public
/
torvm
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
How to make the perfect TOR VM in VirtualBox
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Pascal Gloor d4f77c9050 updated for debian bookworm 2 days ago
static/etc removed old script 5 years ago
user/.mozilla/firefox added mozilla config 5 years ago
README.md updated for debian bookworm 2 days ago
install.sh updated for debian bookworm 2 days ago

README.md

TORVM - a perfectly automated TOR VM

About

TORMV is an installation script to setup a pretty secure Linux VM (debian) for “super anonymous” browsing (might need to rework that description, but you get it).

Installation

  • install VirtualBox for your OS
  • create a new VM and make sure you have
    • enable “Skip unattended install”
    • enabled 3D acceleration
    • enabled NAT networking
  • download debian Bookworm -> https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.9.0-amd64-netinst.iso
  • install debian and make sure you do the following during installation:
    • select “Expert install” (under “Advanced options”) in grub
    • do not enable NTP, it will not work. Make sure your host has an accurate time, the guest will use it.
    • partition disk with LVM and crypto (use a long password, possibly a sentence)
    • don’t allow root login, create an anonymous user account (for example “user”)
    • unselect everything at tasksel (Desktop installation, print server,…)
  • finish install and reboot
  • after reboot, login and sudo su to become root
  • install git client apt install git
  • download installation setup git clone https://git.home.spale.com/public/torvm.git
  • in the VirtualBox VM “Devices” menu, select “Install Guest Additions CD Image…” (needed by the next step)
  • cd torvm and run ./install.sh (still as root)
  • during package installation two prompts will appear:
    • save IPv4/IPv6 rules (iptables), say yes
    • choose gdm/lightdm, choose lightdm
  • reboot
  • lightdm/i3 should start after boot and you can then login and follow the setup wizard of enlightenment

What’s in the installer script ?

  • Install various packages including but not limited to, i3 window manager, lightdm login, Xorg, redsocks, tor, iptables-persistent, firefox-esr, transmission, unbound, …
  • Remove nano, because <full stop>
  • mount and compile VirtualBox drivers
  • copy configured configuration files for unbound, redsocks and iptables
  • disable IPv6 via /etc/sysctl.conf
  • install a preconfigured firefox profile for all existing users (except root)
  • delete all .bash_history files and replace them by symblink to /dev/null
  • clean apt cache
  • stop syslog (temporarly) and delete all files in /var/log

What’s in this firefox profile ?

  • security settings
  • default search engine set to duckduckgo
  • disabled saving passwords, history, …
  • preconfigured socks proxy (it’s still faster than doing REDIRECT in iptables, going over redsocks to finally land in the tor socks5 server)
  • preinstalled add-ons:
    • NoScript (default configuration)
    • uBlock Origin (default configuration)

Should I trust you?

  • You can check the install.sh yourself or even do all the steps manually, there’s really no magic here…
  • You can simply delete the “user/.mozilla” folder before running installation and it will not install the preconfigured firefox profile