Re: [Tails-dev] A script for configuration of a hidden HTTP …

このメッセージを削除

このメッセージに返信
著者: sajolida
日付:  
To: The Tails public development discussion list
題目: Re: [Tails-dev] A script for configuration of a hidden HTTP service
On 08/01/13 10:50, Lukasz Dobrogowski wrote:
> Hello,
>
> after a lot of tinkering around with Tails codebase, reading through
> Debian Live and a few other manuals, I was finally able to hack together
> a simple configuration script for setting up a persistent hidden HTTP
> service via nginx. I decided on doing HTTP as the example service, since
> it would probably get by far most widespread use.
>
> It's really hackish right now and makes a lot of assumptions it
> shouldn't, but I wanted to get something working as soon as possible.
> That way, I have something to present my way of thinking and can ask
> more experienced developers for some pointers/corrections.
>
> So right now, what the script does:
>
> * checks for line containing "/etc/nginx" in
> /live/persistence/sdb2_unlocked/live-persistence.conf and if it exists,
> stops execution - as a very simple sanity check preventing the script
> from being run twice and doing something potentially harmful
> * creates /var/www directory with proper permissions and a hello world
> /var/www/index.htm
> * creates /var/lib/tor/nginx directory with proper permissions
> * adds lines at the end of /etc/tor/torrc, adding a new hidden service
> with location in /var/lib/tor/nginx
> * makes /var/lib/tor, /var/www, /etc/tor and /etc/nginx persistent by
> adding proper lines at the end of /live/persistence.conf and copying
> their contents to the persistent volume immediately
> * displays message that all changes will take place upon next reboot and
> localizations of the file containing .onion address and site data (/var/www)
>
> The script and all the modifications to Tails I'm making can be publicly
> viewed on my github: https://github.com/zaroth/tails-server
> (the script itself is at
> config/chroot_local-includes/usr/local/bin/tails-server-setup )
>
> So, what do you think?
>
> As far as my thoughts go:
>
> * I'd very much like to start improving the script with some detection
> of the persistent media, checking the localization, existence, etc. I'm
> aware of the fact that it's already done in the tails_persistence_setup
> Perl application. I'd looked through it before, but since I hadn't known
> much Perl, I decided to write this hack for now instead. However, in the
> long run I see the value of these Perl modules and I can probably pick
> up the language quickly enough. Any advice/documentation on these
> modules? Or maybe an alternative way of handling these issues,
> preferably a Python one?
>
> * As of now, editing of /var/www and /etc/nginx obviously requires root
> access. I don't know if this should be the desired result. I mean,
> obviously we can expect a user trying to set up a webserver to be at
> least a bit webserver savvy, but not necessarily linux root console
> savvy... Thoughts on solving this issue?
>
> * Because of the excellent firewall rules already in Tails, I didn't
> feel it was necessary to modify anything in nginx configuration to make
> the server less visible to other hosts than Tor nodes. However, there is
> also the question, how much private info does nginx leak with default
> settings and what would be the best way to prevent that. Since I'm no
> expert on this matter, I'd appreciate any input here.
>
> * I would very much like to display the generated .onion address to the
> user instantly after setup. However, I'm not sure how to do it without
> restarting tor to use the new torrc and potentially breaking something.
> (I'm not sure if it's safe to restart tor in tails when it's started by
> vidalia...?)
>
> * By default, nginx init.d script will start nginx during boot
> automatically. However, since /etc/nginx is stored on an encrypted
> device, it is clearly undesirable to start nginx before mounting it.
> Right now, the nginx service requires restart after booting to work,
> which is unacceptable. If there is an init.d service responsible for
> mounting the persistent volumes, this would be a trivial fix - simply
> make this service a requirement for nginx. However, I couldn't find such
> a service, did I miss it?
>
> * I added nginx-full to the tails-common packagelist. It is roughly 2M
> in size, so it's not increasing the image size by a lot, and it
> simplifies a lot of things (since Tails doesn't have any convenient
> support for persistent user installed packages right now).
>
> * as this hidden service configuration framework grows, a better method
> for automatically adding/removing hidden services to/from torrc should
> be used. An ideal scenario would be if we could use an include statement
> in the torrc file and put all the hidden services declarations in a
> separate file. However, Tor doesn't have support for include statement
> and is unlikely to have it anytime soon (
> https://trac.torproject.org/projects/tor/ticket/1922 ) Any suggestions here?
>
> * the wiki page covering the server edition idea (
> https://tails.boum.org/todo/server_edition/ ) suggests a separate
> "server mode" choosable at boottime. I wondered about how to simply
> implement this two modes and came up with the idea of using Debian
> runlevels. Since by default all of the 2,3,4,5 runlevels are exactly the
> same, couldn't we e.g. define runlevel 5 as GUI runlevel and runlevel 2
> as server runlevel and rc-update accordingly? Are there downsides to
> this approach? Automatic modification to bootloader menu adding the new
> runlevel option upon setting up hidden services should be easy enough to
> implement.
>
> Cheers,
> Łukasz Dobrogowski


With my WAN hat on, may I ask whether someone feels like storing this
somewhere in the wiki? Maybe for Tails Server?