Story 2014-07-18 3R3 Friday Distro: Alpine Linux

Friday Distro: Alpine Linux

by
in linux on (#3R3)
story imageThis week's Friday distro is Alpine Linux, a surprisingly interesting distro specialized for Routers, VPNs, VOIP service, and firewalls that takes an aggressive, proactive approach to security. It's therefore minimalist, so you can install it on a router, and includes the absolute minimum (no Perl, for example). It began life as a branch of the LEAF project, which wanted a router/vpn system that could be booted from a floppy disk and run from memory: the Alpine hackers decided that config was a bit too minimal and chose instead a slightly larger package set that also provided squid, samba, dansguardian, and some other heavier applications. I thought for sure I'd learn it was developed by a bunch of Swiss or Austrian hackers, but no: it simply stands for "A Linux Powered Integrated Network Engine." Distrowatch reports it comes originally from Norway.

Most interesting of all, Alpine incorporates two security enhancements I haven't yet found on any other distro: PaX and Buffer Overflow Protection (Stack Smashing Protection). PaX is a Linux kernel patch that implements least privilege protection for memory pages. It flags data memory as non-executable, program memory as non-writable and randomly arranges the program memory. Inclusion of these two systems kept Alpine Linux protected from the vmsplice 0-day Linux kernel vulnerability: even though the attack would crash the OS, there would be no system compromise.

If you're interested in trying it, it's easy: you can run it from a USB stick, back up your config to a single file, and its simple package management and init systems make it possible to be up and running in under 10 minutes.
Reply 4 comments

Current, small (Score: 2, Informative)

by kwerle@pipedot.org on 2014-07-18 16:40 (#2JG)

Last release: June 26.
Download size: 280MB

Re: Current, small (Score: 3, Insightful)

by bryan@pipedot.org on 2014-07-18 22:38 (#2JP)

system that could be booted from a floppy disk and run from memory
Not long from now, in fact it may have happened already, a substantial portion of the population will have never used or even seen a floppy disk.

Re: Current, small (Score: 2, Insightful)

by zafiro17@pipedot.org on 2014-07-19 11:19 (#2JX)

I am nostalgic for lots of old things, but floppy disks aren't one of them. Rest in peace, funky tech!

I do like the idea of a firewall OS that can run in memory and be rebooted to a clean state if ever there's a compromise. Amazing how much effort and time go into figuring out how to dickish things to other peoples' systems. Firewall – set phasers on "deep fry gonads!"

Thanks for the tip (Score: 1)

by scotch@pipedot.org on 2014-08-07 20:58 (#2S4)

I am in the process of building my own "cloud". I was going debian only with CEPH, openvswitch, qemu-kvm and linux-vserver (I know I should switch to LXC). But I will give a try to alpine thanks to your post!