[tor-relays] FreeBSD 11.1 ZFS Tor Image

[Shawn Webb]

On Sun, Feb 25, 2018 at 09:05:00PM +0000, George wrote:
> Conrad Rockenhaus:
> > Hello All,
> > 
> > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image that 
> > is fully configured and ready to run Tor. Right now it's an eight GB image, but 
> > I'm reducing the size by removing all of the extra stuff on it from the 
> > upgrade from FreeBSD 11 to 11.1.
> 
> I think it's great to ease the implementation of Tor relays,
> particularly on BSDs.
> 
> However, I'd be wary of an image that I didn't build myself, personally.

I agree with that sentiment. I would rather Tor relay operators set up
their systems themselves so that they know how that system is
configured.

I would also suggest users run operating systems that specialize in
security, like OpenBSD or HardenedBSD. Running Tor on FreeBSD opens
the door to mass exploitation via copy and paste style exploits. I
would caution against such setups. Tor has a very unique threat
landscape and the security of the relay should be of upmost
importance.

> 
> The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> Vultur to build on OpenBSD. I tend to think using other people's scripts
> that can be reviewed and hacked is a better gateway for new relay
> operators than images.

Agreed. Not only does the Tor network need to be diversified with
regards to operating system, but it also needs to be diversified with
regards to hosting providers. Tor needs to be resilient against any
and all attacks.

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180225/b0a6f2d8/attachment.sig>