Is there some sort of comprehensive guide on hardening RHEL clones like Alma and Rocky?
I have read Madaidan’s blog, and I plan to go through CIS policies, Alma and Rocky documentation and other general stuff like KSPP, musl, LibreSSL, hardened_malloc etc.
But I feel like this is not enough and I will likely face problems that I cannot solve. Instead of trying to reinvent the wheel by myself, I thought I’d ask if anyone has done this before so I can use their guide as a baseline. Maybe there’s a community guide on hardening either of these two? I’d contribute to its maintenance if there is one.
Thanks.
Thanks. You are correct, however since root is required for certain processes, I will use different users and doas for my needs.
I have realised that it is hard for me to justify the reason why I want to harden an OS for personal use. I gave privilege escalation out, but after reading your comment I have realised that that is not the only thing I am looking to “fix”. My intention with running hardened_malloc was to prevent DoS attacks by malicious applications trying to exploit unknown buffer overflow situations, and LibreSSL and musl were to reduce the attack surface.
I agree with your comment though. I’m just wondering about how I can specify a reason (and why such a reason is required to justify hardening of a distro). I haven’t found much of a reason for the existence of OpenBSD, Kicksecure, Qubes etc other than general hardening and security.