Alpine Linux:About: Difference between revisions
(→Why Should I Try It?: move security higher up) |
(→Why Should I Try It?: its small) |
||
Line 16: | Line 16: | ||
* '''It's simple:''' The [[Alpine Linux package management|package management]] and [[Alpine Linux Init System|init system]] is a breeze to use. | * '''It's simple:''' The [[Alpine Linux package management|package management]] and [[Alpine Linux Init System|init system]] is a breeze to use. | ||
* '''It's more secure:''' When The Linux 0-day [http://en.wikipedia.org/wiki/Vmsplice%28%29_local_root_exploit vmsplice vulnerability] was causing admins everywhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion. | * '''It's more secure:''' When The Linux 0-day [http://en.wikipedia.org/wiki/Vmsplice%28%29_local_root_exploit vmsplice vulnerability] was causing admins everywhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion. | ||
* '''It is small:''' Traditional GNU/Linux base system is over 100MB excluding kernel. Alpine Linux is 4-5MB excluding kernel. | |||
* '''It has the [[Alpine Configuration Framework Design|Alpine Configuration Framework (ACF)]]:''' While optional, ACF is a powerful web application used to configure an Alpine Linux device. ([[User:K0gen/ACF_Screenshots|Screenshots]]) | * '''It has the [[Alpine Configuration Framework Design|Alpine Configuration Framework (ACF)]]:''' While optional, ACF is a powerful web application used to configure an Alpine Linux device. ([[User:K0gen/ACF_Screenshots|Screenshots]]) | ||
* '''It's great for experimenting:''' Since the system configuration can be backed up to a single file, you will be able to test configurations before deploying them to production systems. (See [[Alpine local backup|Alpine Local Backup]].) | * '''It's great for experimenting:''' Since the system configuration can be backed up to a single file, you will be able to test configurations before deploying them to production systems. (See [[Alpine local backup|Alpine Local Backup]].) |
Revision as of 08:02, 8 October 2010
Alpine Linux is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.
Alpine Linux is and always will be free of charge. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing.
Alpine Linux was designed with security in mind. It has proactive security features, such as PaX and SSP, that prevent security holes from being exploited.
Alpine Linux uses the uClibc C library and all of the base tools from BusyBox. These are normally found on embedded systems and are smaller than the tools found on GNU/Linux systems.
Why Should I Try It?
We're partial, of course, but here are a few reasons:
- It's quick: You can boot it from a USB stick and have a very usable system in less than 10 minutes.
- It's simple: The package management and init system is a breeze to use.
- It's more secure: When The Linux 0-day vmsplice vulnerability was causing admins everywhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion.
- It is small: Traditional GNU/Linux base system is over 100MB excluding kernel. Alpine Linux is 4-5MB excluding kernel.
- It has the Alpine Configuration Framework (ACF): While optional, ACF is a powerful web application used to configure an Alpine Linux device. (Screenshots)
- It's great for experimenting: Since the system configuration can be backed up to a single file, you will be able to test configurations before deploying them to production systems. (See Alpine Local Backup.)
- It supports Linux-VServer: Similar to FreeBSD Jails, it allows you to run virtual servers.
What's It Like?
Its network configuration is similar to Debian's and its package management is, in some ways, similar to Debian's APT or RedHat's yum, the BSDs' pkg_*
commands (apk_*
under Alpine), and ArchLinux's PKGBUILDs (APKBUILD
under Alpine).
Also, if you've ever used a BusyBox-based system before, you would know that its applets do not support all of the features of their GNU/Linux counterparts. However, in an effort to make the system run like any other, the Alpine developers have contributed a number of enhancements to the BusyBox project.
Having said that, there are situations where things do not run like they do on a traditional GNU/Linux system. When you run into those situations, just remember these two things:
- The base installation is kept small enough for a firewall or router system, so there's not much there except the basics. (You can probably get away with just using the tools that are there, although crudely. When combined, tools like sh, awk, sed, and grep can do everything Perl can — seriously.)
- Alpine does have a complete set of packages, but you have to explicitly choose what to install.
What Should I Know?
In addition to basic *nix management, you should know that...
- Alpine Linux uses apk-tools for its package management system and OpenRC for its init system. You will need to learn how to use them both before you can effectively manage an Alpine Linux system.
- Alpine Linux uses the Alpine Local Backup Utility (
lbu
) primarily for RAM-based installs so you don't lose everything between reboots — however — it can also be used on HDD installs to test configurations before deploying them to production systems. - In some cases, there is not a lot of documentation available, and what is available can be scattered about the wiki and/or mailing lists. We're working on it, but could use some help. Please see the Contribute page if you would like to help out.
How did Alpine Linux Begin?
Alpine Linux began as a fork of the LEAF Project.
The active members of the LEAF Project wanted to continue making a Linux distribution that ran off of a single floppy disk — and we think that's great — however, our needs required Squid, DansGuardian, Samba, and a slew of other heavyweight applications. So, we ended up with a set of packages that fit onto a CD-ROM.
The LEAF concept of "run from RAM" has a number of appealing features, especially for a firewall:
- If your configs are all on a floppy, an upgrade is as simple as burning a new CD and rebooting.
- If your configs are all on a (write-protected) floppy, recovering from a root-kit is as simple as rebooting.
Aside from the applications that we required, there were some things that we wanted to experiment with that wasn't easy to do in the LEAF build environment at that time, such as:
- A Complete Build-from-Source Environment (e.g. Gentoo-Style Build World)
- 2.6.x Kernel Support
- Stack-Smashing Support (SSP) in GCC
- PaX Kernel Security
- Better package management with dependencies, upgrade path, pre- and post-install scripts, etc.
And so the project began.
Although Alpine Linux won't fit on a floppy disk today, it has and always will be our goal to keep it as small and simple as possible.
Why the Name Alpine?
"Alpine" originally stood for A Linux Powered Integrated Network Engine. The idea was that the distribution would be focused on networking, and be a tiny "engine" or framework, which larger systems could be built upon.
Today, "Alpine" is nothing more than a name, despite continuing to live up to its original name. As an example, here are a few of Alpine's achievements and real-world uses:
- The first open-source implementation of Cisco's DMVPN, called OpenNHRP, was written for Alpine Linux.
- In addition to its use as a firewall or router system, Alpine Linux is also used in a number of installations as the basis for enterprise servers, running such software as PostgreSQL, Postfix, Asterisk, Kamailio, and being used for iSCSI SANs. It is the little engine that could.