Features: Time is running out for CentOS 8

Advisories

Discover LinuxSecurity Features

Time is running out for CentOS 8

Time is running out for CentOS 8

But TuxCare can give you four more years.

It came as a shock when RedHat announced that CentOS 8 support would end this year. Organisations who thought they had eight years to plan for its replacement now have less than four months.

Operating CentOS 8 beyond this end-of-life means running without vendor support. This brings significant business risks in terms of compliance, security and availability.

Ironically while CentOS 8 reaches end-of-life soon, support for CentOS 7 is available until 2024. Unfortunately, there is no supported mechanism to downgrade from CentOS 8 to CentOS 7 as a short-term solution.

So what are the options?

The first option is to carry on using unsupported CentOS 8. A business may believe it has the skills and resources for in-house support. So, how hard can it be to monitor new vulnerabilities daily, research relevant ones, investigate their impact, create fixes, test these thoroughly and then roll them out across a live environment? The answer is incredibly hard. This approach also comes with significant risks:

  • Compatibility and Reliability. The operating system encompasses the kernel, associated utilities and integration with third-party applications. In-house patching may lead to unintended consequences or incompatibilities.
  • Security. New vulnerabilities appear daily, and without regular updates and fixes, security holes accumulate fast. This can compromise the security of the entire infrastructure beyond the CentOS installations.
  • Compliance. Security standards stipulate allowable windows for unpatched vulnerabilities. In-house patching that cannot demonstrate conformity to standards will lose the system compliance status that customer contracts may depend on.

TuxCare has produced an in-depth analysis of this very issue, available here. There is also a  calculator to estimate the financial impact of using an unpatched end-of-life system.

The second option is to migrate to a supported operating system.

CentOS has historically been derived from RHEL, with corresponding version numbering (CentOS 8 built from RHEL 8). Redhat’s decision to transition CentOS to CentOS Stream breaks this link. Now CentOS Stream will receive updates before incorporation into RHEL.

The critical point is that CentOS Stream is not a replacement for CentOS 8; it’s diverging, however slightly, from RHEL. Therefore, migrating to CentOS Stream carries significant risks for future compatibility.

Smaller businesses have the security of switching to RedHat Enterprise Linux (RHEL) under a free licensing option for 16 or fewer system installations. However, Enterprise users will need to look at alternative operating systems.

RHEL and its direct derivatives such as Oracle Linux, AlmaLinux and RockyLinux are binary compatible with CentOS 8. They offer a simple solution with minimal changes required to package management, tooling, monitoring and scripts. Non-binary compatible distributions like Debian or Ubuntu will require potentially significant changes to infrastructure elements due to their inherently different architecture.

There is no correct answer; the best solution will depend on the individual circumstances of each Enterprise facing this problem. Choices may have far-reaching implications.

The third option

The third option is full third-party support that allows organisations of all sizes to continue using CentOS 8 beyond its end-of-life.

TuxCare’s Extended Lifecycle Support (ELS) for CentOS 8 provides comprehensive support that includes patches to resolve crucial security issues. This protects against vulnerabilities and eliminates the compliance, security and availability risks of running an end-of-life operating system. TuxCare’s ELS patch availability for fixing critical vulnerabilities (CVSS 7.5 or higher) is quicker than the official vendor support.

TuxCare’s ELS service for CentOS 8 will start when the official vendor support ends and provide four more years of support. This should give any Enterprise sufficient time to plan and implement their migration to the best alternative option.

Comments (0)

There are no comments posted here yet
Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.