install TOR on a centOS 7 server

linux installation centos7 tor
19,906

Tor no longer recommends using their repo for CentoOS and to instead use epel repos. You'll just end up with a very old version out of their repos.

Instead do:

yum install epel-release
yum install tor

This will get you a current version of Tor managed by a repo. This is perfectly fine.

For CentOS, I have been self-compiling for a while. I have a hacky shell script I'm not yet willing to post here ;) but really it's just compiling Tor and OpenSSL. I'd still recommend using the epel-release since its more tested.

To try building Tor statically linked to OpenSSL yourself, grab a recent copy of OpenSSL (e.g. 1.1.1x), then grab the version of Tor you want to build (e.g. 0.4.1.6).

First you will need to install some prerequisites:

yum install -y \
gcc gcc-c++ \
zlib-devel \
perl-Module-Load-Conditional perl-Test-Harness \
libevent-devel \
libzstd-devel xz-devel \
libscrypt-devel libseccomp-devel

From OpenSSL source dir:

./config --prefix=/opt/openssl --openssldir=/opt/openssl \
-fPIC zlib-dynamic no-shared enable-ec_nistp_64_gcc_128
make
make test
make install

OpenSSL 1.1.1 note: Remove the no-shared option when building OpenSSL, otherwise Tor configuration will fail with an error that it can't find a linkable OpenSSL even though it is being built statically. Tor will still link a static OpenSSL but it seems to require the shared libraries to work. This appears to be fixed in 1.1.1c and later.

This installs OpenSSL to /opt/openssl so it doesn't interfere or replace the system's OpenSSL.

Then, build Tor:

./configure --prefix=/opt/tor-VERSION --sysconfdir=/etc --localstatedir=/var \
--enable-static-openssl --with-openssl-dir=/opt/openssl \
--with-tor-user=tor --with-tor-group=tor \
--enable-lzma --enable-zstd

make
make test
make install
unlink /usr/bin/tor && ln -s /opt/tor-VERSION/bin/tor /usr/bin/tor

The systemd service file I use is:

[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target

[Service]
Type=forking
PidFile=/var/run/tor/tor.pid
NotifyAccess=all
ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
ExecStart=/usr/bin/tor -f /etc/tor/torrc --RunAsDaemon 1
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutStartSec=120
TimeoutStopSec=60
Restart=on-failure
LimitNOFILE=65536

# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER

[Install]
WantedBy=multi-user.target
Share:
19,906
saf1
Author by

saf1

Updated on June 15, 2022

Comments

  • saf1
    saf1 almost 2 years

    I have tried downloading TOR by following this article but I am getting 503 errors. So is there no other way to download TOR? Please can someone help me as I have to do a research project on it.

    I am using a centOS server: CentOS Linux release 7.3.1611 (Core) but am getting the follwing errors,

    [sam@xx etc]$ sudo yum install tor
[sudo] password for sam:
Loaded plugins: fastestmirror, langpacks
base                                                     | 3.6 kB     00:00
extras                                                   | 3.4 kB     00:00
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
  • saf1
    saf1 over 7 years
    i tried using the epel repos as you said but keep on getting the 503 error. Do you think it has something to do with me using the uni server to download it?
  • drew010
    drew010 over 7 years
    Yes its probably still trying to use Tor's. I'd remove that from your yum conf, or try yum install tor --enablerepo epel-release to force it to use the right one.
  • michnovka
    michnovka over 5 years
    for anybody trying to compile this with openssl 1.1.1 - I did not have luck. I went to 1.0.2o and worked well. I had tor 0.3.4.8
  • drew010
    drew010 over 5 years
    @michnovka what errors did you get with openssl 1.1.1? I have working Tor builds with static 1.1.1 on centos 7 and Debian 8. You will need to remove the no-shared flag most likely as I found it doesn't work anymore without that. Tor won't seem to find it for some reason. This was written when 1.1.x meant "0"
  • michnovka
    michnovka over 5 years
    problem was .configure was unable to find "linkable" openssl, it would always default to (system) (provided I had openssl-devel installed). I did not try without no-shared flag though
  • drew010
    drew010 over 5 years
    Yep that's the same error I'd get with Tor and OpenSSL 1.1.1 using the config command above. Removing the no-shared option fixes the issue despite the --enable-static-openssl compile option. And I can confirm it does statically link OpenSSL. Not sure if this is a bug with Tor compilation options, but it was an easy enough fix to build OpenSSL shared so I haven't filed any bug report or looked further into it. @michnovka

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Flutter Doctor shows problem with GTK 3.0 for CentOS Linux 7 running on Doctor
gcc: error: unrecognized command line option
CMake error while installing Torch in Ubuntu
how to install libhdf5-dev? (without yum, rpm nor apt-get)
why I can't install specific version of npm and how to do it?
Getting error chown: invalid group: ‘nobody:nogroup’ while setting up an NFS server drive ownership permission
Access denied for user 'root@localhost' (using password: YES)
CentOS 7 "Cannot find imap library (libc-client.a)" when compiling PHP 7
How to install Sublime 3 on CentOS 7 / RHEL 7?
Install Ruby on Rails on Linux Mint 17