Saturday, November 9, 2013

Alpine Linux, Small, Simple, Secure

Alpine Linux is a community developed operating system designed for x86 routers, firewalls, VPNs, VoIP boxes and servers. It was designed with security in mind, it has proactive security features like PaX and SSP that prevent security holes in the software to be exploited.

The C library used is uClibc and the base tools are all in BusyBox. Those are normally found in embedded systems and are smaller than the tools found in GNU/Linux systems.

"Alpine" originally stood for A Linux Powered Integrated Network Engine. The idea was that the distribution would be focused on networking, and be a tiny "engine" or framework, which larger systems could be built upon.

Today, "Alpine" is nothing more than a name, despite continuing to live up to its original name. As an example, here are a few of Alpine's achievements and real-world uses:
  • The first open-source implementation of Cisco's DMVPN, called OpenNHRP, was written for Alpine Linux.
  • In addition to its use as a firewall or router system, Alpine Linux is also used in a number of installations as the basis for enterprise servers, running such software as PostgreSQL, Postfix, Asterisk, Kamailio, and being used for iSCSI SANs. It is the little engine that could.
Why Should I Try It?
  • It's easy to install: You can boot it from a USB stick and have a fully configured system in less than 10 minutes.
  • It's simple: The package management and init system is a breeze to use.
  • It's more secure: When The Linux 0-day vmsplice vulnerability was causing admins everywhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion.
  • It's small: The traditional GNU/Linux base system is over 100MB in size (excluding the kernel), while the base system in Alpine Linux is only 4-5MB in size (excluding the kernel).
  • It has the Alpine Configuration Framework (ACF): While optional, ACF is a powerful web application used to configure an Alpine Linux device. (Screenshots)
  • It's great for experimenting: Since the system configuration can be backed up to a single file, you will be able to test configurations before deploying them to production systems. (See Alpine Local Backup.)
  • It supports Linux-VServer: Similar to FreeBSD Jails, it allows you to run virtual servers.
Download Alpine Linux

No comments:

Post a Comment