Rocky Linux is a Linux distribution that is intended to be a downstream, complete binary-compatible release using the Red Hat Enterprise Linux operating system source code. Security Hardened and Tuned to provide an environment ideal for running web applications, databases and application servers and helps in mitigating common threats such as insufficient authorization, network & program attack threats.

The Operating System is thoroughly scanned, vetting each and every base component leveraging a pool of industry certified security auditing tools. The Operating System is initially stripped from all the unnecessary insecure packages, settings and permissions. The base system is then further tuned, patched and hardened applying security recommendations from leading security industry organizations, standards and governing bodies. This ensures you have a secure environment to run your application and hit the ground running up-scaling your security posture and audit compliance within your organization.

Stack Tuning: Once the Operating System has been secured it is then tuned to optimize the networking stack with thoroughly tested and benchmarked parameters ensuring the web application, database or application server can run to its most efficient capability with the required memory, process and networking stack throughput.

Included within the Image:

• Virus Scanner - ability to be executed on an ad-ho basis or regular cadence to ensure files and packages are vetted appropriately and eliminate threats
• Shell Command Logger - Logs each and every users shell command executions to “/var/log/secure” for auditing and traceability purposes. Providing the ability to perform forensics and detail investigations in determining the user and the commands executed. Secure logs then be shipped to your favorite SIEM tool for monitoring and auditing purposes as well
• Update default Login Security Banner: /etc/issue.net
• Accelerated Networking and cloud-init supported

VM Creation Min Password Policy
Set the admin/users password using the policy below to gain access to the VM although a private/public SSH key-pair is recommended.

• Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
• Be at least 14 characters in length
• Contain characters from three of the following four categories:
• English Uppercase characters (A through Z)
• English Lowercase characters (a through z)
• Base 10 digits (0 through 9)
• Non-alphabetic characters (for example, !, $, #, %)

Recommended: Once deployed, any new package that is required should be installed from a reliable source repository and re-scanne to validate no new vulnerabilities have been introduced before approving.