[tor-relays] Question on warnings
Santiago Roland
santiago at undernet.uy
Mon May 30 22:04:19 UTC 2016
Ok thanks both of you, i'll look into it. The control port is blocked from outside. I'm using openWRT router as firewall which it is the best i can do for the moment, but it gives decent control features so far. The relay itself is running on an encrypted LVM debian virtual machine and it has SSH key only login, its pretty secure. Hist system is also debian, both frecuently updated, and monitored for tootkits with rkhunter and brute force attacks mitogation with fail2ban, any other suggestion is welcome.
Best regards,
El 30 de mayo de 2016 6:44:23 PM GMT-03:00, Tristan <supersluether at gmail.com> escribió:
>Not sure where I found this, but I remember reading that Tor changed
>how it
>stored bandwidth information. Arm wasn't updated yet, so it throws an
>error.
>On May 30, 2016 4:32 PM, "Green Dream" <greendream848 at gmail.com> wrote:
>
>Hi. Thanks for running a relay. These notice messages are from the
>monitoring tool Arm, and should not affect the Tor process.
>
>If you don't care about Arm and Tor seems to be working okay otherwise,
>you
>could safely ignore these messages. In case you want to look into them
>further, I'll share some thoughts below. It looks like you're running
>on a
>Unix or Linux system, I'll assume Debian or Ubuntu for the moment.
>
>> 20:42:57 [ARM_NOTICE] Unable to prepopulate bandwidth information
>> (unable to read the state file)
>
>
>This is normal in my experience. Arm is trying to read your node's
>bandwidth history to populate the graphs with data collected before you
>started Arm. I don't know why it fails, but you could squelch it by
>adding
>the following config line to ~/.arm/armrc:
>
> features.graph.bw.prepopulate false
>
>
>> 20:42:56 [ARM_WARN] Unable to read tor's log file:
>> /var/log/tor/log [1duplicate hidden]
>
>
>It looks like Arm doesn't have permission to read /var/log/tor/log. I
>normally start Arm with something like this, so it has the same
>permissions
>as the Tor daemon:
>
> sudo -u debian-tor arm
>
>
>> 20:42:56 [ARM_NOTICE] Tor is preventing system utilities like netstat
>> and lsof from working. This means that arm can't provide you with
>> connection information. You can change this by adding
>> 'DisableDebuggerAttachment 0' to your torrc and restarting tor. For
>> more information see... https://trac.torproject.org/3313
>
>
>You need to add the following to /etc/tor/torrc if you want to utilize
>all
>the features of Arm:
>
> DisableDebuggerAttachment 0
>
>It's disabled by default for security (with a value of '1'), so think
>carefully before doing this. It "reduces security by enabling debugger
>attachment to the Tor process. This can be used by an adversary to
>extract
>keys." (Quoting from
>https://trac.torproject.org/projects/tor/ticket/13880).
>If you do enable the deubgger attachment for Arm, make sure your
>control
>port is locked down (not reachable from the Internet or from other
>hosts
>you don't control, etc.)
>
>
>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Santiago Roland.-
------------------------------------------------------------------
Jabber: santiago at jabber.undernet.uy
Diaspora*: http://bit.ly/diasr
GNU Social: http://bit.ly/gnusr
openPGP ID: 7BE512C5
openPGP key: http://bit.ly/pgpsr
CX1DR - Grid Locator: GF25bf
------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160530/b73802b4/attachment.html>
More information about the tor-relays
mailing list