TORVM - a perfectly automated TOR VM

About

TORMV is an installation script to setup a pretty secure Linux VM (debian) for “super anonymous” browsing (might need to rework that description, but you get it).

Installation

• install VirtualBox for your OS
• create a new VM and make sure you have
  • enabled 3D acceleration
  • enabled NAT networking
• download the current release of debian9 https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/ (take the netinst image)
• install debian9 and make sure you do the following during installation:
  • partition disk with LVM and crypto (use a long password, possibly a sentence)
  • don’t allow root login, create an anonymous user account (for example “user”)
  • unselect everything at tasksel (Desktop installation, print server,…)
• finish install and reboot
• after reboot, login and sudo su to become root
• install git client apt-get install git
• download installation setup git clone https://git.home.spale.com/home/torvm.git
• in the VirtualBox VM “Devices” menu, select “Install Guest Additions CD Image…” (needed by the next step)
• cd torvm and run ./install.sh (still as root)
• reboot
• gdm should start after boot and you can then login and follow the setup wizard of enlightenment

What’s in the installer script ?

• Install various packages including but not limited to, enlighenment window manager, gdm login, Xorg, redsocks, tor, iptables-persistent, firefox-esr, transmission, unbound, …
• Remove nano, because <full stop>
• mount and compile VirtualBox drivers
• copy configured configuration files for unbound, redsocks and iptables
• disable IPv6 via /etc/sysctl.conf
• install a preconfigured firefox profile for all existing users (except root)
• delete all .bash_history files and replace them by symblink to /dev/null
• clean apt cache
• stop syslog (temporarly) and delete all files in /var/log

What’s in this firefox profile ?

• security settings
• default search engine set to duckduckgo
• disabled saving passwords, history, …
• preconfigured socks proxy (it’s still faster than doing REDIRECT in iptables, going over redsocks to finally land in the tor socks5 server)
• preinstalled add-ons:
  • NoScript (default configuration)
  • uBlock Origin (default configuration)

Should I trust you?

• You can check the install.sh yourself or even do all the steps manually, there’s really no magic here…
• You can simply delete the “user/.mozilla” folder before running installation and it will not install the preconfigured firefox profile