Skip to content

Instantly share code, notes, and snippets.

@Jesse-V

Jesse-V/Setup instructions

Last active August 29, 2015 14:00
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Jesse-V/11007048 to your computer and use it in GitHub Desktop.
Save Jesse-V/11007048 to your computer and use it in GitHub Desktop.
Download ZIP
/etc/init.d/tor script for managing two simultaneous Tor instances
Raw
Setup instructions
cd /var/lib
mkdir tor2
chown debian-tor tor2
chmod 2700 tor2
cd /usr/share
cp -r tor tor2
cd tor2
(edit tor-service-defaults-torrc)
DataDirectory /var/lib/tor2
PidFile /var/run/tor2/tor.pid
RunAsDaemon 1
User debian-tor
ControlSocket /var/run/tor2/control
ControlSocketsGroupWritable 1
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor2/control.authcookie
Log notice file /var/log/tor2/log
cd /etc
cp -r tor tor2
cd tor2
(modify torrc appropriately, make sure any entries match with what's in usr/share/tor2/)
Raw
tor
#! /bin/bash
### BEGIN INIT INFO
# Provides: tor
# Required-Start: $local_fs $remote_fs $network $named $time
# Required-Stop: $local_fs $remote_fs $network $named $time
# Should-Start: $syslog
# Should-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts The Onion Router daemon processes
# Description: Start The Onion Router, a TCP overlay
# network client that provides anonymous
# transport.
### END INIT INFO
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
. /lib/lsb/init-functions
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/tor
NAME=tor
DESC="tor daemon"
#PLEASE READ AND FOLLOW THE SETUP INSTRUCTIONS FILE THAT CAME WITH THIS GIST
TORLOGDIR=/var/log/tor
TORLOGDIR2=/var/log/tor2
TORPIDDIR=/var/run/tor
TORPIDDIR2=/var/run/tor2
TORPID=$TORPIDDIR/tor.pid
TORPID2=$TORPIDDIR2/tor.pid
DEFAULTSFILE=/etc/default/$NAME
WAITFORDAEMON=60
DEFAULT_ARGS="--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
DEFAULT_ARGS2="--defaults-torrc /usr/share/tor2/tor-service-defaults-torrc"
VERIFY_ARGS="--verify-config $DEFAULT_ARGS"
VERIFY_ARGS2="--verify-config $DEFAULT_ARGS2"
TORRC1="/etc/tor/torrc"
TORRC2="/etc/tor2/torrc"
USE_AA_EXEC="yes"
ARGS=""
if [ "${VERBOSE:-}" != "yes" ]; then
ARGS="$ARGS --hush"
fi
# Let's try to figure our some sane defaults:
if [ -r /proc/sys/fs/file-max ]; then
system_max=`cat /proc/sys/fs/file-max`
if [ "$system_max" -gt "80000" ] ; then
MAX_FILEDESCRIPTORS=32768
elif [ "$system_max" -gt "40000" ] ; then
MAX_FILEDESCRIPTORS=16384
elif [ "$system_max" -gt "10000" ] ; then
MAX_FILEDESCRIPTORS=8192
else
MAX_FILEDESCRIPTORS=1024
cat << EOF
Warning: Your system has very few filedescriptors available in total.
Maybe you should try raising that by adding 'fs.file-max=100000' to your
/etc/sysctl.conf file. Feel free to pick any number that you deem appropriate.
Then run 'sysctl -p'. See /proc/sys/fs/file-max for the current value, and
file-nr in the same directory for how many of those are used at the moment.
EOF
fi
else
MAX_FILEDESCRIPTORS=8192
fi
NICE=""
test -x $DAEMON || exit 0
test -x $DAEMON2 || exit 0
# Include tor defaults if available
if [ -f $DEFAULTSFILE ] ; then
. $DEFAULTSFILE
fi
wait_for_deaddaemon () {
pid=$1
sleep 1
if test -n "$pid"
then
if kill -0 $pid 2>/dev/null
then
cnt=0
while kill -0 $pid 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt $WAITFORDAEMON ]
then
log_action_end_msg 1 "still running"
exit 1
fi
sleep 1
[ "`expr $cnt % 3`" != 2 ] || log_action_cont_msg ""
done
fi
fi
log_action_end_msg 0
}
check_torpiddir () {
#first Tor instance
if test ! -d $TORPIDDIR; then
mkdir -m 02750 "$TORPIDDIR"
chown debian-tor:debian-tor "$TORPIDDIR"
! [ -x /sbin/restorecon ] || /sbin/restorecon "$TORPIDDIR"
fi
#second Tor instance
if test ! -d $TORPIDDIR2; then
mkdir -m 02750 "$TORPIDDIR2"
chown debian-tor:debian-tor "$TORPIDDIR2"
! [ -x /sbin/restorecon ] || /sbin/restorecon "$TORPIDDIR2"
fi
#first Tor instance
if test ! -x $TORPIDDIR; then
log_action_end_msg 1 "cannot access $TORPIDDIR directory, are you root?"
