Thursday, July 28, 2016

Using Vidalia to control Tor on Slackware 14.2

I like to use Tor from time to time when I am away from home.  I like to maintain my privacy and security as best I can.  Slackware does not provide Tor in the official package tree and it can be a bit tricky to set up correctly.  Keep in mind that this tutorial is not meant to replace the Tor browser bundle or the Tails live CD.  Tails and the TBB correct a number of issues that cannot be easily fixed in a standard web browser or Slackware system.  There are, however, a number of applications that can benefit from from this tutorial.  You should use the Tails live CD if you require a high level of anonymity and privacy.

I like to be able to browse the Tor network map, create a new Tor identity, and have a kill switch for Tor as well.  Vidalia may be out dated but it can still be used to do what it was originally intended to do.  I am mostly writing this to document the process for myself and to share the information.  I am writing this tutorial for Slackware 14.2.  It may also apply to Slackware 14.1 and Slackware-current.

Installing Tor requires access to the SlackBuilds.org repository.  To more easily make use of this site, you should install the sbopkg package manager.  Sbopkg 0.38.0 is the most recent version available at the time of writing this article.  Download it and install it as root.

The next step is to synchronize sbopkg with SlackBuilds.org:

Following that you should use sqg to generate a queue file for Tor, Vidalia, GeoIP, and install them.

Everything should be installed now. If you ran into an error, please visit SlackBuilds.org and read section #2 of the FAQ.

Here is the configuration file I like to use for Tor (/etc/tor/torrc):

Next you need to generate a hash for the control port. The control port is used by Vidalia to connect to the Tor daemon on your system. It is used to control the Tor process. Generate it with this next command, while replacing the place holder I added with a strong password for security reasons.

Be sure to read all the files in /usr/share/doc/vidalia-$VERSION for guidance on how to configure Vidalia. The relevant file I am referring to is the README.SBo provided by the maintainer. One configuration setting I like to add to Vidalia, enables Geo location for Tor nodes.

All that is left to do is make the tor init script executable, start the tor daemon, and launch Vidalia on a limited user account. If you followed along, did not make any mistakes, then you will be connected to the tor network. I am not going to walk through how to configure applications to use Tor because the list is endless. Please refer to the Torify page on the Tor Wiki.

I also encourage you to install Privoxy from SlackBuilds.org and configure your system to use it with Tor. Without Privoxy, you are prone to protocol leaks if you are using Tor for HTTP/HTTPS. Another application that is useful with Tor and Privoxy is proxychains.

Relevant Links:

Tuesday, July 26, 2016

A year of Slackware, already?

Wow, its been over a year since I left Debian in the dust for Slackware.   The road was bumpy at first, but I learned a lot by following that road wherever it brought me.  I learned things about Linux and have expanded my skill set more in this last year than I ever did running Debian for the previous 10 years.  My main motivation when I left Debian behind was to rid myself of the dreadful systemd abomination.  At the time I was unaware of how blissfully ignorant and stale my computing life had become.   In fact, I am writing today partly out of frustration developed due to the uninformed opinion in this article.  The other reason is as a bit of a follow up to this archived article from last year.

When I first loaded Slackware up on my laptop, I found myself asking several questions.  Several of these questions were formed due to fundamentally flawed expectations.  Some of these questions were:

  • Where is the package manager?
  • How do I find the dependencies I need when installing software?
  • Why does Slackware use so much disk space?

I found myself in a position where I was being forced to learn or abandon the notion of using Slackware all together.  After considering my options, I realized that the Slackware installation media contains great documentation.  A quick search on Google for "Slackware documentation," yielded a complete wiki dedicated to Slackware.  There is even a whole book available geared specifically to the new Slackware user.  The Slackbook.

Anyway, over the last year I've been met with a very positive outcome while exclusively running Slackware on all my systems.  The thing about Slackware is you cannot expect to just sit down and roll your face on the keyboard to achieve desired results.  Slackware does not compare to Debian, Ubuntu, Fedora, Arch, or any other active Linux distribution.  Debian GNU/Linux is almost as old as Slackware.  However, the design and development philosophies couldn't be further apart in comparison.  Slackware does not hold your hand with a fancy graphical interface.  You are expected to read documentation, to research a little bit, and try things before asking for help.  A little bit of effort is required.

I have no ill will towards Jessie Smith.  However, I don't think he spent a lot of time researching Slackware before he wrote that article for Distro Watch.  In fact, I do not think he spent very much time actually using Slackware before sharing his experience.  You simply cannot turn on any system and expect to master it in a few hours or even a few days.  It takes time, which I guess Jessie Smith does not have a lot of, or his review would have been much different.  His lack of detail lead him to a lack of accuracy.  His experience would be much different If he read some of the introductory Slackware documentation.

The most frustrating part in his article for me was where he describes package management, depenencies, and functionality.  Slackware comes with all the software required to have a fully functional server or a desktop.  All dependencies are included on the installation disc, which is why a FULL installation is recommended.  The package manager, "slackpkg" doesn't need to provide dependency resolution because the Slackware developers provide everything you need to run every piece of software shipped on the installation medium.  For desktops, everything you need to browse the web, check email, write documents, compile code, listen to music, and watch videos, is already included.  For servers, everything needed to serve a web site, DNS, DHCP, E-mail, FIle sharing, printing, or what have you.  All included and very convenient.  Such functionality makes it difficult to develop because even small changes can have adverse effects on the package tree.

I do not mean to turn this post into a rant.  I find it very difficult to process a biased article that was written by someone who has used Slackware so little.  That article Mr. Smith wrote, lead me to lose respect for distro watch.  That type of bias and lack of experience has no place in the media.  That type of attitude is what causes rifts in the Linux community.  It would be refreshing if top Linux news sources made it a policy to hire writers that made a little bit more effort before publishing misleading articles.

Sunday, July 10, 2016

Web Application Security Scanner, w3af for Slackware

So what is w3af?  It is an open source security scanner that has a long list of features.  If you have never heard of it, take a tour on the w3af website.  I've used this valuable software in the past to secure web applications of all types.  I would like to make it available for Slackware users everywhere.

w3af is extremely out of date on SlackBuilds.org.  I have been working on updating w3af to version 1.6.49 from 1.0.  I had hoped for the update to occur for Slackware 14.2.  Unfortunately w3af will remain at version 1.0 due to a regression in a dependency that is shipped in official Slackware.  This is a minor set back that will probably result in a positive outcome.  Slackware is known for including only the most stable software available for Linux.

What should be expected next?  I plan to reorganize my w3af-sbo repository and begin preparing for the next stable Slackware.  I will be focusing on preparing w3af for Slackware-current and Slackware64-current.  I will heavily use slackrepo to build, rebuild, and install w3af and all of its dependencies.  After that I plan to make binary packages available for download on a Slackware mirror dedicated to this project.

I haven't decided on a timeline or a specific road map yet. Please contact me if you have suggestions about improvements, or if you wish to lend a hand.

Thanks for reading!