The AlmaLinux OS Foundation announced that AlmaLinux 9 is now available for download as the newest version of this popular CentOS alternative derived from Red Hat Enterprise Linux’s source code.
Powered by Linux 5.14 LTS kernel series and based on and fully compatible with the recently-released Red Hat Enterprise Linux 9 operating system, AlmaLinux 9 is here as the first release of AlmaLinux that stems from CentOS Stream through RHEL.
You can learn more details by visiting this article about Introducing AlmaLinux as a replacement for Centos.
AlmaLinux 9 introduces new functionality that makes it easier to automate and deploy at scale, networking enhancements for cloud and edge through the addition of more performance metrics in Web Cockpit, access to information to identify bottlenecks, the ability to apply kernel live patching inside Web Cockpit, easier data export to data analytics and reporting tools like Grafana, as well as the ability to build images via a single build node.
Initial Server Setup with AlmaLinux 9
To start your server setup with AlmaLinux 9 you need to log in as a root user. Then, follow the steps below to complete this guide.
Update AlmaLinux 9 software
You can update the software repositories, system security patches, and all packages on AlmaLinux 9 server with the following command:
When you have finished updating, you can release disk space by deleting all downloaded software packages with all cached repositories information on AlmaLinux 9 with the following command:
dnf clean all
Now you can install some utilities that are most useful.
“curl” and “wget” are used for downloading packages over the network mostly. nano and vim are text editors. “net-tools” manage local networking. “lsof” finding the list of open files by the process. and “bash-completion” command line autocomplete.
Run the following command on AlmaLinux 9 to install them:
dnf install nano vim wget curl net-tools lsof bash-completion
Set up Hostname and networking on AlmaLinux 9 server
You can configure and manage network configurations such as setting network hostname and configuring static IP addresses using the “nmtui” graphical command-line utility.
To set your hostname on AlmaLinux 9 server, run the following command :
It should be similar to this:
Set the static IP address on AlmaLinux 9
You can configure a network interface by following these steps.
The nmtui utility provides a command to directly access the sub-screen of each option.
To access the sub-screen of the first option, use the nmtui-edit command.
You would see:
Here you can click on the Edit button to set up the network interface IP settings. You will see:
Now to save your configuration edit find ‘OK’ by using the ‘tab’ key and quit.
When you are finished with your network configuration, you need to apply the new settings. To do this run the following command:
Here select the interface you want to manage and press the Deactivate/Active option to decommission and bring up the interface with the IP settings.
Now you can check the content of the interface file with the following commands:
Also, you can use these two utilities to check the speed of your network interface and get formation from them.
# ethtool eth0 # mii-tool eth0
Note: You can list all open network sockets, and list all files that are opened by processes with the following commands:
# netstat -tulpn # ss -tulpn # lsof -i4 -6
Create a new user on AlmaLinux 9
You can create a new user on AlmaLinux 9 server with the following command:
For example, we added a user named olivia you can choose your own name.
Now set a password for your user with the following command:
Output Changing password for user olivia. New password: Retype new password: passwd: all authentication tokens updated successfully.
At this point, you need to give your user the sudo privileges. In AlmaLinux users that are in the “wheel” group can run sudo commands. To do this, run the following command:
usermod -aG wheel olivia
To check that the user has access to root privileges run the commands below:
# su - olivia # sudo dnf update
Output [[email protected] ~]$ sudo dnf update We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for olivia: ... Dependencies resolved. Nothing to do. Complete!
After you run the command, you need to enter your password to execute your command.
Set up SSH passwordless login on AlmaLinux 9
Here you can set up an SSH-passwordless authentication for your new user by generating an SSH key pair. This will increase your AlmaLinux 9 server security.
