CIS Hardened Image Level 1 on Red Hat Enterprise Linux 9

Our main use cases for Red Hat Enterprise Linux (RHEL)  are mainly enterprise workloads, so it depends. Some people use it for containers, some people use it for the third-party stuff that they bought, but some people use it for automation. It is kind of a mixed bag. It is not one thing to narrow it down to, but it is typically their production systems from what I know.

The feature I appreciate the most about Red Hat Enterprise Linux (RHEL)  is the update strategy. The ability to update not necessarily all of it at once, but update it in stages. That seems to be the biggest thing, keeping things up to date and making sure the packages are going to work as we start to upgrade and not worry about the software immediately dying once the operating system is upgraded.

The features of Red Hat Enterprise Linux  (RHEL) benefit my company by providing security. It gives that warm and comfortable feeling that they have our back when it comes to the operating system. That is a big thing because it is something we do not have to worry about, we are not pointing fingers when something goes wrong. Red Hat will step up and say here is the vulnerability, here is how to fix it, here is the path forward. That is significant because we do not always get that with other operating systems. We do not get as many vulnerabilities with this OS.

There is not much to improve about Red Hat Enterprise Linux  (RHEL), it just works. It is simple and the package works. Perhaps the costing could be improved. I know they changed the model from a pricing side, which customers have asked about, and sort of look at ways to migrate from it. From the business side, I have no idea. But that is the only thing I have really heard concerns about. There is nothing about the product, it is literally just the cost of it.

I have been using Red Hat Enterprise Linux (RHEL) at my company for a long time across a couple of companies now, but it seems they all use it. It has been around so long that it is pretty much the stable choice for most. They really want this for the security and the reliability.

The stability and reliability of Red Hat Enterprise Linux (RHEL) is pretty high. It just works. If it does not, they are quick to fix and identify issues. We do not see outages as we see with Windows where airports are down because of one update.

Red Hat Enterprise Linux (RHEL) scales effectively with the growing needs of my company because it is cloud-based. If we need to spawn more instances, we spawn more instances. It is not so much a Red Hat thing as it is the cloud we are running on. It has always been updated and upgraded so we are comfortable with that.

I would evaluate the customer service and technical support of Red Hat Enterprise Linux (RHEL) as great. I am a former Red Hatter as, so I might be a little skewed. But when I talk with customers, they love it. That is never a concern. The product is never a concern, the support is never a concern.

Security requirements were a primary consideration when choosing Red Hat Enterprise Linux (RHEL) for the cloud. We have Amazon Linux  as. Red Hat is often the requirement, so we have to follow this path.

I manage my Red Hat Enterprise Linux (RHEL) systems when it comes to provisioning and patching mostly through Systems Manager on AWS . We have management patching built-in. With the cloud, it is different, because these AMIs, these images that are created, are available to us, and then that orchestration, automation, they upgrade automatically. It is very simple to do. There is not a lot for us to do. It is really just scheduling.

The biggest return on investment when using Red Hat Enterprise Linux (RHEL) is security and support. It is secure, and if there are issues, they are always there and always available.

My experience overall with Red Hat Enterprise Linux (RHEL), including the licensing and pricing of the setup, involves a change in pricing about six months ago at the beginning of this year that affected customers. That is one thing that stood out with them, as there is a big difference in the way it was being priced before. I think it was a license model before and now there is a subscription model. I do not know the exact specifics of it. It was just a point of contention that I heard a lot about when customers were considering whether to stay with it because it would cost more. They never questioned the product, it is literally just the pricing.

We only consider other solutions before or while using Red Hat Enterprise Linux (RHEL) if it is a requirement, for example, if they have to have Windows, then nothing we can do. If that is the requirement, but other than that, I think it is pretty much the default in most cases. There are other players, Amazon Linux , of course. It just depends on what the use case is and what the requirements are. That dictates which way to go. In most cases, we go with Red Hat because that is what is required.

I have not been involved in any upgrade or migration recently. What we have done typically is spawn a new instance. Instead of upgrading an existing instance, we literally throw that one away, spin a new instance as needed, then throw the old one away. It is similar to the container model now, but it is the same for the operating systems, the way we look at it, as everything is automated. It is very easy just to throw it away and create new instances.

