What's New

Hardened Linux Images: Latest Releases

Release Notes and CIS Benchmark Details for Hardened Linux Images for VMs and Containers

What's New in Hardened Linux Images?

Our hardened OS image for Rocky Linux 9.5 is built in accordance with the CIS Rocky Linux 9 Benchmark – Level 2 (Server Profile).
Benchmark Version: 0.1.76

Benchmark Scope and Exclusions

While we strive for comprehensive compliance, certain CIS controls are excluded due to technical constraints specific to virtual machine environments or because they are best configured post-deployment by end users.

Excluded Controls Due to Single Partition Layout

Our Rocky Linux VM images use a single-partition layout. As such, the following controls, which require dedicated partitions, are excluded:

  • CIS 1.1.2.1.1 – Ensure a separate partition exists for /tmp
  • CIS 1.1.2.1.2 – Ensure the nodev option is set on /tmp
  • CIS 1.1.2.1.3 – Ensure the nosuid option is set on /tmp
  • CIS 1.1.2.1.4 – Ensure the noexec option is set on /tmp
  • CIS 1.1.2.4.1 – Ensure a separate partition exists for /var
  • CIS 1.1.2.6.1 – Ensure a separate partition exists for /var/log
  • CIS 1.1.2.7.1 – Ensure a separate partition exists for /var/log/audit
  • CIS 1.1.2.3.1 – Ensure a separate partition exists for /home

Controls Requiring End-User Configuration

The following controls are excluded from the hardened image but are expected to be configured by end users based on their environment and security policies:

  • CIS 1.3.1 – Ensure bootloader password is set
  • CIS 4.2.4 – Ensure SSH daemon access is configured

Quality Assurance and Coverage

All hardened images undergo rigorous automated and manual QA to ensure consistency, functionality, and compliance. Despite the noted exclusions, OpenLogic's Rocky Linux 9.x hardened images still pass more than 300 CIS security controls across both the Level 1 and Level 2 profiles.

These images offer a secure, production-ready foundation for organizations seeking to maintain CIS compliance while operating in virtualized environments.

Our hardened OS images for Rocky Linux 8.9 and 8.10 are built in accordance with the CIS Rocky Linux 8 Benchmark – Level 2 (Server Profile).
Benchmark Version: 0.1.76

Benchmark Scope and Exclusions

While we strive for comprehensive compliance, certain CIS controls are excluded due to technical constraints specific to virtual machine environments or because they are best configured post-deployment by end users.

Excluded Controls Due to Single Partition Layout

Our Rocky Linux VM images use a single-partition layout. As such, the following controls, which require dedicated partitions, are excluded:

  • CIS 1.1.2.1.1 – Ensure a separate partition exists for /tmp
  • CIS 1.1.2.1.2 – Ensure the nodev option is set on /tmp
  • CIS 1.1.2.1.3 – Ensure the nosuid option is set on /tmp
  • CIS 1.1.2.1.4 – Ensure the noexec option is set on /tmp
  • CIS 1.1.2.4.1 – Ensure a separate partition exists for /var
  • CIS 1.1.2.6.1 – Ensure a separate partition exists for /var/log
  • CIS 1.1.2.7.1 – Ensure a separate partition exists for /var/log/audit
  • CIS 1.1.2.3.1 – Ensure a separate partition exists for /home

Controls Requiring End-User Configuration

The following controls are excluded from the hardened image but are expected to be configured by end users based on their environment and security policies:

  • CIS 1.3.1 – Ensure bootloader password is set
  • CIS 4.2.4 – Ensure SSH daemon access is configured

Quality Assurance and Coverage

All hardened images undergo rigorous automated and manual QA to ensure consistency, functionality, and compliance. Despite the noted exclusions, OpenLogic's Rocky Linux 8.x hardened images still pass more than 300 CIS security controls across both the Level 1 and Level 2 profiles.

These images offer a secure, production-ready foundation for organizations seeking to maintain CIS compliance while operating in virtualized environments.