Tag: almalinux 9

How to Upgrade from CentOS 7 to AlmaLinux 8 or 9 on Your VPS or Dedicated Server

Leave a Comment on How to Upgrade from CentOS 7 to AlmaLinux 8 or 9 on Your VPS or Dedicated Server

With CentOS 7 reaching its end of life, upgrading to a modern and supported OS like AlmaLinux 8 or 9 is crucial for continued stability, security, and performance. AlmaLinux offers a seamless and reliable transition path as it’s built to be a 1:1 RHEL binary compatible fork, making it an excellent choice for CentOS users.

Prerequisites

  • A VPS or dedicated server running CentOS 7.
  • Root access to the server.
  • A recent backup of your server’s data and configurations.
  • Ensure your system is fully updated.

Step-by-Step Guide to Upgrading from CentOS 7 to AlmaLinux 8/9

Step 1: Update and Prepare Your System

  1. Log in to your CentOS 7 server via SSH as the root user or a user with sudo privileges.
  2. Update all system packages:
   sudo yum update -y
  1. Reboot your server to ensure all updates are applied:
   sudo reboot
  1. Verify your CentOS version:
   cat /etc/centos-release

You should see output similar to CentOS Linux release 7.x.x (Core).

Step 2: Install the ELevate Tool

The ELevate tool is used to migrate from CentOS 7 to AlmaLinux 8 or 9.

  1. Add the ELevate repository:
   sudo yum install -y https://repo.almalinux.org/elevate/elevate-release-latest-el7.noarch.rpm
  1. Install the leapp package:
   sudo yum install -y leapp

Step 3: Check for Upgrade Compatibility

  1. Run a pre-upgrade check:
   sudo leapp preupgrade
  1. Review the pre-upgrade report:
    The report is located at /var/log/leapp/leapp-report.txt. It will detail any issues that need to be resolved before proceeding.
  2. Address any issues raised in the report. Common issues may include unsupported packages, custom configurations, or third-party repositories.

Step 4: Begin the Upgrade Process

  1. Start the upgrade process:
   sudo leapp upgrade

This process may take some time as it involves downloading and installing new packages, migrating configurations, and updating the kernel.

  1. Reboot your server:
   sudo reboot

The system will boot into a special initramfs environment and complete the upgrade.

Step 5: Verify the Upgrade

  1. Log back into your server after the upgrade process completes.
  2. Check the new OS version:
   cat /etc/redhat-release

You should see output indicating that you are now running AlmaLinux 8 or 9, depending on your chosen target version.

Step 6: Post-Upgrade Tasks

  1. Reinstall third-party repositories or packages if necessary.
  2. Test critical services and applications to ensure they are functioning correctly.
  3. Clean up old packages and files:
   sudo yum autoremove

Troubleshooting Tips

  • Check the leapp logs if you encounter issues:
  • /var/log/leapp/leapp-upgrade.log
  • /var/log/leapp/leapp-report.txt
  • Ensure your system has enough free disk space for the upgrade process.
  • Disable any custom or third-party repositories that may cause conflicts and re-enable them after verifying compatibility with AlmaLinux.

Conclusion

Upgrading from CentOS 7 to AlmaLinux 8 or 9 ensures continued support, security, and compatibility for your server. With the ELevate tool, the migration process is straightforward, allowing you to maintain your existing setup with minimal downtime and effort.

Basic Security Guide for AlmaLinux 9

Leave a Comment on Basic Security Guide for AlmaLinux 9
Almalinux Security
Almalinux Security

Securing your server is a critical task for any system administrator, developer, or business owner. AlmaLinux 9, as a stable and robust RHEL-based distribution, offers great tools and features that make it an excellent choice for hosting websites, applications, or services. In this tutorial, we’ll walk you through basic security measures you can implement to keep your AlmaLinux 9 server secure.

1. Update Your System

The first and foremost step in securing your system is ensuring that it’s up-to-date with the latest security patches.

Command:

sudo dnf update -y

This command updates all installed packages to their latest versions, closing any known vulnerabilities.

2. Create a Non-Root User

Running your system as the root user is risky, as any command executed with root privileges can make sweeping changes to the system. Instead, create a non-root user and use sudo for administrative tasks.

Command:

sudo adduser yourusername
sudo passwd yourusername
sudo usermod -aG wheel yourusername

Now you can switch to this new user with:

su - yourusername

3. Configure a Firewall Using firewalld

AlmaLinux 9 comes with firewalld, a dynamic firewall management tool that provides a simple way to manage firewall rules.

Start and enable firewalld:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Check the status of the firewall:

sudo firewall-cmd --state

Allow or deny services/ports:
For example, to allow SSH (port 22):

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

4. Enable SELinux (Security-Enhanced Linux)

SELinux provides an additional layer of security by controlling access to files, processes, and ports.

Check SELinux status:

sestatus

If it’s disabled, enable it by editing /etc/selinux/config:

sudo nano /etc/selinux/config

Set SELINUX=enforcing, then reboot the server:

sudo reboot

5. Install and Configure Fail2Ban

fail2ban is a service that helps protect your server from brute-force attacks by banning IP addresses that show malicious signs.

Install fail2ban:

sudo dnf install fail2ban -y

Start and enable the service:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Configure fail2ban:
Create a local configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the file to enable the SSH jail:

sudo nano /etc/fail2ban/jail.local

Set [sshd] parameters like:

[sshd]
enabled = true

6. Disable Root Login via SSH

To further secure SSH access, prevent direct root logins.

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find and set:

PermitRootLogin no

Restart the SSH service:

sudo systemctl restart sshd

7. Set Up Automatic Updates

You can automate security updates with the dnf-automatic tool.

Install dnf-automatic:

sudo dnf install dnf-automatic -y

Configure automatic updates:
Edit the configuration file /etc/dnf/automatic.conf to set:

apply_updates = yes

Enable the service:

sudo systemctl enable --now dnf-automatic.timer

8. Install and Configure an Intrusion Detection System (IDS)

For added security, consider installing an IDS like AIDE (Advanced Intrusion Detection Environment).

Install AIDE:

sudo dnf install aide -y

Initialize the AIDE database:

sudo aide --init
sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Run a manual check with:

sudo aide --check

Conclusion

By following these basic security steps, you’re well on your way to securing your AlmaLinux 9 server. These measures provide a solid foundation for system hardening and mitigating potential threats. As always, security is an ongoing process, and regular audits and updates are crucial for long-term protection.

Feel free to share your own security tips or ask questions in the comments!