Use a firewall config that is not some crap copied from the web, but does allow exactly the services that are used, and only these.
Personally I don't keep ssh open to the public with my firewall.Get sshguard
Tripwire does the same work as rkhunter, AIDE and/or LYNIS. I would recommend them like many other ones mentioned above.Personally I don't keep ssh open to the public with my firewall.
For my 2 instances on Linode I use security/tripwire and ssh keys with ed25519 in my instances.
Plus I change the port number from default.
That brings back memories, some far distant (Netscape Server on Solaris 5.5 with the tripwire checksums on a read-only floppy, circa 1997), and some more recent (AIDE rolled out gratuitously to 1000+ Linux systems).Tripwire does the same work as rkhunter, AIDE and/or LYNIS. I would recommend them like many other ones mentioned above.