exit 1
fi
#second Tor instance
if test ! -x $TORPIDDIR2; then
log_action_end_msg 1 "cannot access $TORPIDDIR2 directory, are you root?"
exit 1
fi
}
check_torlogdir () {
#first Tor instance
if test ! -d $TORLOGDIR; then
mkdir -m 02750 "$TORLOGDIR"
chown debian-tor:adm "$TORLOGDIR"
! [ -x /sbin/restorecon ] || /sbin/restorecon "$TORPIDDIR"
fi
#second Tor instance
if test ! -d $TORLOGDIR2; then
mkdir -m 02750 "$TORLOGDIR2"
chown debian-tor:adm "$TORLOGDIR2"
! [ -x /sbin/restorecon ] || /sbin/restorecon "$TORPIDDIR2"
fi
}
check_config () {
#first Tor instance
if ! $DAEMON $VERIFY_ARGS > /dev/null; then
log_failure_msg "Checking if $NAME configuration is valid"
$DAEMON $VERIFY_ARGS >&2
exit 1
fi
#second Tor instance
if ! $DAEMON $VERIFY_ARGS2 > /dev/null; then
log_failure_msg "Checking if $NAME 2 configuration is valid"
$DAEMON $VERIFY_ARGS2 >&2
exit 1
fi
}
case "$1" in
start)
if [ "$RUN_DAEMON" != "yes" ]; then
log_action_msg "Not starting $DESC (Disabled in $DEFAULTSFILE)."
exit 0
fi
if [ -n "$MAX_FILEDESCRIPTORS" ]; then
[ "${VERBOSE:-}" != "yes" ] || log_action_begin_msg "Raising maximum number of filedescriptors (ulimit -n) for tor to $MAX_FILEDESCRIPTORS"
if ulimit -n "$MAX_FILEDESCRIPTORS" ; then
[ "${VERBOSE:-}" != "yes" ] || log_action_end_msg 0
else
[ "${VERBOSE:-}" != "yes" ] || log_action_end_msg 1
fi
fi
check_torpiddir
check_torlogdir
check_config
log_action_begin_msg "Starting $DESC"
#first Tor instance
if start-stop-daemon --stop --signal 0 --quiet --pidfile $TORPID --exec $DAEMON -- -f $TORRC1; then
log_action_end_msg 0 "already running"
else
if [ "$USE_AA_EXEC" = "yes" ] &&
[ -x /usr/sbin/aa-status ] && \
[ -x /usr/sbin/aa-exec ] && \
[ -e /etc/apparmor.d/system_tor ] && \
/usr/sbin/aa-status --enabled ; then
AA_EXEC="--startas /usr/sbin/aa-exec"
AA_EXEC_ARGS="--profile=system_tor -- $DAEMON"
else
AA_EXEC=""
AA_EXEC_ARGS=""
fi
if start-stop-daemon --start --quiet \
--pidfile $TORPID \
$NICE \
$AA_EXEC \
--exec $DAEMON -- $AA_EXEC_ARGS $DEFAULT_ARGS $ARGS -f $TORRC1
then
log_action_end_msg 0
else
log_action_end_msg 1
exit 1
fi
fi
#second Tor instance
if start-stop-daemon --stop --signal 0 --quiet --pidfile $TORPID2 --exec $DAEMON -- -f $TORRC2; then
log_action_end_msg 0 "already running"
else
if [ "$USE_AA_EXEC" = "yes" ] &&
[ -x /usr/sbin/aa-status ] && \
[ -x /usr/sbin/aa-exec ] && \
[ -e /etc/apparmor.d/system_tor ] && \
/usr/sbin/aa-status --enabled ; then
AA_EXEC="--startas /usr/sbin/aa-exec"
AA_EXEC_ARGS="--profile=system_tor -- $DAEMON"
else
AA_EXEC=""
AA_EXEC_ARGS=""
fi
if start-stop-daemon --start --quiet \
--pidfile $TORPID2 \
$NICE \
$AA_EXEC \
--exec $DAEMON -- $AA_EXEC_ARGS $DEFAULT_ARGS2 $ARGS -f $TORRC2
then
log_action_end_msg 0
else
log_action_end_msg 1
exit 1
fi
fi
#TODO: keep going past here, then check referenced config files and working directories
;;
stop)
log_action_begin_msg "Stopping $DESC"
pid=`cat $TORPID 2>/dev/null` || true
pid2=`cat $TORPID2 2>/dev/null` || true
#first Tor instance
if test ! -f $TORPID -o -z "$pid"; then
log_action_end_msg 0 "not running - there is no $TORPID"
exit 0
fi
#second Tor instance
if test ! -f $TORPID2 -o -z "$pid2"; then
log_action_end_msg 0 "not running - there is no $TORPID2"
exit 0
fi
#first Tor instance
if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID --exec $DAEMON -- -f $TORRC1; then
wait_for_deaddaemon $pid
elif kill -0 $pid 2>/dev/null; then
log_action_end_msg 1 "Is $pid not $NAME? Is $DAEMON a different binary now?"
