Haveged & Alpine

PUBLISHED ON DEC 27, 2016 — LINUX, SECURITY

I’m growing more and more into Alpine Linux. It is a fast and lean Linux Distribution. In fact, this blog is running on Alpine along with Lighttpd. However, because the distro is generating very few I/O events, one should always be mindful of the entropy pool… This is especially true when the web server is only serving its pages over https…

Checking the entropy pool on Linux is done through the /proc pseudo-filesystem.

The read-only file entropy_avail gives the available entropy. Normally, this will be 4096 (bits), a full entropy pool.
— random(4) - Linux man page

arkham:~# cat /proc/sys/kernel/random/entropy_avail
794

Luckily, installing Haveged on Alpine is straightfoward…

arkham:~# apk add haveged
(1/1) Installing haveged (1.9.1-r3)
Executing busybox-1.25.1-r1.trigger
OK: 394 MiB in 90 packages

Then we just have to add haveged to the default init runlevel

arkham:~# rc-update add haveged
 * service haveged added to runlevel default

And start the service…

arkham:~# rc-service haveged start
* Caching service dependencies ...                               [ ok ]
* Starting haveged ...                                           [ ok ]

And voilà…

arkham:~# cat /proc/sys/kernel/random/entropy_avail
2474