SlideShare ist ein Scribd-Unternehmen logo

Small, Simple, and Secure: Alpine Linux under the Microscope

Docker, Inc.
Docker, Inc.

Alpine Linux is a distro that has become popular for Docker images. Why do we need another distro? Why does Alpine matter? How does it differ from other distros? In this talk, we'll answer all these questions – and a few more.

Technologie
1 von 19
Downloaden Sie, um offline zu lesen
Small, simple, and secure: Alpine Linux under the microscope Natanael Copa Docker Twitter: @n_copa
Small Simple Secure
Docker image size
Core Components ● musl libc ● busybox ● apk-tools ● toolchain
musl libc
musl libc ● MIT license ● Clean, modern codebase ● Correct in corner-cases ● Lightweight
What is missing? ● Some GNU extensions ● Lots of Localization data ● Lots of GNU bloat ● Name Service Switch (NSS) ● Network Services Library (libnsl) ● 80+ CVEs musl libc
busybox
busybox ● ~800 kb ● Includes most of POSIX’s shell & utilities ● Corresponds to GNU coreutils, iproute2, grep, sed, awk, utils-linux, findutils, procps, wget... Bash alone is 668 kb (1280kb inclusive readline and ncurses)
Busybox tools [ [[ acpid add-shell addgroup adduser adjtimex arp arping ash awk base64 basename bbconfig beep blkdiscard blkid blockdev brctl bunzip2bzcat bzip2cal cat chgrp chmod chown chpasswd chroot chvt cksum clear cmp comm conspy cp cpio crond crontab cryptpw cut date dc dd deallocvt delgroup deluser depmod df diff dirname dmesg dnsdomainname dos2unix du dumpkmap dumpleases echo ed egrep eject env ether-wake expand expr factor fallocate false fatattr fbset fbsplash fdflush fdformat fdisk fgrep find findfs flock fold free fsck fstrim fsync fuser getopt getty grep groups gunzip gzip halt hd hdparm head hexdump hostid hostname hwclock id ifconfig ifdown ifenslave ifup init inotifyd insmod install ionice iostat ip ipaddr ipcalc ipcrm ipcs iplink ipneigh iproute iprule iptunnel kbd_mode kill killall killall5 klogd lesslink linux32 linux64 ln loadfont loadkmap logger login logread losetup ls lsmod lsof lspci lsusb lzcat lzmalzop lzopcat makemime md5sum mdev mesg microcom mkdir mkdosfs mkfifo mkfs.vfat mknod mkpasswd mkswap mktemp modinfo modprobe more mount mountpoint mpstat mv nameif nanddump nandwrite nbd-client nc netstat nice nl nmeter nohup nologin nproc nsenter nslookupntpd od openvt partprobe passwd paste patchpgrep pidof ping ping6 pipe_progress pkill pmap poweroff powertop printenv printf ps pscan pstree pwd pwdx raidautorun rdate rdev readahead readlink readprofile realpath reboot reformime remove-shell renice reset resize rev rfkill rm rmdir rmmod route run-parts sed sendmail seq setconsole setfont setkeycodes setlogcons setpriv setserial setsid sh sha1sum sha256sum sha3sum sha512sum showkey shred shuf slattach sleep smemcap sort split ssl_client stat strings stty su sum swapoff swapon switch_root sync sysctl syslogd tac tail tar tee test time timeout top touch tr traceroute traceroute6 true truncate tty ttysize tunctl udhcpc udhcpc6 udhcpd umount uname unexpand uniq unix2dos unlink unlzmaunlzop unshare unxzunzipuptime usleep uudecode uuencode vconfig vi vlock volname watch watchdog wc wgetwhich whoami whois xargs xxd xzcat yes zcat
apk-tools
Demo apt-get update -y && apt-get install -y python3 && python3 --version apk add --no-cache python3 && python3 --version
apk-tools - what makes it fast Traditionally package managers: ● read from network (1 read) ● save to local cache (1 write) ● verify signature (1 read) ● extract (1 read, 1 write) Minimum 3 reads and 2 writes Apk is designed to read once and write once: ● checksum calculation while waiting for I/O ● write directly to final filesystem (as .apk-new) ● rename once signature is verified ● delete .apk-new on signature mismatch
Toolchain and security
Hardened toolchain ● link with relro, bind now (improves ASLR and PaX memory protections) ● Position Independent Executables (PIE) - Even for static binaries(!) ● Stack Smash Protector (-fstack-protector-strong) ● -DFORTIFY_SOURCE=2
Secure ● Use secure defaults ● Smaller attack surface ● Use more secure components (musl, libressl…) ● Hardened kernel (unofficial fork of grsecurity)
When to not use Alpine Linux When you depend on ● precompiled closed source binaries (which are linked against glibc) ● good localization ● commercial support ● glibc/GNU behavior
How to get involved https://alpinelinux.org https://wiki.alpinelinux.org IRC Freenode #alpine-linux
Thanks! Questions?

