===== Layered Security Hardening in Rocky Linux: Protection Before the Patch =====
  * **Speaker**: Brady Dibble  
  * **Room**: CC 203  
  * **Time**: Sun 2:00 pm – 2:30 pm  

  * **Format**: Lecture (30 Min + Q&A)  
  * **Difficulty**: Some experience required  
  * **Track**: Security / Privacy  
  * **Additional Tags**: OSS Distributions  
  * **Presenter Location**: In-person  
  * **Experience**: several-th time speaking  
  * **At**: anywhere / at lfnw  

==== Description: ====  
Package‑level security hardening can eliminate entire classes of vulnerabilities before CVEs are published — or mitigate them before patches exist. The **Rocky Linux Security SIG** demonstrates this proactive approach by modifying core packages and integrating tools such as **LKRG**, drawing on decades of Openwall hardening work.

A key example: the hardened **glibc** in Rocky Linux prevented exploitation of **CVE‑2023‑4911 (Looney Tunables)**, reducing impact before upstream Enterprise Linux shipped a fix.

This talk explains:

  * Which packages are hardened and why  
  * What attack surfaces these modifications eliminate  
  * How the control