diff --git a/docs/platforms/whonix.md b/docs/platforms/whonix.md index cecdef88..91d84805 100644 --- a/docs/platforms/whonix.md +++ b/docs/platforms/whonix.md @@ -16,85 +16,11 @@ The following steps should be done in the Whonix-Gateway. ### Onion Grater -Whonix uses [Onion Grater](https://www.whonix.org/wiki/Onion-grater) to guard access to the control port. We have packaged an onion-grater configuration `cwtch-whonix.yml` with Cwtch on Linux. - -The onion-grater configuration `cwtch-whonix.yml` is reproduced below. As noted this configuration is can likely be restricted much further. - -```yaml ---- -- exe-paths: - - '*' - users: - - '*' - hosts: - - '*' - commands: - SETEVENTS: - - 'CIRC WARN ERR' - - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT' - GETINFO: - - pattern: 'network-liveness' - response: - - pattern: '250-network-liveness=.*' - replacement: '250-network-liveness=up' - - pattern: 'status/bootstrap-phase' - response: - - pattern: '250-status/bootstrap-phase=*' - replacement: '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"' - GETCONF: - - pattern: 'DisableNetwork' - response: - - pattern: '250 DisableNetwork=.*' - replacement: '250 DisableNetwork=0' - ADD_ONION: - ## {{{ Host: [::], Ports: 15000-15378 - - pattern: 'ED25519-V3:(\S+) Flags=DiscardPK,Detach Port=9878,\[::\]:(15[0-2][0-9][0-9])' - replacement: 'ED25519-V3:{} Flags=DiscardPK,Detach Port=9878,{client-address}:{}' - - pattern: 'ED25519-V3:(\S+) Flags=DiscardPK,Detach Port=9878,\[::\]:(153[0-6][0-9])' - replacement: 'ED25519-V3:{} Flags=DiscardPK,Detach Port=9878,{client-address}:{}' - - pattern: 'ED25519-V3:(\S+) Flags=DiscardPK,Detach Port=9878,\[::\]:(1537[0-8])' - replacement: 'ED25519-V3:{} Flags=DiscardPK,Detach Port=9878,{client-address}:{}' - ## }}} - DEL_ONION: - - '.+' - HSFETCH: - - '.+' - events: - CIRC: - suppress: true - ORCONN: - suppress: true - INFO: - suppress: true - NOTICE: - suppress: true - WARN: - suppress: true - ERR: - suppress: true - HS_DESC: - response: - - pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)' - replacement: '650 HS_DESC CREATED {} {} {} redacted {}' - - pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*' - replacement: '650 HS_DESC UPLOAD {} {} redacted redacted' - - pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+' - replacement: '650 HS_DESC UPLOADED {} {} redacted' - - pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH' - replacement: '650 HS_DESC REQUESTED {} NO_AUTH' - - pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+' - replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted' - - pattern: '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+' - replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted' - - pattern: '.*' - replacement: '' - HS_DESC_CONTENT: - suppress: true -``` +Whonix uses [Onion Grater](https://www.whonix.org/wiki/Onion-grater) to guard access to the control port. We have packaged an onion-grater configuration [`cwtch-whonix.yml` ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/linux/cwtch-whonix.yml) which is present in the root directory of the tarball. This file needs to be placed in `/usr/share/doc/onion-grater-merger/examples/40_cwtch.yml`. -To enable the Cwtch onion-grater profile, use: +Enable the Cwtch onion-grater profile: ```shell sudo onion-grater-add 40_cwtch ``` @@ -130,7 +56,7 @@ The above command, and the below onion grater configuration assume that Cwtch wa ::: -# Removing Cwtch +# Removing Cwtch from Whonix ## Remove configuration from the Whonix-Gateway