[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] doc/HARDENING Draft

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] doc/HARDENING Draft
From: tor-admin@xxxxxxxxxx
Date: Tue, 25 Nov 2014 20:58:04 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Nov 2014 15:06:12 -0500
In-reply-to: <5473BAAE.5020802@xxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5473BAAE.5020802@xxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Monday 24 November 2014 18:09:34 Libertas wrote:
> Here's the relevant ticket:
> 
> https://trac.torproject.org/projects/tor/ticket/13703
> 
> A specific topic of conversation is how much of the advice should be
> in the document itself as opposed to linked sources.
> 
> It could also use more OS diversity. After reading it, you can
> probably guess which *nix flavors I'm familiar with.
> 
> Enjoy,
> Libertas

I would add the following advice:

Don't store identity keys on the hard disk. Keep them offliner. Use a ramdisk 
for /var/lib/tor/keys/ and copy keys to it via scp before starting your tor 
instance. Remove it from the ramdisk after startup. So the keys cannot be 
easily taken during unexpected downtimes.

Regards,

torland

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] doc/HARDENING Draft
  - From: tor

References:
- [tor-relays] doc/HARDENING Draft
  - From: Libertas

Prev by Author: Re: [tor-relays] doc/HARDENING Draft
Next by Author: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Previous by thread: Re: [tor-relays] doc/HARDENING Draft
Next by thread: Re: [tor-relays] doc/HARDENING Draft
Index(es):
- Author
- Thread