diff --git a/.github/workflows/build-rpm.yml b/.github/workflows/build-rpm.yml
index 193421d..277f697 100644
--- a/.github/workflows/build-rpm.yml
+++ b/.github/workflows/build-rpm.yml
@@ -39,10 +39,11 @@ on:
 env:
   GO_VERSION: '1.24'
   PACKAGE_NAME: ja4sentinel
+  TARGET_DIST: rockylinux:9
 
 jobs:
   build-rpm:
-    name: Build RPM Package
+    name: Build RPM Package (Rocky Linux)
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -73,44 +74,36 @@ jobs:
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           echo "Building version: ${VERSION}"
 
-      - name: Set up RPM build environment
+      - name: Build RPM in Docker
         run: |
-          sudo apt-get update
-          sudo apt-get install -y \
-            rpm \
-            rpmbuild \
-            libpcap-dev \
-            libpcap0.8-dev
-
-      - name: Build Go binary
-        run: |
-          make build-linux
-          ls -la dist/
-
-      - name: Build RPM package
-        run: |
-          VERSION="${{ steps.version.outputs.version }}"
-          ./packaging/build-rpm.sh "${VERSION}" "x86_64"
+          docker build --no-cache \
+            -t ${PACKAGE_NAME}-packager-rpm \
+            --build-arg VERSION="${{ steps.version.outputs.version }}" \
+            --build-arg ARCH=x86_64 \
+            -f packaging/Dockerfile.rpm .
+          
+          # Extract RPM from image
+          mkdir -p build/rpm
+          docker run --rm ${PACKAGE_NAME}-packager-rpm sh -c 'cat /packages/*.rpm' > build/${PACKAGE_NAME}.rpm
 
       - name: List build artifacts
         run: |
           echo "=== Build Artifacts ==="
           ls -lah build/rpm/
-          echo "=== Checksums ==="
-          cat build/rpm/*.sha256 || true
+          sha256sum build/${PACKAGE_NAME}.rpm
 
       - name: Upload RPM artifact
         uses: actions/upload-artifact@v4
         with:
-          name: ja4sentinel-rpm-x86_64
-          path: build/rpm/*.rpm
+          name: ${PACKAGE_NAME}-rpm-x86_64
+          path: build/*.rpm
           retention-days: 30
 
       - name: Upload checksum artifact
         uses: actions/upload-artifact@v4
         with:
-          name: ja4sentinel-rpm-checksums
-          path: build/rpm/*.sha256
+          name: ${PACKAGE_NAME}-rpm-checksums
+          path: build/*.rpm.sha256
           retention-days: 30
 
       - name: Create release and upload assets (on tag)
@@ -118,8 +111,7 @@ jobs:
         uses: softprops/action-gh-release@v2
         with:
           files: |
-            build/rpm/*.rpm
-            build/rpm/*.sha256
+            build/*.rpm
           generate_release_notes: true
           make_latest: true
         env:
diff --git a/README.md b/README.md
index b3f8e1e..ddcd606 100644
--- a/README.md
+++ b/README.md
@@ -42,20 +42,38 @@ Outil Go pour capturer le trafic réseau sur un serveur Linux, extraire les hand
 - libpcap-dev (pour la capture réseau)
 - Docker (pour les tests et le déploiement)
 
-### Build local
+### Packages système
+
+#### Rocky Linux / RHEL (.rpm)
 
 ```bash
-make build
+# Télécharger le package
+wget https://github.com/your-repo/ja4sentinel/releases/latest/download/ja4sentinel.rpm
+
+# Installer
+sudo dnf install ./ja4sentinel.rpm
+
+# Activer le service
+sudo systemctl enable ja4sentinel
+sudo systemctl start ja4sentinel
+
+# Vérifier le statut
+sudo systemctl status ja4sentinel
 ```
 
-### Build Docker
+#### Debian / Ubuntu (.deb)
 
 ```bash
-# Image de développement
-make docker-build-dev
+# Télécharger le package
+wget https://github.com/your-repo/ja4sentinel/releases/latest/download/ja4sentinel.deb
 
-# Image runtime (production)
-make docker-build-runtime
+# Installer
+sudo dpkg -i ja4sentinel.deb
+sudo apt-get install -f  # Installer les dépendances
+
+# Activer le service
+sudo systemctl enable ja4sentinel
+sudo systemctl start ja4sentinel
 ```
 
 ## Configuration
diff --git a/packaging/Dockerfile.rpm b/packaging/Dockerfile.rpm
index 5c808e8..1e29c0a 100644
--- a/packaging/Dockerfile.rpm
+++ b/packaging/Dockerfile.rpm
@@ -1,4 +1,4 @@
-# Dockerfile for building RPM packages
+# Dockerfile for building RPM packages for Rocky Linux
 # Use Go 1.24 as base to ensure correct Go version
 FROM golang:1.24-bookworm AS builder
 
