From 66def778a541f7d7241c9ba02be774adbc495dd8 Mon Sep 17 00:00:00 2001 From: Jacob Appelbaum Date: Fri, 5 Aug 2011 15:45:36 -0700 Subject: torouter-prep package --- packages/torouter-prep/Makefile | 14 ++ packages/torouter-prep/debian/README | 6 + packages/torouter-prep/debian/README.Debian | 8 + packages/torouter-prep/debian/changelog | 5 + packages/torouter-prep/debian/compat | 1 + packages/torouter-prep/debian/control | 14 ++ packages/torouter-prep/debian/copyright | 36 +++++ packages/torouter-prep/debian/dirs | 1 + packages/torouter-prep/debian/files | 1 + packages/torouter-prep/debian/postinst | 39 +++++ packages/torouter-prep/debian/postrm | 37 +++++ packages/torouter-prep/debian/preinst | 35 +++++ packages/torouter-prep/debian/prerm | 38 +++++ packages/torouter-prep/debian/rules | 6 + packages/torouter-prep/debian/source/format | 1 + packages/torouter-prep/debian/torouter.default | 11 ++ packages/torouter-prep/debian/torouter.substvars | 1 + packages/torouter-prep/src/linux-tor-prio.sh | 192 +++++++++++++++++++++++ packages/torouter-prep/src/torouter_config.sh | 157 ++++++++++++++++++ packages/torouter-prep/src/torouter_takeover.sh | 3 + 20 files changed, 606 insertions(+) create mode 100644 packages/torouter-prep/Makefile create mode 100644 packages/torouter-prep/debian/README create mode 100644 packages/torouter-prep/debian/README.Debian create mode 100644 packages/torouter-prep/debian/changelog create mode 100644 packages/torouter-prep/debian/compat create mode 100644 packages/torouter-prep/debian/control create mode 100644 packages/torouter-prep/debian/copyright create mode 100644 packages/torouter-prep/debian/dirs create mode 100644 packages/torouter-prep/debian/files create mode 100644 packages/torouter-prep/debian/postinst create mode 100644 packages/torouter-prep/debian/postrm create mode 100644 packages/torouter-prep/debian/preinst create mode 100644 packages/torouter-prep/debian/prerm create mode 100755 packages/torouter-prep/debian/rules create mode 100644 packages/torouter-prep/debian/source/format create mode 100644 packages/torouter-prep/debian/torouter.default create mode 100644 packages/torouter-prep/debian/torouter.substvars create mode 100644 packages/torouter-prep/src/linux-tor-prio.sh create mode 100644 packages/torouter-prep/src/torouter_config.sh create mode 100644 packages/torouter-prep/src/torouter_takeover.sh (limited to 'packages/torouter-prep') diff --git a/packages/torouter-prep/Makefile b/packages/torouter-prep/Makefile new file mode 100644 index 0000000..1d80201 --- /dev/null +++ b/packages/torouter-prep/Makefile @@ -0,0 +1,14 @@ +default: build + +build: + echo "nothing to build" + +install: + install -o root -g root -m 750 src/torouter_config.sh $(DESTDIR)/usr/bin + install -o root -g root -m 750 src/torouter_takeover.sh $(DESTDIR)/usr/bin + +clean: + echo "nothing to clean" + +deb: + dpkg-buildpackage -us -uc diff --git a/packages/torouter-prep/debian/README b/packages/torouter-prep/debian/README new file mode 100644 index 0000000..bf746d1 --- /dev/null +++ b/packages/torouter-prep/debian/README @@ -0,0 +1,6 @@ +The Debian Package torouter +---------------------------- + +This package is for the Torouter project from the Tor Project. + + -- Jacob Appelbaum Wed, 27 Jul 2011 12:27:38 -0400 diff --git a/packages/torouter-prep/debian/README.Debian b/packages/torouter-prep/debian/README.Debian new file mode 100644 index 0000000..27e430c --- /dev/null +++ b/packages/torouter-prep/debian/README.Debian @@ -0,0 +1,8 @@ +torouter for Debian +------------------- + +This is a package for Debian that converts a DreamPlug into a Torouter. + +It will configure the system without prompting the user for any input. + + -- Jacob Appelbaum Wed, 27 Jul 2011 09:51:21 -0400 diff --git a/packages/torouter-prep/debian/changelog b/packages/torouter-prep/debian/changelog new file mode 100644 index 0000000..f62a4bb --- /dev/null +++ b/packages/torouter-prep/debian/changelog @@ -0,0 +1,5 @@ +torouter (0.0.1-1) unstable; urgency=low + + * Initial release (Closes: #nnnn) + + -- Jacob Appelbaum Wed, 27 Jul 2011 10:08:02 -0400 diff --git a/packages/torouter-prep/debian/compat b/packages/torouter-prep/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/packages/torouter-prep/debian/compat @@ -0,0 +1 @@ +7 diff --git a/packages/torouter-prep/debian/control b/packages/torouter-prep/debian/control new file mode 100644 index 0000000..f9930d6 --- /dev/null +++ b/packages/torouter-prep/debian/control @@ -0,0 +1,14 @@ +Source: torouter-prep +Section: unknown +Priority: extra +Maintainer: Jacob Appelbaum +Build-Depends: debhelper (>= 7.0.50~) +Standards-Version: 3.9.1 +Homepage: + +Package: torouter +Architecture: all +Depends: ${misc:Depends}, apt-utils, openssh-server, isc-dhcp-client, cron-apt +Description: Torouter meta-package to take over the DreamPlug + DreamPlug devices may use this package to convert to a Torouter. + This package only works if the DreamPlug is already running Debian. diff --git a/packages/torouter-prep/debian/copyright b/packages/torouter-prep/debian/copyright new file mode 100644 index 0000000..9f4ebf2 --- /dev/null +++ b/packages/torouter-prep/debian/copyright @@ -0,0 +1,36 @@ +Format: http://dep.debian.net/deps/dep5 +Upstream-Name: torouter +Source: + +Files: * +Copyright: 2011 Jacob Appelbaum +License: BSD-3-Clause + +Files: debian/* +Copyright: 2011 Jacob Appelbaum +License: BSD-3-Clause + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. diff --git a/packages/torouter-prep/debian/dirs b/packages/torouter-prep/debian/dirs new file mode 100644 index 0000000..e772481 --- /dev/null +++ b/packages/torouter-prep/debian/dirs @@ -0,0 +1 @@ +usr/bin diff --git a/packages/torouter-prep/debian/files b/packages/torouter-prep/debian/files new file mode 100644 index 0000000..894b9ed --- /dev/null +++ b/packages/torouter-prep/debian/files @@ -0,0 +1 @@ +torouter_0.0.1-1_all.deb unknown extra diff --git a/packages/torouter-prep/debian/postinst b/packages/torouter-prep/debian/postinst new file mode 100644 index 0000000..97e9113 --- /dev/null +++ b/packages/torouter-prep/debian/postinst @@ -0,0 +1,39 @@ +#!/bin/sh +# postinst script for torouter +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/torouter-prep/debian/postrm b/packages/torouter-prep/debian/postrm new file mode 100644 index 0000000..632ac80 --- /dev/null +++ b/packages/torouter-prep/debian/postrm @@ -0,0 +1,37 @@ +#!/bin/sh +# postrm script for torouter +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/torouter-prep/debian/preinst b/packages/torouter-prep/debian/preinst new file mode 100644 index 0000000..1cc598e --- /dev/null +++ b/packages/torouter-prep/debian/preinst @@ -0,0 +1,35 @@ +#!/bin/sh +# preinst script for torouter +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/torouter-prep/debian/prerm b/packages/torouter-prep/debian/prerm new file mode 100644 index 0000000..4bb95dd --- /dev/null +++ b/packages/torouter-prep/debian/prerm @@ -0,0 +1,38 @@ +#!/bin/sh +# prerm script for torouter +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/torouter-prep/debian/rules b/packages/torouter-prep/debian/rules new file mode 100755 index 0000000..74439ab --- /dev/null +++ b/packages/torouter-prep/debian/rules @@ -0,0 +1,6 @@ +#!/usr/bin/make -f +# -*- makefile -*- +#export DH_VERBOSE=1 + +%: + dh $@ diff --git a/packages/torouter-prep/debian/source/format b/packages/torouter-prep/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/packages/torouter-prep/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/packages/torouter-prep/debian/torouter.default b/packages/torouter-prep/debian/torouter.default new file mode 100644 index 0000000..d5fcdf1 --- /dev/null +++ b/packages/torouter-prep/debian/torouter.default @@ -0,0 +1,11 @@ +# Defaults for torouter initscript +# sourced by /etc/init.d/torouter +# installed at /etc/default/torouter