我已经在一台机器上成功设置和使用 whonix 网关和工作站。但我想将它们设置在不同的主机上,以分散内存和 CPU 要求。
我还没有找到如何让虚拟机在不同主机上时相互通信。网关似乎工作正常,就像在同一台计算机上与工作站一起运行时一样。现在工作站在不同的主机上启动,如何使工作站(或其运行的主机)知道必须联系不同主机上的网关?
两台主机都运行 Linux Mint 17
答案1
首先是一些注释;我达到了 StackExchange 字符限制,所以这是一个简短的答案;明智地使用;-)
私人网桥 Tor ~=~ 网关 Whonix
代理客户端 Tor ~=~ 工作站 Whonix
这些术语可以互换使用,并且这些类型的设置还有其他术语,我将尽可能尝试在以下大部分内容中使用 Whonix 术语。
您可能正在寻找的内容被称为中间盒或者私人桥用于您的网关设备和客户端 ( trans-proxy) 设置。这树莓派Adafruit 团队主办了一份相当完善的指南,介绍如何使用自定义torrc配置和iptables魔法设置物理隔离。对网关的要求是它有两个网络接口,可以是eth0andeth1或usb0orppp0且您的工作站(客户端)应该只有一个物理网络接口;最好eth0或usb0尽量避免wlan0,因为它很诱人,您将使自己面临更本地化的攻击和监控,而这些攻击和监控不容易缓解且易于攻击。这些指南也以“Tor WiFi 热点”为名,因此也许可以将您的搜索查询扩展到 Linux,特别是 Tor。虽然我不建议使用 WiFi,但是可以通过在网关和工作站上进行交易wlan0来轻松修改涵盖该主题的指南。eth1wlan0eth0
我一直在为这个场合写一个脚本包,你的幸运日,因为我刚刚发布了脚本包的初稿,完成后也将允许审核您的配置安全性。浏览 GitHub 上的源代码并查看/functions/tor/torrc_writers/torrc_bridge_configs.sh文件以了解各种可用的配置。如果底部有一个没有明确文档的脚本/函数,请提出一个问题,我将尝试让下一次推送包含更多信息。我将在接下来的几天内添加功能和调试,但如果您想测试它,这里有一个简单的变量文件示例可以加载。
_application_list="tor"
_enable_ipv6="no"
#_external_ipv4=""
#_external_ipv6=""
_install_method="safe"
#_nat_ipv4=""
#_nat_ipv6=""
_temp_dir="/tmp"
_tor_user="debian-tor"
_tor_directory="/etc"
_bridge_types="private"
_tor_or_port="443"
然后使用上面的变量文件调用脚本,如下所示
bash /home/${USER}/Downloads/Perinoid_Linux_Project/sandcastle.sh --var-file="/path/to/bridge_variables.sh"
如果它有效(大多数魔法如果您想知道,它应该在/functions/shared/arg_checker.sh功能中执行)它应该像您希望的那样配置网关,并使用它自己的单独的启动/停止脚本,在网关设备上启动桥接服务应该像下面一样简单
sudo /etc/init.d/tor-bridge restart
对于工作站来说,应该可以在网关设备上使用网关的网桥。防火墙尚未编写脚本,但我已经在您可能希望查看的目录iptables中提供了过滤和转发的起始位置。/firewall
修改后的代码用于回答所提出的具体问题
这是一个修改后的版本(只是从上面链接的代码中提取了相关部分并对其进行了修改,以显示该代码可以如何轻松地重新利用),可以在任何基于 Debian 的 chroot 监狱或虚拟化监狱中使用。它将sudo在内部运行,因此会提示输入密码,这是正常的,并且此版本预计 Tor 已安装。
用于bash运行此版本,即使bash bridge_tor_script.sh变量和函数正常工作。以下代码仅适用于网关设备,您仍然需要设置桥接网络并转发到工作站设备并锁定工作站,使其仅使用网关提供的 IP。
Write_tor_bridge_configs(){
## Modify the stuff between quotes if non-standerd installation paths where used
Activate_torrc_nonclient "debian-tor" "bridge"
Write_tor_init_nonclient "/etc" "debian-tor" "bridge" "bridge" "/etc"
Torrc_bridge_configs "/etc" "bridge" "debian-tor" "443" "192.168.1.3"
}
Torrc_bridge_configs(){
_tor_dir="${1:-/etc}/tor"
_tor_node_name="${2:-bridge}"
_tor_user="${3:-debian-tor}"
_tor_or_port="${4:-443}"
_bridge_type="${5:-private}"
_nat_ipv4="${6:?Error no local NAT IP passed to Torrc_bridge_configs function}"
_external_ipv4="${7:?Error no external IP passed to Torrc_bridge_configs function}
echo "## Attention [Torrc_bridge_configs] function writing general configuration lines to [${_tor_dir}/torrc-bridge] file"
echo "User ${_tor_user}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'RunAsDaemon 1' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "DataDirectory /var/lib/tor_${_tor_node_name}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "PidFile /var/run/tor_${_tor_node_name}.pid" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'AvoidDiskWrites 1' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'BridgeRelay 1' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "RelayBandwidthRate 