Written setup scripts for turning a raspi into an hidden server. Comments needed.




I’m posting this in the developers section, because it’s meant to be read by developers, rather than the wider public, because the project I’m going to talk about, is in a too early stage to be interesting for most users.

I’ve written some ansible scripts meant to enable people to setup a raspberry pi as a very cheap server for hosting hidden services without too much hassle. What I have made so far, sets up a set of LXC containers, of which one acts as a proxy to the tor network, another acts as a proxy for everything regarding APT, and an arbitrary number of containers are acting as containers for hosting hidden services.

Within those containers, applications don’t know the IP of the host, and don’t have any access to the internet, but can be reached from the tor proxy, so they can host hidden services, as well use the APT tools normally, thanks to the APT proxy.

In short, this setup is meant to eliminate the risk, that an attacker can learn the IP of an hidden service due to an configuration error (like enabling modinfo.php), or manipulate a software in a way, that those software contacts something like fbi.gov from its real IP. Additionally the playbooks take measures to harden the host in many ways, but that part is not completely done yet.

I’m posting this, because I want to make you aware of my project, so that those of you, who are interested, can test my project, steal the parts, that are good, and tell me, which parts are bad or could be improved.

Finally, the link to my little project is: http://studygarden2nrpb.onion

Please use my own forum to answer.


interesting project. There have been requests over the years for low power ARM devices running Whonix but we don’t have the resources. Thanks for sharing your efforts. I would like to see your work become an official port under the Whonix umbrella so I will discuss a few important points.

How feasible is it to transform your scripts to use KVM? AFAIK RPi is capable of running VMs. We believe that the only type of isolation that is worth supporting is hypervisors because the attack surface is way too great for containers.

How easy is it to integrate our build scripts and repos into your build system? Are you interested in doing this?

PS. Please keep Law Enforcement out of your examples. Our software’s goal is not to circumvent civil or criminal law or aid criminals but protecting basic human rights like privacy from infringement carried out illegally - no matter what entity does it.



the answer depends. I’m trying to answer in a comprehensive fashion:

In my opinion, raspis are well suited as small servers, running a minimal system and just a few applications. That’s what I’ve tried to achieve. Especially when utilizing ramdisks and so on, they’re performing okay. But they’re lacking, if more processing power is required, than a smartphone or a 15 year old computer would provide. Therefore, I’d suspect, that several operating systems running inside VMs could be too demanding on the hardware. But I honestly don’t know, and I’ll try it out, as soon as that’s possible.

Another thing regarding raspis is, that until a few days ago, they haven’t been supported by the linux kernel. Every release meant to be run on a raspi used a heavily patched kernel, which often never was updated. Therefore, the base OS on which my script builds, is raspbian, which sucks security-wise, and probably won’t run KVMs, but is easy and available. The overall situation regarding Banana Pis, and so on, is even worse. At least as far as I know.

However: A few days ago a new kernel release came out, which is said to run natively and without any patches on raspis. I haven’t tried it yet, but as soon as there’s some kind of installer, I’d change the script in a way, that it expects a normal debian system. I think, that this is very interesting, because at this point, the script would support little RasPis as well as big hosted servers, as long as both are running a debian OS. Raspbian basically is debian with different repositories, a few hacks, and a patched kernel, so this wouldn’t be too much effort.

As soon as this is the case, KVM would be supported, if it runs on ARM at all. It might be too much to run several OSes on such a little device, and I’d have to find something useable that runs inside the containers, but it would be supported. So my script could be made to support LXC and KVM at the same time.

This should give you an overview of what’s planned, as well as an idea in what sense I could make use of your repositories. Regarding your build system, I don’t have a clue, as I haven’t seen it yet. Do you have a link and maybe some kind of documentation?

If you’d be interested in something along those lines, then I’d like to be part of your project. If that would be the case, we should talk about a few details. Like, what to expect, and how to go on.

Sorry about the example with fbi.gov. I don’t support anything illegal, but I tried to make sure, that everyone understands the attack vectors I’ve been talking about. Maybe I’m spoiled by too much talk about the prisoners dilemma :wink: