#! /bin/bash
### BEGIN INIT INFO
# Provides: tor
# Required-Start: $local_fs $remote_fs $network $named $time
# Required-Stop: $local_fs $remote_fs $network $named $time
# Should-Start: $syslog
# Should-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts The Onion Router daemon processes
# Description: Start The Onion Router, a TCP overlay
# network client that provides anonymous
# transport.
### END INIT INFO
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
. /lib/lsb/init-functions
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/tor
NAME=tor
DESC="tor daemon"
TORLOGDIR=/var/log/tor
TORPIDDIR=/var/run/tor
TORPID=$TORPIDDIR/tor.pid
DEFAULTSFILE=/etc/default/$NAME
WAITFORDAEMON=60
DEFAULT_ARGS="--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
VERIFY_ARGS="--verify-config $DEFAULT_ARGS"
USE_AA_EXEC="yes"
ARGS=""
if [ "${VERBOSE:-}" != "yes" ]; then
ARGS="$ARGS --hush"
fi
# Let's try to figure our some sane defaults:
if [ -r /proc/sys/fs/file-max ]; then
system_max=`cat /proc/sys/fs/file-max`
if [ "$system_max" -gt "80000" ] ; then
MAX_FILEDESCRIPTORS=32768
elif [ "$system_max" -gt "40000" ] ; then
MAX_FILEDESCRIPTORS=16384
elif [ "$system_max" -gt "10000" ] ; then
MAX_FILEDESCRIPTORS=8192
else
MAX_FILEDESCRIPTORS=1024
cat << EOF
Warning: Your system has very few filedescriptors available in total.
Maybe you should try raising that by adding 'fs.file-max=100000' to your
/etc/sysctl.conf file. Feel free to pick any number that you deem appropriate.
Then run 'sysctl -p'. See /proc/sys/fs/file-max for the current value, and
file-nr in the same directory for how many of those are used at the moment.
EOF
fi
else
MAX_FILEDESCRIPTORS=8192
fi
NICE=""
test -x $DAEMON || exit 0
# Include tor defaults if available
if [ -f $DEFAULTSFILE ] ; then
. $DEFAULTSFILE
fi
wait_for_deaddaemon () {
pid=$1
sleep 1
if test -n "$pid"
then
if kill -0 $pid 2>/dev/null
then
cnt=0
while kill -0 $pid 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt $WAITFORDAEMON ]
then
log_action_end_msg 1 "still running"
exit 1
fi
sleep 1
[ "`expr $cnt % 3`" != 2 ] || log_action_cont_msg ""
done
fi
fi
log_action_end_msg 0
}
check_torpiddir () {
if test ! -d $TORPIDDIR; then
mkdir -m 02750 "$TORPIDDIR"
chown debian-tor:debian-tor "$TORPIDDIR"
! [ -x /sbin/restorecon ] || /sbin/restorecon "$TORPIDDIR"
fi
if test ! -x $TORPIDDIR; then
log_action_end_msg 1 "cannot access $TORPIDDIR directory, are you root?"
exit 1
fi
}
check_torlogdir () {
if test ! -d $TORLOGDIR; then
mkdir -m 02750 "$TORLOGDIR"
chown debian-tor:adm "$TORLOGDIR"
! [ -x /sbin/restorecon ] || /sbin/restorecon "$TORPIDDIR"
fi
}
check_config () {
if ! $DAEMON $VERIFY_ARGS > /dev/null; then
log_failure_msg "Checking if $NAME configuration is valid"
$DAEMON $VERIFY_ARGS >&2
exit 1
fi
}
case "$1" in
start)
if [ "$RUN_DAEMON" != "yes" ]; then
log_action_msg "Not starting $DESC (Disabled in $DEFAULTSFILE)."
exit 0
fi
if [ -n "$MAX_FILEDESCRIPTORS" ]; then
[ "${VERBOSE:-}" != "yes" ] || log_action_begin_msg "Raising maximum number of filedescriptors (ulimit -n) for tor to $MAX_FILEDESCRIPTORS"
if ulimit -n "$MAX_FILEDESCRIPTORS" ; then
[ "${VERBOSE:-}" != "yes" ] || log_action_end_msg 0
else
[ "${VERBOSE:-}" != "yes" ] || log_action_end_msg 1
fi
fi
check_torpiddir
check_torlogdir
check_config
log_action_begin_msg "Starting $DESC"
if start-stop-daemon --stop --signal 0 --quiet --pidfile $TORPID --exec $DAEMON; then
log_action_end_msg 0 "already running"
else
if [ "$USE_AA_EXEC" = "yes" ] &&
[ -x /usr/sbin/aa-status ] && \
[ -x /usr/sbin/aa-exec ] && \
[ -e /etc/apparmor.d/system_tor ] && \
/usr/sbin/aa-status --enabled ; then
AA_EXEC="--startas /usr/sbin/aa-exec"
AA_EXEC_ARGS="--profile=system_tor -- $DAEMON"
else
AA_EXEC=""
AA_EXEC_ARGS=""
fi
if start-stop-daemon --start --quiet \
--pidfile $TORPID \
$NICE \
$AA_EXEC \
--exec $DAEMON -- $AA_EXEC_ARGS $DEFAULT_ARGS $ARGS
then
log_action_end_msg 0
else
log_action_end_msg 1
exit 1
fi
fi
;;
stop)
log_action_begin_msg "Stopping $DESC"
pid=`cat $TORPID 2>/dev/null` || true
if test ! -f $TORPID -o -z "$pid"; then
log_action_end_msg 0 "not running - there is no $TORPID"
exit 0
fi
if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID --exec $DAEMON; then
wait_for_deaddaemon $pid
elif kill -0 $pid 2>/dev/null; then
log_action_end_msg 1 "Is $pid not $NAME? Is $DAEMON a different binary now?"
