From 73be2db2456f11ef7fc5aaf79cf118f1d219cc2d Mon Sep 17 00:00:00 2001 From: Matthieu Saulnier Date: Sun, 31 Dec 2017 06:56:01 +0100 Subject: Add maxadvertised variable and more DirPort front pages availables and cleanup torrc template --- host_vars/176.31.191.26 | 1 + host_vars/51.15.179.153 | 1 + host_vars/bpr7drsao5vozzr5.onion | 1 + host_vars/gfuzfrkr6mg47ktw.onion | 1 + host_vars/ns3.casperlefantom.net | 1 + host_vars/ns4.casperlefantom.net | 1 + roles/torrelay/files/index-fedora.html | 132 +++++++++++++++++++++++ roles/torrelay/files/index-it-works.html | 2 + roles/torrelay/files/tor-exit-notice.html | 144 ++++++++++++++++++++++++- roles/torrelay/files/tor-exit-notice_orig.html | 144 ------------------------- roles/torrelay/tasks/main.yml | 2 +- roles/torrelay/templates/torrc.j2 | 23 ++-- 12 files changed, 292 insertions(+), 161 deletions(-) create mode 100644 roles/torrelay/files/index-fedora.html create mode 100644 roles/torrelay/files/index-it-works.html delete mode 100644 roles/torrelay/files/tor-exit-notice_orig.html diff --git a/host_vars/176.31.191.26 b/host_vars/176.31.191.26 index c90d88a..52a5da4 100644 --- a/host_vars/176.31.191.26 +++ b/host_vars/176.31.191.26 @@ -2,5 +2,6 @@ nickname: Casper03 is_gardian: true bprate: '100 MB' bpburst: '120 MB' +maxadvertised: '8 MBytes' is_ntpslave: true diff --git a/host_vars/51.15.179.153 b/host_vars/51.15.179.153 index 8d0d147..6d7a18b 100644 --- a/host_vars/51.15.179.153 +++ b/host_vars/51.15.179.153 @@ -2,6 +2,7 @@ nickname: Casper04 is_gardian: true bprate: '100 MB' bpburst: '120 MB' +maxadvertised: '8 MBytes' outdoor: true is_ntpslave: true diff --git a/host_vars/bpr7drsao5vozzr5.onion b/host_vars/bpr7drsao5vozzr5.onion index 8d0d147..6d7a18b 100644 --- a/host_vars/bpr7drsao5vozzr5.onion +++ b/host_vars/bpr7drsao5vozzr5.onion @@ -2,6 +2,7 @@ nickname: Casper04 is_gardian: true bprate: '100 MB' bpburst: '120 MB' +maxadvertised: '8 MBytes' outdoor: true is_ntpslave: true diff --git a/host_vars/gfuzfrkr6mg47ktw.onion b/host_vars/gfuzfrkr6mg47ktw.onion index c90d88a..52a5da4 100644 --- a/host_vars/gfuzfrkr6mg47ktw.onion +++ b/host_vars/gfuzfrkr6mg47ktw.onion @@ -2,5 +2,6 @@ nickname: Casper03 is_gardian: true bprate: '100 MB' bpburst: '120 MB' +maxadvertised: '8 MBytes' is_ntpslave: true diff --git a/host_vars/ns3.casperlefantom.net b/host_vars/ns3.casperlefantom.net index c90d88a..52a5da4 100644 --- a/host_vars/ns3.casperlefantom.net +++ b/host_vars/ns3.casperlefantom.net @@ -2,5 +2,6 @@ nickname: Casper03 is_gardian: true bprate: '100 MB' bpburst: '120 MB' +maxadvertised: '8 MBytes' is_ntpslave: true diff --git a/host_vars/ns4.casperlefantom.net b/host_vars/ns4.casperlefantom.net index 8d0d147..6d7a18b 100644 --- a/host_vars/ns4.casperlefantom.net +++ b/host_vars/ns4.casperlefantom.net @@ -2,6 +2,7 @@ nickname: Casper04 is_gardian: true bprate: '100 MB' bpburst: '120 MB' +maxadvertised: '8 MBytes' outdoor: true is_ntpslave: true diff --git a/roles/torrelay/files/index-fedora.html b/roles/torrelay/files/index-fedora.html new file mode 100644 index 0000000..1b7ea03 --- /dev/null +++ b/roles/torrelay/files/index-fedora.html @@ -0,0 +1,132 @@ + + + + + Test Page for the Apache HTTP Server on Fedora + + + + + +

Fedora Test Page

+ +
+
+

This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured.

+
+
+ +
+
+

If you are a member of the general public:

+ +

The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.

+ +

If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.

+ +

For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".

+ +

Fedora is a distribution of Linux, a popular computer operating system. It is commonly used by hosting companies because it is free, and includes free web server software. Many times, they do not set up their web server correctly, and it displays this "test page" instead of the expected website.

