Slackware-14.1-Tor 0.2.5.10
Posted 01-10-2015 at 11:43 PM by arniekat
Source - https://www.torproject.org/about/overview.html.en
Tor allows you to use the Internet with more Privacy and Anonymity. Do a search for myip to see your IP Address and Location. Here is a website for looking at your IP.
http://www.whatismyip.com/
Tor will route your internet to one of their Servers and from there it goes out to the Internet. Grab the Source and SlackBuild for tor-0.2.5.10 from SlackBuilds.org
This script requires a 'tor' user/group to exist before running. The recommended UID/GID is 220. You can create these like so:
# groupadd -g 220 tor
# useradd -u 220 -g 220 -d /dev/null -s /bin/false tor
Compile the package and install it.
The following can be used to start/stop tor automatically:
Add the following to /etc/rc.d/rc.local
# Start The Onion Router
if [ -x /etc/rc.d/rc.tor ]; then
/etc/rc.d/rc.tor start
fi
Add the following to /etc/rc.d/rc.local_shutdown
# Stop The Onion Router
if [ -x /etc/rc.d/rc.tor ]; then
/etc/rc.d/rc.tor stop
fi
Make sure the file /etc/rc.d/rc.tor is executable
# chmod +x /etc/rc.d/rc.tor
ETC/RC.D/RC.LOCAL
This is the setup that works for me. I use the "sleep 3" since UfdbGuard will not start if Squid has not completely started.
# Start zram swap space
if [ -x /etc/rc.d/rc.zram ]; then
/etc/rc.d/rc.zram start
fi
#
# Start Squid Cache Server
if [ -x /etc/rc.d/rc.squid ]; then
/etc/rc.d/rc.squid start
fi
#
# Start Privoxy Privacy-Enhancing Proxy
if [ -x /etc/rc.d/rc.privoxy ]; then
/etc/rc.d/rc.privoxy start
fi
#
sleep 3
#
# Start ufdbGuard Squid URL Filter
if [ -x /etc/init.d/ufdb ]; then
/etc/init.d/ufdb start
fi
#
# Start The Onion Router
if [ -x /etc/rc.d/rc.tor ]; then
/etc/rc.d/rc.tor start
fi
TORRC FILE
The default file included with the SlackBuild has the standard configuration. Here is the /etc/tor/torrc file without comments. It is the same for all configurations shown on this page.
SocksPort 9050
SocksListenAddress 127.0.0.1
Log notice file /var/log/tor/tor.log
RunAsDaemon 1
DataDirectory /var/lib/tor
User tor
PidFile /var/run/tor/tor.pid
SQUID WITH PRIVOXY
Note - In this setup, Squid is the Web Cache. The Web Browser is set up to send traffic to Squid. Squid is then configured to use a URL Filter UfdbGuard (Optional) or SquidGuard (Optional) with the url_rewrite_program and Privoxy as a cache_peer. Privoxy is then in its turn configured to forward socks5t to Tor.
Proxy: HTTP Proxy Server
IP: 192.168.1.119
Port: 3128
Cache 0 MB
Here is the complete Squid Configuration File for reference.
url_rewrite_program /usr/sbin/ufdbgclient -l /var/log/ufdbguard
url_rewrite_children 64
cache_peer localhost parent 8118 0 default no-query no-digest no-netdb-exchange
never_direct allow all
acl blockfiles urlpath_regex -i "/etc/squid/blocked.files.acl"
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
dns_nameservers 8.8.4.4
acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
cache_dir ufs /var/cache/squid/ 5000 16 256
access_log /var/log/squid/access.log squid
cache_store_log /var/log/squid/store.log
logfile_rotate 0
pid_filename /var/run/squid/squid.pid
cache_log /var/log/squid/cache.log
coredump_dir /var/log/squid/cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
visible_hostname eggplant
Edit the file /etc/privoxy/config and add the following line to the end of the Privoxy Configuration File:
forward-socks5t / 127.0.0.1:9050 .