Empfohlen

Hipとは?
Hipとは?Hipとは?
Hipとは?Takuma Miki
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxNajahIdrissiMoulayRa
 
Fortigate ha-50
Fortigate ha-50Fortigate ha-50
Fortigate ha-50Crimildo Garrine
 
Oracle Cloud Infrastructure:2021年10月度サービス・アップデート
Oracle Cloud Infrastructure:2021年10月度サービス・アップデートOracle Cloud Infrastructure:2021年10月度サービス・アップデート
Oracle Cloud Infrastructure:2021年10月度サービス・アップデートオラクルエンジニア通信
 
Deep Dive on the Amazon Aurora PostgreSQL-compatible Edition - DAT402 - re:In...
Deep Dive on the Amazon Aurora PostgreSQL-compatible Edition - DAT402 - re:In...Deep Dive on the Amazon Aurora PostgreSQL-compatible Edition - DAT402 - re:In...
Deep Dive on the Amazon Aurora PostgreSQL-compatible Edition - DAT402 - re:In...Amazon Web Services
 
Azure reliability v0.2.21.0630
Azure reliability v0.2.21.0630Azure reliability v0.2.21.0630
Azure reliability v0.2.21.0630Ayumu Inaba
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresSsendiSamuel
 
Active Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオActive Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオjunichi anno
 

Empfohlen

Hipとは?
Hipとは?Hipとは?
Hipとは?Takuma Miki
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxNajahIdrissiMoulayRa
 
Fortigate ha-50
Fortigate ha-50Fortigate ha-50
Fortigate ha-50Crimildo Garrine
 
Oracle Cloud Infrastructure:2021年10月度サービス・アップデート
Oracle Cloud Infrastructure:2021年10月度サービス・アップデートOracle Cloud Infrastructure:2021年10月度サービス・アップデート
Oracle Cloud Infrastructure:2021年10月度サービス・アップデートオラクルエンジニア通信
 
Deep Dive on the Amazon Aurora PostgreSQL-compatible Edition - DAT402 - re:In...
Deep Dive on the Amazon Aurora PostgreSQL-compatible Edition - DAT402 - re:In...Deep Dive on the Amazon Aurora PostgreSQL-compatible Edition - DAT402 - re:In...
Deep Dive on the Amazon Aurora PostgreSQL-compatible Edition - DAT402 - re:In...Amazon Web Services
 
Azure reliability v0.2.21.0630
Azure reliability v0.2.21.0630Azure reliability v0.2.21.0630
Azure reliability v0.2.21.0630Ayumu Inaba
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresSsendiSamuel
 
Active Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオActive Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオjunichi anno
 
Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]
Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]
Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]オラクルエンジニア通信
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVMPradeep Kumar
 
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...Edureka!
 
Recursive Query Throwdown
Recursive Query ThrowdownRecursive Query Throwdown
Recursive Query ThrowdownKarwin Software Solutions LLC
 
Microsoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overviewMicrosoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overviewaboobakar sanjar
 
Oracle Cloud Infrastructure:2021年5月度サービス・アップデート
Oracle Cloud Infrastructure:2021年5月度サービス・アップデートOracle Cloud Infrastructure:2021年5月度サービス・アップデート
Oracle Cloud Infrastructure:2021年5月度サービス・アップデートオラクルエンジニア通信
 
how to install VMware
how to install VMwarehow to install VMware
how to install VMwarertchandu
 
Accel series 2023 Spring
Accel series 2023 SpringAccel series 2023 Spring
Accel series 2023 SpringNTTDATA INTRAMART
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answersvivaankumar
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Azure monitoring and alert v0.2.21.0707
Azure monitoring and alert v0.2.21.0707Azure monitoring and alert v0.2.21.0707
Azure monitoring and alert v0.2.21.0707Ayumu Inaba
 
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfRed Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfGonéri Le Bouder
 
Oracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートOracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートオラクルエンジニア通信
 
Oracle Cloud Infrastructure:2021年6月度サービス・アップデート
Oracle Cloud Infrastructure:2021年6月度サービス・アップデートOracle Cloud Infrastructure:2021年6月度サービス・アップデート
Oracle Cloud Infrastructure:2021年6月度サービス・アップデートオラクルエンジニア通信
 
Win idea manual
Win idea manualWin idea manual
Win idea manualNgọc Thái Nguyễn
 
An Introduction to Higher Order Functions in Spark SQL with Herman van Hovell
An Introduction to Higher Order Functions in Spark SQL with Herman van HovellAn Introduction to Higher Order Functions in Spark SQL with Herman van Hovell
An Introduction to Higher Order Functions in Spark SQL with Herman van HovellDatabricks
 
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理Yuki Hattori
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Securemohannadalhanahnah
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint OverviewLeonardo Antichi
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers
Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers
Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers Puppet
 
Replacing Simple Puppet Modules with Providers
Replacing Simple Puppet Modules with ProvidersReplacing Simple Puppet Modules with Providers
Replacing Simple Puppet Modules with ProvidersPuppet
 

Weitere ähnliche Inhalte

Was ist angesagt?

Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]
Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]
Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]オラクルエンジニア通信
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVMPradeep Kumar
 
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...Edureka!
 
Microsoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overviewMicrosoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overviewaboobakar sanjar
 
Oracle Cloud Infrastructure:2021年5月度サービス・アップデート
Oracle Cloud Infrastructure:2021年5月度サービス・アップデートOracle Cloud Infrastructure:2021年5月度サービス・アップデート
Oracle Cloud Infrastructure:2021年5月度サービス・アップデートオラクルエンジニア通信
 
how to install VMware
how to install VMwarehow to install VMware
how to install VMwarertchandu
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answersvivaankumar
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Azure monitoring and alert v0.2.21.0707
Azure monitoring and alert v0.2.21.0707Azure monitoring and alert v0.2.21.0707
Azure monitoring and alert v0.2.21.0707Ayumu Inaba
 
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfRed Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfGonéri Le Bouder
 
Oracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートOracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートオラクルエンジニア通信
 
Oracle Cloud Infrastructure:2021年6月度サービス・アップデート
Oracle Cloud Infrastructure:2021年6月度サービス・アップデートOracle Cloud Infrastructure:2021年6月度サービス・アップデート
Oracle Cloud Infrastructure:2021年6月度サービス・アップデートオラクルエンジニア通信
 
An Introduction to Higher Order Functions in Spark SQL with Herman van Hovell
An Introduction to Higher Order Functions in Spark SQL with Herman van HovellAn Introduction to Higher Order Functions in Spark SQL with Herman van Hovell
An Introduction to Higher Order Functions in Spark SQL with Herman van HovellDatabricks
 
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理Yuki Hattori
 

Was ist angesagt? (20)

Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]
Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]
Oracle Cloud Infrastructure セキュリティの取り組み [2021年2月版]
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
 
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
 
Recursive Query Throwdown
Recursive Query ThrowdownRecursive Query Throwdown
Recursive Query Throwdown
 
Microsoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overviewMicrosoft Windows Server 2012 R2 Hyper V server overview
Microsoft Windows Server 2012 R2 Hyper V server overview
 
Oracle Cloud Infrastructure:2021年5月度サービス・アップデート
Oracle Cloud Infrastructure:2021年5月度サービス・アップデートOracle Cloud Infrastructure:2021年5月度サービス・アップデート
Oracle Cloud Infrastructure:2021年5月度サービス・アップデート
 
how to install VMware
how to install VMwarehow to install VMware
how to install VMware
 
Accel series 2023 Spring
Accel series 2023 SpringAccel series 2023 Spring
Accel series 2023 Spring
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answers
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Azure monitoring and alert v0.2.21.0707
Azure monitoring and alert v0.2.21.0707Azure monitoring and alert v0.2.21.0707
Azure monitoring and alert v0.2.21.0707
 
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfRed Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
 
Oracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートOracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデート
 
Oracle Cloud Infrastructure:2021年6月度サービス・アップデート
Oracle Cloud Infrastructure:2021年6月度サービス・アップデートOracle Cloud Infrastructure:2021年6月度サービス・アップデート
Oracle Cloud Infrastructure:2021年6月度サービス・アップデート
 
Win idea manual
Win idea manualWin idea manual
Win idea manual
 
An Introduction to Higher Order Functions in Spark SQL with Herman van Hovell
An Introduction to Higher Order Functions in Spark SQL with Herman van HovellAn Introduction to Higher Order Functions in Spark SQL with Herman van Hovell
An Introduction to Higher Order Functions in Spark SQL with Herman van Hovell
 
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理
Azure SecOps! Azure Key Vaultを用いたクラウドのキー管理
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Secure
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
 

Ähnlich wie Small, Simple, and Secure: Alpine Linux under the Microscope

Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers
Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers
Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers Puppet
 
Replacing Simple Puppet Modules with Providers
Replacing Simple Puppet Modules with ProvidersReplacing Simple Puppet Modules with Providers
Replacing Simple Puppet Modules with ProvidersPuppet
 
Pluggable Monitoring
Pluggable MonitoringPluggable Monitoring
Pluggable MonitoringSalo Shp
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xrkr10
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Jérôme Petazzoni
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQJérôme Petazzoni
 
Running Applications on the NetBSD Rump Kernel by Justin Cormack
Running Applications on the NetBSD Rump Kernel by Justin Cormack Running Applications on the NetBSD Rump Kernel by Justin Cormack
Running Applications on the NetBSD Rump Kernel by Justin Cormack eurobsdcon
 
TSN apps running on VxWorks RTOS as a KVM guest at the intelligent edge
TSN apps running on VxWorks RTOS as a KVM guest at the intelligent edgeTSN apps running on VxWorks RTOS as a KVM guest at the intelligent edge
TSN apps running on VxWorks RTOS as a KVM guest at the intelligent edgeAndrei Kholodnyi
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Dobrica Pavlinušić
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013dotCloud
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Docker, Inc.
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleIntroduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleJérôme Petazzoni
 
Package Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerPackage Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerJianwen Wei
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Jérôme Petazzoni
 
The New Systems Performance
The New Systems PerformanceThe New Systems Performance
The New Systems PerformanceBrendan Gregg
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commandsRishu Seth
 
ApacheCon EU 2016 - Apache Camel the integration library
ApacheCon EU 2016 - Apache Camel the integration libraryApacheCon EU 2016 - Apache Camel the integration library
ApacheCon EU 2016 - Apache Camel the integration libraryClaus Ibsen
 

Ähnlich wie Small, Simple, and Secure: Alpine Linux under the Microscope (20)

Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers
Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers
Puppet Camp Dallas 2014: Replacing Simple Puppet Modules with Providers
 
Replacing Simple Puppet Modules with Providers
Replacing Simple Puppet Modules with ProvidersReplacing Simple Puppet Modules with Providers
Replacing Simple Puppet Modules with Providers
 
Pluggable Monitoring
Pluggable MonitoringPluggable Monitoring
Pluggable Monitoring
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
 
Nmap Guide
Nmap GuideNmap Guide
Nmap Guide
 
Running Applications on the NetBSD Rump Kernel by Justin Cormack
Running Applications on the NetBSD Rump Kernel by Justin Cormack Running Applications on the NetBSD Rump Kernel by Justin Cormack
Running Applications on the NetBSD Rump Kernel by Justin Cormack
 
TSN apps running on VxWorks RTOS as a KVM guest at the intelligent edge
TSN apps running on VxWorks RTOS as a KVM guest at the intelligent edgeTSN apps running on VxWorks RTOS as a KVM guest at the intelligent edge
TSN apps running on VxWorks RTOS as a KVM guest at the intelligent edge
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleIntroduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
 
Package Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerPackage Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π Supercomputer
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)
 
The New Systems Performance
The New Systems PerformanceThe New Systems Performance
The New Systems Performance
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commands
 
ApacheCon EU 2016 - Apache Camel the integration library
ApacheCon EU 2016 - Apache Camel the integration libraryApacheCon EU 2016 - Apache Camel the integration library
ApacheCon EU 2016 - Apache Camel the integration library
 

Mehr von Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices WorldDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with DockerDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog ScaleDocker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 

Mehr von Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Kürzlich hochgeladen

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 

Kürzlich hochgeladen (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 

Small, Simple, and Secure: Alpine Linux under the Microscope

  • 1. Small, simple, and secure: Alpine Linux under the microscope Natanael Copa Docker Twitter: @n_copa
  • 4. Core Components ● musl libc ● busybox ● apk-tools ● toolchain
  • 6. musl libc ● MIT license ● Clean, modern codebase ● Correct in corner-cases ● Lightweight
  • 7. What is missing? ● Some GNU extensions ● Lots of Localization data ● Lots of GNU bloat ● Name Service Switch (NSS) ● Network Services Library (libnsl) ● 80+ CVEs musl libc
  • 9. busybox ● ~800 kb ● Includes most of POSIX’s shell & utilities ● Corresponds to GNU coreutils, iproute2, grep, sed, awk, utils-linux, findutils, procps, wget... Bash alone is 668 kb (1280kb inclusive readline and ncurses)
  • 10. Busybox tools [ [[ acpid add-shell addgroup adduser adjtimex arp arping ash awk base64 basename bbconfig beep blkdiscard blkid blockdev brctl bunzip2bzcat bzip2cal cat chgrp chmod chown chpasswd chroot chvt cksum clear cmp comm conspy cp cpio crond crontab cryptpw cut date dc dd deallocvt delgroup deluser depmod df diff dirname dmesg dnsdomainname dos2unix du dumpkmap dumpleases echo ed egrep eject env ether-wake expand expr factor fallocate false fatattr fbset fbsplash fdflush fdformat fdisk fgrep find findfs flock fold free fsck fstrim fsync fuser getopt getty grep groups gunzip gzip halt hd hdparm head hexdump hostid hostname hwclock id ifconfig ifdown ifenslave ifup init inotifyd insmod install ionice iostat ip ipaddr ipcalc ipcrm ipcs iplink ipneigh iproute iprule iptunnel kbd_mode kill killall killall5 klogd lesslink linux32 linux64 ln loadfont loadkmap logger login logread losetup ls lsmod lsof lspci lsusb lzcat lzmalzop lzopcat makemime md5sum mdev mesg microcom mkdir mkdosfs mkfifo mkfs.vfat mknod mkpasswd mkswap mktemp modinfo modprobe more mount mountpoint mpstat mv nameif nanddump nandwrite nbd-client nc netstat nice nl nmeter nohup nologin nproc nsenter nslookupntpd od openvt partprobe passwd paste patchpgrep pidof ping ping6 pipe_progress pkill pmap poweroff powertop printenv printf ps pscan pstree pwd pwdx raidautorun rdate rdev readahead readlink readprofile realpath reboot reformime remove-shell renice reset resize rev rfkill rm rmdir rmmod route run-parts sed sendmail seq setconsole setfont setkeycodes setlogcons setpriv setserial setsid sh sha1sum sha256sum sha3sum sha512sum showkey shred shuf slattach sleep smemcap sort split ssl_client stat strings stty su sum swapoff swapon switch_root sync sysctl syslogd tac tail tar tee test time timeout top touch tr traceroute traceroute6 true truncate tty ttysize tunctl udhcpc udhcpc6 udhcpd umount uname unexpand uniq unix2dos unlink unlzmaunlzop unshare unxzunzipuptime usleep uudecode uuencode vconfig vi vlock volname watch watchdog wc wgetwhich whoami whois xargs xxd xzcat yes zcat
  • 12. Demo apt-get update -y && apt-get install -y python3 && python3 --version apk add --no-cache python3 && python3 --version
  • 13. apk-tools - what makes it fast Traditionally package managers: ● read from network (1 read) ● save to local cache (1 write) ● verify signature (1 read) ● extract (1 read, 1 write) Minimum 3 reads and 2 writes Apk is designed to read once and write once: ● checksum calculation while waiting for I/O ● write directly to final filesystem (as .apk-new) ● rename once signature is verified ● delete .apk-new on signature mismatch
  • 15. Hardened toolchain ● link with relro, bind now (improves ASLR and PaX memory protections) ● Position Independent Executables (PIE) - Even for static binaries(!) ● Stack Smash Protector (-fstack-protector-strong) ● -DFORTIFY_SOURCE=2
  • 16. Secure ● Use secure defaults ● Smaller attack surface ● Use more secure components (musl, libressl…) ● Hardened kernel (unofficial fork of grsecurity)
  • 17. When to not use Alpine Linux When you depend on ● precompiled closed source binaries (which are linked against glibc) ● good localization ● commercial support ● glibc/GNU behavior
  • 18. How to get involved https://alpinelinux.org https://wiki.alpinelinux.org IRC Freenode #alpine-linux