Friday Distro: Alpine Linux

by
in linux on (#3R3)
story imageThis week's Friday distro is Alpine Linux, a surprisingly interesting distro specialized for Routers, VPNs, VOIP service, and firewalls that takes an aggressive, proactive approach to security. It's therefore minimalist, so you can install it on a router, and includes the absolute minimum (no Perl, for example). It began life as a branch of the LEAF project, which wanted a router/vpn system that could be booted from a floppy disk and run from memory: the Alpine hackers decided that config was a bit too minimal and chose instead a slightly larger package set that also provided squid, samba, dansguardian, and some other heavier applications. I thought for sure I'd learn it was developed by a bunch of Swiss or Austrian hackers, but no: it simply stands for "A Linux Powered Integrated Network Engine." Distrowatch reports it comes originally from Norway.

Most interesting of all, Alpine incorporates two security enhancements I haven't yet found on any other distro: PaX and Buffer Overflow Protection (Stack Smashing Protection). PaX is a Linux kernel patch that implements least privilege protection for memory pages. It flags data memory as non-executable, program memory as non-writable and randomly arranges the program memory. Inclusion of these two systems kept Alpine Linux protected from the vmsplice 0-day Linux kernel vulnerability: even though the attack would crash the OS, there would be no system compromise.

If you're interested in trying it, it's easy: you can run it from a USB stick, back up your config to a single file, and its simple package management and init systems make it possible to be up and running in under 10 minutes.

Thanks for the tip (Score: 1)

by scotch@pipedot.org on 2014-08-07 20:58 (#2S4)

I am in the process of building my own "cloud". I was going debian only with CEPH, openvswitch, qemu-kvm and linux-vserver (I know I should switch to LXC). But I will give a try to alpine thanks to your post!
Post Comment
Subject
Comment
Captcha
In the number 4028913, what is the 6th digit?