Friday Distro: Alpine Linux
This week's Friday distro is Alpine Linux, a surprisingly interesting distro specialized for Routers, VPNs, VOIP service, and firewalls that takes an aggressive, proactive approach to security. It's therefore minimalist, so you can install it on a router, and includes the absolute minimum (no Perl, for example). It began life as a branch of the LEAF project, which wanted a router/vpn system that could be booted from a floppy disk and run from memory: the Alpine hackers decided that config was a bit too minimal and chose instead a slightly larger package set that also provided squid, samba, dansguardian, and some other heavier applications. I thought for sure I'd learn it was developed by a bunch of Swiss or Austrian hackers, but no: it simply stands for "A Linux Powered Integrated Network Engine." Distrowatch reports it comes originally from Norway.
Most interesting of all, Alpine incorporates two security enhancements I haven't yet found on any other distro: PaX and Buffer Overflow Protection (Stack Smashing Protection). PaX is a Linux kernel patch that implements least privilege protection for memory pages. It flags data memory as non-executable, program memory as non-writable and randomly arranges the program memory. Inclusion of these two systems kept Alpine Linux protected from the vmsplice 0-day Linux kernel vulnerability: even though the attack would crash the OS, there would be no system compromise.
If you're interested in trying it, it's easy: you can run it from a USB stick, back up your config to a single file, and its simple package management and init systems make it possible to be up and running in under 10 minutes.
Most interesting of all, Alpine incorporates two security enhancements I haven't yet found on any other distro: PaX and Buffer Overflow Protection (Stack Smashing Protection). PaX is a Linux kernel patch that implements least privilege protection for memory pages. It flags data memory as non-executable, program memory as non-writable and randomly arranges the program memory. Inclusion of these two systems kept Alpine Linux protected from the vmsplice 0-day Linux kernel vulnerability: even though the attack would crash the OS, there would be no system compromise.
If you're interested in trying it, it's easy: you can run it from a USB stick, back up your config to a single file, and its simple package management and init systems make it possible to be up and running in under 10 minutes.
Download size: 280MB