I would rate Red Hat Enterprise Linux (RHEL) near 10 overall. It just works, and it is going to run forever. It is just something that is one of those reliable things that we need to trust. It is similar to IBM with the mainframe - it is going to work, it is going to be there, they are going to support it. The price is the only thing I would rate lower. I think they made a dramatic change. I am not on the business side, so it is hard to determine what is good or bad pricing. I am literally conveying what the customers said.

I use it as an EC2  Web Server.

It was needed for FedRAMP Moderate compliance.

The ready-to-go AMI is a valuable feature.

It does not pass the RHEL8 STIG standards without a lot of extra work.

I have used the solution for one year.

I previously used CIS RHEL  8 Level 2.

Check it to verify costs.

I did not consider any alternate solutions.

It does not pass the RHEL8 STIG standards without a lot of extra work.

According to the price and if your use case is more worth saving, you can go with that. I can help determine what use case you want to pursue. If it is a small scale operation, you do not need to choose that option. If it is a huge business, you can definitely invest in Red Hat Enterprise Linux (RHEL).

The system is user-friendly and they have a cloud console for managing all the subscriptions you have purchased. From that perspective, it is very user-friendly to manage your subscription, and you can list out all the systems where you have installed this Linux, managing them from a single console.

We are saving more costs because we are getting immediate support. If any issue arises, we do not have to wait for someone to respond. We can get immediate quick responses from the support team. We are saving lots of time and from the customer side, we have heard that they are achieving significant cost savings from this.

The main disadvantage is that you may find the price is too high.

I have two years of experience with Red Hat Enterprise Linux (RHEL), and I am currently doing projects with it.

I would rate the customer service nine out of ten.

Red Hat Enterprise Linux (RHEL) is basically from Fedora. I worked with Fedora and CentOS. Red Hat Enterprise Linux (RHEL), Fedora, and CentOS are all from the same Linux family. I have also used Ubuntu.

We are a service-based company delivering services. We provide subscriptions to customers, implement them, and then complete our work.

You definitely need to consider the cost and determine if it is worth the investment. If your use case is larger and you need immediate solutions, then you should consider the cost. Technology-wise, it is very good and reliable.

I am working with Red Hat Enterprise Linux (RHEL) and am certified with the OpenShift platform, which is a Kubernetes platform. The company I currently work for operates both on-premise and in cloud environments.

Regarding patching, if any issues arise or security issues such as hacking or vulnerability issues occur, they will first address it through engineering and provide patch support to customers as the first priority. After that, they release it to the open source part. This patching process makes it more secure.

The immediate support and response time are good reasons to use Red Hat Enterprise Linux (RHEL). My overall rating for this solution is 9 out of 10.

The main use cases with Red Hat Enterprise Linux (RHEL) for me are hosting Oracle databases, Oracle server database, and MariaDB. When we need to install Oracle, we put it on Linux, and it usually was Santos in the past. Then we moved to Oracle Enterprise Linux or Red Hat, and when Oracle released the Linux distro, we moved to Oracle because the devices are really open source.

Some of the best features of Red Hat Enterprise Linux (RHEL) include stability; it doesn't break. Stability, along with management tools and users for management tools that they add to the Linux distro, are important. The main reason is stability. In the server area, we don't want change. That's why we're trying to move back to Debian, because Debian is stable—old, but stable. 

Red Hat Enterprise Linux (RHEL) does help save time because the setup and general installation experience is very optimized and well-established. I made tests installing and setting up radioactive environments for virtual machines, and it was a very good experience, fast.

Red Hat Enterprise Linux (RHEL) is for on-premises only; we try to avoid the clouds as much as we can. In Brazil, we are seeing an interesting movement with small cloud providers because Amazon, Google, and Microsoft are too expensive. I am noticing the rise of many small companies that build small data centers and offer cloud services to small companies. They prosper with a better price and a simpler solution—not a fancy data center with sophisticated security. Just a small space with a decent Internet connection and a stable energy source, and they are good to go. People are prospering with this model of small cloud providers.

