Skip to content
Templates for a secure Tor exit node configuration
Branch: master
Clone or download
Latest commit d642564 Jul 2, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Jun 23, 2019
README.md Update README.md Jul 2, 2019
log Correct Tor log file Jun 23, 2019
notices.log Create notices.log Jun 23, 2019
tor-exit-notice.html Clean template Jun 23, 2019
tor.conf Nginx tor sites file. Jun 23, 2019
torrc Update torrc Jul 2, 2019
torrocks.png Screenshot Tor Control Center (TCC) Jun 23, 2019
torrocks.screenshot.png torrocks main script wallpaper Jun 23, 2019
torrocks.sh torrocks core Jun 23, 2019

README.md


torrocks

GitHub license GitHub issues GitHub stars Twitter

Run your own TOR exit node & control it with Tor Control Center (TCC)

Templates for a secure Tor exit node configuration

AIM

The purposals of torrocks is to give an overview on Tor, Hidden Services, and monitoring with a series of best practices, reviewd documentation, scripts and tips.

To Do
  • Install script (bash)
  • Upload torrocks project
  • Manage script (bash)
  • Securty script (bash)
  • Write base README.md
  • Write Complete documentation
  • Add The Onion Box Web interface integration
  • Bugfix

Tor overview

Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. (Wikipedia)

Clean old Tor install & purge:

Remove old installation and configurations files that could create problems during the setup of torrocks.(Not mandatory)

# sudo service tor stop
# sudo killall -9 tor
# sudo apt remove -y --purge tor tor-arm tor-geoipdb python-geoip python-torctl torsocks
# sudo apt autoremove 
# sudo rm -rf /var/log/tor
# sudo rm -rf /etc/tor
# sudo rm -rf /var/lib/tor #(Backup your old private key before removing /var/lib/tor/hidden_service

Download & Install torrocks

# cd /opt
# sudo git clone https://github.com/okno/torrocks
# sudo chmod +x /opt/torrocks/torrocks.sh
# sudo ln -s /opt/torrocks/torrocks.sh /usr/bin/torrocks

Check if torrocks symbolic link is correctly placed :

ls -al /usr/bin/torrocks 

Output :

lrwxrwxrwx 1 root root 25 Jun 23 23:21 /usr/bin/torrocks -> /opt/torrocks/torrocks.sh

Install Tor

You can find Tor inside the most OS,be sure to install the latest version, on Linux Debian 9.9 stretch just type :

# sudo apt update 
# sudo apt install tor -y 
# sudo service tor start

If everything is ok Tor daemon should be up and running with default configuration, listening on 127.0.0.1 on port 9050, to check your Tor deamon you can use :

# sudo netstat -putan | grep tor

You should see an output like this :

tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      13302/tor

Now check if the tor process is running by the user debian-tor :

# sudo ps -u debian-tor

Output :

PID TTY          TIME CMD
13302 ?        00:00:01 tor

You can also check the status of the deamon whit the service command of systemd(shit)

# sudo service tor status

Output :

● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (exited) since Sun 2019-06-23 15:39:58 BST; 22min ago
Process: 13295 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 13295 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/tor.service
Jun 23 15:39:58 HOSTNAME systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Jun 23 15:39:58 HOSTNAME systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).

Ok, now we are sure that the tor daemon is running with PID 13302, with user debian-tor, listening on 127.0.0.1 on port 9050

⚠️ Never run Tor with root user ⚠️

Configure HTTP&SSH Hidden Services + Enable TOR Exit node

This is the most important section to understand, here you can find a detailed configuration of two hidden services and enbling a TOR Exit node.

⚠️ NOT all ISP allow hosting TOR Exit nodes, check your provider policy ⚠️

Now check

# XXXXXXX

#################################################################### TO BE CONTINUED ####################################################################

Paths, Logs, Files:

File Description
/var/log/tor/ Default log Tor directory
/usr/share/doc/tor Sample config&template files for tor and hidden services
/var/log/tor/notices.log Tor health log (best for Tor service analysis)
/var/log/tor/debug.log Tor debug log (best for debugging & network analysis)
/etc/tor Tor configurations files
/etc/tor/torrc Tor daemon configuration file
Torrocks Files:
File Description
torrc Main configuration file
tor-exit-notice.html Html template for Tor data port
tor.conf Nginx template for hidden service
notices.log Sample log file

Tor Control Center (TCC)

TCC is a simple method to monitor the health state of yout Tor Exit Node, just open tmux, split in 4 terms, run tailf, netstat, arm and have fun with a beer.

Requirements

  • tor
  • tmux
  • arm
  • netstat

Install arm for Tor

# sudo apt update
# sudo apt install tor-arm

Install tmux

# sudo apt install tmux 

This is how my Tor Control Center looks like :

References

Contribution

You can contribute in following ways:

  • Report bugs
  • Give suggestions to make it better
  • Fix issues & submit a pull request

Do you want to have a conversation in private? Hit me up on my twitter, or write in XMPP+OTR to okno[at]jabber.ccc.de

You can’t perform that action at this time.