Hi, all!
There's a project going on to try to add instructions for hardening a Tor relay for security: https://trac.torproject.org/projects/tor/ticket/13703
The idea is that Tor could ship with some basic recommendations, and links to places to find more advice?
Recently, "mmcc" has uploaded a new draft. Do we think this is better than nothing and worth shipping with Tor, or does it need big changes?
If possible, please write comments on the trac ticket above: it will help keep all the discussion in one place.
best wishes, -- Nick
On Thu, Feb 5, 2015 at 11:15 PM, Nick Mathewson nickm@freehaven.net wrote:
The idea is that Tor could ship with some basic recommendations, and links to places to find more advice?
If it's a question that can be answered by searching "how do i secure and run my unix server", including anything other than links to such answers would seem redundant. Sure, noobs are out there, but it isn't efficient for application projects to formally provide general computer training.
If it's a question of "how do i make tor/unix run happy together on my server", ie: file descriptor shortages, that's a specific known interaction with tor itself, and thus a different situation.
The only thing I'd ship with tor are links... to two community maintained wiki pages, one for each class of question above.
From there the community can write whatever faq help desired
independant of the release process and considering external developments.
If there wasn't a community or wiki, then shipping any critical runtime dependency notes on the second class of question would be reasonable.
On 02/06/2015 12:03 AM, grarpamp wrote:
On Thu, Feb 5, 2015 at 11:15 PM, Nick Mathewson nickm@freehaven.net wrote:
The idea is that Tor could ship with some basic recommendations, and links to places to find more advice?
If it's a question that can be answered by searching "how do i secure and run my unix server", including anything other than links to such answers would seem redundant. Sure, noobs are out there, but it isn't efficient for application projects to formally provide general computer training.
If it's a question of "how do i make tor/unix run happy together on my server", ie: file descriptor shortages, that's a specific known interaction with tor itself, and thus a different situation.
The only thing I'd ship with tor are links... to two community maintained wiki pages, one for each class of question above. From there the community can write whatever faq help desired independant of the release process and considering external developments.
If there wasn't a community or wiki, then shipping any critical runtime dependency notes on the second class of question would be reasonable. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
For what it's worth, I'm mmcc - I wrote the doc/HARDENING draft.
It did end up containing more text than we had hoped. However, I think some of it is worthwhile. For example, the firewall rules are unique to Tor and not entirely obvious. People also wouldn't encounter the DNS suggestion elsewhere.
I added that version to the ticket because it was being considered for the 0.2.6 release. I sent a similar version to the mailing lists a couple months ago and haven't reviewed and incorporated some of the suggestions I received, partially because I suspected that it was already too verbose.
I'm not attached to this document, and I'm fine with it not being added. I also like the idea of linking to a wiki page. Generally, I think we need to make more of an effort to get security information to relay operators. Many volunteer a VPS or home server out of curiosity, and there isn't much of a culture of operational security among those contributors. This could become a problem as the network matures.
Hi,
Many of you are advanced *nix users. Some of us aren't. So first I'd like to thank mmcc for writing the document.
I've spent weeks bungling around trying to figure out how to manage my several exit relays in the most responsible manner..
I've managed to create a reasonably interesting install and setup script to deal with the initial configuration, locking down certain things - the most basic of OPSEC.
I'm not an expert. I've been biding my time, learning as much as I can when I can. But I have a full time job, and a pregnant wife!
Iptables is an advanced firewall. Iptables is a pain in the ass for new users to expertly configure. Basic settings aren't difficult, but I don't want basic. I've given up trying to manually write Iptables settings because I never left secure enough (due to my ignorance). For now I use ufw; open specific ports to tcp traffic, and default deny - and I'm not happy about it. I would love a detailed example of iptables rules for reduced exit relays, and middle relays - because no I don't fully understand the ins and outs of every possible scenario. A half ass firewall is barely any better than no firewall, in my opinion. I want to *know* what I tell iptables to do, and not rely on ufw to take care of me. I don't want to believe I've setup a good firewall, I want to KNOW I've setup the strongest I can!
I want to know Tor Best OPSEC Practices, because generic *nix Best Practices don't always match, and the considerations *are* different. I want to know what services I can disable in Debian, specific to Tor, because I don't know the linux subsystem well enough.
I want to make sure my relays are the best I can make them, the most secure I can make them, to ensure I provide the community the best I can. But I'm not an expert - barely a novice. I'm a guy with a heart that believes in free speech and privacy. I'm not a security guru (yet...).
My personal opinion is the Tor community should be a champion of OPSEC period, for everyone. But that is me. Anonymity, privacy, and security go hand in hand. The Tor community has some real experts in this field, and a little contribution would do a world of help. Yes, links to well written articles is perfectly adequate - you don't need to re-invent the wheel, but a central source of awesome material would be fantastic! Both for end-users, and relay operators!
And besides, who doesn't like a good community derived checklist to ensure relative consistency between relay configurations? :)
None of this constitutes "general computer training." The issues, though many, are quite specific.
Please remember, we're all trying to do the best we can - but we're not all at your level. Some of us are quite busy in real life, and don't have the time to learn EVERYTHING, though I admit that begrudgingly. Being an autodidact it is incredibly frustrating that I don't know everything about a topic that interests me.
My 2 cents. This email was intended to be short, but it blew up. So, I apologize.
Kind regards,
Matt Speak Freely
On Fri, 06 Feb 2015 11:08:47 +0000, when2plus2is5@riseup.net wrote: ...
Iptables is an advanced firewall. Iptables is a pain in the ass for new users to expertly configure. Basic settings aren't difficult, but I don't want basic.
I'm (apparently) in the minority on this, but my tor nodes don't have any iptables - there is nothing than iptables could cover. To even get anything running on the machine that could be shielded from the outside (or to talk to the outside), you'd need a vuln in either tor or ssh (or, for exit nodes, the DNS resolver).
...
My personal opinion is the Tor community should be a champion of OPSEC period, for everyone. But that is me. Anonymity, privacy, and security go hand in hand.
I'd actually like to second that. It is one thing to write down tornode-related opsec, and an entirely different thing to learn general opsec and then condense that down to what a tor node requires of that (and I'm not even sure if there is a general opsec primer we could point people (i.e. me) to).
Hmm, perhaps I should get my credit card and see how the amazon cloud tor nodes are preconfigured. ;-)
Andreas
On 2015-02-06 18:08, Andreas Krey wrote:
Hmm, perhaps I should get my credit card and see how the amazon cloud tor nodes are preconfigured. ;-)
You can check it out here (if that's the correct repository): https://gitweb.torproject.org/tor-cloud.git/tree/ec2-prep.sh
On the other hand, if you're eligible for the AWS free tier, why not run a bridge for a year?
Best regards, Alexander
Thanks for being the one to start on it.
I think there ought to be some specific help for people like me who want to do the best to contribute.
I did search in many ways for hardening tips but it takes a lot of nous to make some of the leaps expected by uber-cool-already-knowing authors.
Wouldn't it make sense for aspiring relay volunteers to be helped with what is best for Tor?
I'll be reading Nick's effort and contributing what I can. Why doesn't everyone?
Robert
-----Original Message----- From: nickm@freehaven.net Sent: Thu, 5 Feb 2015 23:15:42 -0500 To: tor-relays@lists.torproject.org Subject: [tor-relays] Relay operators: help improve this hardening document?
Hi, all!
There's a project going on to try to add instructions for hardening a Tor relay for security: https://trac.torproject.org/projects/tor/ticket/13703
The idea is that Tor could ship with some basic recommendations, and links to places to find more advice?
Recently, "mmcc" has uploaded a new draft. Do we think this is better than nothing and worth shipping with Tor, or does it need big changes?
If possible, please write comments on the trac ticket above: it will help keep all the discussion in one place.
best wishes,
Nick _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Alexander Dietrich -
Andreas Krey -
grarpamp -
I -
Libertas -
Nick Mathewson -
when2plus2is5@riseup.net