Alpine Linux
Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc, busybox and uses OpenRC for its init system.
Pros
- small, simple and secure.
- Uses musl, busyBox and OpenRC.
Cons
- Includes non-free blobs.
- No way to prevent these blobs from installing.
Overview
This guide will show you how you can install Alpine Linux on Openbsd's VMM.
NOTE
- Replace all instance of
usernamewith your username. - Replace all instance of
host.example.comwith the hostname of host system. - Replace all instance of
username.host.example.comwith the hostname of your virtual machine.
Login to Virtual Machine
First let's login to the host operating system.
$ ssh username@host.example.com
NOTE : Hostname should be username@host.example.com not
username@username.host.example.com.
Download the iso image
Alpine provides different type of iso image for different use case. But you will be going to running it on a virtual machine so you need to download the latest stable version of virtual iso image from their download page
At the time of writing, the latest stable version is 3.16.
$ wget https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.0-x86_64.iso
Also download the SHA256 signatures.
$ wget https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.0-x86_64.iso.sha256
Now let's verify the iso image.
$ sha256 -C alpine-*.sha256 alpine-*.iso (SHA256) alpine-virt-3.16.0-x86_64.iso: OK
If the output is OK then you good to go, however if your output is FAILED then you should contact to a sysadmin for confirmation before reporting to Alpine linux.
NOTE : Never run any iso image before verifying it.
Now delete the signature and rename the iso image to username.iso.
$ rm alpine-*.sha256 $ mv alpine-*.iso username.iso
Create a VM disk image file
Before creating disk image file make sure to stop and remove any
username.qcow2 disk image if exist.
$ vmctl stop username $ rm username.qcow2
To create a disk image file of 20 GB size.
$ vmctl create -s 20G username.qcow2
Check VMM configuration
VMM configuration file is located at /etc/vm.conf. The file contains all the entries of users of that host server.
So to find your entry, run:
$ sed -ne '/username/,$p' /etc/vm.conf | head -n10
vm "username" {
owner username
memory 1024M
cdrom "/home/username/username.iso"
disk /home/username/username.qcow2
interface {
locked lladdr aa:bb:cc:dd:ed:03
switch "switch0"
}
}
In this command sed searches /etc/vm.conf for username and returns the
all the lines after the match including the matched line then pipe the
result to head to only print 10 lines from start.
From the result, make sure cdrom and disk points to the right path. If not,
move the iso image and disk image files to the right path.
NOTE : You can't edit /etc/vm.conf because it need root permission.
Start the Installation
Start the virtual machine.
$ vmctl start username
Open the serial console and press Enter.
$ vmctl console username Connected to /dev/ttypj (speed 115200)
Now press Enter to continue.
Welcome to Alpine Linux 3.16 Kernel 5.15.41-0-virt on an x86_64 (/dev/ttyS0)
NOTE : At any time, if you want to exit the serial console, type ~^d
(tilde followed by ctrl+d).
Install Alpine Linux
Login as root.
localhost login: root
Start the setup-alpine installer script.
# setup-alpine
NOTE : Text inside [...] is default answer. Type Enter without answer to
go with the default answer and type ? for brief explanation of the question.
Enter the hostname of your virtual machine (given by your trainer).
Enter system hostname (fully qualified form, e.g. 'foo.example.org') [localhost] username.host.example.com
Select the ethernet interface.
Available interfaces are: eth0. Enter '?' for help on bridges, bonding and vlans. Which one do you want to initialize? (or '?' or 'done') [eth0] eth0
Enter the static IP address of your virtual machine (given by your trainer).
Ip address for eth0? (or 'dhcp', 'none', '?') [dhcp] 38.87.162.41/24
Enter the Gateway of your virtual machine (given by your trainer).
Gateway? (or 'none') [none] 38.87.162.1
We will set IPv6 later.
Do you want to do any manual network configuration? (y/n) [n] n
Leave it blank.
DNS domain name? (e.g 'bar.com')
For privacy reasons, don't use Google DNS server (8.8.8.8 or 8.8.4.4). Here I am using quad9 DNS server.
DNS nameserver(s)? 9.9.9.9
Enter your root password.
Changing password for root New password: Retype password:
Select your timezone. Type ? to list all timezone or sub-timezone.
Which timezone are you in? ('?' for list) [UTC] UTC
We don't need proxy server.
HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none
Select chrony.
Which NTP client to run? ('busybox', 'openntpd', 'chrony' or 'none') [chrony] chrony
Select f to find the fastest mirror.
r) Add random from the above list f) Detect and add fastest mirror from above list e) Edit /etc/apk/repositories with text editor Enter mirror number (1-74) or URL to add (or r/f/e/done) [1] f
We will setup users later.
Setup a user? (enter a lower-case loginname, or 'no') [no] no
Select openssh
Which ssh server? ('openssh', 'dropbear' or 'none') [openssh] openssh
NOTE : You should never allow root ssh login.
Allow root ssh login? ('?' for help) [prohibit-password] no
Select the disk from the list (there should be only one because we are in VM).
Available disks are: vda (21.5 GB 0x0b5d ) Which disk(s) would you like to use? (or '?' for help or 'none') [none] vda
Select sys to install the system on disk.
How would you like to use it? ('sys', 'data', 'crypt', 'lvm' or '?' for help) [?] sys
Select y.
WARNING: The following disk(s) will be erased: vda (21.5 GB 0x0b5d ) WARNING: Erase the above disk(s) and continue? (y/n) [n] y
After the installation, reboot the system.
Installation is complete. Please reboot. # reboot
Press ~^d to exit the serial console.
You no longer need the iso image file.
$ rm username.iso
Start the virtual machine.
$ vmctl start username
Open the serial console and press Enter.
$ vmctl console username
Login as root.
username.host.example.com login: root Password:
To update the system, run:
apk update apk upgrade
Create a User
To add a user, run:
# adduser username Changing password for username New password: Retype password:
To add user to wheel, run:
# adduser username wheel
Configure doas
Login as root.
$ su Password:
Install doas:
# apk add doas
In Alpine Linux, default configuration file is located at /etc/doas.d/doas.conf.
To allow doas for wheel group.
# echo "permit persist :wheel" >> /etc/doas.d/doas.conf
To allow doas for wheel group without password.
# echo "permit nopass :wheel" >> /etc/doas.d/doas.conf
Setup SSH
NOTE: Make sure your are able to login to your virtual machine from your local computer.
$ ssh username@username.host.example.com username@username.host.example.com's password:
Now, Setup Public Key Authentication and Disable Password Authentication.