CIS Hardened Image Level 1 on Red Hat Enterprise Linux 8

My main use cases for Red Hat Enterprise Linux (RHEL)  are for applications, primarily. We provide Red Hat Enterprise Linux (RHEL)  to other teams because we are from the operations team and have infrastructure responsibilities. We provide Red Hat Enterprise Linux  (RHEL) VMs for developers and other teams to run their applications on.

Before adopting Red Hat Enterprise Linux  (RHEL), my company used many Windows VMs. From the time I have been working in the company, we have been a Linux shop with Red Hat Enterprise Linux (RHEL) VMs, along with a few Windows VMs.

Red Hat Enterprise Linux (RHEL) helps me solve pain points because Linux in general is easy to work with. The automation is straightforward. Because we have an ecosystem of Red Hat OpenShift , Ansible , and Red Hat Enterprise Linux (RHEL), the integration flows naturally.

The features of Red Hat Enterprise Linux (RHEL) that I prefer most are the security features, which are very useful. The domain join realm and SELinux are also excellent.

For navigating our security risks with Red Hat Enterprise Linux (RHEL), we currently use SELinux for security. We do not use Lightspeed at this time. We have FirewallD and other services for security. For identity management, we have our own Kerberos agents that we use for identity purposes.

Satellite helps maintain our environment overall because we have integration with Ansible  and the Ansible Automation Platform. When we need to create a new VM, we start with Satellite and have all the bootstrap processes integrated with Ansible. The VM then comes up automatically, and we provide it to customers or whoever wants to use it.

Red Hat Enterprise Linux (RHEL) has helped me mitigate downtime and lower risks.

The capabilities of Red Hat Enterprise Linux (RHEL) that have assisted me with this are mainly the integration aspects, such as Satellite and the Ansible Automation Platform. Everything has helped us reduce downtime for customers and accelerate VM deployment.

The security portions of Red Hat Enterprise Linux (RHEL) could be improved and made easier to work with. SELinux in general is not intuitive because customers and developers do not know how to work with the VM. This part could be more user-friendly.

In my company's implementation of the Zero Trust model, we have not yet implemented this with Red Hat Enterprise Linux (RHEL). Because we are from the operations team, there is another team that handles other responsibilities. We do not necessarily handle that aspect.

I have been using Red Hat Enterprise Linux (RHEL) for three years.

We have occasionally experienced downtime, crashes, or performance issues with Red Hat Enterprise Linux (RHEL), but not frequently. Overall, it has been reliable.

Scalability-wise, the scaling process for Red Hat Enterprise Linux (RHEL) is smooth. We have scaled many applications and have not encountered any issues. The performance has been solid.

I evaluate the customer service and technical support from Red Hat as very good. I have never had any issues with the technical support. I have created multiple tickets with the Red Hat team and they have been quick and effective at responding and fixing the issues. I would rate the customer service and technical support a nine out of ten.

The advantages of having Red Hat Enterprise Linux (RHEL) instead of Windows servers are that the development process is easier. I think Windows is limiting. Linux in general provides more opportunity to try different approaches, work on different projects, and avoid being restricted to certain functionalities that are imposed on clients who use the operating system. Red Hat Enterprise Linux (RHEL) has done an excellent job overall.

I would describe the experience of deploying Red Hat Enterprise Linux (RHEL) as straightforward. It is not complicated. We use Satellite to deploy the VMs and the process is very straightforward with minimal complexity.

We have used the Ansible Automation Platform through a dedicated automation team who handles all the automation for us.

From a technical point of view, the biggest return on investment when using Red Hat Enterprise Linux (RHEL) is the integration aspect. Working with OpenShift and having VMs on it is very smooth. Even though some features are not intuitive, the integration is seamless.

My company has not considered switching to another solution that does the same thing as Red Hat Enterprise Linux (RHEL). We are committed to continuing with Red Hat Enterprise Linux (RHEL).

I would assess the knowledge base offered by Red Hat Enterprise Linux (RHEL) as very good. I believe there could be more information available. Red Hat Enterprise Linux (RHEL) in general is excellent, but counterparts such as OpenShift could improve with respect to documentation and the knowledge base.

