From cc9809734fdbd6ea8601005d34b4efaf5b37baa4 Mon Sep 17 00:00:00 2001 From: ficus Date: Tue, 25 Sep 2012 17:36:17 +0200 Subject: clean up configs directory --- packages/torouter-prep/configs/047E6A24.asc | 19 --------------- ...3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key | Bin 3742 -> 0 bytes packages/torouter-prep/configs/armrc.sample.gz | Bin 3633 -> 0 bytes .../torouter-prep/configs/etc/network/interfaces | 2 +- packages/torouter-prep/configs/etc/tor/torrc | 3 +++ packages/torouter-prep/configs/etc/udhcpd.conf | 26 +++++++++++++++++++++ .../configs/sbin/tor-wireless-firewall.sh | 20 ++++++++++++++++ packages/torouter-prep/configs/tor-arm-crontab | 3 --- .../torouter-prep/configs/tor-wireless-firewall.sh | 20 ---------------- packages/torouter-prep/configs/udhcpd.conf | 26 --------------------- packages/torouter-prep/src/torouter_config.sh | 6 ++--- packages/torouter-prep/src/torouter_preboot.sh | 7 ++++-- 12 files changed, 58 insertions(+), 74 deletions(-) delete mode 100644 packages/torouter-prep/configs/047E6A24.asc delete mode 100644 packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key delete mode 100644 packages/torouter-prep/configs/armrc.sample.gz create mode 100644 packages/torouter-prep/configs/etc/udhcpd.conf create mode 100755 packages/torouter-prep/configs/sbin/tor-wireless-firewall.sh delete mode 100644 packages/torouter-prep/configs/tor-arm-crontab delete mode 100755 packages/torouter-prep/configs/tor-wireless-firewall.sh delete mode 100644 packages/torouter-prep/configs/udhcpd.conf (limited to 'packages') diff --git a/packages/torouter-prep/configs/047E6A24.asc b/packages/torouter-prep/configs/047E6A24.asc deleted file mode 100644 index e2a8303..0000000 --- a/packages/torouter-prep/configs/047E6A24.asc +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.9 (GNU/Linux) - -mQENBE5MF30BCACy2Ywqme78KCxY0qEXxm0vpBYe9X2kTdaJMS65tLfjbuHJ+WO4 -OKCJ5AJc7NMvZGpVucn4JPTRN34oReXzYWrlm0yfmqnRHm9sEJhDqNbSV6RML+9E -oikxj6w6uboVEnrbLPzsWEcSze28dLcqVzDMm3aHO0erjBMlUEN4a7rrU0MDf+SH -4rz0kkEaBj8gzX+cJQEU5uIdlcINFtL34cNIZPAB3O2ZOjvrDbWJcI6wG/ZfefDk -2z98eSzhJfTWKsjnPmSsp7QTu+lj+mJN7BBoLILLJ+xq1XPJfigiuQucK3k2xMBv -eYEpK+11af6/bt5+yQec8dyH7+feYnpY2gW9ABEBAAG0H3RvcnJvdXRlciBhcmNo -aXZlIGtleSAoMjAxMS0wOCmJAT4EEwECACgFAk5MF30CGwMFCQDtTgAGCwkIBwMC -BhUIAgkKCwQWAgMBAh4BAheAAAoJEJGCGDUEfmokfYEH/RzFD2x5j1kJ+1+F2pTN -bTochEBvT4gsKCcuT+i7Q4FaorVCePoAyjcW3HBGBNf6G0a37KmtPoQBqXZ2wxVN -7SDFFG4nH27z+OdkrZkUmwnjr3O5QskMuiOfkvpD0aRKvmB/MznxjBW9brJr63Gx -IGkdvvZad2V4+jEwTWiOAodWbYGX9A5CgWUL+SHFhsLe3B3ZMrvgbReJqbOGRBTR -nGWYjLH5K0lNLPNb8spKOxT/h5gKib9p5680hQG672n9EJGixfmvrCQF/3cqy2SG -CmfX5Tt7+l/C6LfyaHWHsQsjqVtCmwPjfQ1sRa1S9UPXjrZb/54kDUHfpUByB/ab -kGU= -=ZXbM ------END PGP PUBLIC KEY BLOCK----- diff --git a/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key b/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key deleted file mode 100644 index 5b6a4d3..0000000 Binary files a/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key and /dev/null differ diff --git a/packages/torouter-prep/configs/armrc.sample.gz b/packages/torouter-prep/configs/armrc.sample.gz deleted file mode 100644 index c86b6f1..0000000 Binary files a/packages/torouter-prep/configs/armrc.sample.gz and /dev/null differ diff --git a/packages/torouter-prep/configs/etc/network/interfaces b/packages/torouter-prep/configs/etc/network/interfaces index 255075f..e2f5741 100644 --- a/packages/torouter-prep/configs/etc/network/interfaces +++ b/packages/torouter-prep/configs/etc/network/interfaces @@ -35,5 +35,5 @@ iface uap0 inet static post-up /etc/init.d/ttdnsd restart post-up /usr/bin/uaputl sys_cfg_ssid "torproject" || true post-up /usr/bin/uaputl bss_start || true - post-up /usr/share/torouter-prep/example-configs/tor-wireless-firewall.sh || true + post-up /usr/sbin/tor-wireless-firewall.sh || true pre-down /usr/bin/uaputl bss_stop || true diff --git a/packages/torouter-prep/configs/etc/tor/torrc b/packages/torouter-prep/configs/etc/tor/torrc index 5023d57..063dde8 100644 --- a/packages/torouter-prep/configs/etc/tor/torrc +++ b/packages/torouter-prep/configs/etc/tor/torrc @@ -178,3 +178,6 @@ ControlPort 9051 ControlListenAddress 127.0.0.1:9051 CookieAuthentication 1 +# On torouter, tor daemon should always be running, but defaults to disabled +# until user enables it specifically through the web interface +DisableNetwork 1 diff --git a/packages/torouter-prep/configs/etc/udhcpd.conf b/packages/torouter-prep/configs/etc/udhcpd.conf new file mode 100644 index 0000000..04160aa --- /dev/null +++ b/packages/torouter-prep/configs/etc/udhcpd.conf @@ -0,0 +1,26 @@ +# Sample udhcpd configuration file (/etc/udhcpd.conf) + +# The start and end of the IP lease block +start 172.16.23.10 +end 172.16.23.254 + +# The interface that udhcpd will use +interface uap0 + +# The maximim number of leases (includes addressesd reserved +# by OFFER's, DECLINE's, and ARP conficts +max_leases 244 + +# If remaining is true (default), udhcpd will store the time +# remaining for each lease in the udhcpd leases file. This is +# for embedded systems that cannot keep time between reboots. +# If you set remaining to no, the absolute time that the lease +# expires at will be stored in the dhcpd.leases file. +remaining no + +# Use Tor's DNSPort and route via Tor +opt dns 172.16.23.1 +option subnet 255.255.255.0 +opt router 172.16.23.1 +option domain local +option lease 864000 # 10 days of seconds diff --git a/packages/torouter-prep/configs/sbin/tor-wireless-firewall.sh b/packages/torouter-prep/configs/sbin/tor-wireless-firewall.sh new file mode 100755 index 0000000..4310e7b --- /dev/null +++ b/packages/torouter-prep/configs/sbin/tor-wireless-firewall.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# destinations you don't want routed through Tor +NON_TOR="10.0.2.0/24 10.23.42.0/24 172.16.23.0/24" + +# Tor's TransPort +TRANS_PORT="9040" + +# your internal interface +INT_IF="uap0" + +iptables -F +iptables -t nat -F + +for NET in $NON_TOR; do + iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN +done +iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 5353 +#iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 67 -j REDIRECT --to-ports 67 +iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT diff --git a/packages/torouter-prep/configs/tor-arm-crontab b/packages/torouter-prep/configs/tor-arm-crontab deleted file mode 100644 index b662b22..0000000 --- a/packages/torouter-prep/configs/tor-arm-crontab +++ /dev/null @@ -1,3 +0,0 @@ -# Now anyone using the torouter can attach to a long term screen with arm -# This will run at boot time and it should run forever -@reboot screen -d -m -S tor-arm /usr/bin/arm diff --git a/packages/torouter-prep/configs/tor-wireless-firewall.sh b/packages/torouter-prep/configs/tor-wireless-firewall.sh deleted file mode 100755 index 4310e7b..0000000 --- a/packages/torouter-prep/configs/tor-wireless-firewall.