[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Scripted installer of Tor and more being worked on at GitHub, ya may want to sit down for this...

hmm it's written in bash. that would not have been my first choice to
express this type of software.
why bash?

i like ansible's agent-less design (no SPOF server with ambient
authority) however it's restrictive yaml really lacks expressiveness
and writing ansible modules in addition to yaml seems like a waste of
time. however there is some excellent ansible tor stuff written for
use by relay operators; meaning that it doesn't have nearly all the
features that your thing has... but should be good enough for most
relay operators:


i think in the future if i had to automate this sort of thing I'd use
bcfg2 in non-SPOF mode (that is, without a centralized server).

On Thu, Jan 21, 2016 at 12:26 AM, Michael <strangerthanbland@xxxxxxxxx> wrote:
> Coderman, most welcome.
> To answer your question on port binding; that's a bit tricky, and depends on what types of Tor nodes are chosen. Oh and the most up to date documentation for variables and script arguments can be found in the [ ~/variables/ blank_torinstall_vars.sh ] file, I'll have to rename it and/or split it up by package name latter (much like the default variables files) as well as do more edits to ensure that it nulls all variables on exit.
>  - for bridge torrc files this is assigned within the `case` statement and only if "public" subtype was selected; sets to port "0" by default to keep public out of your bridge's socks. I'll have to read up a little more on security issues/mitigation for bridge nodes in relation to socks port. More than likely the "privet" bridge option will be making use of Polipo so I'll be sure to at least add a bridge socks port option soon.
> - for client torrc files this is assigned within the `for` loop starting at port 10010 on line 11 for SocksPort, ie [ SocksPort 100${_tor_count}0 ] and counting up to the number given via [-C=4] command which also maybe assigned with [ _connection_count =4 ]  within a configuration file passed with [ -vf=some_config.sh ] command. This same value is also used by Privoxy so I'll have to write a few sanity checks and edits before adding a client socks port prefix option. For [ SocksBindAddress ] and listen and accept policies I'll be adding two new options [ -TSBA ] and [ -TSLA ] for binding and listening and then use some scripted logic for acceptance lines... oh well that wasn't to hard :-D next code push now includes these last two options.
> - for exit torrc files this like public bridges is set to "0" as well as setting the socks acceptance policy to reject by default. Note next code push will now include variable [ ${_tor_dir_port:-9030} ] set by [ -TDP=9030 ] for assigning torrc's DirPort. Additionally I've added some checks for binding to the external and local IP:Port or Port alone (makes Tor guess) for config lines like [ OutboundBindAddress ], and the [ -TOP=9001 ] or [ ${_tor_or_port:-9001} ] has been corrected for assigning the ORPort. I still have to add a `for` loop for IPv4/v6 [ ExitPolicy accept ... ] to allow for adding more ports than just the restrictive policy list currently coded for.
> - for hidden service torrc files socks ports and addresses have not even been set yet but it may be best to disable it completely.
> If you happen to know which versions are incompatible with Tor port binding configuration or where I can find this info I can add another set of checks based on Tor version where needed.
> Thanks for taking the dive into the code Coderman, more eyes are defiantly better when dealing with this many lines of configurations.
> On January 20, 2016 3:54:43 AM PST, coderman <coderman@xxxxxxxxx> wrote:
>>On 1/19/16, Michael <strangerthanbland@xxxxxxxxx> wrote:
>>> Salutations Tor,
>>> I've something special to share with you all; regardless of if you're
>>a node
>>> operator, hidden service provider, client or completely new to Tor
>>> installation and configurations... in short... a script pack aimed to
>>> install and configure the previously listed node types and then a
>>> more.
>>> https://github.com/S0AndS0/Perinoid_Linux_Project
>>interesting; thank you!
>>> ... Feel free to ask questions,
>>i did not see a way for general preferance of control socket, socks
>>socket, etc, over IP:Port in configs. this would be useful, but also
>>need graceful fallback as older Tor versions do not support socket
>>type for some services...  [codespelunking continues]
>>best regards,
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to