We performed a major version upgrade of Red Hat Enterprise Linux (RHEL) using the Leapp upgrade tool manually. Although the process has been automated, we have not used automation to upgrade many VMs. We successfully upgraded forty to fifty VMs from Red Hat Enterprise Linux (RHEL) version seven to eight and from eight to nine using the Leapp upgrade.

The advice I would give to other companies is that from the time of deployment until the customer uses the system, having a pipeline ready and integration prepared for every component makes it much easier to deploy and use Red Hat Enterprise Linux (RHEL). I would rate this product an eight out of ten overall.

My use cases for Red Hat Enterprise Linux (RHEL)  at my company include application servers, infrastructure servers, web servers, and virtually every server type.

The features of Red Hat Enterprise Linux (RHEL)  that I appreciate most are ease of automation and ease of deployment, particularly because we also use Satellite for deployment management. It scales well.

These features benefit my company by resulting in less time spent working on servers and issues and more uptime.

I have not identified any immediate areas for improvement in Red Hat Enterprise Linux  (RHEL), as I cannot think of anything that there is not already a product for.

We have encountered some issues with the high availability clustering lately, and it seems that could use some refinement.

The deployment process for Red Hat Enterprise Linux  (RHEL) has been somewhat rough around the edges to get it up and running with Kickstart, but once I have it dialed in, it is fantastic. The documentation for Kickstart can leave something to be desired sometimes, so that may be an area of improvement.

I have been using Red Hat Enterprise Linux (RHEL) for almost ten years.

I have not experienced any downtime, crashes, or performance issues with the platform that were not caused by some kind of misconfiguration. The platform itself is solid.

I have been able to scale and expand usage as my needs have grown.

I assess the knowledge base offered by Red Hat Enterprise Linux (RHEL) as outstanding. The Red Hat Learning Subscription  is great, and usually when we enter a ticket with Red Hat support, we can get a subject matter expert to help us resolve our issues.

I would rate the customer service and technical support as probably an eight out of ten. Sometimes when we enter a ticket, it takes some time to get to the level of technical resource we need, but once we get that resource, they almost always help us get a problem solved.

When I came in, our department was already heavily using Red Hat Enterprise Linux (RHEL).

The deployment process for Red Hat Enterprise Linux (RHEL) has been somewhat rough around the edges to get it up and running with Kickstart.

From a technical point of view, the biggest return on investment when using Red Hat Enterprise Linux (RHEL) is the stability and uptime.

I have worked with Ubuntu  and CentOS  in the past while using Red Hat Enterprise Linux (RHEL), but I do not particularly care for Ubuntu . I prefer Red Hat Enterprise Linux (RHEL).

Red Hat Enterprise Linux (RHEL) wins over Ubuntu for me by being a more stable enterprise platform and more mature.

Red Hat Enterprise Linux (RHEL) helps me solve pain points by being more reliable and easier to work on than Windows. It is simply good at what it does.

The features in Red Hat Enterprise Linux (RHEL) that I use to navigate my security risks include Satellite, which helps us keep everything patched and up to date and keep package-related CVEs down. We are looking at doing OpenSCAP scanning with Satellite, and we use Ansible  for automation, deploying configurations and packages. We are also looking at implementing OpenShift, as our department has OpenShift.

I have worked with System Roles and have used Image Builder before, finding it useful for tightening a gold image and standardizing deployments.

I use Red Hat Enterprise Linux (RHEL) only on-premises in my department. Some other departments might use it in the cloud. I do not know that my department has a cloud strategy yet, but I know we are exploring alternatives to VMware, so that could happen in the near future.

My department does not have a hybrid cloud yet, but as far as on-premises is concerned, Satellite helps us with patch management and controlling what packages we present through content views. We build systems through Kickstart, so it helps with deploying systems.

I have worked a little with Lightspeed for AI workloads with Red Hat Enterprise Linux (RHEL) but have not really scratched the surface too much yet.

