RubyGems - spior - Versions diffs - 0.1.6 → 0.2.8 - Mend

spior 0.1.6 → 0.2.8

Files changed (41) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +3 -3
data/.github/workflows/rubocop-analysis.yml +47 -0
data/.gitignore +1 -0
data/CHANGELOG.md +14 -0
data/Gemfile +5 -0
data/README.md +13 -3
data/Rakefile +20 -9
data/lib/spior/dep.rb +45 -23
data/lib/spior/helpers.rb +19 -19
data/lib/spior/iptables/default.rb +19 -13
data/lib/spior/iptables/root.rb +35 -36
data/lib/spior/iptables/rules.rb +103 -0
data/lib/spior/iptables/tor.rb +23 -20
data/lib/spior/iptables.rb +3 -0
data/lib/spior/menu.rb +16 -23
data/lib/spior/msg.rb +22 -8
data/lib/spior/options.rb +16 -19
data/lib/spior/service/enable.rb +63 -0
data/lib/spior/service/restart.rb +4 -12
data/lib/spior/service/start.rb +5 -17
data/lib/spior/service/stop.rb +12 -0
data/lib/spior/service.rb +5 -0
data/lib/spior/status.rb +32 -24
data/lib/spior/tor/config.rb +100 -0
data/lib/spior/tor/data.rb +53 -0
data/lib/spior/tor/start.rb +59 -0
data/lib/spior/tor/stop.rb +32 -0
data/lib/spior/tor.rb +8 -1
data/lib/spior/version.rb +3 -1
data/lib/spior.rb +16 -23
data/spior.gemspec +24 -21
data/test/test_install.rb +2 -2
data/test/test_options.rb +2 -0
data.tar.gz.sig +0 -0
metadata +57 -51
metadata.gz.sig +0 -0
data/lib/spior/clear.rb +0 -35
data/lib/spior/copy.rb +0 -84
data/lib/spior/persist.rb +0 -51
data/lib/spior/tor/info.rb +0 -96

data/lib/spior/iptables/tor.rb CHANGED Viewed

@@ -1,58 +1,61 @@
+# frozen_string_literal: true
 module Spior
   module Iptables
+    # Make Local Redirection Through Tor.
     class Tor < Iptables::Root
       def initialize
         super
-        @tor     = Spior::Tor::Info.new
-        @non_tor = ["#{@lo_addr}/8", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]
-        @tables  = ["nat", "filter"]
+        @non_tor = %W[#{@lo_addr}/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8]
+        @tables  = %w[nat filter]
       end
       private
       def redirect
-        @tables.each { |table|
-          target = "ACCEPT"
-          target = "RETURN" if table == "nat"
+        Msg.p 'Redirecting local traffic though Tor...'
+        @tables.map do |table|
+          target = 'ACCEPT'
+          target = 'RETURN' if table == 'nat'
           ipt "-t #{table} -F OUTPUT"
           ipt "-t #{table} -A OUTPUT -m state --state ESTABLISHED -j #{target}"
-          ipt "-t #{table} -A OUTPUT -m owner --uid #{@tor.uid} -j #{target}"
+          ipt "-t #{table} -A OUTPUT -m owner --uid #{CONFIG.uid} -j #{target}"
-          match_dns_port = @tor.dns
-          if table == "nat"
-            target = "REDIRECT --to-ports #{@tor.dns}"
-            match_dns_port = "53"
+          match_dns_port = CONFIG.dns_port
+          if table == 'nat'
+            target = "REDIRECT --to-ports #{CONFIG.dns_port}"
+            match_dns_port = '53'
           end
           ipt "-t #{table} -A OUTPUT -p udp --dport #{match_dns_port} -j #{target}"
           ipt "-t #{table} -A OUTPUT -p tcp --dport #{match_dns_port} -j #{target}"
-          target = "REDIRECT --to-ports #{@tor.trans_port}" if table == "nat"
-          ipt "-t #{table} -A OUTPUT -d #{@tor.virt_addr} -p tcp -j #{target}"
+          target = "REDIRECT --to-ports #{CONFIG.trans_port}" if table == 'nat'
+          ipt "-t #{table} -A OUTPUT -d #{CONFIG.virt_addr} -p tcp -j #{target}"
-          target = "RETURN" if table == "nat"
+          target = 'RETURN' if table == 'nat'
           @non_tor.each { |ip|
             ipt "-t #{table} -A OUTPUT -d #{ip} -j #{target}"
           }
-          target = "REDIRECT --to-ports #{@tor.trans_port}" if table == "nat"
+          target = "REDIRECT --to-ports #{CONFIG.trans_port}" if table == 'nat'
           ipt "-t #{table} -A OUTPUT -p tcp -j #{target}"
-        }
+        end
       end
       def input
         # SSH
-        ipt "-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
+        ipt '-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT'
         # Allow loopback
         ipt "-A INPUT -i #{@lo} -j ACCEPT"
         # Accept related
-        ipt "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
+        ipt '-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
       end
       def all
-        ipt "-t filter -A OUTPUT -p udp -j REJECT"
-        ipt "-t filter -A OUTPUT -p icmp -j REJECT"
+        ipt '-t filter -A OUTPUT -p udp -j REJECT'
+        ipt '-t filter -A OUTPUT -p icmp -j REJECT'
       end
     end
   end