100 Kbytes" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "RelayBandwidthBurst 200 Kbytes" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "BandwidthRate 300 Kbytes" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "BandwidthBurst 350 Kbytes" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'AccountingStart month 1 00:00' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "AccountingMax 80 GB" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "ORPort ${_tor_or_port:-443}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'ClientOnly 0' | sudo tee -a ${_torrc_dir}/torrc-${_tor_node_name}
echo 'ExcludeSingleHopRelays 1' | sudo tee -a ${_torrc_dir}/torrc-${_tor_node_name}
echo 'Exitpolicy reject *:*' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "## Only uncomment next line if geoip support is confermed" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "#GeoIPFile ${_tor_dir}/geoip" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "## Notice [Torrc_bridge_configs] function writing spicific configuration lines to [${_tor_dir}/torrc-bridge] file"
echo "# based on arguments passed via [-T] and [-B] and [-vf] arguments."
for _node_type in ${_bridge_type//,/ }; do
case $_node_type in
private)
echo 'PublishServerDescriptor 0' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "Address ${_nat_ipv4}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "ORListenAddress ${_nat_ipv4}:${_tor_or_port:-443}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'VirtualAddrNetwork 10.192.0.0/10' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'AutomapHostsOnResolve 1' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'TransPort 9040' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'DNSPort 9053' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "TransListenAddress ${_nat_ipv4}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "DNSPort 9053" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "DNSListenAddress ${_nat_ipv4}" | sudo tee -a ${_torrc_dir}/torrc-${_tor_node_name}
;;
public)
echo 'PublishServerDescriptor 1' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "Address ${_external_ipv4}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "OutboundBindAddress ${_external_ipv4}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo "ORListenAddress ${_external_ipv4}:${_tor_or_port:-443}" | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'SocksPort 0' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
;;
authoritative)
echo 'AuthoritativeDirectory 1' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
echo 'BridgeAuthoritativeDir 1' | sudo tee -a ${_tor_dir}/torrc-${_tor_node_name}
;;
esac
done
}
Write_tor_init_nonclient(){
_tor_dir="${1:-/etc}"
_tor_node_user="${2:-debian-tor}"
_tor_node_nickname="${3:?}"
_tor_node_type="${4:?}"
_init_dir="${5:-/etc}/init.d"
echo "## Attention [Write_tor_init] function now writing init script with assigned variables"
echo "# to [${_init_dir}/tor_${_tor_node_type}] file for node [${_tor_node_nickname}] nickname..."
echo '#!/bin/bash' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '### BEGIN INIT INFO' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "# Provides: tor ${_tor_node_nickname}" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Required-Start: $local_fs $remote_fs $network $named $time' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Required-Stop: $local_fs $remote_fs $network $named $time' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Should-Start: $syslog' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Should-Stop: $syslog' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Default-Start: 2 3 4 5' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Default-Stop: 0 1 6' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Short-Description: Starts The Onion Router daemon processes' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Description: Starts The Onion Router, a TCP overlay' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# network client that provides anonymous' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# trasport. See following link for source' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# of this script' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# https://terminal28.com/anonymity-online-how-to-install-and-configure-squid3-tor-privoxy-debian-ubuntu-linux/' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '### END INIT INFO' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'set -e' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
## Note if installing from source some of these file path
# variables may need changed
echo 'DAEMON=/usr/sbin/tor' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "NAME=tor" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'DESC="tor daemon"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "CONFDIR=${_tor_dir:-/etc}/tor" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "TORPIDDIR=/var/run/tor_${_tor_node_nickname}" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "TORPID=\$TORPIDDIR/tor_${_tor_node_nickname}" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "DEFAULTSFILE=${_tor_dir:-/etc}/defaults/\$NAME" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'WAITFORDEAMON=60' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "ARGS=\"--quiet -f\"\$CONFDIR/torrc-${_tor_node_nickname}\"" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Set sane defaults' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'if [ -r /proc/sys/fs/file-max ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' system_max=`cat /proc/sys/fs/file-max`' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if [ "$system_max" -gt "80000" ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' MAX_FILEDESCRIPTORS=32768' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' elif [ "$system_max" -gt "40000" ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' MAX_FILEDESCRIPTORS=16384' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' elif [ "$system_max" -gt "10000" ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' MAX_FILEDESCRIPTORS=8192' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' MAX_FILEDESCRIPTORS=1024' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' cat << EOF' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'Warning: Your system has very few filedescriptors available in total' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "Maybe you should try rassing that by adding 'fs.file-max=10000' to your" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '/etc/sysctl.conf file. Feel free to pick any number that you deem appropriate.' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "Then run 'sysctl -p'. See /proc/sys/fs/file-max for the current value, and" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'file-nr in the same directory for how many of those are sed at the moment' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'EOF' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' MAX_FILEDESCRIPTORS=8192' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'NICE=""' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'test -x $DEAMON || exit 0' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '# Include tor defaults if available' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'if [ -f $DEFAULTSFILE ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' . $DEFAULTSFILE' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'wait_for_deaddaemon () {' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' pid=$1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' sleep 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if test -n "$pid"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if kill -0 $pid 2>/dev/null' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo -n "."' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' cnt=0' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' while kill -0 $pid 2>/dev/null' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' do' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' cnt=`expr $cnt + 1`' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if [ $cnt -gt $WAITFORDAEMON ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "still running"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' exit 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' sleep 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo -n "."' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' done' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 0' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '}' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'check_torpiddir () {' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if test ! -d $TORPIDDIR' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "There is no $TORPIDDIR directory. Creating one for you."' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' mkdir -m 02750 "$TORPIDDIR"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo " chown ${_tor_node_user:-debian-tor}:${_tor_node_user:-debian-tor} \"\$TORPIDDIR\"" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if test ! -x $TORPIDDIR' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Cannot access $TORPIDDIR directory, are you root?" >&2' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' exit 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '}' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'check_config () {' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if ! $DAEMON --verify-config > /dev/null' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "ABORTED: Tor configuration invalid" >&2' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' $DAEMON --verify-config >&2' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' exit 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '}' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'check_torlogdir () {' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if ! [ -d "$TORLOGDIR" ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' mkdir -m 02750 "$TORLOGDIR"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo " chown ${_tor_node_user:-debian-tor}:adm \"\$TORLOGDIR\"" | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' ! [ -x /sbin/restorecon ] || /sbin/restorecon \"$TORLOGDIR\"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo '}' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'case "$1" in ' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' start)' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if [ "$RUN_DAEMON" != "yes" ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Not starting $DESC (Dissabled in $DEFAULTSFILE)."' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' exit 0' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if [ -n "$MAX_FILEDESCRIPTORS" ]; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo -n "Raising maximum number of filedescriptors (ulimit -n) to $MAX_FILEDESCRIPTORS"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if ulimit -n "$MAX_FILEDESCRIPTORS"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "."' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo ": FAILED."' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' check_torpiddir' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' check_torlogdir' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Starting $DESC: $NAME..."' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' check_config' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Starting $DESC: $NAME..."' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
