Skip to main content

Building Security-Compliant Images with Red Hat Enterprise Linux Image Builder

If you work in a regulated industry like healthcare, or run workloads that have to meet compliance baselines like payment processing, this tech tip is for you. I walk through building security-compliant images with Red Hat Enterprise Linux Image Builder so that regulatory requirements are baked in from the start.

A few things worth carrying away from this one:

  • A blueprint is just a recipe. I frame Image Builder in five simple steps and describe the blueprint as a recipe: list your packages, define a couple of users, enable a service, close a firewall port, and you’ve got a golden image, the standard your whole enterprise deploys from.
  • Compliance profiles come from OpenSCAP. I show how tools like CIS benchmarks and PCI DSS map to profiles, and that Red Hat uses the upstream OpenSCAP Workbench to create tailored profiles you can audit and apply against your images.
  • Baselines still need tailoring. My one caveat is that these are baselines, so they’ll likely need adjustment for your workload, environment, and the regulations in your area, and you should review your security requirements before you start.

Meeting an audit is a lot less stressful when compliance is built into the image instead of bolted on afterward.