exit 1
else
log_action_end_msg 1 "$DAEMON died: process $pid not running; or permission denied"
exit 1
fi
#second Tor instance
if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID2 --exec $DAEMON -- -f $TORRC2; then
wait_for_deaddaemon $pid2
elif kill -0 $pid2 2>/dev/null; then
log_action_end_msg 1 "Is $pid2 not $NAME? Is $DAEMON a different binary now?"
exit 1
else
log_action_end_msg 1 "$DAEMON died: process $pid2 not running; or permission denied"
exit 1
fi
;;
reload|force-reload)
check_config
log_action_begin_msg "Reloading $DESC configuration"
pid=`cat $TORPID 2>/dev/null` || true
pid2=`cat $TORPID2 2>/dev/null` || true
#first Tor instance
if test ! -f $TORPID -o -z "$pid"; then
log_action_end_msg 1 "not running - there is no $TORPID"
exit 1
fi
#second Tor instance
if test ! -f $TORPID2 -o -z "$pid2"; then
log_action_end_msg 1 "not running - there is no $TORPID2"
exit 1
fi
#first Tor instance
if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID --exec $DAEMON -- -f $TORRC1
then
log_action_end_msg 0
elif kill -0 $pid 2>/dev/null; then
log_action_end_msg 1 "Is $pid not $NAME? Is $DAEMON a different binary now?"
exit 1
else
log_action_end_msg 1 "$DAEMON died: process $pid not running; or permission denied"
exit 1
fi
#second Tor instance
if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID2 --exec $DAEMON -- -f $TORRC2
then
log_action_end_msg 0
elif kill -0 $pid2 2>/dev/null; then
log_action_end_msg 1 "Is $pid2 not $NAME? Is $DAEMON a different binary now?"
exit 1
else
log_action_end_msg 1 "$DAEMON died: process $pid2 not running; or permission denied"
exit 1
fi
;;
restart)
check_config
$0 stop
sleep 1
$0 start
;;
status)
#first Tor instance
if test ! -r $(dirname $TORPID); then
log_failure_msg "cannot read PID file $TORPID"
exit 4
fi
#second Tor instance
if test ! -r $(dirname $TORPID2); then
log_failure_msg "cannot read PID file $TORPID2"
exit 4
fi
pid=`cat $TORPID 2>/dev/null` || true
pid2=`cat $TORPID2 2>/dev/null` || true
#first Tor instance
if test ! -f $TORPID -o -z "$pid"; then
log_failure_msg "$NAME is not running"
exit 3
fi
if ps "$pid" >/dev/null 2>&1; then
log_success_msg "$NAME is running"
exit 0
else
log_failure_msg "$NAME is not running"
exit 1
fi
#second Tor instance
if test ! -f $TORPID2 -o -z "$pid2"; then
log_failure_msg "$NAME is not running"
exit 3
fi
if ps "$pid2" >/dev/null 2>&1; then
log_success_msg "$NAME is running"
exit 0
else
log_failure_msg "$NAME is not running"
exit 1
fi
;;
*)
log_action_msg "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2
exit 1
;;
esac
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment