Unable to get Tor exit relay to run - Ubuntu 16.04
I'd really appreciate some clueful suggestions or help please - thank you. I'm not new to Tor; I have an existing relay I run, https://atlas.torproject.org/#details/ECC3599DDCFE44C3F28AE0C9DC5DE92847D360... , but I am unable to get a new Tor relay up and running on an entirely different VPS. I am running on Ubuntu 16.04 Server on a VPS on https://box.cock.li/ . On first attempt I couldn't get a Tor relay running, so I started again from scratch, getting the VPS administrator to reprovision the VPS from scratch, to no avail. I SSHed in as root, created a user and made it a sudoer, added public key etc. and disabled root admin. Then I SSHed in as the user, installed ntp and ufw, added ports 80 and 443 to ufw, added the Tor respository and key as per https://www.torproject.org/docs/debian.html.en#ubuntu. I installed tor, deb.torproject.org-keyring and arm, and edited torrc such that it reads: SOCKSPort 0 RunAsDaemon 1 ORPort 443 Nickname kingqueencock ContactInfo ROT13 <xvatdhrra@ybirf.qvpxvauvfna.hf> DirPort 80 # what port to advertise for directory connections DirPortFrontPage /etc/tor/tor-exit-notice.html MyFamily ECC3599DDCFE44C3F28AE0C9DC5DE92847D3602B then the "alternative Reduced-Reduced ExitPolicy" from https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy then sudo service tor restart. For all I can gather, Tor isn't running. There are no files in /var/tor/log. ps aux | grep tor returns nothing other than the grep command. arm shows the "Welcome to the Tor network!" initial relay configuration screen, as does sudo -u debian-tor arm. sudo service tor status ● tor.service - Anonymizing overlay network for TCP (multi-instance-master) Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled) Active: active (exited) since Thu 2017-07-27 19:36:41 UTC; 3s ago Process: 9781 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 9781 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 512) CGroup: /system.slice/tor.service Jul 27 19:36:41 localhost systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)... Jul 27 19:36:41 localhost systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master). root@localhost:/var/log/tor# ls -al total 8 drwxr-s--- 2 debian-tor adm 4096 Jul 27 19:29 . drwxr-xr-x 7 root root 4096 Jul 27 19:29 .. The odd thing is if I reboot my VPS by sudo shutdown -r now and do ps aux | grep tor there is tor running as a root user. root 435 0.0 0.5 44760 5716 ? Ss 19:40 0:00 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config I don't know where that has come from, or if it's a problem. I have had a poke around in init.d and systemd but I am not an expert in those. I am beginning to wonder or suspect the Ubuntu installation image on the VPS may not be entirely clean... If I try to run arm as root, the "new relay" configuration wizard appears and when I quit the tor process isn't running. I'm stuck. Any help very gratefully received. Cheers Doug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Maybe you miss the option : DataDirectory /var/lib/tor/data ? On 07/27/2017 09:53 PM, King Queen wrote:
Toralf PGP C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWXpIdhccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpThQtAP4iN8KbvyiMdpKqeiUDeS2n54lP QJrttbjz9OMsiJNNhAD+MX0vIVIl6R+a90j0LJEf6uacZ8VsqmlQ1pcTSp/YGrA= =bzcc -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/27/2017 09:53 PM, King Queen wrote:
root@localhost:/var/log/tor# ls -al
And something like this helps too : Log info file /tmp/info.log - -- Toralf PGP C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWXpI0BccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTv9nAP9w7W/YL4LNRr55RtSH5S5XUeaw hJ++vn1IJI1cf3i15gD7BnWNe1iwn0LfDbUhEhehEN7HU91RXEJAjctVq67adfU= =VPK3 -----END PGP SIGNATURE-----
Hello Toralf, Thank you, I've added DataDirectory /var/lib/tor/data and Log info file /tmp/info.log into torrc and did sudo service tor restart but /tmp/info.log is not being created. Thanks Doug Thursday, July 27, 2017, 9:10:56 PM, you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 07/27/2017 09:53 PM, King Queen wrote:
root@localhost:/var/log/tor# ls -al
And something like this helps too :
Log info file /tmp/info.log
-- Best regards, King mailto:kingqueenits@gmail.com
Hi Doug, I think the short story is that you're managing the service the wrong (old) way. Ubuntu moved to systemd as of 15.04. This should help: https://www.digitalocean.com/community/tutorials/systemd-essentials-working-...