To do this, run the following commands:
# su - olivia # ssh-keygen -t RSA
Your output should similar to this:
Output [[email protected] ~]$ ssh-keygen -t RSA Generating public/private RSA key pair. Enter file in which to save the key (/home/olivia/.ssh/id_rsa): Created directory '/home/olivia/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/olivia/.ssh/id_rsa. Your public key has been saved in /home/olivia/.ssh/id_rsa.pub. The key fingerprint is: SHA256:o6KiEQ1647cpU2hkFPwsrhe4sA7wkKQQ5tWRfB/OyZY [email protected] The key's randomart image is: +---[RSA 3072]----+ |.o.oo.o | |o.+ + . . | |o+ o . = + | |=++ o E | |B=+o S | |+*=.. . . | |+=ooo . | |*.+o + | |++.oo | +----[SHA256]-----+
When you generate your keys, you will be asked for a passphrase, you can enter a strong password or press enter to leave it blank.
When your keys are generated you need to copy the generated public key pair to a remote server. To do this, run the following command:
Note: Replace the username and IP address of the remote server in the above command.
Here you should be able to log in automatically without the SSH server asking for a password.
How to Secure SSH Remote Logins on AlmaLinux 9
For more security, you can disable remote SSH access to the root account in the SSH configuration file. Open the file with your favorite text editor, here we use vi text editor:
When you get into your file, find the PermitRootLogin line and uncomment the line by removing the ‘#’ from the beginning of the line. And modify the line to No:
To apply the new changes restart the SSH on AlmaLinux 9 server with the following command:
systemctl restart sshd
At this point when you try to log in as a root user, you will get an access SSH Permission Denied error.
Set up a Firewall on AlmaLinux 9
In AlmaLinux 9 server, the default firewall is FirewallD. To install, enable, and start the service run the following commands:
# dnf install firewalld # systemctl enable firewalld # systemctl start firewalld
To check that your service is active and running run the following command:
systemctl status firewalld
In your output you should see:
Output firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor p> Active: active (running) Docs: man:firewalld(1) Main PID: 52785 (firewalld) ...
Now you can open an incoming connection to a specific service like SSH.
First of all, you need to verify that the service is present in the firewalld rules. Then, add the rule for the service by adding
--permanent switch to commands:
# firewall-cmd --add-service=ssh # firewall-cmd --add-service=ssh --permanent
Output [[email protected] ~]$ sudo firewall-cmd --add-service=ssh Warning: ALREADY_ENABLED: 'ssh' already in 'public' success [[email protected] ~]$ sudo firewall-cmd --add-service=ssh --permanent Warning: ALREADY_ENABLED: ssh success
You can do this for other services like HTTP and SMTP:
# firewall-cmd --permanent --add-service=http # firewall-cmd --permanent --add-service=https # firewall-cmd --permanent --add-service=smtp
Also, you can list all firewall rules on ALmaLinux 9 with the following command:
firewall-cmd --permanent --list-all
When you are done with these you can remove unwanted services too. let’s see how it works.
How to remove unwanted services on AlmaLinux 9
After you installed your fresh AlmaLinux 9 server, it is suggested to remove and disable unwanted services that are running by default on your server for more security and reduce the attacks.
You can use the following commands to list all network services (TCP/UDP) on the server:
# ss -tulpn # netstat -tulpn
When you see your running services you may want to stop and remove a service that you don’t want it. For example, we want to remove the Postfix mail server. To do this, run the following commands.
To stop the service use:
systemctl stop postfix
Disable the service with:
systemctl disable postfix
Then, remove it with the following command:
dnf remove postfix
Also, you can use top and ps commands to find and recognize all unwanted services and remove them from the system.
you should install the psmic first:
dnf install psmisc
Then, run the following command:
Manage services on AlmaLinux 9 server
At this point, we want to teach you some basic information about the management process on AlmaLinux 9.
You can list all active, running, exited, or failed services with the following command:
To check if a service is automatically enabled during system starts, run the following command:
systemctl list-unit-files -t service
To start a service you can use:
systemctl start service
You can stop it with:
systemctl stop service
To stop and start the service again run the following command:
systemctl restart service
If you have made changes to your service you need to reload it. You can use the following command for this:
systemctl reload service
Also, you can check whether the service is active or not with the following command:
systemctl status service
At this point, you learn how to log in to your server, create a new user with Sudo privileges, set up SSH passwordless login, and set up a basic firewall on AlmaLinux 9.
Hope you enjoy this article about the Initial server setup with AlmaLinux 9.