Hi,
this is a suggestion for improving page :
https://community.torproject.org/relay/setup/bridge/post-install/
where the page states :
See the file obfs4_bridgeline.txt
, which is found
inside Tor Data Directory, for example, in Debian/Ubuntu /var/lib/tor/pt_state/obfs4_bridgeline.txt
or FreeBSD /var/db/tor/pt_state/obfs4_bridgeline.txt
.
I believe this is now time to keep a standard with the pattern of
respect that the recipe has had for the diversity of
OS-communities and push this to state in hard:
See the file obfs4_bridgeline.txt
, which is found
inside Tor Data Directory:
in Debian / Ubuntu / Fedora /var/lib/tor/pt_state/obfs4_bridgeline.txt
in FreeBSD /var/db/tor/pt_state/obfs4_bridgeline.txt
.
(My personal experience is that under DEBIAN BOOKWORM (12) at
least, the directory /var/lib/tor/pt_state/
DOES
NOT EXIST
this is infuriating when having set up the entire Bridge in deep
study of the torproject recipe, the fatal outcome is that the
Bridge is running yet the Bridge line is uncomposable for
publication: Debian 12 is a standard, and Debian 11 becomes a
dangerous OS to rely on: the bridge-line pt_state folder-issue
must be urgently resolved!).
also the page :
source url : https://bridges.torproject.org/info
does not give clean examples of the exact torrc statement with
the present double-quote (eg. "Settings") and this is very
confusing for those who capitalize the first letter when the
standard on pages I visit are often all in small letters:
BridgeDistribution moat
would illustrate the standard to adopt and avoid potentially wasting time at every new Bridge being attempted by operators.
Perhaps keeping this good habit of looking what else is, to
secure a basic tor server (after all the actual recipe mentions
Unbound, ufw, firewalld, ... ) the torproject could push a step
further and remind a concise, minimal yet expected standard (for
every OS)
- in changing openssh ssh port 22 for any other port TODO,
- in setting up ed25519 only,
- in setting up fail2ban to jail any TOR EXIT IPs, ... .
Truely, with little experience of mine, INFLATION BOMBS and local
infrastructure hacking attacks have repeatedly used Tor to (dDOS-)
attack Tor Relays from EXIT nodes.
Carlos.
-- PGP updated every second week : please actualize our communication every time.