I have a dedicated computer that runs a webserver for a hobby site, so I felt that it would be the logical hardware to run the TOR server. It is important for TOR to have access to the correct and accurate time, so the NTP client needs to be installed and configured for your timezone.
Configure the NTP Server
$ xsudo drakwizard ntp
and follow the instructions here to install and configure it. You can launch X-applications over ssh using xsudo.
Install the TOR Application
$ sudo urpmi tor
This will also install the SOCKS proxy software. You may also install a GUI configuration tool, vidalia. We won't be using vidalia, so it won't be covered here.
How to Manage TOR
Vidalia is OK if we were running TOR from our desktop machine, but we want to run the TOR server on a remote machine and have it start and restart automatically and do all the configuration from the command line, like real men and women.
You will discover many ways to manage your TOR server with an Internet search, most are for Ubuntu-ish distros or are hopelessly out of date. None are for Mageia. We could ssh into the remote machine and, using the screen command, start TOR manually or even script it to start remotely from our desktop using ssh and screen or even use an rc.local method to control the server. That's great as far as that goes, but let's look at what Mageia provides and you'll see that it is surprisingly easy to accomplish.
The TOR User and Configuration
Mageia runs the server as user toruser and by default, uses the defaults-torrc at /usr/share/tor. It will look next at /etc/tor/torrc and then at ~/.tor.torrc. If they exist, it combines them and if there are conflicting entries, it last value it finds is the one it uses. The defaults-torrc file looks like this:
DataDirectory /var/lib/tor
DataDirectoryGroupReadable 1
User toruser
Log notice syslog
Note that the logs will be routed to syslog at the notice level. The TOR Project cautions you against using any more detailed (i.e. higher) logging levels because a malicious agent could glean useful identifying information about the identities of users who are trusting you to safeguard their anonymity.
We also want TOR to keep its logs in its own logs rather than incorporate them into the systems logs. We'll accomplish this through the use of a feature included within tor. The application first reads its configuration data from /usr/share/tor/default-torrc, then from /etc/tor/torrc and the from ~/.tor/torrc. Each step will override any variable set in the previous step.
The file at /etc/tor/torrc is a fully commented file that lists all the options. Make a backup of this file and create a torrc file that contains:
RunAsDaemon 1
ORPort 9001
DirPort 9030
Nickname YourServerNickname
ContactInfo ContactName
Log notice
Log notice
ExitPolicy reject *:* # no exits allowed
Configured in this way, TOR picks up the configuration from both files and combines them.
Make TOR Start at Boot
$ sudo systemctl enable tor
Open Your Firewall Ports
You will need to open the above two ports on your firewall or router as necessary. Make sure the NTP server is running (TOR will not run without it; this seems to be a common error).
$ sudo systemctl enable tor
You will need to open the above two ports on your firewall or router as necessary. Make sure the NTP server is running (TOR will not run without it; this seems to be a common error).
Start TOR the First Time
$ sudo systemctl start tor.service
Check TOR Status
$ sudo systemctl status tor.service
Other Configuration Choices
There are, of course, more sophisticated configurations of TOR which can be explored at the Tor Project website.
How Are You Doing?
Check out your new TOR server at Relay Search.
There are, of course, more sophisticated configurations of TOR which can be explored at the Tor Project website.
How Are You Doing?
Check out your new TOR server at Relay Search.
System Security
Security for your Mageia system is very important, especially for a sever that is accessible from the Internet.
DNF-Automatic
Keep your system updated by installing dnf-automatic; read the docs there and this will keep your system updated automatically.
$ sudo dnf install dnf-automatic
Then log in as root,
# systemctl enable --now dnf-automatic-install.timer
MSEC
Overall system security for Mageia is managed by MSEC. We can set the default security permissions we require from the command line with,
$ sudo msec webserver
SSH
You must use ssh to log in to remote machines. Not only that, you should use cryptographic keys ONLY to log in. Look here for information on configuring ssh access to use cryptographic keys instead of passwords. You need to disable password authentication as well, as directed there.
Additional Security Measures
It is also recommended you install and configure sshutout, chkrootkit and rkhunter.
Notifications-Mail
It is important that you receive security notifications about what is going on. After establishing a Gmail account for your TOR server, your system needs to be configured to be able to send those notices from it using the already-installed /bin/mail MTA as described here as postfix, ssmtp and sendmail along with their complicated configuration are not needed
Notifications-Uptime
It's also important that you be notified if the TOR server is not running. A free service for this is offered from Uptime Robot. It is very simple and free to establish an account that monitors your servers uptime and notifies you if the server is not available.
UPDATE
While I was able to get the server up and running correctly, my ISP eventually blocked ports 9001 and 9030. Suggestions? 8(
Comments
Please feel free to offer comments and criticisms. I very much enjoy your feedback.
The TOR Project
https://www.torproject.org/
The TOR Project Documentation
https://2019.www.torproject.org/docs/documentation.html.en
The TOR WIKI
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
Configure Time Network Services for Mageia
https://doc.mageia.org/mcc/6/en/content/drakwizard_ntp.html
Enable rc.local service for Mageia
https://forums.mageia.org/en/viewtopic.php?f=7&t=8627
Enable rc.local with systemd
https://www.linuxbabe.com/linux-server/how-to-enable-etcrc-local-with-systemd
screen Command in Linux with Examples
https://www.geeksforgeeks.org/screen-command-in-linux-with-examples/
runuser Command
https://www.cyberciti.biz/open-source/command-line-hacks/linux-run-command-as-different-user/
Setting up a TOR Relay, /etc/tor/torrc
https://blog.gaborszathmari.me/setting-up-tor-relay-cryptoparty/
How to Easily Install Tor Browser in Ubuntu and Other Linux
https://itsfoss.com/install-tar-browser-linux/
Vidalia Setup for Mint/Ubuntu Linux
https://whattheserver.com/vidalia-setup-for-mintubuntu-linux/
TOR Relay Search
https://metrics.torproject.org/
DNF-Automatic Docs
https://dnf.readthedocs.io/en/latest/automatic.html
Mageia MSEC
https://wiki.mageia.org/en/Msec
SSHUTOUT
http://freshmeat.sourceforge.net/projects/sshutout
RKHUNTER
http://rkhunter.sourceforge.net/
CHKROOTKIT
http://www.chkrootkit.org/
SSH Keys
https://bosnadev.com/2015/01/23/ssh-authentication-keys-instead-passwords/
UptimeRobot
https://uptimerobot.com/dashboard#mainDashboard
Comments