+ +

Accordingly, please keep these facts in mind:

+
    +
  • Neither the Fedora Project or Red Hat has any affiliation with any website or content hosted from this server (unless otherwise explicitly stated).
    • +
  • Neither the Fedora Project or Red Hat has "hacked" this webserver, this test page is an included component of Apache's httpd webserver software.
    • +
+ +

For more information about Fedora, please visit the Fedora Project website.

+
+
+ +
+

If you are the website administrator:

+ +

You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

+ +
+

You are free to use the images below on Apache and Fedora powered HTTP servers. Thanks for using Apache and Fedora!

+ +

[ Powered by Apache ] [ Powered by Fedora ]

+
+
+
+
+ + diff --git a/roles/torrelay/files/index-it-works.html b/roles/torrelay/files/index-it-works.html new file mode 100644 index 0000000..a316025 --- /dev/null +++ b/roles/torrelay/files/index-it-works.html @@ -0,0 +1,2 @@ +It works + diff --git a/roles/torrelay/files/tor-exit-notice.html b/roles/torrelay/files/tor-exit-notice.html index a316025..4d103b5 100644 --- a/roles/torrelay/files/tor-exit-notice.html +++ b/roles/torrelay/files/tor-exit-notice.html @@ -1,2 +1,144 @@ -It works + + + + + +This is a Tor Exit Router + + + + + +

This is a +Tor Exit Router

+ +

+Most likely you are accessing this website because you had some issue with +the traffic coming from this IP. This router is part of the Tor Anonymity Network, which is +dedicated to providing +privacy to people who need it most: average computer users. This +router IP should be generating no other traffic, unless it has been +compromised.

+ + + + +

+ +How Tor works +

+ +

+Tor sees use by many +important segments of the population, including whistle blowers, +journalists, Chinese dissidents skirting the Great Firewall and oppressive +censorship, abuse victims, stalker targets, the US military, and law +enforcement, just to name a few. While Tor is not designed for malicious +computer users, it is true that they can use the network for malicious ends. +In reality however, the actual amount of abuse is quite low. This +is largely because criminals and hackers have significantly better access to +privacy and anonymity than do the regular users whom they prey upon. Criminals +can and do build, +sell, and trade far larger and more +powerful networks than Tor on a daily basis. Thus, in the mind of this +operator, the social need for easily accessible censorship-resistant private, +anonymous communication trumps the risk of unskilled bad actors, who are +almost always more easily uncovered by traditional police work than by +extensive monitoring and surveillance anyway.

+ +

+In terms of applicable law, the best way to understand Tor is to consider it a +network of routers operating as common carriers, much like the Internet +backbone. However, unlike the Internet backbone routers, Tor routers +explicitly do not contain identifiable routing information about the source of +a packet, and no single Tor node can determine both the origin and destination +of a given transmission.

+ +

+As such, there is little the operator of this router can do to help you track +the connection further. This router maintains no logs of any of the Tor +traffic, so there is little that can be done to trace either legitimate or +illegitimate traffic (or to filter one from the other). Attempts to +seize this router will accomplish nothing.

+ + + + + +

+If you are a representative of a company who feels that this router is being +used to violate the DMCA, please be aware that this machine does not host or +contain any illegal content. Also be aware that network infrastructure +maintainers are not liable for the type of content that passes over their +equipment, in accordance with DMCA +"safe harbor" provisions. In other words, you will have just as much luck +sending a takedown notice to the Internet backbone providers. Please consult +EFF's prepared +response for more information on this matter.

+ +

For more information, please consult the following documentation:

+ +
    +
  1. Tor Overview
    2. +
  2. Tor Abuse FAQ
    3. +
  3. Tor Legal FAQ
    4. +
+ +

+That being said, if you still have a complaint about the router, you may +email the maintainer. If +complaints are related to a particular service that is being abused, I will +consider removing that service from my exit policy, which would prevent my +router from allowing that traffic to exit through it. I can only do this on an +IP+destination port basis, however. Common P2P ports are +already blocked.

+ +

+You also have the option of blocking this IP address and others on +the Tor network if you so desire. The Tor project provides a web service +to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a +specified IP:port combination, and an official DNSRBL is also available to +determine if a given IP address is actually a Tor exit server. Please +be considerate +when using these options. It would be unfortunate to deny all Tor users access +to your site indefinitely simply because of a few bad apples.

+ + + diff --git a/roles/torrelay/files/tor-exit-notice_orig.html b/roles/torrelay/files/tor-exit-notice_orig.html deleted file mode 100644 index 4d103b5..0000000 --- a/roles/torrelay/files/tor-exit-notice_orig.html +++ /dev/null @@ -1,144 +0,0 @@ - - - - - -This is a Tor Exit Router - - - - - - -

This is a -Tor Exit Router

- -

-Most likely you are accessing this website because you had some issue with -the traffic coming from this IP. This router is part of the Tor Anonymity Network, which is -dedicated to providing -privacy to people who need it most: average computer users. This -router IP should be generating no other traffic, unless it has been -compromised.