## Notice 1 : This is where firejail should be added if used,
# otherwise try another "Sandbox" utility for keeping unknown
# vunerabilities from easily infecting the rest of your system
## Notice 2 : This is also one of the places to modify if installing
# app-amore from source, if you expect the next [if] statment
# to find the app-armor exicutables
## Notice 3 : Additionally this is where calls to chroot should
# be preformed if running in chroot jail.
echo ' if start-stop-daemon --stop --signal 0 --quiet --pidfile $TORPID --exec $DAEMON; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "$NAME already running"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if [ "$USE_AA_EXEC" = "yes" ] && [ -x /usr/sbin/aa-status ] && [ -x /usr/sbin/aa-exec ] && [ -e /etc/apparmor.d/system_tor ] && /usr/sbin/aa-status --enabled ; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' AA_EXEC="--startas /usr/sbin/aa-exec"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' AA_EXEC_ARGS="--profile=system_tor -- $DAEMON"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' AA_EXEC=""' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' AA_EXEC_ARGS=""' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if start-stop-daemon --start --quiet --pidfile $TORPID $NICE $AA_EXEC --exec $DAEMON -- $AA_EXEC_ARGS $DEFAULT_ARGS $ARGS; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "$NAME done"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Error starting $NAME"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' ;;' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' stop)' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo -n "Stopping $DESC: "' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' pid=$(cat $TORPID 2>/dev/null) || true' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if ! test -f $TORPID -o -z "$pid"; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "not running"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 0' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if start-stop-daemon --stop --signal INT --quite --pidfile $TORPID --exec $DAEMON; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' wait_for_deaddaemon $pid' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' elif kill -0 $pid 2>/dev/null; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Is $pid not $NAME? Is $DAEMON a different binary now?"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "$DAEMON died: process $pid not running; or permission denied"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' ;;' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
## End of nessisary edits section
echo ' reload|force-reload)' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' check_config' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Reloading $DESC configuration"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' pid=$(cat $TORPID 2>/dev/null) || true' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if test ! -f $TORPID -o -z "$pid"; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "not running - there is no $TORPID"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID --exec $DAEMON' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "done"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' elif kill -0 $pid 2>/dev/null; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Is $pid not $NAME? Is $DAEMON a different binary now?"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "$DAEMON died: process $pid not running; or permission denied"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' ;;' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' restart)' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' check_config' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' $0 stop' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' sleep 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' $0 start' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' ;;' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' status)' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if test ! -r $(dirname $TORPID); then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "cannot read PID file $TORPID"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 4' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' pid=$(cat $TORPID 2>/dev/null) || true' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if test ! -f $TORPID -o -z "$pid"; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "$NAME is not running"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 3' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' if ps "$pid" >/dev/null 2>&1; then' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "$NAME is running"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 0' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' else' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "$NAME is not running"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' fi' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' ;;' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' *)' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' echo "Usage: $0 (start|stop|restart|reload|force-reload|status)"' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' return 1' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo ' ;;' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'esac' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo 'exit 0' | sudo tee -a ${_init_dir}/tor_${_tor_node_type}
echo "## Attention [Write_tor_init] function finished writing init file for [${_tor_node_type}]]"
echo "# now providing [${_init_dir}/tor_${_tor_node_type}] exicutable permissions"
sudo chmod +x ${_init_dir}/tor_${_tor_node_type}
}
Activate_torrc_nonclient(){
_tor_node_user="${1:-debian-tor}"
_tor_node_name="${2:?}"
echo "## Activating configs for [torrc-${_tor_node_name}] now."
echo "# With lib file path under [/var/lib/tor_${_tor_node_name}]"
sudo install -o ${_tor_user:-debian-tor} -g ${_tor_user:-debian-tor} -m 700 /var/lib/tor_${_tor_node_name:-service} || Arg_checker --help='Activate_torrc_nonclient' --exit='# [sudo install -o ${_tor_user:-debian-tor} -g ${_tor_user:-debian-tor} -m 700 /var/lib/tor_${_tor_node_name}] # Failed'
}
Write_tor_bridge_configs
上面的内容应该会让你更接近你的目标,就像之前所说的那样,我将在月底之前调试主脚本包并添加功能,因此请随时通过 GitHub 的跟踪系统提出请求(提供健康和时间)我将为 Whonix 添加安装程序,但需要帮助测试,因为我的所有系统似乎都在安装KVM和VMWare先决条件方面与我作斗争。