exit 1
else
log_action_end_msg 1 "$DAEMON died: process $pid not running; or permission denied"
exit 1
fi
;;
reload|force-reload)
check_config
log_action_begin_msg "Reloading $DESC configuration"
pid=`cat $TORPID 2>/dev/null` || true
if test ! -f $TORPID -o -z "$pid"; then
log_action_end_msg 1 "not running - there is no $TORPID"
exit 1
fi
if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID --exec $DAEMON
then
log_action_end_msg 0
elif kill -0 $pid 2>/dev/null; then
log_action_end_msg 1 "Is $pid not $NAME? Is $DAEMON a different binary now?"
exit 1
else
log_action_end_msg 1 "$DAEMON died: process $pid not running; or permission denied"
exit 1
fi
;;
restart)
check_config
$0 stop
sleep 1
$0 start
;;
status)
if test ! -r $(dirname $TORPID); then
log_failure_msg "cannot read PID file $TORPID"
exit 4
fi
pid=`cat $TORPID 2>/dev/null` || true
if test ! -f $TORPID -o -z "$pid"; then
log_failure_msg "$NAME is not running"
exit 3
fi
if ps "$pid" >/dev/null 2>&1; then
log_success_msg "$NAME is running"
exit 0
else
log_failure_msg "$NAME is not running"
exit 1
fi
;;
*)
log_action_msg "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2
exit 1
;;
esac
exit 0
As well as.
/etc/default/tor
Which should look like this.
# Defaults for tor initscript
# sourced by /etc/init.d/tor
# installed at /etc/default/tor by the maintainer scripts
#
# This is a bash shell fragment
#
RUN_DAEMON="yes"
#
# Servers sometimes may need more than the default 1024 file descriptors
# if they are very busy and have many clients connected to them. The top
# servers as of early 2008 regularly have more than 10000 connected
# clients.
# (ulimit -n)
#
# (the default varies as it depends on the number of available system-wide file
# descriptors. See the init script in /etc/init.d/tor for details.)
#
# MAX_FILEDESCRIPTORS=
#
# If tor is seriously hogging your CPU, taking away too much cycles from
# other system resources, then you can renice tor. See nice(1) for a
# bit more information. Another way to limit the CPU usage of an Onion
# Router is to set a lower BandwidthRate, as CPU usage is mostly a function
# of the amount of traffic flowing through your node. Consult the torrc(5)
# manual page for more information on setting BandwidthRate.
#
# NICE="--nicelevel 5"
# Additional arguments to pass on tor's command line.
#
# ARGS="$ARGS "
#
# Uncomment the ulimit call below, and set "DisableDebuggerAttachment 0"
# in /etc/tor/torrc, if you want tor to produce coredumps on segfaults
# and assert errors.
#
# Keeping coredumps around is some sort of security issue since they
# may leak session keys, sensitive client data and more, should such
# files fall into the wrong hands. Therefore coredumps are not enabled
# by default.
#
# ulimit -c unlimited
#
# Config option for the weekly cron file: Whether or not to remove old
# coredumps in /var/lib/tor. Coredumps can hold sensitive data, as such
# they probably should not be kept lying around if nobody will ever look
# at them. This option makes /etc/cron.weekly/tor clean out files older
# then three weeks.
#
CLEANUP_OLD_COREFILES=y
#
# By default the tor init script will launch Tor using apparmor iff
# /usr/sbin/aa-status exists and is executable and calling it with --enabled
# returns true, /usr/sbin/aa-exec is executable, there is a
# /etc/apparmor.d/system_tor policy, and USE_AA_EXEC is set to 'yes'.
#
# USE_AA_EXEC="yes" # default
# USE_AA_EXEC="no"
# Let the vidalia package override some of our settings.
# People who have vidalia installed might not want to run Tor as a system
# service. The vidalia .deb can ask them that and then set run-daemon to no.
if [ -e /etc/default/tor.vidalia ] && [ -x /usr/bin/vidalia ]; then
. /etc/default/tor.vidalia
fi
# Begin of modifications for Anonymity Distributions.
source /usr/lib/anon-shared-helper-scripts/torsocks-remove-ld-preload
# End of modifications for Anonymity Distributions.