IT Blog

News & Events

Way forward after EOL of CentOS 7 considering security of Enterprise Deployments.

The End of Life of CentOS 7 is coming on June 30 2024. Here’s are measures you can take.

In December 2020, the CentOS Stream project was announced and CentOs stable downstream of RHEL was discontinued meaning the end of Red Hat Enterprise Linux for free use was put to an end with CentOs 7 EOL. If you previously relied on CentOS for your IT infrastructure, you will need to overhaul it by June 2024.

What is CentOS?

Red Hat Enterprise Linux (RHEL) is a commercial Linux distribution renowned for its stability, added security features, and, most importantly, its long-term support services.

CentOS Linux is a downstream distro of Red Hat, which means that this operating system is recompiled from Red Hat’s source code. To reiterate – when a Red Hat version is produced and published, Red Hat is obliged to release the source code due to the GNU license.

Consequently, developers can use this code to build a system akin to Red Hat Enterprise Linux, but with some differences. The primary difference? It’s free.

People could enjoy an operating system developed and tested using source code that was designed by Red Hat engineers to support stability in production environments, and all for free.

Many organizations could enjoy the benefits of using RedHat, just without paying for it.

In December 2020, Red Hat dropped the bombshell. They called it “shifting focus” to CentOS Stream. CentOS Stream is a different creature. It’s no longer downstream of Red Hat, but upstream. The meaning is that CentOS is no longer a descendant of Red Hat, but as Chris Wright, CTO at Red Hat, said –

“an upstream development platform designed for CentOS community members, Red Hat partners, ecosystem developers, and many other groups to more quickly and easily see what’s coming next in Red Hat Enterprise Linux (RHEL) and to help shape the product”.

In simpler terms, CentOS Stream is going to be Red Hat’s development sandbox before they release a stable version of their commercial operating system.

This shift of CentOS from being downstream of RHEL to upstream positions this project as a midpoint between Fedora and RHEL. According to Chris, CentOS Stream isn’t a replacement but a natural progression of CentOS Linux, and this transition offers many advantages. However, it is clear that there is no longer a free fork of Red Hat Enterprise Linux.

What’s changed?

In 2023 Red Hat, shook up the Linux community again and announced Red Hat’s last decision to limit access to their source code, push RHEL source code upstream to CentOS Stream repository, and provide direct access to RHEL source code itself only for paying customers.

The reactions from the community were furious due to its impact on other RHEL downstream distributions such as Alma Linux, Rocky Linux, that were considered optional alternatives to CentOS Linux.

You should read Mike’s monologue to take an insight to Red Hat’s perspective to the situation in the last two years, and their side to the claims against them.

There’s a lot to be said about the advantages and disadvantages of this move, as well as the financial motivations attributed to it, and more.

But our focus here is on your next steps to ensure security after this significant shift.

What’s next?

By the end of June 2024, CentOS Linux 7 will no longer be supported, and no further security updates will be provided. So, what should you do if your infrastructure largely relies on CentOS Linux?

Any new vulnerabilities reported after July 2024 will not be patched, potentially impacting many organizations’ processes, from vulnerability management to risk management, and even compliance with customer SLAs.

Organizations that do not act promptly may find themselves grappling with a sea of unpatchable vulnerabilities.

To be clear, you must plan to migrate your organization from CentOS Linux to another operating system. Sooner or later, every CentOS Linux user will have to switch platforms.

People thought that moving to other free RHEL downstream distributions like Rocky Linux or Alma Linux was a logical step, but after the latest announcement from Mike McGrath, this is not so clear.

In addition, doubts have been raised about Rocky’s and Alma’s ability to maintain a large-scale ubiquitous operating system like CentOS Linux.

We recommend considering a migration to Red Hat Enterprise and suggest reading their guide for a seamless transition. This option offers many benefits – long-term support and maintenance services, additional security features, compatibility with recent technologies, and more.

Another alternative is Fedora, but choosing this isn’t straightforward.

Fedora focuses on delivering cutting-edge technology and innovation. As an upstream for RHEL, it is known as a testing ground for modern technologies that will later be incorporated into RHEL.

Fedora has a fairly rapid release cycle, with new versions released approximately every six months, and each release has a lifespan of only one year. This short lifespan can add significant workload for DevOps and system administrators.

There are numerous factors to consider when choosing an operating system, including support and maintenance periods, RPM or DEB based package management, business and technical purposes, container versus virtual machine support, compatibility with the latest technologies versus stability, and more.

Among these, it is vital to prioritize security aspects.

How Mastiff can help to address this challenging situation by migrating the CentOs based workloads?

This migration process will be challenging and time-consuming for many organizations, so we can help you plan for contingency actions if you still have active CentOS Linux machines by July 2024.

We will track all your CentOS Linux servers in your environments.

We will also decommission unnecessary or shadow servers in your network.

Once we have an inventory of your servers, it’s time to be proactive and migrate them to other RHEL based distros like Rocky Linux, Oracle Linux, Alma Linux etc whether on-premise or on cloud.

We will map your current networking configurations and restrict access to and from dependant assets that cant be migrated due to incompatibility with higher versions of (RHEL 8/9 based) distros. Utilize network and host firewalls to isolate them where possible, and ensure that only dedicated trusted network entities are allowed to access these vulnerable assets.
After taking care of network access, move your focus to authorized user access.

Implement strict access control configurations and follow the least privilege principles.

Be a step ahead of your threat actors and have an incident response plan ready for execution.
It is not a one-time procedure. Schedule regular dedicated audits and assessments to these assets, and always identify potential breaches and misconfigurations prior to the threat actor.

Contact us for discussion and consultation on your migration requirements.