debian: Whonix systemd overrides
This commit is contained in:
Jason Mehring
parent
9efcf913e7
commit
af189150c9
@ -40,6 +40,13 @@ user::rw-
|
|||||||
group::r--
|
group::r--
|
||||||
other::r--
|
other::r--
|
||||||
|
|
||||||
|
# file: lib/systemd/system/qubes-whonix-init.service
|
||||||
|
# owner: root
|
||||||
|
# group: root
|
||||||
|
user::rw-
|
||||||
|
group::r--
|
||||||
|
other::r--
|
||||||
|
|
||||||
# file: etc
|
# file: etc
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
@ -166,14 +173,14 @@ user::rwx
|
|||||||
group::r-x
|
group::r-x
|
||||||
other::r-x
|
other::r-x
|
||||||
|
|
||||||
# file: usr/lib/whonix/whonix.sh
|
# file: usr/lib/whonix/init
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
user::rwx
|
user::rwx
|
||||||
group::r-x
|
group::r-x
|
||||||
other::r-x
|
other::r-x
|
||||||
|
|
||||||
# file: usr/lib/whonix/init
|
# file: usr/lib/whonix/init/qubes-whonix-firewall.sh
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
user::rwx
|
user::rwx
|
||||||
@ -201,12 +208,12 @@ user::rwx
|
|||||||
group::r-x
|
group::r-x
|
||||||
other::r-x
|
other::r-x
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/qubes-firewall-user-script
|
# file: usr/lib/whonix/init/qubes-whonix-tor.service
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
user::rwx
|
user::rw-
|
||||||
group::r-x
|
group::r--
|
||||||
other::r-x
|
other::r--
|
||||||
|
|
||||||
# file: usr/lib/whonix/messages.yaml
|
# file: usr/lib/whonix/messages.yaml
|
||||||
# owner: root
|
# owner: root
|
||||||
|
|||||||
@ -4,11 +4,9 @@ After=qubes-whonix-network.service
|
|||||||
Before=network.target
|
Before=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
ExecStart=/usr/lib/whonix/init/qubes-whonix-firewall.sh
|
||||||
RemainAfterExit=yes
|
|
||||||
ExecStartPre=/usr/lib/whonix/init/init.sh
|
|
||||||
ExecStart=/usr/lib/whonix/init/qubes-firewall-user-script
|
|
||||||
StandardOutput=syslog
|
StandardOutput=syslog
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
Alias=qubes-firewall.service
|
||||||
|
|||||||
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Qubes Whonix initialization script
|
||||||
|
After=qubes-whonix-network.service
|
||||||
|
Before=qubes-whonix-firewall.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=/usr/lib/whonix/init/init.sh
|
||||||
|
StandardOutput=syslog
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@ -2,7 +2,7 @@
|
|||||||
Description=Qubes Whonix network proxy setup
|
Description=Qubes Whonix network proxy setup
|
||||||
ConditionPathExists=/var/run/qubes-service/qubes-network
|
ConditionPathExists=/var/run/qubes-service/qubes-network
|
||||||
Before=network.target
|
Before=network.target
|
||||||
After=qubes-firewall.service
|
After=iptables.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
@ -12,3 +12,4 @@ StandardOutput=syslog
|
|||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
Alias=qubes-network.service
|
||||||
|
|||||||
@ -53,9 +53,6 @@ if [ "${WHONIX}" == "gateway" ]; then
|
|||||||
# we can use to identify that its a tor proxy so updates are secure
|
# we can use to identify that its a tor proxy so updates are secure
|
||||||
error_file="/usr/share/tinyproxy/default.html"
|
error_file="/usr/share/tinyproxy/default.html"
|
||||||
grep -q "${PROXY_META}" "${error_file}" || {
|
grep -q "${PROXY_META}" "${error_file}" || {
|
||||||
sudo sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
|
sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Copy firewall script so Qubes will reload it when it reloads
|
|
||||||
cp -pf /usr/lib/whonix/init/qubes-firewall-user-script /rw/config/qubes-firewall-user-script
|
|
||||||
|
|||||||
@ -0,0 +1,16 @@
|
|||||||
|
[Unit]
|
||||||
|
Description = Anonymizing overlay network for TCP
|
||||||
|
After = syslog.target network.target nss-lookup.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type = simple
|
||||||
|
ExecStart = /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --quiet
|
||||||
|
ExecReload = /bin/kill -HUP ${MAINPID}
|
||||||
|
ExecStop = /bin/kill -INT ${MAINPID}
|
||||||
|
TimeoutSec = 60
|
||||||
|
Restart = on-failure
|
||||||
|
LimitNOFILE = 32768
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy = multi-user.target
|
||||||
|
Alias=tor.service
|
||||||
@ -40,6 +40,13 @@ user::rw-
|
|||||||
group::r--
|
group::r--
|
||||||
other::r--
|
other::r--
|
||||||
|
|
||||||
|
# file: lib/systemd/system/qubes-whonix-init.service
|
||||||
|
# owner: root
|
||||||
|
# group: root
|
||||||
|
user::rw-
|
||||||
|
group::r--
|
||||||
|
other::r--
|
||||||
|
|
||||||
# file: etc
|
# file: etc
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
