Alpine Linux

• Default account: root, with no password

Setup

• run setup-alpine
• sys is standard hard-disk install mode
• adduser NAME to add user
• apk add nano to install nano
• Configure SSH
  1. Edit /etc/ssh/sshd_config
  2. At the bottom, add AllowUsers XXX with XXX your user name
  3. Reboot
• Refer also to the post-install notes
• On VM, don’t bother to install VM addons - just create an user, allow SSH user and connect to it
  • If you use NAT, configure port forwarding with Host being the actual PC and Guest the VM

Docker

1. Un-comment community package in /etc/apk/repositories
2. apk update
3. apk add docker
4. addgroup USERNAME docker
5. rc-update add docker boot and service docker start to start docker daemon at boot

Awall Firewall

Awall is a JSON-powered (policy file) firewall

1. Install

    apk add ip6tables iptables
    apk add -u awall
   

2. First time setup

    modprobe -v ip_tables # IPv4
    modprobe -v ip6_tables # if IPv6 is used
    modprobe -v iptable_nat # if NAT is used aka router
    rc-update add iptables
    rc-update add ip6tables
   

3. Setup rules

   • Awall is a front-end for iptables
   • Default are in /usr/share/awall/mandatory/*
   • Custom are in /etc/awall/
   • Some examples below - from this tutorial.

     • /etc/awall/optional/cloud-server.json

         {
         "description": "Default awall policy to protect Cloud server",
       
         "variable": { "internet_if": "eth0" },
       
         "zone": {
             "internet": { "iface": "$internet_if" }
         },
       
         "policy": [{ "in": "internet", "action": "drop" }, { "action": "reject" }]
         }
       

     • /etc/awall/optional/ssh.json

         {
         "description": "Allow incoming SSH access (TCP/22)",
       
         "filter": [
             {
             "in": "internet",
             "out": "_fw",
             "service": "ssh",
             "action": "accept",
             "src": [ "192.168.2.0/24"],
             "conn-limit": { "count": 3, "interval": 60 }
             }
           ]
         }
       

     • /etc/awall/optional/outgoing.json

         {
         "description": "Allow outgoing connections for dns, http/https, ssh, ntp, ssh and ping",
       
         "filter": [
             {
             "in": "_fw",
             "out": "internet",
             "service": ["dns", "http", "https", "ssh", "ntp", "ping"],
             "action": "accept"
             }
         ]
         }
       

     • /etc/awall/private/custom-services.json

       {
       "service": {
           "wireguard": [{ "proto": "udp", "port": 1234 }]
       }
       }
     

4. Awall management

   • awall list
   • awall enable X to enable a policy
   • awall activate

5. iptable management

   • /etc/iptables/ view rules
   • iptables -S to view
   • rc-service iptables {start|stop|restart|status}
   • rc-service ip6tables {start|stop|restart|status}

Other nice tutorials

• Setup Wireguard

Management

Packets & Software

apk is to tool used to manage packets, documentation:

• apk update to update the index
• apk upgrade to upgrade installed package
• apk add X to add package X to system
• apk del X to remove package X to system
• apk version X to check version of X

---