Is there some sort of comprehensive guide on hardening RHEL clones like Alma and Rocky?

I have read Madaidan’s blog, and I plan to go through CIS policies, Alma and Rocky documentation and other general stuff like KSPP, musl, LibreSSL, hardened_malloc etc.

But I feel like this is not enough and I will likely face problems that I cannot solve. Instead of trying to reinvent the wheel by myself, I thought I’d ask if anyone has done this before so I can use their guide as a baseline. Maybe there’s a community guide on hardening either of these two? I’d contribute to its maintenance if there is one.

Thanks.

    • warmaster@lemmy.world
      2·
      8 hours ago

      From secure blue’s website:

      Who is secureblue for?

      secureblue is for those whose first priority is using Linux, and second priority is security. secureblue does not claim to be the most secure option available on the desktop. We are limited in that regard by the current state of desktop Linux standardization, tooling, and upstream security development. What we aim for instead is to be the most secure option for those who already intend to use Linux. As such, if security is your first priority, secureblue may not be the best option for you.

      Why do they say that? What limitations does Linux have in terms of security?

    • marauding_gibberish142@lemmy.dbzer0.comOPEnglish
      1·
      8 hours ago

      Thank you for that. Yes, I only really follow his post roughly.

      Unfortunately, I don’t think secureblue is going to be a possible choice. I like the secureblue project, I think it’s awesome but what I’m working with will likely only come with a Rocky/AlmaLinux base.