[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torlock - a simple script to prevent outgoing packets from bypassing Tor.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a really useful script. I was working on user-based iptables
filtering a while back while creating a hidden service setup guide. This
seems like it could be modified fairly easily to "torify" any programs
run by a user. In other words, allow unfettered access to tor and the
web by other users and then for the torify user, only allow access to
Tor. The "torify" program that comes with Tor is useful for individual
programs but IIRC it does not kill DNS leaks.

Ringo



On 03/01/2010 10:04 AM, Irratar wrote:
> Hello.
> 
> I have created a simple Bash script to prevent any data from bypassing Tor
> when Tor is running. I started it to use just for myself, but now I think
> it will be better to share it with other users of Tor.
> 
> This script, named Torlock, does the following things when used to start Tor:
> - Creates a special user named torlock by default (if you run it first time
>  or have removed that user after previous Tor session).
> - Uses Iptables to block network access for everyone except for torlock.
> - Setuids to torlock and starts Tor. Tor will be started in background mode,
>  and its output redirected to a file.
> 
> When used to stop Tor, it stops Tor, unlocks network access, and (optionally)
> removes torlock user.
> 
> More information is in included text file. Even more can be obtained by reading
> the script. It is small, simple, and easy to make sure it's not
> backdoored. The script can be downloaded from Sourceforge:
> http://sourceforge.net/projects/torlock/files/
> 
> Inspite of its simplicity, Torlock saved me at least twice when I forgot to
> switch Torbutton on.
> 
> With best regards,
> Irratar.
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwi2JoACgkQETpif9i/srpMEQCggJGwpxRjxXH/iO1Atf2miq7i
RLcAn29wseNgukC6do2CUkIJtEZu6CUF
=k5d9
-----END PGP SIGNATURE-----
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/