Tor

Created Sunday 08 January 2017

Tor is a Proxy service best used with Tor-Browser. We'll install and configure both - along with adding the possibility to enable it through our browser (Firefox) too.

Installation

# Tor
$ pacman -S tor

Tor Browser Bundle

# One must first read their gpg key
$ gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136

# Then install their browser^
$ yaourt -S tor-browser

Configuration

# For security purposes we want to run our Tor service from a chroot environment.
# For this, we will use a script. This will create a chroot in /opt/torchroot
# Create a file in your executable path - for me that would be ~/dotfiles/scripts/torchroot-setup.sh

#!/bin/bash
export TORCHROOT=/opt/torchroot

mkdir -p $TORCHROOT
mkdir -p $TORCHROOT/etc/tor
mkdir -p $TORCHROOT/dev
mkdir -p $TORCHROOT/usr/bin
mkdir -p $TORCHROOT/usr/lib
mkdir -p $TORCHROOT/usr/share/tor
mkdir -p $TORCHROOT/var/lib

ln -s /usr/lib  $TORCHROOT/lib
cp /etc/hosts           $TORCHROOT/etc/
cp /etc/host.conf       $TORCHROOT/etc/
cp /etc/localtime       $TORCHROOT/etc/
cp /etc/nsswitch.conf   $TORCHROOT/etc/
cp /etc/resolv.conf     $TORCHROOT/etc/
cp /etc/tor/torrc       $TORCHROOT/etc/tor/

cp /usr/bin/tor         $TORCHROOT/usr/bin/
cp /usr/share/tor/geoip* $TORCHROOT/usr/share/tor/
cp /lib/libnss* /lib/libnsl* /lib/ld-linux-*.so* /lib/libresolv* /lib/libgcc_s.so* $TORCHROOT/usr/lib/
cp $(ldd /usr/bin/tor | awk '{print $3}'|grep --color=never "^/") $TORCHROOT/usr/lib/
cp -r /var/lib/tor      $TORCHROOT/var/lib/
chown -R tor:tor $TORCHROOT/var/lib/tor

sh -c "grep --color=never ^tor /etc/passwd > $TORCHROOT/etc/passwd"
sh -c "grep --color=never ^tor /etc/group > $TORCHROOT/etc/group"

mknod -m 644 $TORCHROOT/dev/random c 1 8
mknod -m 644 $TORCHROOT/dev/urandom c 1 9
mknod -m 666 $TORCHROOT/dev/null c 1 3

if [[ "$(uname -m)" == "x86_64" ]]; then
  cp /usr/lib/ld-linux-x86-64.so* $TORCHROOT/usr/lib/.
  ln -sr /usr/lib64 $TORCHROOT/lib64
  ln -s $TORCHROOT/usr/lib ${TORCHROOT}/usr/lib64
fi

# Make the file executable
$ chmod +x ~/dotfiles/scripts/torchroot-setup.sh

# Run the script AS ROOT!
$ sudo ./~/dotfiles/scripts/torchroot-setup.sh

# Then edit the provided service file
$ systemctl edit --full tor.service

# And replace the [Service] section

[Service]
User=root
ExecStart=
ExecStart=/usr/bin/sh -c "chroot --userspec=tor:tor /opt/torchroot /usr/bin/tor -f /etc/tor/torrc"
KillSignal=SIGINT

Usage (running)

# You can now start/stop the service whenever needed
$ systemctl start tor.service

# Use the tor-browser for your dirty deeds

# If you want applications to run over tor, these are the settings needed;

SOCKS5 # Connection Type
localhost # Address
9050 # Port

Using with Firefox

# The FoxyProxy Basic addon will allow you to switch between connections
# Install it from the browsers addon page
# Click your new FoxyProxy icon to configure and add the Connection, Address and Port from above.