The main difference between Red Hat Enterprise Linux (RHEL) and some of the others that I'm evaluating now is that Red Hat tries to use more recent packages. The problem with Debian and some of the stable distributions is that they are too conservative, and they keep the version progress very slow. I sometimes develop and create things that need more recent packages and libraries, and with Debian, I usually struggle with that. Red Hat usually provides the new ones—stable, but new. That's one of the best features of using Red Hat. Ubuntu also upgrades some important libraries from Debian.

I have used Red Hat Enterprise Linux (RHEL) for more than fifteen years, because we have some infrastructure on it.

I assess the knowledge base offered by Red Hat Enterprise Linux (RHEL) as excellent; they have a great technology base on their website, but it requires a subscription. You might think you get free access, but I really don't prefer it. I usually find other sources. I know they have a very good knowledge base with excellent documentation, but I usually don't get access to it. I have not reached out to their support, so I do not have any personal experience with Red Hat support. The support that we really use from time to time is Oracle. My clients use the Oracle database, and they all pay for support. We use it because my partner, who is an Oracle database administrator, frequently deals with problems with Oracle and uses their support, and it works very effectively.

Positive

My thoughts on the deployment with Red Hat Enterprise Linux (RHEL) are that it's easy, there are no problems at all. It's very easy, including in the cloud; they offer many partners, and it's really easy to move your loads to the cloud with Red Hat. I believe it's easier than with Microsoft. However, my clients usually do not get involved with this; most of them are Microsoft-based.

The ROI with Red Hat Enterprise Linux (RHEL) is useful if the company requires accountability or a formal contract, because they usually need someone involved in some kind of accountability process when lawyers get involved. Only in that situation does it make sense to pay that price. Usually, companies that are required by law to have licensed products, such as banks and insurance companies, have obligations by law. This is especially true in Brazil, where the insurance market is very regulated. It makes sense for these companies to have a license contract, particularly in the case of security leaks and similar issues.

My experience with the pricing or licensing for Red Hat Enterprise Linux (RHEL) indicates that our clients never chose to purchase a license. I watched the prices a few months ago while considering buying one for myself, and they were expensive; it's not a reasonable price, especially for small companies. The business value of Red Hat Enterprise Linux (RHEL) is compatible and on the same level as other Linux distributions I have used. They all charge the same for their products. I usually don't see much difference. When I compare the price of Red Hat Enterprise Linux (RHEL) to that of Windows, they are basically the same price, just a little cheaper, a small fraction. All of these big corporations try to squeeze the clients as much as they can. The only exception is Broadcom, which seems to try to charge an absurd amount for their products.

My clients all have their own firewall solutions and network security solutions that they purchase. We usually don't deal with that. We just keep the built-in firewall running, and that's all. That's the main feature that we use on Red Hat and other distros, the built-in firewall. 

Security Enhanced Linux (SELinux) is something we do not engage with. Last week, I tried to install a new version of Oracle Enterprise Linux from Red Hat on an old HP server, Gen 5, but it did not work; I needed to go back to Ubuntu. Ubuntu, even in the new version, uses a kernel that works on old hardware, so we have to deal with this situation. If you have old hardware and need to repurpose an old server, you can't use these new distros. Even Oracle does not work with very old equipment, more than ten years old. 

I would rate Red Hat Enterprise Linux (RHEL) as a seven or eight out of ten.

I set up Red Hat Enterprise Linux (RHEL) for my customers. The customers either install some middleware on top of it or manage it directly from my company, or the customer will manage the application on top of the server directly.

The most valuable feature is the support. The support from Red Hat is definitely valuable. Having a Technical Account Manager facilitates getting to the core of the issue and eventually tries to correct the behavior of the operating system in case something is not fitting what I expect.

The knowledge base offered by Red Hat Enterprise Linux  (RHEL) is definitely good. Most of the simple issues can be fixed by going through it, including sometimes third-party issues that happen. I can mention a couple of incidents that occurred, one with CrowdStrike and one with Qualys Cloud Agent. In both cases, the knowledge base was informative about the existing issues. If I was a customer of those partners, then I would have been affected by problems that came from third-party products. Generally speaking, the knowledge base is absolutely good for problems that come from Red Hat itself.

