Tag: almalinux

Basic Security Guide for AlmaLinux 9

Leave a Comment on Basic Security Guide for AlmaLinux 9
Almalinux Security
Almalinux Security

Securing your server is a critical task for any system administrator, developer, or business owner. AlmaLinux 9, as a stable and robust RHEL-based distribution, offers great tools and features that make it an excellent choice for hosting websites, applications, or services. In this tutorial, we’ll walk you through basic security measures you can implement to keep your AlmaLinux 9 server secure.

1. Update Your System

The first and foremost step in securing your system is ensuring that it’s up-to-date with the latest security patches.

Command:

sudo dnf update -y

This command updates all installed packages to their latest versions, closing any known vulnerabilities.

2. Create a Non-Root User

Running your system as the root user is risky, as any command executed with root privileges can make sweeping changes to the system. Instead, create a non-root user and use sudo for administrative tasks.

Command:

sudo adduser yourusername
sudo passwd yourusername
sudo usermod -aG wheel yourusername

Now you can switch to this new user with:

su - yourusername

3. Configure a Firewall Using firewalld

AlmaLinux 9 comes with firewalld, a dynamic firewall management tool that provides a simple way to manage firewall rules.

Start and enable firewalld:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Check the status of the firewall:

sudo firewall-cmd --state

Allow or deny services/ports:
For example, to allow SSH (port 22):

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

4. Enable SELinux (Security-Enhanced Linux)

SELinux provides an additional layer of security by controlling access to files, processes, and ports.

Check SELinux status:

sestatus

If it’s disabled, enable it by editing /etc/selinux/config:

sudo nano /etc/selinux/config

Set SELINUX=enforcing, then reboot the server:

sudo reboot

5. Install and Configure Fail2Ban

fail2ban is a service that helps protect your server from brute-force attacks by banning IP addresses that show malicious signs.

Install fail2ban:

sudo dnf install fail2ban -y

Start and enable the service:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Configure fail2ban:
Create a local configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the file to enable the SSH jail:

sudo nano /etc/fail2ban/jail.local

Set [sshd] parameters like:

[sshd]
enabled = true

6. Disable Root Login via SSH

To further secure SSH access, prevent direct root logins.

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find and set:

PermitRootLogin no

Restart the SSH service:

sudo systemctl restart sshd

7. Set Up Automatic Updates

You can automate security updates with the dnf-automatic tool.

Install dnf-automatic:

sudo dnf install dnf-automatic -y

Configure automatic updates:
Edit the configuration file /etc/dnf/automatic.conf to set:

apply_updates = yes

Enable the service:

sudo systemctl enable --now dnf-automatic.timer

8. Install and Configure an Intrusion Detection System (IDS)

For added security, consider installing an IDS like AIDE (Advanced Intrusion Detection Environment).

Install AIDE:

sudo dnf install aide -y

Initialize the AIDE database:

sudo aide --init
sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Run a manual check with:

sudo aide --check

Conclusion

By following these basic security steps, you’re well on your way to securing your AlmaLinux 9 server. These measures provide a solid foundation for system hardening and mitigating potential threats. As always, security is an ongoing process, and regular audits and updates are crucial for long-term protection.

Feel free to share your own security tips or ask questions in the comments!

Why Choose AlmaLinux Over CentOS for Your Server Needs

Leave a Comment on Why Choose AlmaLinux Over CentOS for Your Server Needs
Almalinux vs CentOS
Choose Almalinux over CentOS

With the discontinuation of CentOS 8 at the end of 2021 and the shift to CentOS Stream, many server administrators and developers have been seeking a stable, long-term alternative. AlmaLinux has emerged as one of the most promising options, offering a reliable, free, and open-source solution that’s fully compatible with Red Hat Enterprise Linux (RHEL). Here’s why AlmaLinux is an excellent choice over CentOS for your server environment.

1. True CentOS Replacement with Long-Term Stability

AlmaLinux was created with the mission of providing a 1:1 binary-compatible fork of RHEL, much like CentOS originally did. As an RHEL-compatible distribution, it gives users a familiar, stable environment without the rolling-release model that CentOS Stream now follows. With the same structure, commands, and behavior as RHEL, AlmaLinux ensures that users experience minimal disruption while switching from CentOS.

2. Community-Driven and Open Source

AlmaLinux was founded and is maintained by the non-profit AlmaLinux OS Foundation, making it a community-driven project. This structure fosters transparency and community input, giving users a stake in the project’s direction. Unlike CentOS Stream, which is now a rolling pre-release for RHEL, AlmaLinux commits to remaining a stable release compatible with RHEL, driven by community contributions and feedback.

3. Free to Use with No Licensing Fees

AlmaLinux is completely free to use, with no hidden fees or licensing requirements, similar to CentOS. This makes it an attractive choice for businesses, organizations, and individuals who need a robust, enterprise-grade OS without the costs associated with RHEL subscriptions.

4. Extended Support and Long-Term Viability

AlmaLinux OS Foundation has pledged to provide long-term support for AlmaLinux, with updates and patches planned for 10 years, much like RHEL’s lifecycle. This extended support gives businesses peace of mind that they won’t need to switch operating systems frequently and allows for long-term planning and stability.

5. Easy Migration Tools and Guides for CentOS Users

Switching from CentOS to AlmaLinux is straightforward, thanks to the migration tools developed by the AlmaLinux OS Foundation. For users already on CentOS 8, the foundation provides AlmaLinux-deploy, a script that simplifies the migration process by converting an existing CentOS system to AlmaLinux without a full reinstallation. This ease of migration allows businesses to transition with minimal downtime and without costly, time-consuming reconfiguration.

6. Security and Reliability

AlmaLinux maintains rigorous security standards to provide a secure operating system. Regular updates and patches keep the system safe from vulnerabilities, and since it’s built to mirror RHEL, you can expect enterprise-grade stability and security features. For users concerned with CentOS Stream’s potential lack of stability, AlmaLinux offers the peace of mind that comes with a fully stable release model.

7. Wide Compatibility and Support for Enterprise Applications

Since AlmaLinux is designed to be fully RHEL-compatible, it works seamlessly with most applications and software built for RHEL. Many enterprise applications that ran on CentOS 7 and 8 will work without issue on AlmaLinux. This compatibility makes it easy to adopt without needing to alter existing software or configurations.

8. Active and Growing Community Support

AlmaLinux’s community is growing quickly, with active forums, extensive documentation, and support channels to help users troubleshoot and optimize their setups. As an open-source community project, AlmaLinux benefits from the collaboration of developers, businesses, and users, ensuring that AlmaLinux remains resilient and adaptable.

9. Endorsements and Contributions from Major Organizations

Major organizations in the tech industry, including CloudLinux, have endorsed AlmaLinux and are contributing to its development. This backing by established companies provides additional assurance that AlmaLinux is a sustainable, reliable option for production environments. These organizations also contribute resources and expertise to AlmaLinux, ensuring it stays aligned with the needs of enterprise users.

Conclusion: AlmaLinux as the Next Step for CentOS Users

AlmaLinux offers everything that made CentOS great—stability, RHEL compatibility, and cost-effectiveness—while remaining free and open-source. Its commitment to stability and long-term support, backed by a strong community, makes it an ideal choice for businesses looking to transition smoothly from CentOS without compromising on performance or reliability. For server administrators and developers seeking a trusted CentOS successor, AlmaLinux is a compelling, future-proof solution.