tor-ctrl should probably have an onion-grater profile if anyone wants to create services from the Workstation.
Different than onionshare, target ports are not limited, so don’t know how to limit the profile with this.
I don’t have any reason to limit target port, it is ok for onionshare as it is designed around a one click installation and the server is configured for you. But for tor-ctrl, you probably will configure your server and you need to specify the target address that will be listened to by the webserver.
A general tor-ctrl profile would be difficult. In that case, one could also set onion-grater to complain mode which lets through everything.
I don’t see the use case yet. Adding onion services isn’t a frequent task?
Anyhow. This would be contributions welcome. Not trivial to implement but easy on my side, it 1 more example profile in the onion-grater-merger examples folder.
I was looking tor command line tools and found carml.
It is very nice the monitor command, the log messages are easy to read not raw, even though you can still see raw with events command.
Carml is built upon txtorcon, both by Meejah.
Unfortunately carml does not have a debian package, but txtorcon the library has, so possible that in the feature he provides pushes it to debian.org.
Much better than tor-ctrl of course in terms of user friendliness, interpreting events, has a whole library.
Not available on deb.debian.org so one would need to maintain the package. Has some dependencies not available on debian repos such as ansicolors.
It is a great tool and I hope it becomes available on debian soon, but it it on version 21.1.0, so maybe there is something blocking.
For me, if I press Ctrl+C during tor-control-observe, I get the summary and the script terminates.
That is expected when calling from the command line.
The problem is when using the Desktop file, when using Ctrl+C, it will kill the terminal emulator.
Yes, the signals can be “shuffled” to what makes most sense / easiest to use for the user. Usage of signals could be documented by adding a short console output message at script startup.
I guess any keys are OK as long as the program says so. Bonus points for following standards / conventions as much as possible.
derivative-maker (previously Whonix build script) taps ctrl + c (sigterm) and shows a custom error handler once pressed. Does not necessarily end the script. One could even have a sigterm trap and do nothing, whatever that would be useful for.
I am thinking of including SOURCE_ADDR, docs, to tor-ctrl.
It seems useful as it can indicate the client that sent the connection.
If the client is using the GW as the proxy vm, then it will show the correct WS IP assigned to the qube. e.g. 10.137.0.15 or another IP is not qubes.
But if the client is just using the GW as proxy to update on the template, then it will show a connection to localhost. e.g. 127.0.0.1:5999. The port is random.
How can I know the original IP, the qube ip for example, that requested the proxy on port 8082? Is it possible?
I am thinking of a way to identify which was the client that made the call to the proxy, because if someone is updating a bunch of vms together, then it will get difficult to know which one did a shady request to some domain. Of course qubes update tool runs one at a time, but any way…
Also, I think this is a great addition because maybe I could put an option to only show streams of a certain source_addr, for example: if multiple WS are connected to the same GW, then we can run tor-ctrl on 2 terminals and filter by connections made by the WS qube ip, this way it is easier to distinguish where may be some leaks.
Dropped the qubes update proxy firewall thinkering, not possible to filter and is an upstream issue.
@adrelanos Should tor-ctrl-observer have a SOURCE_ADDR field? Do you think this would leak information of the client IP if the gateway is in a remote location?
For GW and WS on the same machine or LAN this is not a problem, only for remote GW.
I don’t know. Perhaps best to ask a Whonix-unspecified question at Qubes?
Yes, awesome idea!
Awesome!
Maybe document this risk at tor-ctrl-observer startup?
Perhaps two different start menu entries?
User has to take care of not posting unredacted tor-ctrl-observer logs anyhow in public since these reveal user activity. Some warning(s) would be nice.
This does not filter for update proxy, was related above, it is very difficult to know because it first uses 127.0.0.1 for DNS requests and then GW qube ip to CONNECT. So this is not very clean and for now there is only the option to specify one client ip to filter.
tor-ctrl-stream now has the option to specify client ip. Didn’t implement on -observer yet.
Thinking about it, if someone knows how to setup a remote tor gateway, they probably have some abilities, but yes, mistakes can occurr when posting logs.
I can do warnings anyway.
tor-ctrl-observer with carml is much better: $ carml monitor --no-circuits --no-guards.
It prints exit nodes, but we can contribute upstream to add an option to hide that or even use grep -v ourselves.
I forgot about this code duplication. Ideally, onion-parser would be upstreamed. Meaning, anon-gw-anonymizer (which ideally wouldn’t need to exist) shouldn’t have it. If it can be upstreamed to onionwash, that would be good. PR welcome.
Actually better if upstreamed (to onionwash).
That included anon-verify.
Because now using %include /etc/torrc.d/*.conf. Fortunately, Tor has now wildcard (*) support. Hence, extraneous files such as these back editors (ending with ~) or those by dpkg (.dpkg-old) are now ignored by Tor. (If using the wildcard support which is very, very much recommended.)
Therefore fortunately any hacks to find and remove extraneous files can now be removed. The reason this was implemented was only as a stopgap because at the time Tor did’t have wildcard config parsing support.
This was added to ease debugging because the actual fix was quite difficult to figure out and took me a long time.
I prefer tee because than the xtrace (debugging output) (set -x or bash -x) is more self-explanatory.
Maybe in this case it’s better to revert the use of tee due to the slowdown?