Alpine Linux is a distribution designed primarily for use as a router, firewall and application gateway. The latest stable version, Alpine Linux 2.0, was released last week (August 17, 2010). This review is the first for this distribution on this site, and also marks its first listing in the Firewall & Router category.
Installation: Installation of Alpine Linux to hard disk is via a text-based interface. The setup-disk script takes care of the completed automated installation, and the whole process takes less than two minutes. By default, the script creates the following partitions (test installation on an x86 computer with a 250 GB hard drive):
- /boot of 100 MB
- swap of about 1 GB
- / takes up the rest of the disk space
Ext3 is the default file system. Alpine uses the OpenRC initialization and daemon management script, the same system used by Gentoo. Incidentally, the maintainer of OpenRC has given up on the project. There are several setup- script that you need to use to make the system usable.
Post Installation Configuration: Aside from formatting and installing a base system, Alpine’s installation script does very little else. Specifying a hostname, configuring the internal network interface, specifying a password for the root account, and other mundane tasks usually taken care of by other installation scripts, are some of the post installation tasks that you will have to get done. Alpine provides several setup- scripts that you have to use to perform most of the important post installation tasks.
For configuring the network interface (and a couple of other tasks), for example, you will have to use the setup-alpine script. The setup-interfaces script, which is expressly coded to configure network interfaces, is a dud. It does not work. So to configure a network interface on Alpine from the command line, you will have to use the setup-alpine script or the ifup command.
Package Management: Apk is Alpine’s package management system. That is one more package manager that you will need to learn, if you want to use Alpine. It is just as easy to master as Debian’s apt. Apart from some basic packages needed to get the system up and running, virtually all the packages that you will be using on Alpine will be installed by you – after installation. That requires that you first append an online repository to the /etc/apk/repositories file. By default, a pointer to the installation medium is the only entry in this file.
Administration: Administrative access to a fresh installation of Alpine Linux is by direct access, using the passwordless root account. If you need remote access, you will have to first install the openSSH server (client and server installed at the same time by the apk add openssh command), or run the setup-acf script to install the Alpine Configuration Framework, an “mvc-style application for configuring an Alpine device” over a secure Web (https) interface.
The image below is the “home” page of the Web interface, but not from a default installation. The OpenVPN entry under Networking, the entries under Applications and the entry under Storage are all from a post installation operation,
Like a default installation of Alpine Linux, the Browser-based management interface is very basic, lacking features needed to configure aspects of some of the services and applications. Most of what you will accomplish on Alpine will be from the command line (console or remote access via ssh).
Features: A prominent claim on Alpine’s website is that it “was designed with security in mind. It has proactive security features, such as PaX and SSP, that prevent security holes from being exploited.”
With the appropriate applications installed, from the command line or from the browser-based management interface, Alpine Linux may be configured to serve as a firewall and IDS/IPS system, VPN server, VoIP server, Web and FTP server, etc. Alpine may be used to play any role within your network.
Final Thoughts: If you would like to take Alpine for a spin, here are some points to keep in mind:
- Become familiar with apk, the Alpine Package Management system.
- Become familiar with the various runlevels, and how to attach services to them. If you are a Gentoo user, or are familiar with Gentoo’s init system, you should be right at home.
- If you are a power user, or want to be one, the browser-based management interface, while intuitive to use, will be a secondary management tool. Most of the serious stuff you will be doing will be from the command line.