Re: [tor-relays] Question on warnings

[Santiago Roland <santiago@xxxxxxxxxxx>]

Ok thanks both of you, i'll look into it. The control port is blocked from outside. I'm using openWRT router as firewall which it is the best i can do for the moment, but it gives decent control features so far. The relay itself is running on an encrypted LVM debian virtual machine and it has SSH key only login, its pretty secure. Hist system is also debian, both frecuently updated, and monitored for tootkits with rkhunter and brute force attacks mitogation with fail2ban, any other suggestion is welcome.

Best regards,

El 30 de mayo de 2016 6:44:23 PM GMT-03:00, Tristan <supersluether@xxxxxxxxx> escribiÃ:

Not sure where I found this, but I remember reading that Tor changed how it stored bandwidth information. Arm wasn't updated yet, so it throws an error.

On May 30, 2016 4:32 PM, "Green Dream" <greendream848@xxxxxxxxx> wrote:

Hi. Thanks for running a relay. These notice messages are from the monitoring tool Arm, and should not affect the Tor process.Â

If you don't care about Arm and Tor seems to be working okay otherwise, you could safely ignore these messages. In case you want to look into them further, I'll share some thoughts below. It looks like you're running on a Unix or Linux system, I'll assume Debian or Ubuntu for the moment.

> 20:42:57 [ARM_NOTICE] Unable to prepopulate bandwidth information

> (unable to read the state file)

This is normal in my experience. Arm is trying to read your node's bandwidth history to populate the graphs with data collected before you started Arm. I don't know why it fails, but you could squelch it by adding the following config line to ~/.arm/armrc:

 features.graph.bw.prepopulate false

> 20:42:56 [ARM_WARN] Unable to read tor's log file:Â

> /var/log/tor/log [1duplicate hidden]

It looks like Arm doesn't have permission to read /var/log/tor/log. I normally start Arm with something like this, so it has the same permissions as the Tor daemon:

ÂÂsudo -u debian-tor arm

> 20:42:56 [ARM_NOTICE] Tor is preventing system utilities like netstat

> Âand lsof from working. This means that arm can't provide you with

> connection information. You can change this by addingÂ

> 'DisableDebuggerAttachment 0' to your torrc and restarting tor. ForÂ

> more information see...Âhttps://trac.torproject.org/3313

You need to add the following to /etc/tor/torrc if you want to utilize all the features of Arm:

 DisableDebuggerAttachment 0

It's disabled by default for security (with a value of '1'), so think carefully before doing this. It "reduces security by enabling debugger attachment to the Tor process. This can be used by an adversary to extract keys." (Quoting from https://trac.torproject.org/projects/tor/ticket/13880). If you do enable the deubgger attachment for Arm, make sure your control port is locked down (not reachable from the Internet or from other hosts you don't control, etc.)

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Santiago Roland.-
------------------------------------------------------------------
Jabber: santiago@xxxxxxxxxxxxxxxxxx
Diaspora*: http://bit.ly/diasr
GNU Social: http://bit.ly/gnusr
openPGP ID: 7BE512C5
openPGP key: http://bit.ly/pgpsr
CX1DR - Grid Locator: GF25bf
------------------------------------------------------------------
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays