This is to build a static TOR instance on CentOS 7

BuildAStaticTor-CentOS7.sh

#!/bin/bash

PREFIX="/opt"
BUILD_DIR=~/build
OPENSSL_VERSION="1.1.1c"
OPENSSL_DIR="openssl-${OPENSSL_VERSION}"
TOR_VERSION="0.4.1.5"
TOR_DIR="tor-${TOR_VERSION}"
TOR_USERGROUP="toranon"
LIBEVENT_VERSION="2.1.11-stable"
LIBEVENT_DIR="libevent-${LIBEVENT_VERSION}"
ZLIB_VERSION="1.2.11"
ZLIB_DIR="zlib-${ZLIB_VERSION}"

cd ~
mkdir ${BUILD_DIR}
cd ${BUILD_DIR}

umask 0022
sudo yum -y install wget screen mlocate htop yum-utils epel-release policycoreutils-python
sudo yum -y update
sudo yum history > yum-history.before
sudo yum -y install gcc gcc-c++ libevent kernel-devel zlib-devel libevent-devel perl-Module-Load-Conditional perl-core perl-Test-Harness systemd-devel zlib-static glibc-static openssl-devel
sudo yum history > yum-history.after
diff yum-history.before yum-history.after | tail -n 1 | sed -n -E 's/^[^\|0-9]*([0-9]+).*/\1/p' > yum-history.id
transaction_id="$(cat yum-history.id)";
rollback_id="$(( transaction_id - 1 ))";

cd ${BUILD_DIR}
# wget https://www.zlib.net/zlib-1.2.11.tar.gz
wget https://www.zlib.net/${ZLIB_DIR}.tar.gz
tar xvzf ${ZLIB_DIR}.tar.gz

# wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/libevent-2.1.11-stable.tar.gz
wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/${LIBEVENT_DIR}.tar.gz
tar xvzf ${LIBEVENT_DIR}.tar.gz

# wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz
wget https://www.openssl.org/source/${OPENSSL_DIR}.tar.gz
tar xvzf ${OPENSSL_DIR}.tar.gz

# wget https://dist.torproject.org/tor-0.4.1.5.tar.gz
wget https://dist.torproject.org/${TOR_DIR}.tar.gz
tar xvzf ${TOR_DIR}.tar.gz

cd ${BUILD_DIR}/${ZLIB_DIR}
# CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=/opt/zlib
CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=${PREFIX}/${ZLIB_DIR}
make
make test

sudo make install

cd ${BUILD_DIR}/${LIBEVENT_DIR}
# ./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=/opt/libevent
./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=${PREFIX}/${LIBEVENT_DIR}
make
make verify

sudo make install

cd ${BUILD_DIR}/${OPENSSL_DIR}
# ./config zlib-dynamic --with-zlib-include=/opt/zlib/include --with-zlib-lib=/opt/zlib/lib --prefix=/opt/openssl --openssldir=/opt/openssl -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
./config zlib-dynamic --with-zlib-include=${PREFIX}/${ZLIB_DIR}/include --with-zlib-lib=${PREFIX}/${ZLIB_DIR}/lib --prefix=${PREFIX}/${OPENSSL_DIR} --openssldir=${PREFIX}/${OPENSSL_DIR} -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
make
make test

sudo make install

cd ${BUILD_DIR}/${TOR_DIR}

sudo useradd --system -c "Tor anonymizing user" -d /var/lib/tor -M -U -s /sbin/nologin ${TOR_USERGROUP}

# ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-openssl --with-openssl-dir=/opt/openssl --enable-static-libevent --with-libevent-dir=/opt/libevent --enable-static-zlib --with-zlib-dir=/opt/zlib --enable-systemd --with-tor-user=toranon --with-tor-group=toranon
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR}  --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}
make
make test

sudo make install

sudo mkdir /var/lib/tor
sudo mkdir /var/log/tor
sudo restorecon -v -R /var/lib/tor /var/log/tor
chown -R ${TOR_USERGROUP}. /var/lib/tor
chown -R ${TOR_USERGROUP}. /var/log/tor

sudo rm -f /usr/lib/systemd/system/tor.service

sudo tee -a /usr/lib/systemd/system/tor.service > /dev/null <<EOT
[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target

[Service]
Type=simple
ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
ExecStart=/usr/bin/tor -f /etc/tor/torrc
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutSec=30
Restart=on-failure
RestartSec=1
LimitNOFILE=32768


# Hardening
PrivateTmp=yes
DeviceAllow=/dev/null rw
DeviceAllow=/dev/urandom r
InaccessibleDirectories=/home
InaccessibleDirectories=/root
InaccessibleDirectories=/run/user
ReadOnlyDirectories=/boot
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/run
ReadOnlyDirectories=/var
ReadWriteDirectories=/run/tor
ReadWriteDirectories=/var/lib/tor
ReadWriteDirectories=/var/log/tor
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
PermissionsStartOnly=yes

[Install]
WantedBy = multi-user.target


EOT

echo "Installation script has completed. If you wish to remove the extra build tools committed at the beginning, press ENTER."
echo "Otherwise, press CTRL+C to exit."
read -p "Press enter to continue . . ."

cd ${BUILD_DIR}/${OPENSSL_DIR}
sudo make uninstall
make clean
sudo rm -Rf ${PREFIX}/${OPENSSL_DIR}

cd ${BUILD_DIR}/${LIBEVENT_DIR}
sudo make uninstall
make clean
sudo rm -Rf ${PREFIX}/${LIBEVENT_DIR}

cd ${BUILD_DIR}/${ZLIB_DIR}
sudo make uninstall
make clean
sudo rm -Rf ${PREFIX}/${ZLIB_DIR}

if [[ "${rollback_id}" -gt 0 ]]; then
	sudo yum -y history rollback ${rollback_id}
fi