Here is the Privoxy Configuration File with the Tor entry at the end.
user-manual /usr/doc/privoxy-3.0.22/user-manual/
confdir /etc/privoxy
templdir /etc/privoxy/templates
logdir /var/log/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
filterfile user.filter
logfile logfile
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
forward-socks5t / 127.0.0.1:9050 .
PRIVOXY WITH POLIPO
Note - In this setup, Polipo is the Web Cache. The Web Browser, however, is set up to use Privoxy. Privoxy is then configured to use Polipo for Web Caching and also configured to route sock5t to Tor.
Proxy: HTTP Proxy Server
IP: 127.0.0.1
Port: 8118
Cache 0 MB
Here is the complete Polipo Configuration File
cacheIsShared = false
daemonise = true
dnsNameServer = 8.8.4.4
forbiddenUrl = http://127.0.0.1:8123/empty.gif
chunkHighMark = 50331648
objectHighMark = 16384
disableVia = true
censoredHeaders = from, accept-language
censorReferer = maybe
pidFile = /var/run/polipo/polipo.pid
To disable Polipo's Caching Function, uncomment the following line in /etc/polipo/config
# Uncomment this if you want to disable the on-disk cache:
diskCacheRoot = ""
A note on Privoxy's Forwarding Chapter states:
Note that parent proxies can severely decrease your privacy level. For example a parent proxy could add your IP address to the request headers and if it's a caching proxy it may add the "Etag" header to revalidation requests again, even though you configured Privoxy to remove it. It may also ignore Privoxy's header time randomization and use the original values which could be used by the server as cookie replacement to track your steps between visits.
Here is the complete Privoxy Configuration File configured to use Polipo Web Cache and showing the Tor entry at the end:
user-manual /usr/doc/privoxy-3.0.22/user-manual/
confdir /etc/privoxy
templdir /etc/privoxy/templates
logdir /var/log/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
filterfile user.filter
logfile logfile
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forward / 127.0.0.1:8123
forward :443 .
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
forward-socks5t / 127.0.0.1:9050 .
FILE DESCRIPTORS
Source - http://slackwiki.com/Resource_Limits
When you start Tor, the script will say that the File Descriptors have been raised to 32768, but it is not true.
Raising maximum number of filedescriptors (ulimit -n) to 32768...
Starting Tor...
Jan 05 21:18:48.180 [notice] Tor v0.2.5.10 (git-42b42605f8d8eac2) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1j and Zlib 1.2.8.
Jan 05 21:18:48.180 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 05 21:18:48.180 [notice] Read configuration file "/etc/tor/torrc".
Jan 05 21:18:48.192 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 05 21:18:48.192 [notice] Caching new entry tor for tor
Jan 05 21:18:48.192 [notice] Caching new entry tor for tor
You can check the Soft Limit (User Limits) and the Hard Limit (System Limits) with the following commands:
# ulimit -Sn
1024
# ulimit -Hn
4096
To change the Soft Limit (User) to 8192 and the Hard Limit (System) to 32768, do the following:
# cp /sbin/initscript.sample /etc/initscript
Edit the file /etc/initscript and make it look like this:
# Set umask to safe level, and enable core dumps.
# umask 022
# ulimit -c 2097151
# PATH=/bin:/sbin:/usr/bin:/usr/sbin
# export PATH
# Raise the Hard Limits
ulimit -Hn 32768
# Raise the Soft Limits
ulimit -Sn 8192
# Execute the program.
eval exec "$4"
Save the file and exit. Slackware will automatically run /etc/initscript. You MUST leave the last line as "eval exec "$4"" or your system will lock up and you will have to use a Rescue CD to erase the /etc/initscript file. When you reboot, you can check the soft and hard limits again to make sure it worked.
CHECKING TOR
https://check.torproject.org/
Congratulations. This browser is configured to use Tor.
http://www.whatismyip.com/
MEMORY USAGE
Tasks: 167
Memory 706 MB
Running KDE-4.14.3 with Zram, Squid, Privoxy, UfdbGuard, and Tor.
