Remove onion-grater profile from Whonix doc
This commit is contained in:
parent
b5cc3cf24c
commit
760c004b73
|
@ -16,85 +16,11 @@ The following steps should be done in the Whonix-Gateway.
|
||||||
|
|
||||||
### Onion Grater
|
### Onion Grater
|
||||||
|
|
||||||
Whonix uses [Onion Grater](https://www.whonix.org/wiki/Onion-grater) to guard access to the control port. We have packaged an onion-grater configuration `cwtch-whonix.yml` with Cwtch on Linux.
|
Whonix uses [Onion Grater](https://www.whonix.org/wiki/Onion-grater) to guard access to the control port. We have packaged an onion-grater configuration [`cwtch-whonix.yml` ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/linux/cwtch-whonix.yml) which is present in the root directory of the tarball.
|
||||||
|
|
||||||
The onion-grater configuration `cwtch-whonix.yml` is reproduced below. As noted this configuration is can likely be restricted much further.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
---
|
|
||||||
- exe-paths:
|
|
||||||
- '*'
|
|
||||||
users:
|
|
||||||
- '*'
|
|
||||||
hosts:
|
|
||||||
- '*'
|
|
||||||
commands:
|
|
||||||
SETEVENTS:
|
|
||||||
- 'CIRC WARN ERR'
|
|
||||||
- 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
|
|
||||||
GETINFO:
|
|
||||||
- pattern: 'network-liveness'
|
|
||||||
response:
|
|
||||||
- pattern: '250-network-liveness=.*'
|
|
||||||
replacement: '250-network-liveness=up'
|
|
||||||
- pattern: 'status/bootstrap-phase'
|
|
||||||
response:
|
|
||||||
- pattern: '250-status/bootstrap-phase=*'
|
|
||||||
replacement: '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"'
|
|
||||||
GETCONF:
|
|
||||||
- pattern: 'DisableNetwork'
|
|
||||||
response:
|
|
||||||
- pattern: '250 DisableNetwork=.*'
|
|
||||||
replacement: '250 DisableNetwork=0'
|
|
||||||
ADD_ONION:
|
|
||||||
## {{{ Host: [::], Ports: 15000-15378
|
|
||||||
- pattern: 'ED25519-V3:(\S+) Flags=DiscardPK,Detach Port=9878,\[::\]:(15[0-2][0-9][0-9])'
|
|
||||||
replacement: 'ED25519-V3:{} Flags=DiscardPK,Detach Port=9878,{client-address}:{}'
|
|
||||||
- pattern: 'ED25519-V3:(\S+) Flags=DiscardPK,Detach Port=9878,\[::\]:(153[0-6][0-9])'
|
|
||||||
replacement: 'ED25519-V3:{} Flags=DiscardPK,Detach Port=9878,{client-address}:{}'
|
|
||||||
- pattern: 'ED25519-V3:(\S+) Flags=DiscardPK,Detach Port=9878,\[::\]:(1537[0-8])'
|
|
||||||
replacement: 'ED25519-V3:{} Flags=DiscardPK,Detach Port=9878,{client-address}:{}'
|
|
||||||
## }}}
|
|
||||||
DEL_ONION:
|
|
||||||
- '.+'
|
|
||||||
HSFETCH:
|
|
||||||
- '.+'
|
|
||||||
events:
|
|
||||||
CIRC:
|
|
||||||
suppress: true
|
|
||||||
ORCONN:
|
|
||||||
suppress: true
|
|
||||||
INFO:
|
|
||||||
suppress: true
|
|
||||||
NOTICE:
|
|
||||||
suppress: true
|
|
||||||
WARN:
|
|
||||||
suppress: true
|
|
||||||
ERR:
|
|
||||||
suppress: true
|
|
||||||
HS_DESC:
|
|
||||||
response:
|
|
||||||
- pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
|
|
||||||
replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
|
|
||||||
- pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
|
|
||||||
replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
|
|
||||||
- pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+'
|
|
||||||
replacement: '650 HS_DESC UPLOADED {} {} redacted'
|
|
||||||
- pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH'
|
|
||||||
replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
|
|
||||||
- pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
|
|
||||||
replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
|
|
||||||
- pattern: '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
|
|
||||||
replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
|
|
||||||
- pattern: '.*'
|
|
||||||
replacement: ''
|
|
||||||
HS_DESC_CONTENT:
|
|
||||||
suppress: true
|
|
||||||
```
|
|
||||||
|
|
||||||
This file needs to be placed in `/usr/share/doc/onion-grater-merger/examples/40_cwtch.yml`.
|
This file needs to be placed in `/usr/share/doc/onion-grater-merger/examples/40_cwtch.yml`.
|
||||||
|
|
||||||
To enable the Cwtch onion-grater profile, use:
|
Enable the Cwtch onion-grater profile:
|
||||||
```shell
|
```shell
|
||||||
sudo onion-grater-add 40_cwtch
|
sudo onion-grater-add 40_cwtch
|
||||||
```
|
```
|
||||||
|
@ -130,7 +56,7 @@ The above command, and the below onion grater configuration assume that Cwtch wa
|
||||||
|
|
||||||
:::
|
:::
|
||||||
|
|
||||||
# Removing Cwtch
|
# Removing Cwtch from Whonix
|
||||||
|
|
||||||
## Remove configuration from the Whonix-Gateway
|
## Remove configuration from the Whonix-Gateway
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue