[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] issues with a fresh new tor server
Op 21/08/16 om 15:14 schreef Toralf Förster:
> Hi,
>
> I made the following steps to have /var/lib/tor encrypted under an ext4fs under a stable Gentoo Linux:
>
> at a local system:
> head -c 16 /dev/random | xxd -p > ~/tmp-salt.txt; echo 0x`cat ~/tmp-salt.txt` > ~/.cryptoSalt; rm ~/tmp-salt.txt
> picked up a password from: pwgen -s 16
> open the remote directory: scp ~/.crypto{Pass,Salt} user@host:home; ssh user@host 'cat ~/.cryptoPass | sudo e4crypt add_key -S $(cat ~/.cryptoSalt) /var/lib/tor; rm ~/.crypto{Pass,Salt}'
>
>
> debug.log tells me:
>
> ...
> Aug 21 15:09:23.817 [notice] Opening Directory listener on [2a01:4f8:190:514a::2]:80
> Aug 21 15:09:23.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards.
> Aug 21 15:09:23.000 [debug] tor_disable_debugger_attach(): Attemping to disable debugger attachment to Tor for unprivileged users.
> Aug 21 15:09:23.000 [debug] tor_disable_debugger_attach(): Debugger attachment disabled for unprivileged users.
> Aug 21 15:09:23.000 [info] tor_lockfile_lock(): Locking "/var/lib/tor/data/lock"
> Aug 21 15:09:23.000 [warn] Couldn't open "/var/lib/tor/data/lock" for locking: Operation not permitted
> Aug 21 15:09:23.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.2.8.6 )
>
> and indeed :
>
>
> # ls -alR /var/lib/tor/
> /var/lib/tor/:
> total 12
> drwxr-xr-x 3 tor tor 4096 Aug 21 15:09 .
> drwxr-xr-x 14 root root 4096 Aug 21 03:10 ..
> drwx------ 2 tor tor 4096 Aug 21 15:09 data
> -rw-r--r-- 1 root root 0 Aug 19 14:47 .keep_net-misc_tor-0
>
> /var/lib/tor/data:
> total 8
> drwx------ 2 tor tor 4096 Aug 21 15:09 .
> drwxr-xr-x 3 tor tor 4096 Aug 21 15:09 ..
>
>
>
> Any hints ?
Those permissions look fine. Do you have selinux enabled? Did this work
prior to adding encryption, or could that be a red herring? Can you see
what it fails on with strace? Is tor actually running as the 'tor' user?
Do you have any special security configuration like sandboxing set up?
Tom
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays