# TORVM - a perfectly automated TOR VM ## About **TORMV is an installation script to setup a _pretty secure_ Linux VM (debian) for "super anonymous" browsing** (might need to rework that description, but you get it). ## Installation * install VirtualBox for your OS * create a new VM and make sure you have * enable "Skip unattended install" * enabled 3D acceleration * enabled NAT networking * download debian Bookworm -> https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.9.0-amd64-netinst.iso * install debian and make sure you do the following during installation: * select "Expert install" (under "Advanced options") in grub * do not enable NTP, it will not work. Make sure your host has an accurate time, the guest will use it. * partition disk with LVM and crypto (use a long password, possibly a sentence) * don't allow root login, create an anonymous user account (for example "user") * unselect everything at tasksel (Desktop installation, print server,...) * finish install and reboot * after reboot, login and sudo su to become root * install git client `apt install git` * download installation setup `git clone https://git.home.spale.com/public/torvm.git` * in the VirtualBox VM "Devices" menu, select "Install Guest Additions CD Image..." (needed by the next step) * cd torvm and run `./install.sh` (still as root) * during package installation two prompts will appear: * save IPv4/IPv6 rules (iptables), say yes * choose gdm/lightdm, choose lightdm * `reboot` * lightdm/i3 should start after boot and you can then login and follow the setup wizard of enlightenment ## What's in the installer script ? * Install various packages including but not limited to, i3 window manager, lightdm login, Xorg, redsocks, tor, iptables-persistent, firefox-esr, transmission, unbound, ... * Remove nano, because <full stop> * mount and compile VirtualBox drivers * copy configured configuration files for unbound, redsocks and iptables * disable IPv6 via `/etc/sysctl.conf` * install a preconfigured firefox profile for all existing users (except root) * delete all .bash_history files and replace them by symblink to `/dev/null` * clean apt cache * stop syslog (temporarly) and delete all files in `/var/log` ## What's in this firefox profile ? * security settings * default search engine set to duckduckgo * disabled saving passwords, history, ... * preconfigured socks proxy (it's still faster than doing REDIRECT in iptables, going over redsocks to finally land in the tor socks5 server) * preinstalled add-ons: * NoScript (default configuration) * uBlock Origin (default configuration) ## Should I trust you? - You can check the install.sh yourself or even do all the steps manually, there's really no magic here... - You can simply delete the "user/.mozilla" folder before running installation and it will not install the preconfigured firefox profile