Instalacja i konfiguracja Squid3, Tor, Privoxy – anonimowość w sieci.

 

Zilustrowany scenariusz połączeń Squid’a3 , Privoxy i Tor’a.

Scenariusz:
Użytkownik łączy się z serwerem squid.
Squid filtruje treść i łączy się do ośmiu instancjami programu Privoxy.
Każda istancja Privoxy łączy się do jednej istancji Tor’a.
Tor łączy się juz bezpośrednio do internetu.

stp

 

1. Aktualizacja systemu Debian.

sudo apt-get update
sudo apt-get upgrade
apt-get dist-upgrade

2. Instalacja Squid 3.

http://pl.terminal28.com/instalacja-squid-proxy-serwer-clamav-squidclamav-c-icap-serwer-debian-6-0-x

 

3. Instalacja Tor’a i Privoxy.

sudo apt-get install tor privoxy

 

4. Zatrzymanie programów po instalacji.

sudo /etc/init.d/squid3 stop
sudo /etc/init.d/privoxy stop
sudo /etc/init.d/tor stop

 

5. Edycja i zmiana konfiguracji programu Tor.

Tworzenie 8 odrębnych plików konfiguracyjnych Tor’a.

torrc-1

sudo cat << EOT > /etc/tor/torrc-1
SocksBindAddress 127.0.0.1
SocksPort 10010
SocksPolicy accept *
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
DataDirectory /var/lib/tor1
PidFile /var/run/tor/tor-1.pid
EOT

torrc-2

sudo cat << EOT > /etc/tor/torrc-2
SocksBindAddress 127.0.0.1
SocksPort 10020
SocksPolicy accept *
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
DataDirectory /var/lib/tor2
PidFile /var/run/tor/tor-2.pid
EOT

torrc-3

sudo cat << EOT > /etc/tor/torrc-3
SocksBindAddress 127.0.0.1
SocksPort 10030
SocksPolicy accept *
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
DataDirectory /var/lib/tor3
PidFile /var/run/tor/tor-3.pid
EOT

torrc-4

sudo cat << EOT > /etc/tor/torrc-4
SocksBindAddress 127.0.0.1
SocksPort 10040
SocksPolicy accept *
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
DataDirectory /var/lib/tor4
PidFile /var/run/tor/tor-4.pid
EOT

torrc-5

sudo cat << EOT > /etc/tor/torrc-5
SocksBindAddress 127.0.0.1
SocksPort 10050
SocksPolicy accept *
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
DataDirectory /var/lib/tor5
PidFile /var/run/tor/tor-5.pid
EOT

torrc-6

sudo cat << EOT > /etc/tor/torrc-6
SocksBindAddress 127.0.0.1
SocksPort 10060
SocksPolicy accept *
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
DataDirectory /var/lib/tor6
PidFile /var/run/tor/tor-6.pid
EOT

torrc-7

sudo cat << EOT > /etc/tor/torrc-7
SocksBindAddress 127.0.0.1
SocksPort 10070
SocksPolicy accept *
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
DataDirectory /var/lib/tor7
PidFile /var/run/tor/tor-7.pid
EOT

torrc-8

sudo cat << EOT > /etc/tor/torrc-8
SocksBindAddress 127.0.0.1
SocksPort 10080
SocksPolicy accept *
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
DataDirectory /var/lib/tor8
PidFile /var/run/tor/tor-8.pid
EOT

6. Tworzenie i zmiana uprawnień folderów lib Tor’a.

Tworzenie 8 odrębnych folderów lib Tor’a.

sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor1
sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor2
sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor3
sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor4
sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor5
sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor6
sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor7
sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor8

 

7. Pobranie skryptu uruchamiającego 8 instancji Tor do folderu /etc/init.d/ i zmiana uprawnień na plik wykonywalny.

sudo mv /etc/init.d/tor /etc/init.d/tor.orig
sudo wget http://terminal28.com/wp-content/uploads/2015/12/tor -O /etc/init.d/tor
sudo chmod +x /etc/init.d/tor

 

Uruchomienie Tor’a.

sudo /etc/init.d/tor start

Zastosowanie: /etc/init.d/tor {start|stop|restart|reload|force-reload|status}

 

 

W czasie uruchamiania Tor’a powinno pojawić się 8 instancji programu:

sudo /etc/init.d/tor start
Raising maximum number of filedescriptors (ulimit -n) to 32768.
Starting tor daemon: tor...
tor 1 done.
tor 2 done.
tor 3 done.
tor 4 done.
tor 5 done.
tor 6 done.
tor 7 done.
tor 8 done.

 

Weryfikacja:

netstat -tap | grep tor
tcp        0      0 localhost:10060         *:*                     LISTEN      4037/tor
tcp        0      0 localhost:10030         *:*                     LISTEN      4028/tor
tcp        0      0 localhost:10070         *:*                     LISTEN      4040/tor
tcp        0      0 localhost:10040         *:*                     LISTEN      4031/tor
tcp        0      0 localhost:10010         *:*                     LISTEN      4022/tor
tcp        0      0 localhost:10020         *:*                     LISTEN      4025/tor
tcp        0      0 localhost:10080         *:*                     LISTEN      4027/tor
tcp        0      0 localhost:10050         *:*                     LISTEN      4035/tor

 

8. Edycja i zmiana konfiguracji programu Privoxy.

Tworzenie 8 odrebnych plików konfiguracyjnych Privoxy.

privoxy_1.conf

sudo cat << EOT > /etc/privoxy/privoxy_1.conf
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy_1
listen-address localhost:11010
forward-socks5t / 127.0.0.1:10010 .
forward         192.168.*.*/ .
forward         127.*.*.*/ .
forward         localhost/ .
EOT

privoxy_2.conf

sudo cat << EOT > /etc/privoxy/privoxy_2.conf
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy_2
listen-address localhost:11020
forward-socks5t / 127.0.0.1:10020 .
forward         192.168.*.*/ .
forward         127.*.*.*/ .
forward         localhost/ .
EOT

privoxy_3.conf

sudo cat << EOT > /etc/privoxy/privoxy_3.conf
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy_3
listen-address localhost:11030
forward-socks5t / 127.0.0.1:10030 .
forward         192.168.*.*/ .
forward         127.*.*.*/ .
forward         localhost/ .
EOT

privoxy_4.conf

sudo cat << EOT > /etc/privoxy/privoxy_4.conf
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy_4
listen-address localhost:11040
forward-socks5t / 127.0.0.1:10040 .
forward         192.168.*.*/ .
forward         127.*.*.*/ .
forward         localhost/ .
EOT

privoxy_5.conf

sudo cat << EOT > /etc/privoxy/privoxy_5.conf
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy_5
listen-address localhost:11050
forward-socks5t / 127.0.0.1:10050 .
forward         192.168.*.*/ .
forward         127.*.*.*/ .
forward         localhost/ .
EOT

privoxy_6.conf

sudo cat << EOT > /etc/privoxy/privoxy_6.conf
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy_6
listen-address localhost:11060
forward-socks5t / 127.0.0.1:10060 .
forward         192.168.*.*/ .
forward         127.*.*.*/ .
forward         localhost/ .
EOT

privoxy_7.conf

sudo cat << EOT > /etc/privoxy/privoxy_7.conf
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy_7
listen-address localhost:11070
forward-socks5t / 127.0.0.1:10070 .
forward         192.168.*.*/ .
forward         127.*.*.*/ .
forward         localhost/ .
EOT

privoxy_8.conf

sudo cat << EOT > /etc/privoxy/privoxy_8.conf
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action
actionsfile default.action
actionsfile user.action
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy_8
listen-address localhost:11080
forward-socks5t / 127.0.0.1:10080 .
forward         192.168.*.*/ .
forward         127.*.*.*/ .
forward         localhost/ .
EOT

 

9. Tworzenie i zmiana uprawnień folderów z logami Privoxy.


sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_1
sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_2
sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_3
sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_4
sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_5
sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_6
sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_7
sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_8

 

10. Pobranie skryptu uruchamiającego 8 instancji Privoxy do folderu /etc/init.d/ i zmiana uprawnień na plik wykonywalny.

sudo mv /etc/init.d/privoxy /etc/init.d/privoxy.orig
sudo wget http://terminal28.com/wp-content/uploads/2015/12/privoxy -O /etc/init.d/privoxy
sudo chmod +x /etc/init.d/privoxy
sudo update-rc.d privoxy defaults

 

Uruchomienie Privoxy.

sudo /etc/init.d/privoxy start

Usage: /etc/init.d/privoxy {start|stop|restart|force-reload|status}

 

Weryfikacja:

netstat -tap | grep privoxy
tcp        0      0 localhost:11010          *:*                     LISTEN      1968/privoxy
tcp        0      0 localhost:11050          *:*                     LISTEN      2072/privoxy
tcp        0      0 localhost:11040          *:*                     LISTEN      1431/privoxy
tcp        0      0 localhost:11080          *:*                     LISTEN      1543/privoxy
tcp        0      0 localhost:11070          *:*                     LISTEN      1484/privoxy
tcp        0      0 localhost:11060          *:*                     LISTEN      1558/privoxy
tcp        0      0 localhost:11020          *:*                     LISTEN      1512/privoxy
tcp        0      0 localhost:10030          *:*                     LISTEN      1590/privoxy

 

11. Edycja konfiguracji Squid3 /etc/squid/squid3.conf

Do pliku /etc/squid/squid3.conf konfiguracyjnego dodajemy:

sudo nano /etc/squid3/squid.conf
cache_peer localhost parent 11010 0 default no-query no-delay no-digest no-netdb-exchange round-robin
cache_peer localhost_2 parent 11020 0 default no-query no-delay no-digest no-netdb-exchange round-robin
cache_peer localhost_3 parent 11030 0 default no-query no-delay no-digest no-netdb-exchange round-robin
cache_peer localhost_4 parent 11040 0 default no-query no-delay no-digest no-netdb-exchange round-robin
cache_peer localhost_5 parent 11050 0 default no-query no-delay no-digest no-netdb-exchange round-robin
cache_peer localhost_6 parent 11060 0 default no-query no-delay no-digest no-netdb-exchange round-robin
cache_peer localhost_7 parent 11070 0 default no-query no-delay no-digest no-netdb-exchange round-robin
cache_peer localhost_8 parent 11080 0 default no-query no-delay no-digest no-netdb-exchange round-robin
always_direct deny all

 

Uruchomianie Squid3

Czyszczenie i przebudowa cache squida3.

sudo /etc/init.d/squid3 stop
sudo squid3 -f /etc/squid3/squid.conf -z
sudo /etc/init.d/squid3 start

 

12. Edycja pliku hosts w folderze /etc/.

sudo nano /etc/hosts
127.0.0.1 localhost # Powinien być już dodany automatycznie
127.0.0.1 localhost_2
127.0.0.1 localhost_3
127.0.0.1 localhost_4
127.0.0.1 localhost_5
127.0.0.1 localhost_6
127.0.0.1 localhost_7
127.0.0.1 localhost_8

 

13. Restart Sieci.

sudo service networking restart

 

Dodaj komentarz

Twój adres email nie będzie publikowany.