If you are going to prevent malicious traffic or data coming from the Internet or other networks to your system, you need to know what a firewall is and how it works. Generally, a firewall is a device and network security mode that monitors incoming and outgoing network traffic and blocks or allows packets or information data to pass based on its security rules. In this post, with an Ultimate Guide to Protect Your System from Cyber Threats, we will tell you how to Secure Your AlmaLinux with Firewall.
A firewall is used to prevent sabotage and security of any system of this system. We must say that every system connected to the Internet needs its firewall to be active to prevent malware attacks and the penetration of dangerous data. It is interesting to note that AlmaLinux and other RHEL-based Linux distributions use firewalls to manage firewall rules. Before we start and explain to you the methods of Secure Your AlmaLinux with Firewall, we recommend you choose and buy a plan from the Linux VPS server plans presented on our website. After installing AlmaLinux on our servers, you will enjoy their high quality.
In the rest of this article, we will comprehensively teach you how to Secure Your AlmaLinux with Firewall.
If we want to describe SSH with a simple example, we should say that it is like the door of your house. Therefore, securing the front door will keep your home safe. When you purchase a Linux server, your service provider will provide you with SSH root access. To increase security, you should start with SSH access. In the following, we will teach you 5 ways to harden SSH access.
To carry out the steps that we will tell in the rest of this article, it is enough to open the configuration file using your desired text editor:
nano /etc/ssh/sshd_config
It is also necessary to save and exit the configuration file after completing each step. Then, to apply the changes, you must restart the sshd file by running the following command:
systemctl restart sshd
The first method is to exit SSH if the user is inactive. Therefore, you can search for the following command inside the configuration file:
#ClientAliveInterval 0
Now, if you want to set the idle time to 5 minutes, for example, you need to set it in seconds. That is 300 seconds:
ClientAliveInterval 300
In the second method, you can reduce the number of unsuccessful attempts to enter the system. (3 unsuccessful logins):
MaxAuthTries 3
Another very effective method is to change the SSH port. Given that the default SSH port is 22, you can easily change it to the desired number by running the following command. (for example port 1022):
#Port 22
and change it to:
Port 1022
It should be noted that SSH tunnels allow connections made to a local port to be forwarded to a remote device over a secure channel. To disable some unnecessary options related to tunneling and forwarding, you can search for the following commands in the configuration file:
#AllowAgentForwarding yes #AllowTcpForwarding no #PermitTunnel no
Now you need to change the above commands as below and save the configuration file and exit it:
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
To generate your public key on a desktop computer on different platforms, you need to do the following. If you are using OpenSSH Client on Windows, you must use the following command in the command prompt:
ssh-keygen
But if you don’t use OpenSSH Client, you can generate SSH keys using PuTTYgen.
Also, if you use MacOS or Linux operating systems, you can use the following command:
ssh-keygen
Again, it is necessary to run the configuration file after entering the server by running the following command:
nano /.ssh/authorized_keys
Put your public key in a row in the file and save it. After doing this you can connect to SSH using your private key. Now it’s time to run the following command:
/etc/ssh/sshd_config
Finally, you need to paste the following lines in the desired path:
Password Authentication yes
PubkeyAuthentication yes
AlmaLinux has a default firewall but we recommend CSF firewall for intrusion detection, intrusion detection, and security in this article. This firewall is very popular among the users of the popular control panels CPanel, DirectAdmin, and Webmin. To install the CSF firewall, you must first install the necessary prerequisites using the following command:
dnf install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph wget tar perl-Math-BigInt
Now you can run the following commands to download, extract and install CSF Firewall:
cd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
In the next step, you can use the following command to check if your server has iptable modules or not:
perl /usr/local/csf/bin/csftest.pl
After learning the relevant explanations, you should turn off the test mode:
sed 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
Finally, you can restart the CSF firewall by running the following command:
csf -r
ClamAV is an open-source, cross-platform, anti-malware toolkit developed by Cisco Systems Inc. This kit contains a new protection system to deal with Trojans, viruses, worms, and other types of malware. This antivirus is basically a light and command-line-based system that is combined with other tools such as FreshClam, ClamDaemon, ClamDTop, ClamScan, and Clamtk and offers many valuable features such as automatic database update and real-time scanning and scheduled scanning.
You can run the following commands to install ClamAV on AlmaLinux:
dnf install clamav
dnf install clamd
You should know that ClamAV uses FreshClam to check for new database versions periodically. Run ClamAV to update the signature database. To do this, just follow the instructions below step by step.
Stop the freshclam service by running the following command:
systemctl stop clamav-freshclam
You can also run Freshclam using the following command:
freshclam
Run the following command again to start the Freshclam:
systemctl start clamav-freshclam
After completing the installation process, you can use the following command to run a full system scan and remove malware:
clamscan --infected --recursive --remove /
As you know AlmaLinux is a binary-compatible fork of the RHEL and CentOS base. On the other hand, RHEL and CentOS are secure enough for an enterprise environment. However, it is important to try to always keep AlmaLinux up-to-date by running the following command:
dnf update all
In the first step, you can check the status of the firewall on AlmaLinux by running the following command:
systemctl status firewalld
Check the services configured in the firewall using the following command:
sudo firewall-cmd --list-all
You can stop the firewall with the help of the following command:
sudo systemctl stop firewalld
You can also run the following command to start the firewall again:
sudo systemctl start firewalld
To restart the process, use the following command:
sudo systemctl restart firewalld
As you know, by default, the firewall starts automatically after the system boots. To disable the firewall, you can use the following command:
systemctl disable firewalld
It should be noted that if the above command is executed with the systemctl stop firewalld command, the firewall will be disabled forever.
The interesting thing is that you can reactivate the firewalld service at any time:
sudo systemctl enable firewalld
In this article that you read, we tried to fully familiarize you with the steps to secure AlmaLinux so that you can be safe from cyber-attacks. We also tried to teach you how to Secure Your AlmaLinux with Firewall. In this way, now you can easily install FirewallD on AlmaLinux and other RPM-based Linux systems. By doing this you will partially secure your system from the outside world.
How useful was this post?
Click on a star to rate it!
Average rating 5 / 5. Vote count: 1
No votes so far! Be the first to rate this post.
By reading the step-by-step guide of this article, you can easily Install Virtualizor on AlmaLinux 8...
Certainly, one of the important pillars of any network is having a monitoring system to check the st...
What is your opinion about this Blog?