribution with enhanced signature verification.

Runtime Protection¶

Security mechanisms that operate during program execution to detect and prevent attacks, including stack protection, control flow integrity, and runtime bounds checking.

Security Baseline¶

Predefined security configuration that establishes minimum security requirements and settings for RLC-H systems, including hardened defaults and security controls.

Security Patch Management¶

Enhanced process for identifying, testing, and deploying security updates with accelerated timelines for critical vulnerabilities and comprehensive testing in hardened environments.

Service Level Objectives (SLO)¶

Committed performance targets for RLC-H services, including security patch delivery within 24 hours for critical vulnerabilities and repository availability guarantees with enhanced security monitoring.

Stack Canaries¶

Security feature that places a known value on the stack between local variables and control data to detect stack buffer overflows before they can corrupt return addresses.

Subscription¶

A commercial agreement with CIQ that provides access to RLC-H repositories, support services, and enterprise security features.

Supply Chain Validation¶

Enhanced process by which CIQ verifies and validates all packages in RLC-H repositories with additional security checks, cryptographic verification, and integrity validation to ensure secure software supply chain.

Vulnerability Scanning¶

Automated processes that continuously monitor RLC-H systems for known security vulnerabilities, misconfigurations, and compliance violations with enhanced reporting capabilities.

For additional resources or assistance, please explore other sections of the documentation or for more information about RLC-H pricing, licensing, training, and support options, please contact CIQ Sales or visit the CIQ website.