Red Hat Enterprise Linux (RHEL) plays a critical role in my company's implementation of zero trust by tightening down configurations when we join a system to Active Directory through SSSD, locking down what users and groups can touch a given system.

We have used Leapp to do a major version upgrade using Red Hat Enterprise Linux (RHEL), but we have not coupled that with Ansible  Automation Platform yet.

I have been using Ansible Automation Platform almost as long as I have been using Red Hat Enterprise Linux (RHEL); I used Tower  before it was Ansible Automation Platform, and it is incredibly useful. It is invaluable for deploying systems, standardizing server builds, deploying compliance, and hardening. I have not found a use case it is not useful for.

We are working toward using or building Ansible jobs to help with our regulatory audits and evidence collection, and Red Hat Enterprise Linux (RHEL) plays a significant role in our compliance and auditing workflows.

Red Hat Enterprise Linux (RHEL) has helped to mitigate downtime and lower risk with capabilities such as its stability. If you standardize and deploy a system and have it tightened, you tend not to have unexpected issues, or the issues you do have are ones that you would have seen many times and can easily remediate.

I rate my overall experience with Red Hat Enterprise Linux (RHEL) as a nine out of ten.

My main use case for Red Hat Enterprise Linux (RHEL)  is virtual machines for web server hosting, and mostly web hosting and application hosting.

The feature of Red Hat Enterprise Linux (RHEL)  that I like the most is the integration with the cloud, the cloud.redhat.com integrations, and the Insights portal.

Red Hat Enterprise Linux  (RHEL) helps us solve the need for a supported Linux platform that we can dependably deploy all of our applications on, with an easy to patch process, very interconnected with Ansible , and very interconnected with Red Hat Satellite . It provides easy deployment and automation capabilities that are where it performs best.

Red Hat Satellite  helps us manage and maintain our hybrid cloud environment by being the backbone of our automation. Without Satellite, we would not be able to do version matching, and we would not be able to ensure all the packages are the same between our on-premises and Azure  environment. When we do new deployments, we are able to make sure our new deployments match what we have existing, whether it is on-premises or more nodes in the cloud or more nodes on-premises. That is where we use the versioning.

I do not have much experience with the pricing, the setup cost, and the licensing of Red Hat Enterprise Linux  (RHEL). I know we have it; somebody pays for it, but we have enough licenses and they make sure of it.

One of the biggest improvements I see for Red Hat Enterprise Linux (RHEL) is Red Hat Enterprise Linux (RHEL) AI that is on Red Hat Enterprise Linux (RHEL) 10 now. We have not had the chance to try that one yet, but I have seen demos of it, and it appears to be a very good tool that might be very useful in the future.

I have been in my area of expertise for thirteen years.

I have not experienced any downtime, crashing, or performance issues with Red Hat Enterprise Linux (RHEL). It has been solid, particularly Red Hat Enterprise Linux (RHEL) 8.

We find Red Hat Enterprise Linux (RHEL) scalability good; we have clustered databases that we use Red Hat Enterprise Linux (RHEL) for, and it has been solid. When you give it network access to the other nodes, it will perform its function.

My experience with the customer service and technical support of Red Hat Enterprise Linux (RHEL) has been very good. When you open a case, you get somebody pretty quickly, and they are very knowledgeable, so I am very happy with the support.

I would rate the customer service and technical support a nine, because nobody gets a ten.

Prior to adopting Red Hat Enterprise Linux (RHEL), we were using CentOS 7 .

We decided to switch because we wanted support. We were always looking at containers and thought Red Hat offered the best solution to containerization, so it was a natural progression to get Red Hat Enterprise Linux (RHEL) as well. We used to run the open-source version of Satellite, AWX, but it was falling apart and hard to maintain due to issues and a lack of solutions in the open-source forums. It made sense to switch to Satellite and get Red Hat Enterprise Linux (RHEL) since we were adopting all the other Red Hat ecosystem platform offerings.

