From efa2afdf227ea5f566ffe86680acfa86a0db10d1 Mon Sep 17 00:00:00 2001 From: Gaming4JC Date: Sun, 26 Feb 2017 10:56:41 -0500 Subject: add tor-hardened-preferences to nonprism --- nonprism/tor-hardened-preferences/torrc | 49 +++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 nonprism/tor-hardened-preferences/torrc (limited to 'nonprism/tor-hardened-preferences/torrc') diff --git a/nonprism/tor-hardened-preferences/torrc b/nonprism/tor-hardened-preferences/torrc new file mode 100644 index 000000000..e0740b6f7 --- /dev/null +++ b/nonprism/tor-hardened-preferences/torrc @@ -0,0 +1,49 @@ +## Configuration file for an atypical Tor user +## Based on torrc configurations provided by... +# https://gitweb.torproject.org/tor.git/plain/src/config/torrc.sample.in +# https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/tor/torrc +# https://www.torproject.org/docs/tor-manual.html.en + +## The directory for keeping all the keys/etc. By default, we store +## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. +DataDirectory /var/lib/tor + +# Stream Isolation +## https://tails.boum.org/contribute/design/stream_isolation/ +## https://wiki.gentoo.org/wiki/Tor#Stream_isolation + +## Default SocksPort +SocksPort 127.0.0.1:9050 IsolateDestAddr IsolateDestPort + +## SocksPort for the MUA +SocksPort 127.0.0.1:9061 IsolateDestAddr + +## SocksPort for misc applications +SocksPort 127.0.0.1:9062 IsolateDestAddr IsolateDestPort + +## SocksPort for the default web browser +SocksPort 127.0.0.1:9150 IsolateSOCKSAuth KeepAliveIsolateSOCKSAuth + + +## The port on which Tor will listen for local connections from Tor +## controller applications, as documented in control-spec.txt. +#ControlPort 9051 +#ControlListenAddress 127.0.0.1 + + + +## Torified DNS +DNSPort 127.0.0.1:9053 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr +AutomapHostsOnResolve 1 +AutomapHostsSuffixes .exit, .onion +#ClientDNSRejectInternalAddresses 1 (Default is already 1) +ClientRejectInternalAddresses 1 + +## Transparent proxy +TransPort 127.0.0.1:9040 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr + +## Misc +AvoidDiskWrites 1 +Sandbox 1 +ExtraInfoStatistics 0 +EnforceDistinctSubnets 1 \ No newline at end of file -- cgit v1.2.3