COMP 3000 2011 Report: Alpine: Difference between revisions
No edit summary |
No edit summary |
||
(9 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
== Background == | == Background == | ||
[ | [[File:Alpinelogo.png | right]] | ||
Alpine is | [http://alpinelinux.org Alpine Linux] is a free, small, and easy to install Linux distribution that began as a fork of the LEAF project (Linux Embedded Appliance Firewall). The main focus of this distribution is security. It boasts features such as [http://en.wikipedia.org/wiki/PaX Pax] and [http://en.wikipedia.org/wiki/Stack-smashing_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29 SSP](stack smashing protocol), it also prevents security hole exploitations. Alpine is designed for x86 Routers, VPNs (virtual private network), [http://en.wikipedia.org/wiki/Voice_over_IP VoIP] servers, and firewalls. This distribution is a unique blend of multiple distrobutions, the network configuration is like Debian's and the package management is similar to RedHat's yum, and Arch Linux's PKGBUILDs (APKBUILD in Alpine). Its minuscule size is one of the main features of this distribution, this results in an ISO size of around 51 MBs. | ||
There are three different versions of Alpine available. The standard/stable release which has most common packages installed and is less prone to crashing or fatal errors. Alternatively there is the edge release, this is the latest release with the newest packages, unfortunately these releases are more likely to suffer errors. The final release is the mini version, this release only comes with basic packages, but it is stable and incredibly small. | |||
Alpine is available at [http://alpinelinux.org/downloads alpinelinux.org/downloads]. | Alpine is available at [http://alpinelinux.org/downloads alpinelinux.org/downloads]. | ||
Line 15: | Line 17: | ||
'''For a real instal''' | '''For a real instal''' | ||
*Step 1: [http://alpinelinux.org/downloads | *Step 1: [http://alpinelinux.org/downloads Download ISO]. | ||
*Step 2: Burn to a CD. | *Step 2: Burn to a CD. | ||
*Step 3: Boot from CD, wait for an input prompt and login as root with no password. | *Step 3: Boot from CD, wait for an input prompt and login as root with no password. | ||
*Step 4: | *Step 4: Wait for the system to boot, then type "setup-alpine", hit enter, and follow the on screen instructions. Refer to the next section for a walkthrough. | ||
'''For a Virtual Machine instal''' | '''For a Virtual Machine instal''' | ||
*Step 1: [http://alpinelinux.org/downloads | *Step 1: [http://alpinelinux.org/downloads Download ISO]. | ||
*Step 2: Mount ISO onto a virtual drive. | *Step 2: Mount ISO onto a virtual drive. | ||
*Step 3: Make a new Linux machine and boot from the virtual drive. | *Step 3: Make a new Linux machine and boot from the virtual drive. | ||
*Step 4: | *Step 4: Wait for the system to boot, then type "setup-alpine", hit enter, and follow the on screen instructions. Refer to the next section for a walkthrough. | ||
'''Detailed Setup Walkthrough''' | '''Detailed Setup Walkthrough''' | ||
The first thing setup-alpine will ask you to do is to pick your keyboard layout | The first thing setup-alpine will ask you to do is to pick your keyboard layout like US, Russian, and Japanese. To pick a US layout, simply type "us". It will then ask which variant you want to use, us-acentos or us, type "us". The next step is to pick the hostname (like 'foo' or 'system'), type whatever you want to name your system. Once a name has been chosen, a interface must be initialized, the only option is eth0 so just hit enter. After pressing enter there are more options; the default settings can be selected by pressing enter. Next a password must be chosen, enter in whatever you like, after it will ask you to retype it to ensure you remember it. Now you must select a timezone, you can type "?" for a list of available ones or just hit enter for the default. Finally, you must pick a mirror or type "f" to pick the fastest. Following this there are more advanced options, we will just skip these by entering the default by hitting enter. | ||
== Basic Operation == | == Basic Operation == | ||
Many basic linux commands work | Many basic linux commands work in alpine. For example "ps" will list the processes and "ls" followed by a file will list its contents. However, the man pages are not installed by default due to their size. These pages can be installed by typing "apk add man" followed by "apk add" the package you want "-doc". For example, if you wanted the man pages for iptables, you must simply type "apk add iptables-doc" and then you can access the iptables man page. | ||
Alpine Linux excels at servers, firewalls, and networks, none of which I have any experience with. Thankfully the website offers some tutorials (available at http://wiki.alpinelinux.org/wiki/Tutorials_and_Howtos) for a multitude of features. These features include, but are not limited to; hosting a mail server, setting up a satellite Internet connection, formatting a hard drive, and backing up flash memory. | Alpine Linux excels at servers, firewalls, and networks, none of which I have any experience with. Thankfully the website offers some tutorials (available at http://wiki.alpinelinux.org/wiki/Tutorials_and_Howtos) for a multitude of features. These features include, but are not limited to; hosting a mail server, setting up a satellite Internet connection, formatting a hard drive, and backing up flash memory. | ||
