Link Search Menu Expand Document

Alpine Linux

  • Default account: root, with no password

Setup

  • run setup-alpine
  • sys is standard hard-disk install mode
  • adduser NAME to add user
  • apk add nano to install nano
  • Configure SSH
    1. Edit /etc/ssh/sshd_config
    2. At the bottom, add AllowUsers XXX with XXX your user name
    3. Reboot
  • Refer also to the post-install notes
  • On VM, don’t bother to install VM addons - just create an user, allow SSH user and connect to it
    • If you use NAT, configure port forwarding with Host being the actual PC and Guest the VM

Docker

  1. Un-comment community package in /etc/apk/repositories
  2. apk update
  3. apk add docker
  4. addgroup USERNAME docker
  5. rc-update add docker boot and service docker start to start docker daemon at boot

Awall Firewall

Awall is a JSON-powered (policy file) firewall

  1. Install

     apk add ip6tables iptables
     apk add -u awall
    
  2. First time setup

     modprobe -v ip_tables # IPv4
     modprobe -v ip6_tables # if IPv6 is used
     modprobe -v iptable_nat # if NAT is used aka router
     rc-update add iptables
     rc-update add ip6tables
    
  3. Setup rules

    • Awall is a front-end for iptables
    • Default are in /usr/share/awall/mandatory/*
    • Custom are in /etc/awall/
    • Some examples below - from this tutorial.
      • /etc/awall/optional/cloud-server.json

          {
          "description": "Default awall policy to protect Cloud server",
        
          "variable": { "internet_if": "eth0" },
        
          "zone": {
              "internet": { "iface": "$internet_if" }
          },
        
          "policy": [{ "in": "internet", "action": "drop" }, { "action": "reject" }]
          }
        
      • /etc/awall/optional/ssh.json

          {
          "description": "Allow incoming SSH access (TCP/22)",
        
          "filter": [
              {
              "in": "internet",
              "out": "_fw",
              "service": "ssh",
              "action": "accept",
              "src": [ "192.168.2.0/24"],
              "conn-limit": { "count": 3, "interval": 60 }
              }
            ]
          }
        
      • /etc/awall/optional/outgoing.json

          {
          "description": "Allow outgoing connections for dns, http/https, ssh, ntp, ssh and ping",
        
          "filter": [
              {
              "in": "_fw",
              "out": "internet",
              "service": ["dns", "http", "https", "ssh", "ntp", "ping"],
              "action": "accept"
              }
          ]
          }
        
      • /etc/awall/private/custom-services.json

        {
        "service": {
            "wireguard": [{ "proto": "udp", "port": 1234 }]
        }
        }
      
  4. Awall management

    • awall list
    • awall enable X to enable a policy
    • awall activate
  5. iptable management

    • /etc/iptables/ view rules
    • iptables -S to view
    • rc-service iptables {start|stop|restart|status}
    • rc-service ip6tables {start|stop|restart|status}

Other nice tutorials

Management

Packets & Software

apk is to tool used to manage packets, documentation:

  • apk update to update the index
  • apk upgrade to upgrade installed package
  • apk add X to add package X to system
  • apk del X to remove package X to system
  • apk version X to check version of X