Is there some sort of comprehensive guide on hardening RHEL clones like Alma and Rocky?

I have read Madaidan’s blog, and I plan to go through CIS policies, Alma and Rocky documentation and other general stuff like KSPP, musl, LibreSSL, hardened_malloc etc.

But I feel like this is not enough and I will likely face problems that I cannot solve. Instead of trying to reinvent the wheel by myself, I thought I’d ask if anyone has done this before so I can use their guide as a baseline. Maybe there’s a community guide on hardening either of these two? I’d contribute to its maintenance if there is one.

Thanks.

  • marauding_gibberish142@lemmy.dbzer0.comOPEnglish
    1·
    6 days ago

    Dom0 being based on Fedora has been a gripe of mine for a while now. Fedora isn’t that secure without some effort either. Unfortunately, I have no way to confirm which one out of them is “more secure”.

    Do you have any sort of automated test framework in mind which one can use to test distros against attacks?

    • The 8232 Project@lemmy.ml
      2·
      5 days ago

      Fedora isn’t that secure without some effort either.

      Fedora’s philosophy is being a modern and security oriented (not security focused) distro. An easy example is that Fedora uses Linux kernel 6.14.2, whereas Debian uses Linux kernel 6.1 (I know they backport fixes, but the point remains).

      Unfortunately, I have no way to confirm which one out of them is “more secure”.

      Do you have any sort of automated test framework in mind which one can use to test distros against attacks?

      Generally trust what security experts say about it, but if you really want an automated test, you can look at Lynis