- - - - -

- -How Tor works -

- -

-Tor sees use by many -important segments of the population, including whistle blowers, -journalists, Chinese dissidents skirting the Great Firewall and oppressive -censorship, abuse victims, stalker targets, the US military, and law -enforcement, just to name a few. While Tor is not designed for malicious -computer users, it is true that they can use the network for malicious ends. -In reality however, the actual amount of abuse is quite low. This -is largely because criminals and hackers have significantly better access to -privacy and anonymity than do the regular users whom they prey upon. Criminals -can and do build, -sell, and trade far larger and more -powerful networks than Tor on a daily basis. Thus, in the mind of this -operator, the social need for easily accessible censorship-resistant private, -anonymous communication trumps the risk of unskilled bad actors, who are -almost always more easily uncovered by traditional police work than by -extensive monitoring and surveillance anyway.

- -

-In terms of applicable law, the best way to understand Tor is to consider it a -network of routers operating as common carriers, much like the Internet -backbone. However, unlike the Internet backbone routers, Tor routers -explicitly do not contain identifiable routing information about the source of -a packet, and no single Tor node can determine both the origin and destination -of a given transmission.

- -

-As such, there is little the operator of this router can do to help you track -the connection further. This router maintains no logs of any of the Tor -traffic, so there is little that can be done to trace either legitimate or -illegitimate traffic (or to filter one from the other). Attempts to -seize this router will accomplish nothing.

- - - - - -

-If you are a representative of a company who feels that this router is being -used to violate the DMCA, please be aware that this machine does not host or -contain any illegal content. Also be aware that network infrastructure -maintainers are not liable for the type of content that passes over their -equipment, in accordance with DMCA -"safe harbor" provisions. In other words, you will have just as much luck -sending a takedown notice to the Internet backbone providers. Please consult -EFF's prepared -response for more information on this matter.

- -

For more information, please consult the following documentation:

- -
    -
  1. Tor Overview
    2. -
  2. Tor Abuse FAQ
    3. -
  3. Tor Legal FAQ
    4. -
- -

-That being said, if you still have a complaint about the router, you may -email the maintainer. If -complaints are related to a particular service that is being abused, I will -consider removing that service from my exit policy, which would prevent my -router from allowing that traffic to exit through it. I can only do this on an -IP+destination port basis, however. Common P2P ports are -already blocked.

- -

-You also have the option of blocking this IP address and others on -the Tor network if you so desire. The Tor project provides a web service -to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a -specified IP:port combination, and an official DNSRBL is also available to -determine if a given IP address is actually a Tor exit server. Please -be considerate -when using these options. It would be unfortunate to deny all Tor users access -to your site indefinitely simply because of a few bad apples.

- - - diff --git a/roles/torrelay/tasks/main.yml b/roles/torrelay/tasks/main.yml index f38781d..5b960e5 100644 --- a/roles/torrelay/tasks/main.yml +++ b/roles/torrelay/tasks/main.yml @@ -29,7 +29,7 @@ file: path=/usr/local/share/tor state=directory - name: Installation de la page d'accueil html - copy: src=tor-exit-notice.html dest=/usr/local/share/tor/tor-exit-notice.html + copy: src=index-fedora.html dest=/usr/local/share/tor/tor-exit-notice.html mode=644 - name: Configuration du service diff --git a/roles/torrelay/templates/torrc.j2 b/roles/torrelay/templates/torrc.j2 index bb98fe9..7a3ea04 100644 --- a/roles/torrelay/templates/torrc.j2 +++ b/roles/torrelay/templates/torrc.j2 @@ -39,35 +39,28 @@ HiddenServicePort 80 127.0.0.1:4433 {% if is_public is defined %} ORPort {{ orport }} - -{% if tor_address is defined %} -Address {{ tor_address }} -{% endif %} - -Nickname {{ nickname }} -RelayBandwidthRate {{ bprate }} -RelayBandwidthBurst {{ bpburst }} -ContactInfo {{ contactinfo }} DirPort {{ dirport }} -DirPortFrontPage /usr/local/share/tor/tor-exit-notice.html - {% endif %} {% if is_gardian is defined %} ORPort {{ pop3sport }} +DirPort {{ pop3port }} +{% endif %} + +{% if nickname is defined %} {% if tor_address is defined %} Address {{ tor_address }} {% endif %} - Nickname {{ nickname }} RelayBandwidthRate {{ bprate }} RelayBandwidthBurst {{ bpburst }} +{% if maxadvertised is defined %} +MaxAdvertisedBandwidth {{ maxadvertised }} +{% endif %} ContactInfo {{ contactinfo }} -DirPort {{ pop3port }} DirPortFrontPage /usr/local/share/tor/tor-exit-notice.html - {% endif %} @@ -76,7 +69,7 @@ MyFamily {% for item in fingerprints %}${{ item }}, {% endfor %} {% if is_exit is defined %} ExitRelay 1 -{%endif %} +{% endif %} {% if is_exit is not defined %} -- cgit