@@ -21,10 +21,10 @@ RUN mkdir -p dist && \
     CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \
     go build -buildvcs=false -o dist/ja4sentinel-linux-amd64 ./cmd/ja4sentinel
 
-# Build RPM
+# Build RPM for Rocky Linux (RHEL compatible)
 ARG ARCH=x86_64
 RUN mkdir -p /app/packages && \
-    ./packaging/build-rpm.sh "${VERSION}" "${ARCH}" && \
+    ./packaging/build-rpm.sh "${VERSION}" "${ARCH}" "rocky" && \
     cp /app/build/rpm/*.rpm /app/packages/
 
 # Final stage - minimal image with just the RPM
diff --git a/packaging/build-rpm.sh b/packaging/build-rpm.sh
index d5c866c..c41c833 100755
--- a/packaging/build-rpm.sh
+++ b/packaging/build-rpm.sh
@@ -1,12 +1,14 @@
 #!/bin/bash
 # Build script for .rpm package
-# Usage: ./build-rpm.sh [version] [architecture]
+# Usage: ./build-rpm.sh [version] [architecture] [distribution]
+# distribution: rocky, rhel, centos (default: rocky)
 
 set -e
 
 # Sanitize version for RPM package (must start with digit)
 VERSION="${1:-1.0.0}"
 ARCH="${2:-x86_64}"
+DIST="${3:-rocky}"
 PACKAGE_NAME="ja4sentinel"
 
 # Convert git version to RPM-compatible format
@@ -18,7 +20,7 @@ else
     RPM_VERSION="0.0.0.${VERSION//[^a-zA-Z0-9.]/_}"
 fi
 
-echo "=== Building ${PACKAGE_NAME} ${RPM_VERSION} for ${ARCH} ==="
+echo "=== Building ${PACKAGE_NAME} ${RPM_VERSION} for ${DIST} (${ARCH}) ==="
 
 # Directories
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
diff --git a/packaging/rpm/ja4sentinel.spec b/packaging/rpm/ja4sentinel.spec
index c113878..7eebf93 100644
--- a/packaging/rpm/ja4sentinel.spec
+++ b/packaging/rpm/ja4sentinel.spec
@@ -6,9 +6,12 @@ License:        MIT
 URL:            https://github.com/your-repo/ja4sentinel
 BuildArch:      x86_64
 
-# Runtime dependencies
+# Rocky Linux / RHEL compatibility
+# Requires EPEL for some dependencies if not in base repos
+%if 0%{?rhel} >= 8
 Requires:       systemd
 Requires:       libpcap
+%endif
 
 %description
 JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers,
@@ -22,6 +25,7 @@ Features:
 - IP/TCP metadata enrichment
 - Multiple output formats (stdout, file, UNIX socket)
 - Structured JSON logging for systemd/journald
+- Compatible with Rocky Linux, RHEL, CentOS
 
 %prep
 # No source to unpack, binary is pre-built
diff --git a/packaging/test/Dockerfile.rpm b/packaging/test/Dockerfile.rpm
index 8136db1..3e09ba6 100644
--- a/packaging/test/Dockerfile.rpm
+++ b/packaging/test/Dockerfile.rpm
@@ -1,7 +1,7 @@
-# Dockerfile for testing RPM package installation
-FROM fedora:39
+# Dockerfile for testing RPM package installation on Rocky Linux
+FROM rockylinux:9
 
-# Install dependencies
+# Install dependencies (libpcap is in base repo on Rocky 9)
 RUN dnf install -y \
     libpcap \
     systemd \
diff --git a/packaging/test/test-install-rpm.sh b/packaging/test/test-install-rpm.sh
index 261f77a..567f3ff 100755
--- a/packaging/test/test-install-rpm.sh
+++ b/packaging/test/test-install-rpm.sh
@@ -1,9 +1,10 @@
 #!/bin/bash
-# Test script for RPM package installation
+# Test script for RPM package installation on Rocky Linux
 set -e
 
 echo "=========================================="
 echo "  JA4Sentinel RPM Package Installation Test"
+echo "  Target: Rocky Linux 9"
 echo "=========================================="
 
 # Colors for output
diff --git a/packaging/test/test-rpm.sh b/packaging/test/test-rpm.sh
index ba60bfe..b9a2f83 100755
--- a/packaging/test/test-rpm.sh
+++ b/packaging/test/test-rpm.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Test RPM package installation in Docker container
+# Test RPM package installation in Rocky Linux container
 set -e
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"