Line 38: | Line 39: | ||
== Usage Evaluation == | == Usage Evaluation == | ||
I found Alpine Linux to be a complicated, yet interesting system. This is most likely due to my lack of networking and server knowledge. The system has no GUI, it is just a terminal, this is likely due to the desire to keep the file size down. Overall this is a interesting and, I assume, competent Linux distribution, although definitely not meant for people who are new to Linux. | |||
= '''Part 2''' = | = '''Part 2''' = | ||
Line 63: | Line 63: | ||
Packages can be added by using "add" to install packages and any required dependencies. If you have | Packages can be added by using "add" to install packages and any required dependencies. If you have | ||
more than one repository, the add command installs the newest package. Just type "apk add package-name" where package-name is the name of the package you would like to install. | more than one repository, the add command installs the newest package. Just type "apk add package-name" where package-name is the name of the package you would like to install. | ||
'''Removing Packages''' | '''Removing Packages''' | ||
Line 75: | Line 74: | ||
37,000 total packages in Ubuntu. | 37,000 total packages in Ubuntu. | ||
==Major Package Versions== | |||
{| | {| border="1" | ||
|- | |- | ||
! Package | ! Package | ||
Line 90: | Line 89: | ||
| http://grsecurity.net | | http://grsecurity.net | ||
| A kernel is required | | A kernel is required | ||
| - | |- | ||
| libc | | libc | ||
| A library for c | | A library for c | ||
Line 109: | Line 108: | ||
| To allow mail operations | | To allow mail operations | ||
|- | |- | ||
| | | Kamailio | ||
| | | An open source SIP proxy | ||
| | | 3.2.0 | ||
| http://kamailio.org | |||
| To enhance security | |||
|- | |||
| Pearl | |||
| Pearl (Practical Extraction and Report Language) | |||
| 5.14.2 | |||
| http://www.pearl.org | |||
| Allows for pearl development | |||
|- | |||
| Samba | |||
| Tools to access a server's filespace and printers | |||
| 3.6.1 | |||
| http://samba.org | |||
| Helps server manipulation | |||
|- | |||
| Shorewall | |||
| A fire wall | |||
| 4.2.10 | |||
| http://shorewall.net | |||
| To enhance security | |||
|- | |||
| Squid | |||
| A full-featured web proxy cache server | |||
| 3.2.0.12 | |||
| http://www.squid-cache.org | |||
| To enhance security | |||
|- | |||
| Util-Linux | |||
| A collection of Linux utilities | |||
| 2.20 | |||
| http://kernel.org/~kzak/util-linux/ | |||
| Allows for more versatility in Linux | |||
|} | |} | ||
==Initialization== | |||
Every time the system starts, the package alpine-init runs. This package tells all the other packages when they are to initialize. The following is the load order the last time I booted the system. | |||
[[File:Alps.png| thumb | right| A typical initialization]] | |||
( | * /proc is mounted (if it is not already) | ||
* /run is mounted so things may be run | |||
* Server dependencies are cached | |||
* Security filesystems are mounted | |||
* Debug filesystems are mounted | |||
* Busybox mdev is started | |||
* Hardware drivers are loaded | |||
* Modules are loaded | |||
* System clock is set | |||
* Local filesystem is checked for problems | |||
* fsk is run on (busybox 1.19.2, 20011-11-03 15:50:21 UTC) | |||
* Root filesystem read/write is remounted | |||
* Local filesystem is mounted | |||
* Busybox acpid is started | |||
* Kernel parameters are configured | |||
* User login records are created | |||
* /var/run is cleaned | |||
* /tmp directory is wiped | |||
* Networking is started | |||
* Chronyd is started | |||
* Hostname is set | |||
* Busybox kernel logging is started | |||
* Busybox system logging is started | |||
* Busybox cron is started | |||
* Keymap is set | |||
* Sshd is started | |||
* Swap devices are activated | |||
* And finally the random number generator is initialized | |||
== References == | == References == |
Latest revision as of 04:20, 19 December 2011
Part 1
Background
Alpine Linux is a free, small, and easy to install Linux distribution that began as a fork of the LEAF project (Linux Embedded Appliance Firewall). The main focus of this distribution is security. It boasts features such as Pax and SSP(stack smashing protocol), it also prevents security hole exploitations. Alpine is designed for x86 Routers, VPNs (virtual private network), VoIP servers, and firewalls. This distribution is a unique blend of multiple distrobutions, the network configuration is like Debian's and the package management is similar to RedHat's yum, and Arch Linux's PKGBUILDs (APKBUILD in Alpine). Its minuscule size is one of the main features of this distribution, this results in an ISO size of around 51 MBs.