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -# destinations you don't want routed through Tor -NON_TOR="10.0.2.0/24 10.23.42.0/24 172.16.23.0/24" - -# Tor's TransPort -TRANS_PORT="9040" - -# your internal interface -INT_IF="uap0" - -iptables -F -iptables -t nat -F - -for NET in $NON_TOR; do - iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN -done -iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 5353 -#iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 67 -j REDIRECT --to-ports 67 -iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT diff --git a/packages/torouter-prep/configs/udhcpd.conf b/packages/torouter-prep/configs/udhcpd.conf deleted file mode 100644 index 04160aa..0000000 --- a/packages/torouter-prep/configs/udhcpd.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Sample udhcpd configuration file (/etc/udhcpd.conf) - -# The start and end of the IP lease block -start 172.16.23.10 -end 172.16.23.254 - -# The interface that udhcpd will use -interface uap0 - -# The maximim number of leases (includes addressesd reserved -# by OFFER's, DECLINE's, and ARP conficts -max_leases 244 - -# If remaining is true (default), udhcpd will store the time -# remaining for each lease in the udhcpd leases file. This is -# for embedded systems that cannot keep time between reboots. -# If you set remaining to no, the absolute time that the lease -# expires at will be stored in the dhcpd.leases file. -remaining no - -# Use Tor's DNSPort and route via Tor -opt dns 172.16.23.1 -option subnet 255.255.255.0 -opt router 172.16.23.1 -option domain local -option lease 864000 # 10 days of seconds diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh index 8cfc07f..536fc10 100755 --- a/packages/torouter-prep/src/torouter_config.sh +++ b/packages/torouter-prep/src/torouter_config.sh @@ -13,14 +13,14 @@ export ADMINGROUP="torouter" export TORADMINGROUP="debian-tor" # This is the main Tor repo apt pubkey -apt-key add $config_dir/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key +apt-key add $config_dir/tmp/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key # This is the temp torrouter archive pubkey; this should be updated when we # freeze this repo and know what we want to do -apt-key add $config_dir/047E6A24.asc +apt-key add $config_dir/tmp/047E6A24.asc # We need to prep apt to understand that we want packages from other repos -cp $config_dir/sources.list /etc/apt/sources.list +cp $config_dir/etc/sources.list /etc/apt/sources.list apt-get -y update diff --git a/packages/torouter-prep/src/torouter_preboot.sh b/packages/torouter-prep/src/torouter_preboot.sh index 7fd2a17..d179581 100755 --- a/packages/torouter-prep/src/torouter_preboot.sh +++ b/packages/torouter-prep/src/torouter_preboot.sh @@ -48,6 +48,9 @@ cp $config_dir/etc/ssh/sshd_config /etc/ssh/sshd_config cp $config_dir/etc/tor/torrc /etc/tor/torrc cp $config_dir/etc/default/ttdnsd /etc/default/ttdnsd +# install tor firewall helper +install -o root -g root -m 750 $config_dir/sbin/tor-wireless-firewall.sh /usr/sbin/ + # Remove a bunch of stuff apt-get -f -y remove --purge polipo minissdpd apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus @@ -66,10 +69,10 @@ useradd -g $ADMINGROUP -G $TORADMINGROUP -s /bin/bash $ADMINUSER # TODO: $ADMINUSER passwd? # Configure arm -zcat $config_dir/armrc.sample.gz > /home/$ADMINUSER/.armrc +zcat $config_dir/tmp/armrc.sample.gz > /home/$ADMINUSER/.armrc ## Add arm startup trick with cron for shared screen run as $ADMINUSER -crontab -u $ADMINUSER $config_dir/tor-arm-crontab +crontab -u $ADMINUSER $config_dir/tmp/tor-arm-crontab ## Touch a stamp to show that we're now a Torouter echo "torouter $VERSION" > /etc/torouter -- cgit v1.2.3