by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# When the package is configured - we set this accordingly +#DREAMPLUG="" +#CONFIGURED="" diff --git a/packages/torouter-prep/debian/torouter.substvars b/packages/torouter-prep/debian/torouter.substvars new file mode 100644 index 0000000..abd3ebe --- /dev/null +++ b/packages/torouter-prep/debian/torouter.substvars @@ -0,0 +1 @@ +misc:Depends= diff --git a/packages/torouter-prep/src/linux-tor-prio.sh b/packages/torouter-prep/src/linux-tor-prio.sh new file mode 100644 index 0000000..ea9e0dd --- /dev/null +++ b/packages/torouter-prep/src/linux-tor-prio.sh @@ -0,0 +1,192 @@ +#!/bin/bash +# Written by Marco Bonetti & Mike Perry +# Based on instructions from Dan Singletary's ADSL BW Management HOWTO: +# http://www.faqs.org/docs/Linux-HOWTO/ADSL-Bandwidth-Management-HOWTO.html +# This script is Public Domain. + +############################### README ################################# + +# This script provides prioritization of Tor traffic below other +# traffic on a Linux server. It has two modes of operation: UID based +# and IP based. + +# UID BASED PRIORITIZATION +# +# The UID based method requires that Tor be launched from +# a specific user ID. The "User" Tor config setting is +# insufficient, as it sets the UID after the socket is created. +# Here is a C wrapper you can use to execute Tor and drop privs before +# it creates any sockets. +# +# Compile with: +# gcc -DUID=`id -u tor` -DGID=`id -g tor` tor_wrap.c -o tor_wrap +# +# #include +# int main(int argc, char **argv) { +# if(initgroups("tor", GID) == -1) { perror("initgroups"); return 1; } +# if(setresgid(GID, GID, GID) == -1) { perror("setresgid"); return 1; } +# if(setresuid(UID, UID, UID) == -1) { perror("setresuid"); return 1; } +# execl("/bin/tor", "/bin/tor", "-f", "/etc/tor/torrc", NULL); +# perror("execl"); return 1; +# } + +# IP BASED PRIORITIZATION +# +# The IP setting requires that a separate IP address be dedicated to Tor. +# Your Torrc should be set to bind to this IP for "OutboundBindAddress", +# "ListenAddress", and "Address". + +# GENERAL USAGE +# +# You should also tune the individual connection rate parameters below +# to your individual connection. In particular, you should leave *some* +# minimum amount of bandwidth for Tor, so that Tor users are not +# completely choked out when you use your server's bandwidth. 30% is +# probably a reasonable choice. More is better of course. +# +# To start the shaping, run it as: +# ./linux-tor-prio.sh +# +# To get status information (useful to verify packets are getting marked +# and prioritized), run: +# ./linux-tor-prio.sh status +# +# And to stop prioritization: +# ./linux-tor-prio.sh stop +# +######################################################################## + +# BEGIN USER TUNABLE PARAMETERS + +DEV=eth0 + +# NOTE! You must START Tor under this UID. Using the Tor User +# config setting is NOT sufficient. See above. +TOR_UID=$(id -u tor) + +# If the UID mechanism doesn't work for you, you can set this parameter +# instead. If set, it will take precedence over the UID setting. Note that +# you need multiple IPs with one specifically devoted to Tor for this to +# work. +#TOR_IP="42.42.42.42" + +# Average ping to most places on the net, milliseconds +RTT_LATENCY=40 + +# RATE_UP must be less than your connection's upload capacity in +# kbits/sec. If it is larger, then the bottleneck will be at your +# router's queue, which you do not control. This will cause congestion +# and a revert to normal TCP fairness no matter what the queing +# priority is. +RATE_UP=5000 + +# RATE_UP_TOR is the minimum speed your Tor connections will have in +# kbits/sec. They will have at least this much bandwidth for upload. +# In general, you probably shouldn't set this too low, or else Tor +# users who use your node will be completely choked out whenever your +# machine does any other network activity. That is not very fun. +RATE_UP_TOR=1500 + +# RATE_UP_TOR_CEIL is the maximum rate allowed for all Tor trafic in +# kbits/sec. +RATE_UP_TOR_CEIL=5000 + +CHAIN=OUTPUT +#CHAIN=PREROUTING +#CHAIN=POSTROUTING + +MTU=1500 +AVG_PKT=900 # should be more like 600 for non-exit nodes + +# END USER TUNABLE PARAMETERS + + + +# The queue size should be no larger than your bandwidth-delay +# product. This is RT latency*bandwidth/MTU/2 + +BDP=$(expr $RTT_LATENCY \* $RATE_UP / $AVG_PKT) + +# Further research indicates that the BDP calculations should use +# RTT/sqrt(n) where n is the expected number of active connections.. + +BDP=$(expr $BDP / 4) + +if [ "$1" = "status" ] +then + echo "[qdisc]" + tc -s qdisc show dev $DEV + tc -s qdisc show dev imq0 + echo "[class]" + tc -s class show dev $DEV + tc -s class show dev imq0 + echo "[filter]" + tc -s filter show dev $DEV + tc -s filter show dev imq0 + echo "[iptables]" + iptables -t mangle -L TORSHAPER-OUT -v -x 2> /dev/null + exit +fi + + +# Reset everything to a known state (cleared) +tc qdisc del dev $DEV root 2> /dev/null > /dev/null +tc qdisc del dev imq0 root 2> /dev/null > /dev/null +iptables -t mangle -D POSTROUTING -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null +iptables -t mangle -D PREROUTING -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null +iptables -t mangle -D OUTPUT -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null +iptables -t mangle -F TORSHAPER-OUT 2> /dev/null > /dev/null +iptables -t mangle -X TORSHAPER-OUT 2> /dev/null > /dev/null +ip link set imq0 down 2> /dev/null > /dev/null +rmmod imq 2> /dev/null > /dev/null + +if [ "$1" = "stop" ] +then + echo "Shaping removed on $DEV." + exit +fi + +# Outbound Shaping (limits total bandwidth to RATE_UP) + +ip link set dev $DEV qlen $BDP + +# Add HTB root qdisc, default is high prio +tc qdisc add dev $DEV root handle 1: htb default 20 + +# Add main rate limit class +tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATE_UP}kbit + +# Create the two classes, giving Tor at least RATE_UP_TOR kbit and capping +# total upstream at RATE_UP so the queue is under our control. +tc class add dev $DEV parent 1:1 classid 1:20 htb rate $(expr $RATE_UP - $RATE_UP_TOR)kbit ceil ${RATE_UP}kbit prio 0 +tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[$RATE_UP_TOR]kbit ceil ${RATE_UP_TOR_CEIL}kbit prio 10 + +# Start up pfifo +tc qdisc add dev $DEV parent 1:20 handle 20: pfifo limit $BDP +tc qdisc add dev $DEV parent 1:21 handle 21: pfifo limit $BDP + +# filter traffic into classes by fwmark +tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 +tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21 + +# add TORSHAPER-OUT chain to the mangle table in iptables +iptables -t mangle -N TORSHAPER-OUT +iptables -t mangle -I $CHAIN -o $DEV -j TORSHAPER-OUT + + +# Set firewall marks +# Low priority to Tor +if [ ""$TOR_IP == "" ] +then + echo "Using UID-based QoS. UID $TOR_UID marked as low priority." + iptables -t mangle -A TORSHAPER-OUT -m owner --uid-owner $TOR_UID -j MARK --set-mark 21 +else + echo "Using IP-based QoS. $TOR_IP marked as low priority." + iptables -t mangle -A TORSHAPER-OUT -s $TOR_IP -j MARK --set-mark 21 +fi + +# High prio for everything else +iptables -t mangle -A TORSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20 + +echo "Outbound shaping added to $DEV. Rate for Tor upload at least: ${RATE_UP_TOR}Kbyte/sec." + diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh new file mode 100644 index 0000000..7a6a581 --- /dev/null +++ b/packages/torouter-prep/src/torouter_config.sh @@ -0,0 +1,157 @@ +#!