Hello, Thanks for your support. Doubtless you're right that the commands are out of date, in which case the instructions on torproject.org are out of date. https://www.torproject.org/docs/debian.html.en I used Option 2 set for Xenial then continuing from https://www.torproject.org/docs/tor-relay-debian.html.en step two which has "service tor reload" /var/log/syslog doesn't exist. Thanks for the suggestions. Doug Thursday, July 27, 2017, 9:23:07 PM, you wrote:
Hi Doug,
I think the short story is that you're managing the service the wrong (old) way. Ubuntu moved to systemd as of 15.04. This should help:
https://www.digitalocean.com/community/tutorials/systemd-essentials-working-...
sudo service tor restart sudo service tor status
For all I can gather, Tor isn"t running.
The odd thing is if I reboot my VPS by sudo shutdown -r now and do ps aux | grep tor there is tor running as a root user
It's being started by systemd on boot, as seen in the output of ps here:
root 435 0.0 0.5 44760 5716 ? Ss 19:40 0:00 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config
That looks sane/typical to me, for what it's worth.
There are no files in/var/tor/log
Check in /var/log/syslog; I'm not sure why logs go there instead of /var/log/tor, but it may be another artifact of Ubuntu's switch to systemd.
-- Best regards, King mailto:kingqueenits@gmail.com
Hello tor, Just in case anybody else comes up with the same issue - Tor just doesn't do anything when installed from scratch on Ubuntu 16.04 - the bug is with apparmor. It's some variant on https://github.com/jlund/streisand/issues/782 and can be circumvented by running as root: apt install apparmor-utils aa-complain system_tor systemctl restart tor journalctl reveals the following: Jul 28 20:59:01 localhost systemd[1]: Starting Anonymizing overlay network for TCP... Jul 28 20:59:01 localhost systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)... Jul 28 20:59:01 localhost systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master). Jul 28 20:59:02 localhost tor[6106]: Jul 28 20:59:02.023 [notice] Tor 0.3.0.9 (git-100816d92ab5664d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g-fips and Zlib 1.2.8. Jul 28 20:59:02 localhost tor[6106]: Jul 28 20:59:02.025 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 28 20:59:02 localhost tor[6106]: Jul 28 20:59:02.025 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 28 20:59:02 localhost tor[6106]: Jul 28 20:59:02.026 [notice] Read configuration file "/etc/tor/torrc". Jul 28 20:59:02 localhost tor[6106]: Configuration was valid Jul 28 20:59:02 localhost audit[6114]: AVC apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="system_tor" pid=6114 comm="(tor)" Jul 28 20:59:02 localhost systemd[6114]: tor@default.service: Failed at step APPARMOR spawning /usr/bin/tor: No such file or directory Jul 28 20:59:02 localhost systemd[1]: tor@default.service: Main process exited, code=exited, status=231/APPARMOR Jul 28 20:59:02 localhost kernel: audit: type=1400 audit(1501275542.094:46): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="system_tor" pid=6114 comm="(tor)" Jul 28 20:59:02 localhost systemd[1]: Failed to start Anonymizing overlay network for TCP. Jul 28 20:59:02 localhost systemd[1]: tor@default.service: Unit entered failed state. Jul 28 20:59:02 localhost systemd[1]: tor@default.service: Failed with result 'exit-code'. Jul 28 20:59:02 localhost systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. Jul 28 20:59:02 localhost systemd[1]: Stopped Anonymizing overlay network for TCP. Repeated several times. Everything runs just fine after the aa-complain command. Cheers Doug Thursday, July 27, 2017, 9:23:07 PM, you wrote:
Hi Doug,
I think the short story is that you're managing the service the wrong (old) way. Ubuntu moved to systemd as of 15.04. This should help:
https://www.digitalocean.com/community/tutorials/systemd-essentials-working-...
sudo service tor restart sudo service tor status
For all I can gather, Tor isn"t running.
The odd thing is if I reboot my VPS by sudo shutdown -r now and do ps aux | grep tor there is tor running as a root user
It's being started by systemd on boot, as seen in the output of ps here:
root 435 0.0 0.5 44760 5716 ? Ss 19:40 0:00 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config
That looks sane/typical to me, for what it's worth.
There are no files in/var/tor/log
Check in /var/log/syslog; I'm not sure why logs go there instead of /var/log/tor, but it may be another artifact of Ubuntu's switch to systemd.
-- Best regards, King mailto:kingqueenits@gmail.com
participants (3)
-
King Queen -
tor -
Toralf Förster