Security Hardening for AlmaLinux VPS (Part 1)

security hardening almalinux vps

Learn security hardening for AlmaLinux VPS to protect your VPS cloud servers or dedicated servers. How secured is the cloud? This is a commonly asked question and system administrators have the answer to this question: it all depends on how much security hardening effort has been done. In addition to the one-time security hardening steps, it is important to ensure continuous monitoring and optimisation effort to secure your cloud server. Furthermore, a good security policy covering people, process and system is the key to better cloud infrastructure security.

Let us explore some of the free and basic methods of security hardening as follow.

1. Harden SSH

SSH access to a Linux server is similar to the front gate to your house. Securing your front gate keeps your house safe. When you subscribe to a cloud service, your service provider will provide you with root SSH access. Clearly, security hardening begins with SSH access. Check out the five SSH hardening tips here. First, you will learn how to implement an idle timeout so your server disconnects you upon inactivity. Next, you will learn how to limit maximum authentication attempts to prevent brute force attack on your SSH. You will also find out how to change your SSH port number to further secure your SSH. Furthermore, you will also learn how to disable SSH tunneling and forwarding, both of which are unlikely to be needed. Lastly, you are also given with the steps to use password-less login to SSH.

2. Install CSF Firewall

Most Linux distributions, such as the AlmaLinux 8 has the firewalld default firewall. We recommend CSF Firewall, a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application. CSF Firewall includes other additional security features such as login/intrusion/flood detections. Learn how to install and use CSF Firewall here. CSF Firewall is also very popular among cPanel, DirectAdmin and Webmin control panel users, for its UI integration, something the firewalld does not offer.

3. Install ClamAV Antivirus

ClamAV is an open source antivirus that is very popular among Linux servers. It is not the best performing antivirus out there for Linux but it will serve you well for its lightweight footprint and general protection.

4. Install Free SSL Certificate

While not directly securing your VPS cloud server, an SSL certificate can secure data that is transmitted between your VPS and other devices. Consider signing and installing a free SSL certificate, such as the Let’s Encrypt. How strong is 256-bit encryption on SSL Certificates? A 256-bit key can have 2^256 possible combinations. 2^256 possible combinations is equivalent to 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 (that’s 78 digits) of possible combinations. A large-scale quantum computer may crack an SSL Certificate within 7-10 years but of course there will be a solution coming soon, known as quantum-safe cryptography (also called post-quantum, quantum-resistant). For now, 256-bit encryption on Free SSL is good enough, since it is not easy to gain access to large-scale quantum computer just to crack an SSL certificate.

5. Ensure AlmaLinux is always up-to-date

Although AlmaLinux 8 may be too new to contribute to vulnerability statistics in Year 2021, it is safe to say that AlmaLinux will be a secure operating system. AlmaLinux is a binary compatible fork of RHEL, the base for CentOS, and both RHEL and CentOS are secure enough for enterprise environment. Anyhow, being a new operating system, you should not forget to keep AlmaLinux up-to-date simply through the command: dnf update all


We hope you will find these tips of security hardening for AlmaLinux VPS useful. Be sure to check back on our tutorial resources for the coming episode, where we will be sharing more security hardening tips with you!

Related Post