Tor allows you to use the Internet with more Privacy and Anonymity. Do a search for myip to see your IP Address and Location. Here is a website for looking at your IP.
http://www.whatismyip.com/
Tor will route your internet to one of their Servers and from there it goes out to the Internet. Grab the Source and SlackBuild for tor-0.2.5.10 from SlackBuilds.org
This script requires a 'tor' user/group to exist before running. The recommended UID/GID is 220. You can create these like so:
# groupadd -g 220 tor
# useradd -u 220 -g 220 -d /dev/null -s /bin/false tor
Compile the package and install it.
The following can be used to start/stop tor automatically:
Add the following to /etc/rc.d/rc.local
# Start The Onion Router
if [ -x /etc/rc.d/rc.tor ]; then
/etc/rc.d/rc.tor start
fi
Add the following to /etc/rc.d/rc.local_shutdown
# Stop The Onion Router
if [ -x /etc/rc.d/rc.tor ]; then
/etc/rc.d/rc.tor stop
fi
Make sure the file /etc/rc.d/rc.tor is executable
# chmod +x /etc/rc.d/rc.tor
ETC/RC.D/RC.LOCAL
This is the setup that works for me. I use the "sleep 3" since UfdbGuard will not start if Squid has not completely started.
# Start zram swap space
if [ -x /etc/rc.d/rc.zram ]; then
/etc/rc.d/rc.zram start
fi
#
# Start Squid Cache Server
if [ -x /etc/rc.d/rc.squid ]; then
/etc/rc.d/rc.squid start
fi
#
# Start Privoxy Privacy-Enhancing Proxy
if [ -x /etc/rc.d/rc.privoxy ]; then
/etc/rc.d/rc.privoxy start
fi
#
sleep 3
#
# Start ufdbGuard Squid URL Filter
if [ -x /etc/init.d/ufdb ]; then
/etc/init.d/ufdb start
fi
#
# Start The Onion Router
if [ -x /etc/rc.d/rc.tor ]; then
/etc/rc.d/rc.tor start
fi
TORRC FILE
The default file included with the SlackBuild has the standard configuration. Here is the /etc/tor/torrc file without comments. It is the same for all configurations shown on this page.
SocksPort 9050
SocksListenAddress 127.0.0.1
Log notice file /var/log/tor/tor.log
RunAsDaemon 1
DataDirectory /var/lib/tor
User tor
PidFile /var/run/tor/tor.pid
SQUID WITH PRIVOXY
Note - In this setup, Squid is the Web Cache. The Web Browser is set up to send traffic to Squid. Squid is then configured to use a URL Filter UfdbGuard (Optional) or SquidGuard (Optional) with the url_rewrite_program and Privoxy as a cache_peer. Privoxy is then in its turn configured to forward socks5t to Tor.
Proxy: HTTP Proxy Server
IP: 192.168.1.119
Port: 3128
Cache 0 MB
Here is the complete Squid Configuration File for reference.
url_rewrite_program /usr/sbin/ufdbgclient -l /var/log/ufdbguard
url_rewrite_children 64
cache_peer localhost parent 8118 0 default no-query no-digest no-netdb-exchange
never_direct allow all
acl blockfiles urlpath_regex -i "/etc/squid/blocked.files.acl"
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
dns_nameservers 8.8.4.4
acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
cache_dir ufs /var/cache/squid/ 5000 16 256
access_log /var/log/squid/access.log squid
cache_store_log /var/log/squid/store.log
logfile_rotate 0
pid_filename /var/run/squid/squid.pid
cache_log /var/log/squid/cache.log
coredump_dir /var/log/squid/cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
visible_hostname eggplant
Edit the file /etc/privoxy/config and add the following line to the end of the Privoxy Configuration File:
forward-socks5t / 127.0.0.1:9050 .
Here is the Privoxy Configuration File with the Tor entry at the end.
user-manual /usr/doc/privoxy-3.0.22/user-manual/
confdir /etc/privoxy
templdir /etc/privoxy/templates
logdir /var/log/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
filterfile user.filter
logfile logfile
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
forward-socks5t / 127.0.0.1:9050 .
PRIVOXY WITH POLIPO
Note - In this setup, Polipo is the Web Cache. The Web Browser, however, is set up to use Privoxy. Privoxy is then configured to use Polipo for Web Caching and also configured to route sock5t to Tor.
Proxy: HTTP Proxy Server
IP: 127.0.0.1
Port: 8118
Cache 0 MB
Here is the complete Polipo Configuration File
cacheIsShared = false
daemonise = true
dnsNameServer = 8.8.4.4
forbiddenUrl = http://127.0.0.1:8123/empty.gif
chunkHighMark = 50331648
objectHighMark = 16384
disableVia = true
censoredHeaders = from, accept-language
censorReferer = maybe
pidFile = /var/run/polipo/polipo.pid
To disable Polipo's Caching Function, uncomment the following line in /etc/polipo/config
# Uncomment this if you want to disable the on-disk cache:
diskCacheRoot = ""
A note on Privoxy's Forwarding Chapter states:
Note that parent proxies can severely decrease your privacy level. For example a parent proxy could add your IP address to the request headers and if it's a caching proxy it may add the "Etag" header to revalidation requests again, even though you configured Privoxy to remove it. It may also ignore Privoxy's header time randomization and use the original values which could be used by the server as cookie replacement to track your steps between visits.
Here is the complete Privoxy Configuration File configured to use Polipo Web Cache and showing the Tor entry at the end:
user-manual /usr/doc/privoxy-3.0.22/user-manual/
confdir /etc/privoxy
templdir /etc/privoxy/templates
logdir /var/log/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
filterfile user.filter
logfile logfile
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forward / 127.0.0.1:8123
forward :443 .
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
forward-socks5t / 127.0.0.1:9050 .
FILE DESCRIPTORS
Source - http://slackwiki.com/Resource_Limits
When you start Tor, the script will say that the File Descriptors have been raised to 32768, but it is not true.
Raising maximum number of filedescriptors (ulimit -n) to 32768...
Starting Tor...
Jan 05 21:18:48.180 [notice] Tor v0.2.5.10 (git-42b42605f8d8eac2) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1j and Zlib 1.2.8.
Jan 05 21:18:48.180 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 05 21:18:48.180 [notice] Read configuration file "/etc/tor/torrc".
Jan 05 21:18:48.192 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 05 21:18:48.192 [notice] Caching new entry tor for tor
Jan 05 21:18:48.192 [notice] Caching new entry tor for tor
You can check the Soft Limit (User Limits) and the Hard Limit (System Limits) with the following commands:
# ulimit -Sn
1024
# ulimit -Hn
4096
To change the Soft Limit (User) to 8192 and the Hard Limit (System) to 32768, do the following:
# cp /sbin/initscript.sample /etc/initscript
Edit the file /etc/initscript and make it look like this:
# Set umask to safe level, and enable core dumps.
# umask 022
# ulimit -c 2097151
# PATH=/bin:/sbin:/usr/bin:/usr/sbin
# export PATH
# Raise the Hard Limits
ulimit -Hn 32768
# Raise the Soft Limits
ulimit -Sn 8192
# Execute the program.
eval exec "$4"
Save the file and exit. Slackware will automatically run /etc/initscript. You MUST leave the last line as "eval exec "$4"" or your system will lock up and you will have to use a Rescue CD to erase the /etc/initscript file. When you reboot, you can check the soft and hard limits again to make sure it worked.
CHECKING TOR
https://check.torproject.org/
Congratulations. This browser is configured to use Tor.
http://www.whatismyip.com/
MEMORY USAGE
Tasks: 167
Memory 706 MB
Running KDE-4.14.3 with Zram, Squid, Privoxy, UfdbGuard, and Tor.
Total Comments 0
