When comparing Hardened Gentoo vs CentOS, the Slant community recommends Hardened Gentoo for most people. In the question“What are the best Linux distributions for misanthropes?” Hardened Gentoo is ranked 36th while CentOS is ranked 92nd. The most important reason people chose Hardened Gentoo is:
Your only real options for a widely supported hardened distro are the Red Had distros (Red Hat, CentOS, Fedora) of which Fedora is your best bet for a desktop , or Gentoo. You can make a hardened kernel in Gentoo while stripping unnecessary features, creating a much smaller attack surface, and using in-kernel mitigations others don’t.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Supports custom hardened kernels
Your only real options for a widely supported hardened distro are the Red Had distros (Red Hat, CentOS, Fedora) of which Fedora is your best bet for a desktop , or Gentoo. You can make a hardened kernel in Gentoo while stripping unnecessary features, creating a much smaller attack surface, and using in-kernel mitigations others don’t.
Pro Comprehensive hardened guide in wiki
From SELinux to PaX to AppArmor to.... The wiki has got you covered.
Pro Fully customized kernel that prevents server-side malwares with SSO mechanisms
Out of CentOS /RedHat/Fedora a hardened kernel is very easy to make.
Pro Best defense against NOP-sled malwares, even with ROP/COP mechanisms
Out of CentOS/RedHat/Fedora/OpenSUSE/Slackware/FreeBSD/Mandriva and Arch, only Gentoo can best protect you against NOP-sled malwares, even with ROP/COP mechanisms.
Pro Greatly favours stability over anything else
CentOS favours stability over being up-to date. For this reason it ships with packages that may be up to two years behind in order to ensure stability over everything else.
Using older versions for packages means that they have been thoroughly tested and used in production for quite some time, and are ensured to play well with each-other.
This strategy has paid off quite a lot in the past. One example is the Heartbleed bug which left CentOS unaffected since it was using a two-year old OpenSSL library which did not have the bug.
Pro Applications don't have to take into account potentially breaking changes in libraries
Since CentOS backports all updates and bug fixes to older versions in order to maintain package compatibility across releases, applications hosted on Red Hat Linux don't have to worry about potential breaking changes in libraries they use, especially language libraries.
Pro Good long term support
Pro Built-in disaster recovery solutions through clusters
CentOS has several built-in solutions for disaster recovery. For example, it comes with pacemaker which can be configured to manage multi-site and and stretch clusters across multiple geographical locations for disaster recovery and scalability. It can also be configured to trigger notifications when the status of a managed cluster changes by using enhanced pacemaker alerts.
Pro Supports multiple PHP versions
You can install multiple PHP versions and have them available for different users.
Pro Built-in support for containers
Comes with built-in management tools for containers (Atomic CLI, Cockpit) and a container runtime in the form of Docker engine.