Hardening a Linux system is straightforward in concept and surprisingly complex in practice. Most teams rely on Ansible playbooks, custom scripts, and manual STIG checklists that are difficult to maintain, hard to audit, and prone to drift over time.
This workshop takes a practical, side-by-side look at Linux hardening: we start with a fresh Rocky Linux install and walk through the manual hardening process — SSH configuration, kernel tuning, password policy, SELinux, and compliance frameworks like DISA-STIG and CIS. We then explore what Rocky Linux from CIQ — Hardened (RLC-H) delivers out of the box: kernel runtime guards, hardened memory allocation, pre-remediated compliance images, Secure Boot, and commercially backed CVE remediation — by design, not by configuration.
This is not a lecture. Attendees of all experience levels are welcome, and those with deep security backgrounds are especially encouraged to bring their perspective. The goal is an honest conversation about where the traditional DIY approach holds up, where it falls short, and what a purpose-built hardened distribution changes.
No CIQ Portal access required. All hands-on exercises use community Rocky Linux.