/bin/bash -x + +echo "This program will reconfigure your Debian system into a Torouter" +exit 0 +echo "This is where we'd take over the entire Torouter system" + +# For every file we touch, move it to the temp_dir and then tar it up in the end +temp_dir="`mktemp -d`" + +# Add a user +ADMINUSER="toradmin" +ADMINGROUP="toradmin" + +# Install the Tor repo key +gpg --keyserver keys.gnupg.net --recv 886DDD89 +gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - + +cp /etc/hosts $temp_dir/ +# Stomp on the hosts file +cat << EOF > /etc/hosts +127.0.0.1 localhost +EOF + +cp /etc/hostname $temp_dir/ +# Set us to have a default host name +echo "torouter" > /etc/hostname + +# We need to prep apt to understand that we want packages from other repos +# We append to the current package list +cat << EOF >> /etc/apt/sources.list +# Tor's debian package repo: +deb http://deb.torproject.org/torproject.org squeeze main +deb http://deb.torproject.org/torproject.org experimental-squeeze main + +# Add Debian backports for OpenNTPD, libminiupnpc-dev, libminiupnpc5 +# http://packages.debian.org/squeeze-backports/libminiupnpc-dev +deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free + +# Add Debian experimental for libnatpmp0 +# http://packages.debian.org/experimental/libnatpmp0 +deb http://ftp.debian.org/debian experimental main +deb-src http://ftp.debian.org/debian experimental main + +EOF + +# We're creating this file to ensure we get updates +cat << 'EOF' > /etc/apt/preferences.d/backports +Package: * +Pin: release a=squeeze-backports +Pin-Priority: 200 +EOF + +apt-get -y update + +# Install some other packages here: +apt-get -y install denyhosts ufw + +# Allow us to set the clock: +apt-get -y -t squeeze-backports install openntpd + +# Install Tor and deps: +apt-get -y install tor tor-geoipdb + +# To build with natpmp support +apt-get -y -t experimental install libnatpmp0 + +# To build with miniupnpc support +apt-get -y -t squeeze-backports install libminiupnpc-dev +apt-get -y -t squeeze-backports install libminiupnpc5 + +# XXX +# We want to apt-get source tor and build it for the 0.2.3.x branch +# + +# Install a Tor controller: +apt-get -y install tor-arm + +# Install a normal dns cache for eth1 +apt-get -y install dnsmasq + +## +## Configuration stage of the script +## + +# Configure arm +zcat /usr/share/doc/tor-arm/armrc.sample.gz > ~$(ADMINUSER)/.armrc +# XXX This is where we will call torrc-takeover.py when it is packaged + +# XXX We should reconfigure /etc/inittab here + +# Configure the network +# eth0 is our "internet" interface with a dhcp client +cat << 'EOF' > /etc/network/interfaces +# The primary network interface +allow-hotplug eth0 +iface eth0 inet dhcp + +# +# XXX Configure eth1 and ap0 here +# + +EOF + +# XXX We should configure ufw here +# ufw allow +# XXX We should configure denyhosts +# XXX We should configure dnsmasq +# XXX We should configure the DHCP server here + +cp /etc/tor/torrc $temp_dir/ +# configure Tor and stomp on the current Tor config +cat << 'EOF' > /etc/tor/torrc +# Run Tor as a bridge/relay only, not as a client +SocksPort 0 + +# What port to advertise for incoming Tor connections +ORPort 443 + +# We're on a flash file system +AvoidDiskWrites 1 + +# Be a bridge +BridgeRelay 1 + +# Rate limited +BandwidthRate 50KB + +# Don't allow any Tor traffic to exit +Exitpolicy reject *:* + +# Allow a controller (tor-arm) on this system to configure Tor: +ControlPort 9051 +ControlListenAddress 127.0.0.1:9051 +CookieAuthentication 1 +EOF + +# Remove a bunch of stuff: +apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus + +## Disable ipv6 support +cp /etc/sysctl.d/disableipv6.conf $temp_dir/ +echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf +cp /etc/sshd_config $temp_dir/ +echo "AddressFamily inet" >> /etc/ssh/ssh_config + +## +## Restart services here +## + +/etc/init.d/ssh restart +/etc/init.d/tor restart + +## +## Touch a stamp to show that we're now a Torouter +## + +echo "torouter" > /etc/torouter diff --git a/packages/torouter-prep/src/torouter_takeover.sh b/packages/torouter-prep/src/torouter_takeover.sh new file mode 100644 index 0000000..2b76502 --- /dev/null +++ b/packages/torouter-prep/src/torouter_takeover.sh @@ -0,0 +1,3 @@ +# This program will wrap debtakeover: +# http://www.hadrons.org/~guillem/debian/debtakeover/ + -- cgit v1.2.3