There are three different versions of Alpine available. The standard/stable release which has most common packages installed and is less prone to crashing or fatal errors. Alternatively there is the edge release, this is the latest release with the newest packages, unfortunately these releases are more likely to suffer errors. The final release is the mini version, this release only comes with basic packages, but it is stable and incredibly small.
Alpine is available at alpinelinux.org/downloads. while the edge releases are available at http://nl.alpinelinux.org/alpine/edge/releases/x86/
Installation
One of the unique features of Alpine is its simplicity and ease of use. This is evident in its installation process which is as follows.
For a real instal
- Step 1: Download ISO.
- Step 2: Burn to a CD.
- Step 3: Boot from CD, wait for an input prompt and login as root with no password.
- Step 4: Wait for the system to boot, then type "setup-alpine", hit enter, and follow the on screen instructions. Refer to the next section for a walkthrough.
For a Virtual Machine instal
- Step 1: Download ISO.
- Step 2: Mount ISO onto a virtual drive.
- Step 3: Make a new Linux machine and boot from the virtual drive.
- Step 4: Wait for the system to boot, then type "setup-alpine", hit enter, and follow the on screen instructions. Refer to the next section for a walkthrough.
Detailed Setup Walkthrough The first thing setup-alpine will ask you to do is to pick your keyboard layout like US, Russian, and Japanese. To pick a US layout, simply type "us". It will then ask which variant you want to use, us-acentos or us, type "us". The next step is to pick the hostname (like 'foo' or 'system'), type whatever you want to name your system. Once a name has been chosen, a interface must be initialized, the only option is eth0 so just hit enter. After pressing enter there are more options; the default settings can be selected by pressing enter. Next a password must be chosen, enter in whatever you like, after it will ask you to retype it to ensure you remember it. Now you must select a timezone, you can type "?" for a list of available ones or just hit enter for the default. Finally, you must pick a mirror or type "f" to pick the fastest. Following this there are more advanced options, we will just skip these by entering the default by hitting enter.
Basic Operation
Many basic linux commands work in alpine. For example "ps" will list the processes and "ls" followed by a file will list its contents. However, the man pages are not installed by default due to their size. These pages can be installed by typing "apk add man" followed by "apk add" the package you want "-doc". For example, if you wanted the man pages for iptables, you must simply type "apk add iptables-doc" and then you can access the iptables man page.
Alpine Linux excels at servers, firewalls, and networks, none of which I have any experience with. Thankfully the website offers some tutorials (available at http://wiki.alpinelinux.org/wiki/Tutorials_and_Howtos) for a multitude of features. These features include, but are not limited to; hosting a mail server, setting up a satellite Internet connection, formatting a hard drive, and backing up flash memory.
Usage Evaluation
I found Alpine Linux to be a complicated, yet interesting system. This is most likely due to my lack of networking and server knowledge. The system has no GUI, it is just a terminal, this is likely due to the desire to keep the file size down. Overall this is a interesting and, I assume, competent Linux distribution, although definitely not meant for people who are new to Linux.
