[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Torlock - a simple script to prevent outgoing packets from bypassing Tor.
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Torlock - a simple script to prevent outgoing packets from bypassing Tor.
- From: Ringo <2600denver@xxxxxxxxx>
- Date: Thu, 24 Jun 2010 00:01:31 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Thu, 24 Jun 2010 00:01:29 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=W6reh0W0pSUmk6OuZxaC8x75I1rT9QYKictTmZaqhUo=; b=JY4xOyzURj/sYexRF15abOBqq3j4cgLf8gUcXDpSC0XIFldXOEmtLozzZIzQML9bOd j0guYXA8hU3WQT1v+L76dfGhRYkh7weczhag7rYquwtG5zcWV7GGUnxRN/94zHjZ33ag OdgMI5JFoDwq0foPefelsvh2hYtDOzmTwQcy0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=BhfAqJ1ytHhAJDaCzv8NuWqS7vLPq+W9zH66Cqrh5xJZ4N4r0hp5mYAFapW+4oTgn+ w22VKEA1Za1dnTmQAaDcSENitc2XK2HZLiyMPf2mn7iIpr75AXPI1MZFFu9xCgcsKT0x BuNsT8+ZUGFEgIlcKdhDaDvbWAuu4dvk4WcHQ=
- In-reply-to: <2814c4de1003010704q70194fe8y880eddca582f75c0@xxxxxxxxxxxxxx>
- References: <2814c4de1003010704q70194fe8y880eddca582f75c0@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a really useful script. I was working on user-based iptables
filtering a while back while creating a hidden service setup guide. This
seems like it could be modified fairly easily to "torify" any programs
run by a user. In other words, allow unfettered access to tor and the
web by other users and then for the torify user, only allow access to
Tor. The "torify" program that comes with Tor is useful for individual
programs but IIRC it does not kill DNS leaks.
Ringo
On 03/01/2010 10:04 AM, Irratar wrote:
> Hello.
>
> I have created a simple Bash script to prevent any data from bypassing Tor
> when Tor is running. I started it to use just for myself, but now I think
> it will be better to share it with other users of Tor.
>
> This script, named Torlock, does the following things when used to start Tor:
> - Creates a special user named torlock by default (if you run it first time
> or have removed that user after previous Tor session).
> - Uses Iptables to block network access for everyone except for torlock.
> - Setuids to torlock and starts Tor. Tor will be started in background mode,
> and its output redirected to a file.
>
> When used to stop Tor, it stops Tor, unlocks network access, and (optionally)
> removes torlock user.
>
> More information is in included text file. Even more can be obtained by reading
> the script. It is small, simple, and easy to make sure it's not
> backdoored. The script can be downloaded from Sourceforge:
> http://sourceforge.net/projects/torlock/files/
>
> Inspite of its simplicity, Torlock saved me at least twice when I forgot to
> switch Torbutton on.
>
> With best regards,
> Irratar.
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwi2JoACgkQETpif9i/srpMEQCggJGwpxRjxXH/iO1Atf2miq7i
RLcAn29wseNgukC6do2CUkIJtEZu6CUF
=k5d9
-----END PGP SIGNATURE-----
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/