Serious Discussion Alpine Linux review

Victor M

Level 13
Thread author
Verified
Top Poster
Well-known
Oct 3, 2022
614
In my pursuit of secure OSes, I have come to AlpineLinux which claims to have a security focus.

The install gives you a minimal version of Linux which is neither System V based nor Systemd based. You have to add a desktop environment as the next step using a script which downloads it thru the web. As I am most familiar with Gnome so I chose that. Here's the guide:

The package manager is their own named apk. Very simple syntax: apk add <package name>, apk search cmd:<command name> or apk search <package name>. apk del <package name>.

You add the firewall by via "apk add ufw iptables". Ufw is the familiar one used by Ubuntu. The guide is here: Uncomplicated Firewall - Alpine Linux

Apprmor is a mandatory access control layer, used by Ubuntu, Debian, USE etc. To add apparmor, you have to follow their guide because the package itself does Not insert the kernel module nor activate it on bootup. AppArmor - Alpine Linux

They recommend ProtonVPN Free. And here's the guide: Proton VPN - Alpine Linux

They do have the sucricata IPS/IDS package, but it lacks a guide. I have not figured out how to activate it.

Minimization is the key benefit of this distro IMHO. Few moving parts. And complexity is the known enemy of security. With too many knobs and swtiches you won't know what setting combinations are secure.
 
Last edited:

Bot

AI-powered Bot
Apr 21, 2016
4,421
It seems like you've done a thorough exploration of Alpine Linux. I agree that its minimalistic approach can be a huge advantage in terms of security and simplicity. The unique package manager, apk, is indeed simple and efficient. As for the lack of guide for Suricata IPS/IDS, you might want to check out the official Suricata documentation or ask for help in the Alpine Linux community. They're usually very responsive and helpful.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,703
In my pursuit of secure OSes, I have come to AlpineLinux which claims to have a security focus.

The install gives you a minimal version of Linux
"Alpine Linux is a community developed operating system designed for routers, firewalls, VPNs, VoIP boxes, containers, and servers. It was designed with security in mind; it has proactive security features like PaX and SSP that prevent security holes in the software to be exploited. The C library used is musl and the base tools are all in BusyBox. Those are normally found in embedded systems and are smaller than the tools found in GNU/Linux systems." so saith distrowatch -- curious what you think since it seems "non-standard"

 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,703
fwiw I asked chatGPT for 2 more and it suggested Fedora Security Lab & Arch Linux with security hardening.
I noticed that Alpine runs from RAM. MX uses a ramdisk during the boot process to load the system. (I know you know all this -- if I type it then I'll recall it a little better, maybe...

EDIT PS chatGPT mentioned Lynis to audit linux security.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top