Part 2
Software Packaging
Packaging Format
Software packages for Alpine Linux are tar.gz archives containing programs, files, and dependency. They have the extension .apk", also called "a-packs."
The packages are stored in one or more repositories(a directory with a collection of *.apk files and an index file, named APKINDEX.tar.gz).
Listing Packages
With Alpine Linux the method for listing all packages and their descriptions is to type "apk search -v." This will give you a list of packages with their functions.
Adding Packages
Packages can be added by using "add" to install packages and any required dependencies. If you have more than one repository, the add command installs the newest package. Just type "apk add package-name" where package-name is the name of the package you would like to install.
Removing Packages
Packages can be removed by using "del" to delete packages and its dependencies. Just type "apk del package-name" where package-name is the name of the package you would like to delete.
Catalog
Due to Alpine Linux's small size and portable nature, it has fewer packages than most. There are 365 .apk files on disk, compared to the 37,000 total packages in Ubuntu.
Major Package Versions
Package | Definition | Version | Website | Purpose |
---|---|---|---|---|
Kernel | The kernel with grsecurity | 3.0.8 | http://grsecurity.net | A kernel is required |
libc | A library for c | 0.9.32 | http://uclib.org | A c library is required |
Lua | A powerful, lightweight programming language | 5.1.4 | http://www.lua.org | Many programs on Alpine are dependent on it. |
Fetchmail | A remote mail retrieval and forwarding utility | 6.3.21 | http://fetchmail.berlios.de | To allow mail operations |
Kamailio | An open source SIP proxy | 3.2.0 | http://kamailio.org | To enhance security |
Pearl | Pearl (Practical Extraction and Report Language) | 5.14.2 | http://www.pearl.org | Allows for pearl development |
Samba | Tools to access a server's filespace and printers | 3.6.1 | http://samba.org | Helps server manipulation |
Shorewall | A fire wall | 4.2.10 | http://shorewall.net | To enhance security |
Squid | A full-featured web proxy cache server | 3.2.0.12 | http://www.squid-cache.org | To enhance security |
Util-Linux | A collection of Linux utilities | 2.20 | http://kernel.org/~kzak/util-linux/ | Allows for more versatility in Linux |
Initialization
Every time the system starts, the package alpine-init runs. This package tells all the other packages when they are to initialize. The following is the load order the last time I booted the system.
- /proc is mounted (if it is not already)
- /run is mounted so things may be run
- Server dependencies are cached
- Security filesystems are mounted
- Debug filesystems are mounted
- Busybox mdev is started
- Hardware drivers are loaded
- Modules are loaded
- System clock is set
- Local filesystem is checked for problems
- fsk is run on (busybox 1.19.2, 20011-11-03 15:50:21 UTC)
- Root filesystem read/write is remounted
- Local filesystem is mounted
- Busybox acpid is started
- Kernel parameters are configured
- User login records are created
- /var/run is cleaned
- /tmp directory is wiped
- Networking is started
- Chronyd is started
- Hostname is set
- Busybox kernel logging is started
- Busybox system logging is started
- Busybox cron is started
- Keymap is set
- Sshd is started
- Swap devices are activated
- And finally the random number generator is initialized
References
- Alpine Linux Homepage. Retrieved 2011, Dec. 15 http://alpinelinux.org/
- About Alpine Linux. Retrieved 2011, Dec. 15 http://alpinelinux.org/about
- Download Alpine Linux. Retrieved 2011, Dec 15 http://alpinelinux.org/downloads
- Download Alpine Linux Edge. Retrieved 2011, Dec 15 http://nl.alpinelinux.org/alpine/edge/releases/x86/
- VoIP information. Retrieved 2011, Dec 15 http://en.wikipedia.org/wiki/Voice_over_IP
- PaX information. Retrieved 2011, Dec 15 http://en.wikipedia.org/wiki/PaX
- SSP information. Retrieved 2011, Dec 15 http://en.wikipedia.org/wiki/Stack-smashing_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29
- Tutorials for Alpine Linux. Retrieved 2011, Dec 15 http://wiki.alpinelinux.org/wiki/Tutorials_and_Howtos
- Tutorials for Alpine Linux - Cherokee. Retrieved 2011, Dec 15 http://wiki.alpinelinux.org/wiki/Cherokee