The most important security feature in Red Hat Enterprise Linux (RHEL) is the readability and detail of the security report. From a security perspective itself, it is not a game-changer, but when it comes to communicating to the customer that something is not an issue, this is beneficial because I can reference an article that is easily readable by the customer.

Red Hat Insights  is definitely helpful, providing information that I would not spot otherwise. However, there is room for improvement. Red Hat Insights  needs to be able to manage in a detached environment, which is on the roadmap as far as I know, because we are working with big banks, and therefore, we cannot have too much direct connection, especially from the cloud to the server. Another open point is that from Red Hat Insights, I cannot make use of my own Ansible  Automation Platform, unless I'm mistaken. 

Red Hat Enterprise Linux  (RHEL) is derived from Fedora. Sometimes, we encounter features in a server environment that are more suitable for desktops, leading to unexpected complications. For instance, networking on a desktop is typically designed with different priorities compared to a server. We often find ourselves forced to use features originally intended for desktop use, even when simpler alternatives would be more effective and manageable. This complexity can be unnecessary, as it adds layers of functionality that do not provide any real value. Ultimately, users should be able to manage their connections without being overwhelmed by features that are irrelevant to their needs.

A downside is that it is sometimes difficult to agree on product modifications. For instance, one issue we encountered was that certain commands were not responding as we expected. Another example, which might be easier to understand, is during upgrades when certain directories are reverted to their original permission settings. This contradicts some hardening recommendations and makes it more difficult to advocate for a change to practices that have been in place for a decade, even when there are valid reasons for the change. It’s important to note that the resistance to change can be attributed to their collaboration with upstream developers, but that’s just our perspective.

I have been working with Red Hat Enterprise Linux  (RHEL) for more than 12 years.

It is definitely a stable product. As I shared previously, my main concern is about desktop components that are coming into the newest release. If RHEL 6 was definitely a 10 out of 10, now with RHEL 9, I would rate it a 7 out of 10 because it no longer allows me to have a clear understanding of what is going on and a clear configuration that speaks for itself. The shift towards configuration as code has some drawbacks in this case.

With a Technical Account Manager, we have a very individual approach. I would rate the technical support from Red Hat a ten out of ten.

The support has had a positive impact. I was able to go through a huge incident that required getting to the core of the problem, such as what happened with CrowdStrike. It involved an issue perceived on the LDAP server caused by a change performed in the code of Red Hat. My feedback is that the support is always great when addressing complex analysis, and that's the most important value-added aspect I will mention.

I used different solutions before Red Hat Enterprise Linux (RHEL), but not from an enterprise perspective, so without support. I used Debian  and Slackware and other similar solutions. I decided to switch mainly because of the support. 

When I switched from my previous job to my current job, they were already using Red Hat Enterprise Linux (RHEL) . I am working with banks, which are highly regulated, and I need backend support from the vendor in order to work with the bank.

We have seen a return on investment from Red Hat Enterprise Linux (RHEL) so far. I don't have any specific metrics, but the penalty we would have faced if Red Hat had not helped us in identifying the problem would have been millions of euros.

Red Hat helps to mitigate downtime and lower risks through support, engaging them at the right time to promptly resolve issues. Red Hat Insights also assists in this regard.

I'm the one who's managing that. I find the pricing of Red Hat Enterprise Linux (RHEL) affordable, but the subscription model is something that the business units of Red Hat need to revisit and fix.

I participated in a review to eventually switch to SUSE and to Oracle Linux  as well. Oracle Linux is a definitive no, mainly because of the support. The support from Oracle's side is awful. I don't want to ever have a case with them because it's terrible. For SUSE, it was mainly a matter of cost-benefit since we didn't have the chance to go into depth on that because the cost was not a game-changer, and we would have had to reinstall the whole 7,000 servers, so it was too much to get the benefit from the reduced cost.

I would rate Red Hat Enterprise Linux (RHEL) a nine out of ten.