60 lines
1.8 KiB
Bash
Executable File
60 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
. /usr/lib/whonix/utility_functions
|
|
|
|
if [ "${WHONIX}" == "gateway" ]; then
|
|
grep "^DisableNetwork 0$" /etc/tor/torrc || {
|
|
sudo service sdwdate restart
|
|
sudo service tor stop
|
|
sudo /usr/bin/whonixsetup && {
|
|
enable_sysv tor
|
|
sleep 1
|
|
enable_sysv sdwdate
|
|
} || {
|
|
sed -i 's/^DisableNetwork 0/#DisableNetwork 0/g' "/etc/tor/torrc"
|
|
disable_sysv tor
|
|
disable_sysv sdwdate
|
|
sudo /sbin/poweroff
|
|
}
|
|
}
|
|
|
|
# Allow whonix-gateway to act as an update-proxy
|
|
sudo systemctl status qubes-updates-proxy.service || {
|
|
error_file="/usr/share/tinyproxy/default.html"
|
|
|
|
# Search and replace tinyproxy error files so we can inject code that
|
|
# we can use to identify that its a tor proxy so updates are secure
|
|
grep -q "${PROXY_META}" "${error_file}" || {
|
|
sudo sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
|
|
}
|
|
|
|
sudo touch /var/run/qubes-service/qubes-updates-proxy
|
|
sudo iptables -t nat -N PR-QBS-SERVICES
|
|
sudo systemctl start qubes-updates-proxy.service
|
|
}
|
|
|
|
elif [ "${WHONIX}" == "workstation" ]; then
|
|
if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then
|
|
enable_sysv sdwdate
|
|
sudo service sdwdate restart
|
|
sudo /usr/bin/whonixsetup
|
|
fi
|
|
|
|
elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then
|
|
# Set secure defaults.
|
|
iptables -P INPUT DROP
|
|
iptables -P FORWARD DROP
|
|
iptables -P OUTPUT DROP
|
|
|
|
# Flush old rules.
|
|
iptables -F
|
|
iptables -X
|
|
iptables -t nat -F
|
|
iptables -t nat -X
|
|
iptables -t mangle -F
|
|
iptables -t mangle -X
|
|
|
|
# Display warning that netvm is not connected to a torvm
|
|
/usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml
|
|
fi
|