Delivery-Date: Fri, 06 Jun 2014 10:56:20 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id 582111E0AA9
	for <archiver@seul.org>; Fri,  6 Jun 2014 10:56:18 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4DD272F6DA;
	Fri,  6 Jun 2014 14:56:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E80A02F73D
 for <tor-talk@lists.torproject.org>; Fri,  6 Jun 2014 14:55:15 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vWK1JbjiBK5g for <tor-talk@lists.torproject.org>;
 Fri,  6 Jun 2014 14:55:15 +0000 (UTC)
Received: from mail.headstrong.de (mail.headstrong.de [81.7.4.112])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id B80392F71D
 for <tor-talk@lists.torproject.org>; Fri,  6 Jun 2014 14:55:15 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
 by mail.headstrong.de (Postfix) with ESMTP id 876F21C013FA
 for <tor-talk@lists.torproject.org>; Fri,  6 Jun 2014 16:55:12 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=headstrong.de;
 h=content-transfer-encoding:content-type:content-type
 :in-reply-to:references:subject:subject:mime-version:from:from
 :date:date:message-id:received; s=mail; t=1402066510; x=
 1403880911; bh=8UX/HrpoTvNV00ekb59I9OoXTyTakZYKDpOnPQmK9oE=; b=e
 WTtMO4Uzcf5dCYxkTTwgg2NtXX+Wib3h07p2ceCDcAU+Fq+BGMiX+JYg1eU3sf/L
 7RxbKK53v2NofxBCKhrJMjXdh4obErjqhE4vRO/yvyXciRPO/rGMCtezEjhy/VYM
 9QNgzJOd8CkF6LSkIUFu7mXCTW8eyc4Tk5e3d7+U/Q=
X-Virus-Scanned: Debian amavisd-new at mail.headstrong.de
Received: from mail.headstrong.de ([127.0.0.1])
 by localhost (mail.headstrong.de [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id C_tafi_TwjXE for <tor-talk@lists.torproject.org>;
 Fri,  6 Jun 2014 16:55:10 +0200 (CEST)
Message-ID: <5391D653.1000001@torservers.net>
Date: Fri, 06 Jun 2014 16:55:15 +0200
From: Moritz Bartl <moritz@torservers.net>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <ff3e43bd5fc83768249ff735637fe35d.squirrel@fulvetta.riseup.net>
In-Reply-To: <ff3e43bd5fc83768249ff735637fe35d.squirrel@fulvetta.riseup.net>
X-Enigmail-Version: 1.6
Subject: Re: [tor-talk] Security concerns with running an exit relay
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 06/06/2014 01:57 AM, ondesmartenot@riseup.net wrote:
> Can you point me to any documentation relating to maintaining your relay's
> security? I know that computer security is a large and complex problem,
> but just some basic information on likely threats and tips to protect
> against them would be much appreciated.

My install notes at http://torservers.net/wiki/setup/server are a bit
outdated and most of the later parts will not be relevant for small exit
operators, but it has everything that I think one should do. It's really
not much:

1. Move SSH to a non-standard port (reduces noise in logs)
2. Disable SSH plaintext authentication.
3. Install NTP.
4. Set DirFrontPage.

I agree that there should be better guides. Personally, I think we
should have a wizard/script that guides you through the process and
deploys Tor relays for you. I even have some funding for it, but so far
I was unable to find someone to lead the effort.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

