public
/
torvm

# TORVM - a perfectly automated TOR VM

## About

**TORMV is an installation script to setup a _pretty secure_ Linux VM (debian) for "super anonymous" browsing** (might need to rework that description, but you get it).

## Installation

* install VirtualBox for your OS
* create a new VM and make sure you have
    * enable "Skip unattended install"
    * enabled 3D acceleration
    * enabled NAT networking
* download debian Bookworm -> https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.9.0-amd64-netinst.iso
* install debian and make sure you do the following during installation:
    * select "Expert install" (under "Advanced options") in grub
    * do not enable NTP, it will not work. Make sure your host has an accurate time, the guest will use it.
    * partition disk with LVM and crypto (use a long password, possibly a sentence)
    * don't allow root login, create an anonymous user account (for example "user")
    * unselect everything at tasksel (Desktop installation, print server,...)
* finish install and reboot
* after reboot, login and sudo su to become root
* install git client `apt install git`
* download installation setup `git clone https://git.home.spale.com/public/torvm.git`
* in the VirtualBox VM "Devices" menu, select "Install Guest Additions CD Image..." (needed by the next step)
* cd torvm and run `./install.sh` (still as root)
* during package installation two prompts will appear:
    * save IPv4/IPv6 rules (iptables), say yes
    * choose gdm/lightdm, choose lightdm
* `reboot`
* lightdm/i3 should start after boot and you can then login and follow the setup wizard of enlightenment

## What's in the installer script ?

* Install various packages including but not limited to, i3 window manager, lightdm login, Xorg, redsocks, tor, iptables-persistent, firefox-esr, transmission, unbound, ...
* Remove nano, because &lt;full stop&gt;
* mount and compile VirtualBox drivers
* copy configured configuration files for unbound, redsocks and iptables
* disable IPv6 via `/etc/sysctl.conf`
* install a preconfigured firefox profile for all existing users (except root)
* delete all .bash_history files and replace them by symblink to `/dev/null`
* clean apt cache
* stop syslog (temporarly) and delete all files in `/var/log`

## What's in this firefox profile ?

* security settings
* default search engine set to duckduckgo
* disabled saving passwords, history, ...
* preconfigured socks proxy (it's still faster than doing REDIRECT in iptables, going over redsocks to finally land in the tor socks5 server)
* preinstalled add-ons:
    * NoScript (default configuration)
    * uBlock Origin (default configuration)

## Should I trust you?

- You can check the install.sh yourself or even do all the steps manually, there's really no magic here...
- You can simply delete the "user/.mozilla" folder before running installation and it will not install the preconfigured firefox profile