[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] fedora bridge recipe 2nd suggestion update.

To: 0N ODV via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-relays] fedora bridge recipe 2nd suggestion update.
From: Carlos <eff_03675549@xxxxxxxxx>
Date: Mon, 8 Apr 2024 18:36:40 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 15 Apr 2024 15:06:37 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.se; s=2017; t=1712580155; bh=ukzezph8YxVKtqXXcduJ3p5DvBh9aK9RkXb0zs3EJk0=; h=Content-Type:Message-ID:Date:MIME-Version:Subject:To:From:From; b=CWXF4xogOyl/To5uTmaqVXpStHC+cbfwD5uDFy1lYnypMj1SmwfexI58J/dBBpMMS 7R9mea4Dj74MHjfvwd2/+REOgEpy6Nk+zg/smsaPp8j6+tXkxB5/O5dpJRzVkA4yPk pARxXuclA6sr44c0lejqi+z9IuuTDnXecuIeqr/tgSCGp86Ap6n68bgf95sisDa/2r 5vexKvw0c4ej4Zy3GtkYtu2GAQvLNoUv55qBm8kd0YzEA9dEYWTU11rnWZQkVfF55x 1hEnj7V/HsCd9iue0VpdGPFU+mfA75g91wLHEgLo2qXIw+wj8Scnx4J8qa/+YDTWEz xB5qy2sz5hpuA==
In-reply-to: <857969b8-272e-46de-bdfa-63875eacf476@osservatorionessuno.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <761ea9cf-ff73-412d-88fa-d51fc2a81e18@osservatorionessuno.org> <20240314172017.5b3ee5e4@nvm> <857969b8-272e-46de-bdfa-63875eacf476@osservatorionessuno.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

this is a suggestion for improving page :

https://community.torproject.org/relay/setup/bridge/post-install/

where the page states :

See the file obfs4_bridgeline.txt, which is found inside Tor Data Directory, for example, in Debian/Ubuntu /var/lib/tor/pt_state/obfs4_bridgeline.txt or FreeBSD /var/db/tor/pt_state/obfs4_bridgeline.txt.

I believe this is now time to keep a standard with the pattern of respect that the recipe has had for the diversity of OS-communities and push this to state in hard:

See the file obfs4_bridgeline.txt, which is found inside Tor Data Directory:
in Debian / Ubuntu / Fedora /var/lib/tor/pt_state/obfs4_bridgeline.txt

in FreeBSD /var/db/tor/pt_state/obfs4_bridgeline.txt.

(My personal experience is that under DEBIAN BOOKWORM (12) at least, the directory /var/lib/tor/pt_state/ DOES NOT EXIST
this is infuriating when having set up the entire Bridge in deep study of the torproject recipe, the fatal outcome is that the Bridge is running yet the Bridge line is uncomposable for publication: Debian 12 is a standard, and Debian 11 becomes a dangerous OS to rely on: the bridge-line pt_state folder-issue must be urgently resolved!).

also the page :

source url : https://bridges.torproject.org/info

does not give clean examples of the exact torrc statement with the present double-quote (eg. "Settings") and this is very confusing for those who capitalize the first letter when the standard on pages I visit are often all in small letters:

BridgeDistribution moat

would illustrate the standard to adopt and avoid potentially wasting time at every new Bridge being attempted by operators.

Perhaps keeping this good habit of looking what else is, to secure a basic tor server (after all the actual recipe mentions Unbound, ufw, firewalld, ... ) the torproject could push a step further and remind a concise, minimal yet expected standard (for every OS)
- in changing openssh ssh port 22 for any other port TODO,

- in setting up ed25519 only,

- in setting up fail2ban to jail any TOR EXIT IPs, ... .

Truely, with little experience of mine, INFLATION BOMBS and local infrastructure hacking attacks have repeatedly used Tor to (dDOS-) attack Tor Relays from EXIT nodes.

Carlos.

-- 
PGP updated every second week : please actualize our communication every time.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: [tor-relays] torproject fedora bridge recipe fails the firewall part: suggest of update.
Next by Author: [tor-relays] issues with tor rpm : anyone sees what I am doing wrong ?
Previous by thread: Re: [tor-relays] Tor Relay Operator Meetup - Saturday, April 13, 2024 at 19 UTC
Next by thread: [tor-relays] issues with tor rpm : anyone sees what I am doing wrong ?
Index(es):
- Author
- Thread