CIS Hardened Image STIG on Red Hat Enterprise Linux 9

What do you like best about the product?

What I like best about CIS Red Hat Enterprise Linux is the additional security hardening and compliance guidance it provides while maintaining the stability and reliability of the Red Hat Enterprise Linux platform. The CIS benchmarks offer a structured framework for improving system security and standardizing configurations across environments.

One feature that has provided significant value is the predefined security recommendations. Instead of manually researching and implementing security controls, the benchmark guidance helps establish consistent configurations more efficiently. This reduces the time required for system hardening and helps ensure that security best practices are applied consistently.

The auditing and compliance benefits are also valuable. Having documented security controls and configuration standards makes it easier to review system settings, prepare for internal audits, and maintain operational consistency. This has helped improve visibility into security posture and reduced the effort required to verify configuration compliance.

Another advantage is the platform's balance between security and operational stability. The guidance focuses on practical hardening measures while still allowing systems to support business applications and infrastructure services effectively. This helps maintain reliability without introducing unnecessary complexity.

What do you dislike about the product?

One challenge is that implementing all recommended controls can require significant planning and testing, particularly in environments that support multiple applications and services. Some security settings may need careful evaluation to ensure they do not affect operational requirements.

What problems is the product solving and how is that benefiting you?

Before implementing CIS Red Hat Enterprise Linux guidelines, maintaining consistent security configurations across systems was often a challenge. Different servers could have varying settings, making it more difficult to enforce security standards, identify configuration gaps, and prepare for security reviews or compliance assessments.

CIS Red Hat Enterprise Linux solves these challenges by providing a structured and well-documented security baseline for system hardening. Instead of creating security policies from scratch, administrators can follow established benchmark recommendations to configure systems in a more consistent and secure manner.

One of the biggest benefits has been improved standardization. Security settings, access controls, logging configurations, and system policies can be implemented using a common framework, reducing configuration drift across environments. This helps improve operational consistency and simplifies ongoing administration.

The benchmark also helps strengthen system security by identifying areas where default configurations can be improved. Applying these recommendations helps reduce unnecessary exposure, improve system visibility, and support better security practices throughout the infrastructure.

Another advantage is improved audit readiness. Having a recognized security benchmark makes it easier to review configurations, validate security controls, and demonstrate that systems are aligned with established best practices. This reduces the effort required when preparing for internal reviews and compliance-related activities.

What do you like best about the product?

I appreciate the strong security features of CIS Red Hat Enterprise Linux, particularly how it revokes all access to non-root users. This significantly enhances the security by ensuring that unauthorized personnel cannot execute commands that could compromise the system. I also value the partition-level security it provides, such as setting 'noexec' and 'nosuid' options in the 'fstab' file for temporary partitions. This feature effectively prevents the automatic execution of programs, adding an additional layer of security to protect sensitive data. Moreover, the restrictions set for '/etc/fstab' are particularly beneficial for temporary partitions, which are often targeted by applications looking to execute programs. By disallowing execution on these partitions, it minimizes security risks and protects our telecom customers' environments more efficiently.

What do you dislike about the product?

I find handling the PAM authentication and audit services in CIS Red Hat Enterprise Linux to be quite confusing. While PAM is essential for Linux password restrictions, the complexity involved makes it cumbersome, and managing the necessary controls could be streamlined if handled separately. Additionally, the initial setup of the system is challenging due to numerous restrictions that must be kept in mind. This adds another layer of complexity, requiring careful application of changes or modifications, which reduces the overall user-friendliness.

What problems is the product solving and how is that benefiting you?

I use CIS Red Hat Enterprise Linux to enhance security, adding extra layers such as revoking access for non-root users and setting noexec nosuid on tmp partitions to prevent unauthorized execution.

What do you like best about the product?

Appstreams : run different stable versions of software : Like -> Simultaneous Nginx 1.27 and the default packaged nginx

What do you dislike about the product?

Licensing, you can't implement it with a dev license properly. You will need to migrate it to a subscription , can be quite costly

What problems is the product solving and how is that benefiting you?

Multiple

What do you like best about the product?

we can install our required packages smooth

What do you dislike about the product?

Its specific commands need to search or expertize need

What problems is the product solving and how is that benefiting you?

This Operating system provide platform

What do you like best about the product?

when you pair RHEL minimal installation with CIS benchmark. You are now double edge sord.

What do you dislike about the product?

The CIS benchmark scripts for opensource OS should be free to use

What problems is the product solving and how is that benefiting you?

CIS almost locked all doors of entries. Sometimes an attacker filled the tmp file thru garbage data which halts the OS. in case of CIS benchmarked machine it helps you so that the application face challange due to unab le to generate data at tmp path

What do you like best about the product?

CIS red hat comes pre-installed with most software that you need.

What do you dislike about the product?

Same old GUI but I prefer command line. GUI could be upgraded to modern standards

What problems is the product solving and how is that benefiting you?

Databases backend, software application development environment

What do you like best about the product?

Grat stability and good support,updates usually go well and do not require any tinkering to keep it working as expected

What do you dislike about the product?

The licensing can be a bit pricey whenever you use a los of instances,

What problems is the product solving and how is that benefiting you?

Having a stable Linux distro with enterprise support

What do you like best about the product?

Easy to use. The gui of RHEL is very user friendly. Easy to maintain as well. And the security server is very good as they validate file tobe downloaded and also active subscription have their own repository of packages.

What do you dislike about the product?

Nothing is wrong with RHEL as most of the Linux/Unix Server I have been used, RHEL is the most convenient and easy to use.

What problems is the product solving and how is that benefiting you?

This helped us a lot in terms of security of our critical applications. RHEL also helped us in simulating tests for security in all out applications.

What do you like best about the product?

I like everything about RHEL the best part is that it's a server and feels so powerful using it.

What do you dislike about the product?

Nope not a thing, i don't know anything that I don't like about it i just love it

What problems is the product solving and how is that benefiting you?

Mastering my skills like automation, like we do in production

What do you like best about the product?

Easy installation and easy to maintain. The support has been excellent so far.

What do you dislike about the product?

Not much wrong with it. I haven't discovered anything that has been a major inconvenience. We have upgraded RHEL several times and each time it gets better.

What problems is the product solving and how is that benefiting you?

Provides a stable solid platform to support our intranet applications. Security is easy to lock down and updates are easy to implement.