Hierbei handelt es sich nur um ein Protokoll meiner persönlichen Installation
Installation auf eigene Gefahr
Ich weiß nano ist bäh aber für Kleinscheiß mag ich ihn
Das Tutorial sollte auch auf dem RaspberryPi mit raspian laufen
Nicht wundern meine SD hatte nach der Installation total: 2.47GB
Zu beheben mit $ sudo raspi-config
- Advanced Options
- Expand Filesystem
- "Root Partition has been resized. The filesystem will be enlarged upon the next reboot."
Image via Etcher installieren
Für die Grundeinstellung werden Bildschirm mit HDMI und Tastatur benötigt
Login: pi / bananapi
$ sudo raspi-config
- activate SSL
- update location
Make sudo require a password
$ sudo nano /etc/sudoers.d/010_pi-nopasswd
pi ALL=(ALL) NOPASSWD: ALL
topi ALL=(ALL) PASSWD: ALL- Save and exit (CTRL+O, CTRL+X)
SSH: Change the default port
$ sudo nano /etc/ssh/sshd_config
# Port 22mit dem gewünschten SSL PortPort xxxersetzen und # entfernen nicht vergessen- Save and exit (CTRL+O, CTRL+X)
$ sudo service ssh restart
Install Fail2ban
$ sudo apt install fail2ban
SSH key erstellen (https://www.raspberrypi-spy.co.uk/2019/02/setting-up-ssh-keys-on-the-raspberry-pi/)
$ cd ~
$ mkdir .ssh
$ cd .ssh
$ touch authorized_keys
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
$ cd ~/.ssh
$ ssh-keygen
$ cat id_rsa.pub >> authorized_keys
$ sudo apt-get install putty-tools
$ puttygen id_rsa -o id_rsa.ppk
Key anstelle Passwort
$ sudo nano /etc/ssh/sshd_config
#PasswordAuthentication yesändern zu PasswordAuthentication no
- Save and exit (CTRL+O, CTRL+X)
$ sudo service ssh restart
$ sudo apt-get update
$ sudo apt-get upgrade
Tor Bridge installieren
https://community.torproject.org/relay/setup/bridge/debian-ubuntu/
$ sudo apt install tor
($ sudo apt-get install obfs4proxy)
$ sudo nano /etc/tor/torrc
Der Code zum einfügen ist hier unter Punkt 5 zu finden
Quelle zu IPv4Only hier
Meine torrc
1 BridgeRelay 1
2 ORPort xxxx IPv4Only
3 ControlPort 9051
4 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
5 ServerTransportListenAddr obfs4 0.0.0.0:443 IPv4Only
6 ExtORPort auto
7 ContactInfo xxxx fingerprint: xxxx
8 Nickname xxxx
IPv4Only da ich hinter einer NAT sitze
xxxx durch eigene Daten ersetzen
$ journalctl -e -u tor@default
- Save and exit (CTRL+O, CTRL+X)
$ sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
$ sudo nano /lib/systemd/system/tor@default.service
NoNewPrivileges=no- Save and exit (CTRL+O, CTRL+X)
$ sudo nano /lib/systemd/system/tor@.service
NoNewPrivileges=no- Save and exit (CTRL+O, CTRL+X)
WICHTIG die Ports im Router freigeben TCP und UDP
Folgende Einstellungen habe ich in meiner Fritzbox unter Internet -> Freigaben gemacht:
* Selbstständige Portfreigaben für dieses Gerät erlauben.
* PING6 freigeben.
* Firewall für delegierte IPv6-Präfixe dieses Gerätes öffnen
$ sudo systemctl enable --now tor.service
$ sudo journalctl -e -u tor@default
Monitoring
Install nyx https://nyx.torproject.org/#faq
$ sudo apt-get install nyx
$ sudo nyx
Install vnstat https://github.com/vergoh/vnstat
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install vnstat
$ sudo systemctl start vnstat
$ vnstat
Install vnstati (Visualisierung vnstat)
$ sudo apt-get install vnstati
Alias im bash_profile erstellen um schneller arbeiten zu können
$ sudo nano ~/.bash_profile
alias temp="cat /sys/class/thermal/thermal_zone0/temp && cat /sys/class/thermal/thermal_zone1/temp && cat /sys/class/thermal/thermal_zone2/temp"
alias torlog="journalctl -e -u tor@default"
alias torrestart="systemctl restart tor.service"
alias shut="sudo shutdown -h now"
Backup Tor Identity Keys
After your initial installation and start of the tor daemon it is a good idea to make a backup of your relay's long term identity keys. They are located in the "keys" subfolder of your DataDirectory (simply make a copy of the entire folder and store it in a secure location). Since relays have a ramp-up time it makes sense to back up the identity key to be able to restore your relay's reputation after a disk failure - otherwise you would have to go through the ramp-up phase again. Only do this if you have a very secure place for your keys as if stolen, these keys could theoretically allow traffic decryption or impersonation.
Default locations of the keys folder:
Debian/Ubuntu: /var/lib/tor/keysQuelle: https://community.torproject.org/relay/setup/post-install/
Backup der keys unter Debain:
Unter Debain haben nur root und debian-tor Zugriff auf das Verzeichnis
$ sudo -su
$ cd /var/lib/
$ tar -cvf tor.tar.gz tor
$ cp tor.tar.gz tor ../../home/dein user
Dann per FTP herunterladen :)
Wenn das System läuft, kann ein Image der gesamten SD gemacht werden
https://askubuntu.com/questions/227924/sd-card-cloning-using-the-dd-command
Mein Befehl zum erstellen des Images
$ sudo dd if=/dev/sda of=/home/xxx/img_bananapi/sd.img bs=1M status=progress
Setting up outage notifications
Once you set up your relay it will likely run without much work from your side. If something goes wrong it is good to get notified automatically. We recommend you use one of the free services that allow you to check your relay's ORPorts for reachability and send you an email should they become unreachable for whatever reason.
UptimeRobot is one of these services that allow you to monitor TCP listeners on arbitrary ports. This service can check your configured ports once every 5 minutes and send you an email should your tor process die or become unreachable. This checks only for the listener but does not speak the Tor protocol.
A good way to monitor a relay for its health state is to have a look at its bandwidth graphs.
Quelle: https://community.torproject.org/relay/setup/post-install/
Seite wird von Zeit zu Zeit aktualisiert ...
Last Update: 24.11.22