logs archiveIRC Archive / Oftc / #tor / 2015 / August / 7 / 1
fhyrdj
Is there a big or short tor exit node
?
the tor bulk exporting tool permit to know the tor exit node list?
marcusw
yes
fhyrdj
nice it is only from the ip adress of the exit node we can see a tor user?
marcusw
that's the best way
fhyrdj
is there another?
meejah
fhyrdj: no; their traffic is exiting from the exit-node as if it originated there
fhyrdj
great i have a very malefic project
kmfta4
hallo. I read this guide https://www.torproject.org/docs/tor-hidden-service.html.en to configure a hidden service. Tor works well with Privoxy, thttpd also is ok. The problem is that when I restart tor, it doesn't appear files "hostname" and "private key" in /home/.../hidservice. Any suggestion?
cacahuatl
Does the tor process have read/write access to the directory specified?
         

kernelcorn
kmfta4: is that path specified in your torrc configuration file?
kmfta4
kernelcorn, in /etc/tor/torrc I entered # Hidden Service
HiddenServiceDir /home/.../hidservice/
HiddenServicePort 80 127.0.0.1:5222
mrphs99
I just joined the channel but this config isn't right ^
kernelcorn
check the Tor log, any thing relevant in there?
mrphs99
port 80 and 5222 at the same time?
kernelcorn
it's fine, it's a redirection
mrphs99: the web server on localhost:5222 will be accessible from <addr>.onion:80
mrphs99
why not do that with iptables instead?
kernelcorn
because it's way easier with the torrc option, which exists for this purpose
cacahuatl
There are other problems with the server believing it's running on one port and the client sees it on another.
kmfta4
cacahuatl, how can I make tor process to have read /write access to this directory?
cacahuatl
kmfta4 you probably don't want to, store the hs stuff in /var/lib/tor/
kmfta4
cacahuatl, are you telling me to move all hidservice stuff in /var/lib/tor/hidservice, change path in /etc/tor/torrc and try again?
cacahuatl
Yes, it's the default for a reason, tor needs to be able to create a directory and files inside of it
and there is a reason you want tor to run as a user that isn't you and has minimal privs
so don't poke holes in that defence in the name of convenience
kmfta4
no, it doesn't work. I changed path and directory, but hostname and private key won't appear. I launch thttp in /home/..../thttpd/hidservice. Is this right?
cacahuatl
No, you run the web server normally, it listens on port 5222 because you've configured it to
then you run tor and tor takes in requests directed at the onion and sends them to your webserver on port 5222
kmfta4
but if i digit http://localhost:5222/ I can see Index of page, so I think it's ok.
cacahuatl
okay, paste your torrc into http://paste.debian.net and link it here, please
kmfta4
cacahuatl
alright, and `ls -l /var/lib/tor` shows what?
kmfta4
         

cacahuatl
okay, tor will create the directory itself with the correct permissions so 'rm -rf /var/lib/tor/hidservice'
then reload tor and 'cat /var/lib/tor/hidservice/hostname' should give you the onion address
and then try it in your tor browser
maybe give it 10 minutes to ensure it's published, etc
kmfta4
ok
unfortunately I can't see any hostname and private key file in /var/lib/tor. I'm going to give in and try tomorrow with TBB.
cacahuatl
it should be in /var/lib/tor/hidservice or whatever you called it
arma
are you starting tor the right way? (so that it runs as user debian-tor)?
and, are you looking in /var/lib/tor/ with a user that has permissions to see it? (root or debian-tor)
if yes and yes, i wonder what the log says?
kmfta4
arma, yes, I'm root now. Maybe it's my fault if sthg. goes wrong.
arma
s7r
jager: still interested how it goes with server.lu
arma
kmfta4: /var/log/tor/log has anything good?
s7r
do let me know how it went ; really interested for all of us to insist as much as we can before changing ISPs. not to say in server.lu's AS we have already exit relays
kmfta4
cat /var/log/tor/log is empty
also /var/log/tor/debug.log
arma
how are you launching tor?
kmfta4
from vidalia
vidalia button
cacahuatl
That explains everything :/
kmfta4
cacahuatl, how should I launch it?
cacahuatl
Normally you'd want to launch it from your operating systems service manager, be it systemd or service or whatever. It runs as a system service.
kmfta4
I'm in Debian stable. From command line?
cacahuatl
"service tor start"
arma
mystery solved. woo. :)
kmfta4
arma
ls -ld /var/log/tor
cacahuatl
hmmm, you've done terrible terrible things to your OS :P you can probably remove the logline from your torrc but also you probably do want logs, there's some kind of permission error there, did you create the directory when it didn't exist before or something?
arma
yes, you have messed up what the tor deb gave you
you could try to fix it piece by piece, undoing whatever you did before
it might be easier to get rid of the tor deb and then re install it
kmfta4
http://paste.debian.net/289903/
thank so much for helping and for bothering you
cacahuatl
I think `apt-get purge tor && apt-get install tor` seems like a good idea to clear up any weird permissions, then readd those two hiddenservice lines to your torrc then do `service tor reload` then try the command to get the .onion address that was generated
arma
yeah. you clearly ran the last tor as root, and it made files as root
cacahuatl: does apt-get purge delete /var/log/tor/ completely?
cacahuatl
don't know off-hand, but I'd assume when it adds the .dpkg again that creating that dir with the correct permissions, that it would clobber it? I'm not a debian user :(
kmfta4
OK, now tor daemon works well. I removed log line I added before and it started with "service tor start". Can't understand why
log line was in /etc/tor/torrc
cacahuatl
there's an issue with the permissions for /var/log/tor/, the tor daemon doesn't have the right permissions, possible due to trying to write to debug.log which it won't have permission to do.
arma
kmfta4: yeah, the issue was that you told tor to open a log, but there was a file in the way, which the tor user ("debian-tor") didn't have permissions to write to.
if you don't understand what happened, this is a useful thing for you to learn more about.
kmfta4
Incredible: hostname and private key appeared!!! Boys, I can't understand anything
Ok, now I'm going to sleep. We see tomorrow evening. Thanks to all for your support.
cacahuatl
I assume Tor Browser is affected by the pdf.js vuln?
https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
kernelcorn
wow
cacahuatl
about:config 'pdfjs.disabled' set to true is probably a good thing to do
arma
or crank up your security slider
tor browser 5.x with a fixed firefox 38esr will be out soon(ish)
unfortunately, last i heard they had no plans to put out a new 31esr
so tor browser 4.x users will be upgrading quicker than maybe they wanted to
cacahuatl
I don't think the slider covers it? mine is set to high, with .js re-enabled and it'll still use pdf.js
arma
oh. this is good to know.
it's hard to predict what parts of firefox will have vulnerabilities next :/
cacahuatl
although to be honest, not rending pdfs should definitely be on that slider :P
arma
i talked to mike about this earlier. he said that pdf.js has, historically, had zero vulnerabilities. none.
so there are a lot of pieces of firefox functionality that we could think to disable because "what if"
but after a while you don't have a browser anymore
kernelcorn
eventually you have lynx
cacahuatl
Yeah, it's a trade-off and a slider is an okay option. It should be there, maybe just on the upper-tiers.
arma
kernelcorn: ...which still links openssl
« prev 1 2 3 4 next »