@ -145,14 +152,14 @@ user::rwx
|
|||||||
group::r-x
|
group::r-x
|
||||||
other::r-x
|
other::r-x
|
||||||
|
|
||||||
# file: usr/lib/whonix/whonix.sh
|
# file: usr/lib/whonix/init
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
user::rwx
|
user::rwx
|
||||||
group::r-x
|
group::r-x
|
||||||
other::r-x
|
other::r-x
|
||||||
|
|
||||||
# file: usr/lib/whonix/init
|
# file: usr/lib/whonix/init/qubes-whonix-firewall.sh
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
user::rwx
|
user::rwx
|
||||||
@ -180,13 +187,6 @@ user::rwx
|
|||||||
group::r-x
|
group::r-x
|
||||||
other::r-x
|
other::r-x
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/qubes-firewall-user-script
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/messages.yaml
|
# file: usr/lib/whonix/messages.yaml
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
|
|||||||
@ -4,11 +4,9 @@ After=qubes-whonix-network.service
|
|||||||
Before=network.target
|
Before=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
ExecStart=/usr/lib/whonix/init/qubes-whonix-firewall.sh
|
||||||
RemainAfterExit=yes
|
|
||||||
ExecStartPre=/usr/lib/whonix/init/init.sh
|
|
||||||
ExecStart=/usr/lib/whonix/init/qubes-firewall-user-script
|
|
||||||
StandardOutput=syslog
|
StandardOutput=syslog
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
Alias=qubes-firewall.service
|
||||||
|
|||||||
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Qubes Whonix initialization script
|
||||||
|
After=qubes-whonix-network.service
|
||||||
|
Before=qubes-whonix-firewall.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=/usr/lib/whonix/init/init.sh
|
||||||
|
StandardOutput=syslog
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@ -2,7 +2,7 @@
|
|||||||
Description=Qubes Whonix network proxy setup
|
Description=Qubes Whonix network proxy setup
|
||||||
ConditionPathExists=/var/run/qubes-service/qubes-network
|
ConditionPathExists=/var/run/qubes-service/qubes-network
|
||||||
Before=network.target
|
Before=network.target
|
||||||
After=qubes-firewall.service
|
After=iptables.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
@ -12,3 +12,4 @@ StandardOutput=syslog
|
|||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
Alias=qubes-network.service
|
||||||
|
|||||||
@ -2,12 +2,6 @@
|
|||||||
|
|
||||||
. /usr/lib/whonix/utility_functions
|
. /usr/lib/whonix/utility_functions
|
||||||
|
|
||||||
# Or just enable them :)
|
|
||||||
#ln -s '/lib/systemd/system/qubes-whonix-network.service' '/etc/systemd/system/multi-user.target.wants/qubes-whonix-network.service'
|
|
||||||
#ln -s '/lib/systemd/system/qubes-whonix-firewall.service' '/etc/systemd/system/multi-user.target.wants/qubes-whonix-firewall.service'
|
|
||||||
#ln -s '/lib/systemd/system/qubes-whonix-init.service' '/etc/systemd/system/multi-user.target.wants/qubes-whonix-init.service'
|
|
||||||
|
|
||||||
|
|
||||||
INTERFACE="eth1"
|
INTERFACE="eth1"
|
||||||
|
|
||||||
if [ "${WHONIX}" == "gateway" ]; then
|
if [ "${WHONIX}" == "gateway" ]; then
|
||||||
@ -59,9 +53,6 @@ if [ "${WHONIX}" == "gateway" ]; then
|
|||||||
# we can use to identify that its a tor proxy so updates are secure
|
# we can use to identify that its a tor proxy so updates are secure
|
||||||
error_file="/usr/share/tinyproxy/default.html"
|
error_file="/usr/share/tinyproxy/default.html"
|
||||||
grep -q "${PROXY_META}" "${error_file}" || {
|
grep -q "${PROXY_META}" "${error_file}" || {
|
||||||
sudo sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
|
sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Copy firewall script so Qubes will reload it when it reloads
|
|
||||||
cp -pf /usr/lib/whonix/init/qubes-firewall-user-script /rw/config/qubes-firewall-user-script
|
|
||||||
|
|||||||
@ -22,8 +22,13 @@ fi
|
|||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Enable Qubes-Whonix services
|
# Enable Qubes-Whonix services
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
chroot "${INSTALLDIR}" systemctl disable qubes-whonix-network.service || :
|
||||||
chroot "${INSTALLDIR}" systemctl enable qubes-whonix-network.service || :
|
chroot "${INSTALLDIR}" systemctl enable qubes-whonix-network.service || :
|
||||||
chroot "${INSTALLDIR}" systemctl enable qubes-whonix-firewall || :
|
|
||||||
|
chroot "${INSTALLDIR}" systemctl disable qubes-whonix-firewall.service || :
|
||||||
|
chroot "${INSTALLDIR}" systemctl enable qubes-whonix-firewall.service || :
|
||||||
|
|
||||||
|
chroot "${INSTALLDIR}" systemctl enable qubes-whonix-init.service || :
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Restore Whonix apt-get
|
# Restore Whonix apt-get
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user