forked from breadtk/onion_pi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.sh
executable file
·151 lines (121 loc) · 4.39 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/bin/bash
# Onion Pi, based on the Adafruit Learning Technologies Onion Pi project.
# For more info: http://learn.adafruit.com/onion-pi
#
# To do:
# * Options for setting up relay, exit, or bridge
# * More anonymization of Onion Pi box
# * Further testing
if (( $EUID != 0 )); then
/bin/echo "This script must be run as root. Type in 'sudo $0' to run it as root."
exit 1
fi
/bin/cat <<'Onion_Pi'
~
/~
\ \ /**
\ ////
// //
// //
///&//
/ & /\ \
/ & .,, \
/& % : \
/& % : ; `\
/&' &..% !.. `.\
/&' : &''" ! ``. : `.\
/#' % : "" * . : : `.\
I# :& : !" * `. : :: I
I &% : : !%.` '. . : : : I
I && :%: .&. . . : : : I
I %&&&%%: WW. .%. : : I
\&&&##%%%`W! & ' : ,'/
\####ITO%% W &..' #,'/
\W&&##%%&&&&### %./
\###j[\##//##}/
++///~~\//_
\\ \ \ \ \_
/ / \
Onion_Pi
/bin/echo "This script will auto-setup a Tor proxy for you. It is recommend that you
run this script on a fresh installation of Raspbian."
read -p "Press [Enter] key to begin.."
/bin/echo "Updating package index.."
/usr/bin/apt-get update -y
/bin/echo "Removing Wolfram Alpha Enginer due to bug. More info:
http://www.raspberrypi.org/phpBB3/viewtopic.php?f=66&t=68263"
/usr/bin/apt-get remove -y wolfram-engine
/bin/echo "Updating out-of-date packages.."
/usr/bin/apt-get upgrade -y
/bin/echo "Downloading and installing various packages.."
/usr/bin/apt-get install -y ntp unattended-upgrades monit tor
/bin/echo "Configuring Tor.."
/bin/cat /dev/null > /etc/tor/torrc
/etc/tor/torrc <<'onion_pi_configuration'
## Onion Pi Config v0.3
## More information: https://github.com/breadtk/onion_pi/
# Write to disk less, useful when running on flash memory
AvoidDiskWrites 1
# Transparent proxy port
TransPort 9040
# Explicit SOCKS port for applications.
SocksPort 9050
# Port that Tor will output 'info' level logs to.
Log notice file /var/log/tor/notices.log
# Have Tor run in the background
RunAsDaemon 1
# Only ever run as a client. Do not run as a relay or an exit.
# ClientOnly
# Ensure resolution of .onion and .exit domains happen through Tor.
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
# Serve DNS responses
DNSPort 53
onion_pi_configuration
/bin/echo "Fixing firewall configuration.."
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "OnionPi: Redirect all DNS requests to Tor's DNSPort port."
/sbin/iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040 -m comment --comment "OnionPi: Redirect all TCP packets to Tor's TransPort port."
/bin/sh -c "/sbin/iptables-save > /etc/iptables.ipv4.nat"
/bin/echo "Wiping various files and directories.."
/usr/bin/shred -fvzu -n 3 /var/log/wtmp
/usr/bin/shred -fvzu -n 3 /var/log/lastlog
/usr/bin/shred -fvzu -n 3 /var/run/utmp
/usr/bin/shred -fvzu -n 3 /var/log/mail.*
/usr/bin/shred -fvzu -n 3 /var/log/syslog*
/usr/bin/shred -fvzu -n 3 /var/log/messages*
/usr/bin/shred -fvzu -n 3 /var/log/auth.log*
/bin/echo "Setting up logging in /var/log/tor/notices.log.."
/usr/bin/touch /var/log/tor/notices.log
/bin/chown debian-tor /var/log/tor/notices.log
/bin/chmod 644 /var/log/tor/notices.log
/bin/echo "Setting tor to start at boot.."
/usr/sbin/update-rc.d tor enable
/bin/echo "Setting up Monit to watch Tor process.."
/etc/monit/monitrc << 'tor_monit'
check process tor with pidfile /var/run/tor/tor.pid
group tor
start program = "/etc/init.d/tor start"
stop program = "/etc/init.d/tor stop"
if failed port 9050 type tcp
with timeout 5 seconds
then restart
if 3 restarts within 5 cycles then timeout
tor_monit
/bin/echo "Starting monit.."
/usr/bin/monit quit
/usr/bin/monit -c /etc/monit/monitrc
/bin/echo "Starting tor.."
/usr/sbin/service tor start
/usr/bin/clear
/bin/echo "Onion Pi setup complete!
To connect to your own Tor gateway, set your web browser or computer to connect to:
Proxy type: SOCKSv5
Port: 9050
Transparent proxy port: 9040
Before doing anything, verify that you are using the Tor network by visiting:
https://check.torproject.org/
Onion Pi
"
exit