I would describe my experience with the deployment process of Red Hat Enterprise Linux (RHEL) as initially complicated due to the licensing model of Azure , which was a little confusing. However, afterwards, we created some Terraform  configurations to deploy Red Hat Enterprise Linux (RHEL) in Azure, and since then, it has been one enter button.

The biggest return on investment when using Red Hat Enterprise Linux (RHEL), from my point of view, is the support and the integration with Red Hat's cloud features. The documentation is really good, and before, when I searched for something about a fix, Red Hat documentation would often come up, and I would not have access to it. Now that I have access to it, the solutions given are usually straight to the point, such as "Run this command and we fix the problem." That has definitely been a lifesaver.

I have not considered other solutions while using Red Hat Enterprise Linux (RHEL).

We have been using Red Hat Enterprise Linux (RHEL) for four years now.

We use Red Hat Enterprise Linux (RHEL) both on-premises and in the cloud, specifically on Microsoft Azure cloud and on-premises.

Red Hat Enterprise Linux (RHEL) supports our hybrid cloud strategy by enabling us to host our applications in a hybrid deployment, half on-premises and half in the cloud, while using load balancers in the front. With Red Hat Enterprise Linux (RHEL), we are able to deploy the applications that we need to support our strategy on both sides, including the databases and the caching system with synchronization between on-premises and the cloud. It allows us to install anything we need, and with the automation tools around it, it lets us quickly deploy and automate everything and have it running.

Red Hat Enterprise Linux (RHEL) plays a role in our company's implementation of a zero-trust model mostly with workloads, as it works with workloads and the integrated firewall. With Red Hat Enterprise Linux (RHEL), we are able to secure access to the various ports that are running in our application, regardless of whether we decide to use a Unix socket or something VIP-based, to host them.

We use the Ansible  Automation Platform.

Our experience with the Ansible Automation Platform has been great; it is one of our favorite tools. It started small and then it became one of the most important tools within our organization. Everybody uses it, and everybody has been creating Ansible playbooks for it. We are now pushing to have all of our applications deployed using Ansible Automation Platform, so it has become a major tool that has been integral to the success of our team.

I cannot say I have used a lot of the available knowledge base from Red Hat Enterprise Linux (RHEL) directly, but it is very good. Red Hat documentation is very good in general.

I would rate this review a nine overall.

My main use cases for Red Hat Enterprise Linux (RHEL)  today are running application workloads, anything that we do not want in a container yet or perhaps the vendor provides a pre-built image for you, not a container image, but a pre-built application. We deploy those to our RHEL  workloads or our VMs.

We use Satellite, and in Satellite, what is really cool is you can use the Insights Advisor to see which host a CVE is applicable to. We have used that in the past where a couple of zero-day, CVE level 10s have come through. We have seen what hosts those are applicable to, and it helps with the reporting and auditing.

We are using on-premise. I have a RHEL host that I actually have downloaded the image builder tools to, and then I run a shell script that runs through the pipeline because we only need one or two VMs right now. If we were to scale that, we would be using Ansible  to plug in a lot more variables and output more ISO files, but that is where we stand.

I am not aware of specific pain points that we have had with other systems that RHEL specifically has helped us solve, but I can talk about tooling that we use with RHEL, such as Puppet  and Ansible  and how that works. Red Hat Satellite  is worth mentioning because all of our RHEL systems are plugged into Red Hat Satellite , which allows us to see a lot of things from a thousand-foot overview. We can see all the systems, their compliance states, and what Puppet  hosts are erroring on the Puppet runs. Satellite is our Puppet controller, so all of our hosts are registered to Satellite that way, managing our subscriptions and all of our content. We really appreciate Satellite in that regard.

The new image builder tool has been great. The main thing is being able to spit out a digest that you can say, "This is the hash of our image at this build time." You can look at a specific Git  commit to see what code is all going into building this image. It is using more of the container-based workflows that have existed with Docker  and container files and Podman, but it is applying those to Red Hat Enterprise Linux  (RHEL) itself, which I really appreciate.

From a technical point of view, the biggest return on investment when using Red Hat Enterprise Linux  (RHEL) is the integration with Satellite, along with the different integrations with automation tooling that you can do. You can plug in Puppet, you can plug in Ansible, and Satellite takes care of our package management. It has all these integrations with external systems, allowing you to manage a fleet of systems rather than one system at a time.

I wish we were using more AI. We are kind of cautious in that regard. We have one solution approved, and it is just the ChatGPT web UI, which means I cannot even use ChatGPT CodeX in my VS Code as an extension, but we are hoping to integrate more AI workloads in the future. It will help the two main Linux administrators, allowing us to get a lot more work done, and then we can focus on bigger architectural issues rather than smaller maintenance items.

I do not have a better answer for how Red Hat Enterprise Linux (RHEL) can be improved, but being so young in the industry, I am not as familiar with the long-term pain points that we might be dealing with. I am excited about the AI Insights or the RHEL Lightspeed integrations with Red Hat Enterprise Linux (RHEL) and OpenShift because I think it will help us be more efficient in remediating vulnerabilities, working through bugs, and those types of things.

I have been in my field for about five years, but that includes internship experience, and I am two years full-time employed.

We have not experienced any downtime or performance issues due to Red Hat Enterprise Linux (RHEL) itself. The only issues we have had are from the applications that are running on it or configurations that perhaps developers have implemented that are not correct.

Regarding scalability, we do not have very intensive compute Red Hat Enterprise Linux (RHEL) units. We have a lot of hosts, but they are all pretty small hosts, thinking about two CPUs and four to eight gigabytes of RAM.

I have opened a couple of support cases, and the support experts at Red Hat are extremely knowledgeable. There has not been a case that I have opened that was unable to be solved. I would rate them ten out of ten.

I have been using Red Hat Enterprise Linux (RHEL) for two years, and before that, I have been using Ubuntu  and other Linux-based systems for another two years.

We have done major version upgrades from RHEL 6 to 7, 7 to 8, 8 to 9, and soon 9 to 10, all with the Leapp tool, which is sometimes a pain in the butt. It is nice because it shows you and spits out the output of everything that needs to be resolved, but sometimes resolving those things across 800 hosts is a lot of work. I have a project right now to POC Ansible Automation Platform, hoping to bring it into the organization depending on licensing costs, but those decisions are above my pay grade. Attending talks here, I have learned a lot about bootc and the RHEL image mode and how that should make upgrades a lot less painful, as instead of upgrading a host and dealing with things that can change across versions, you are just writing a new container file and updating the container image.

We do not do anything crazy as far as architecting things, and our Red Hat Enterprise Linux (RHEL) usage is pretty basic. A lot of the more complex things we do in OpenShift, and we have had RHEL for a lot longer than we have had OpenShift. Our RHEL usage is actually going down as we migrate more things to OpenShift.

We have not used the image builder inside of Satellite, but I have tried both the new and the old image builder, which is using bootc for image mode. I actually have a project that is currently focused on using that for building an image that is PCI compliant just at the boot and kickstart time. I appreciate that the image is immutable, or most directories of the image are immutable.

Red Hat Enterprise Linux (RHEL) plays pretty close to no role in our company's implementation of the zero-trust model. We do not do a lot of zero trust from the RHEL-specific side, but I could speak to a little bit more about Okta zero trust, although this is not an Okta conference; it is a RHEL conference.

I assess the knowledge base that is offered by Red Hat Enterprise Linux (RHEL) as extremely good. I extensively use the Red Hat Knowledge Base , looking through articles and documentation, and I reference it every single day. If I am not referencing something very specifically, I am asking ChatGPT to point me to the Red Hat article that I need.

I would rate Red Hat Enterprise Linux (RHEL) overall as ten out of ten. It is not about evaluating Red Hat Enterprise Linux (RHEL) itself, but about evaluating Red Hat as a company, and Red Hat as a company is very, very helpful. I can speak to our account executives and the technical professionals that are assigned to our company, and they are very willing to help all the time. They want you to succeed because if you are succeeding, then Red Hat is succeeding. It is a mutually beneficial relationship. My overall review rating for Red Hat Enterprise Linux (RHEL) is ten out of ten.