data/lib/spior/iptables.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Spior
   module Iptables
   end
@@ -6,3 +8,4 @@ end
 require_relative 'iptables/root'
 require_relative 'iptables/tor'
 require_relative 'iptables/default'
+require_relative 'iptables/rules'

data/lib/spior/menu.rb CHANGED Viewed

@@ -1,43 +1,36 @@
+# frozen_string_literal: true
 module Spior
   module Menu
-    extend self
-    def run
-      banner
+    def self.run
       loop do
         Msg.head
-        puts %q{Please select an option:
+        puts 'Please select an option:
-  1. Redirect traffic through tor
-  2. Reload tor and change your ip
-  3. Clear and restore your files
-  4. Check info on your current ip
-  5. Quit}
+  1. Redirect traffic through Tor
+  2. Reload Spior and change your IP
+  3. Stop Tor and use a clearnet navigation
+  4. Check info on your current IP
+  5. Install all the dependencies
+  6. Quit'
         puts
-        print ">> "
+        print '>> '
         case gets.chomp
         when '1'
-          Spior::Iptables::Tor.new.run!
+          Spior::Service.start
         when '2'
-          Spior::Serice.restart
+          Spior::Service.restart
         when '3'
-          Spior::Clear.all
+          Spior::Service.stop
         when '4'
           Spior::Status.info
         when '5'
+          Spior::Dep.looking
+        else
           exit
         end
       end
     end
-    private
-    def banner
-      puts "┏━┓┏━┓╻┏━┓┏━┓"
-      puts "┗━┓┣━┛┃┃ ┃┣┳┛"
-      puts "┗━┛╹  ╹┗━┛╹┗╸"
-      # generated with toilet -F crop -f future spior
-    end
   end
 end

data/lib/spior/msg.rb CHANGED Viewed

@@ -1,28 +1,42 @@
+# frozen_string_literal: true
 require 'rainbow'
 module Msg
-  extend self
+  module_function
+  def banner
+    puts
+    puts '┏━┓┏━┓╻┏━┓┏━┓'
+    puts '┗━┓┣━┛┃┃ ┃┣┳┛'
+    puts '┗━┛╹  ╹┗━┛╹┗╸'
+    puts
+    # generated with toilet -F crop -f future spior
+  end
   def head
-    puts Rainbow("------------------------------------------------").cyan
+    puts Rainbow('------------------------------------------------').cyan
   end
   def p(text)
-    puts Rainbow("[").cyan + Rainbow("+").white + Rainbow("]").cyan + " " + text
+    puts Rainbow('[').cyan + Rainbow('+').white + Rainbow(']').cyan + ' ' + text
   end
   def err(text)
-    puts Rainbow("[").red + Rainbow("-").white + Rainbow("]").red + " " + text
+    puts Rainbow('[').red + Rainbow('-').white + Rainbow(']').red + ' ' + text
   end
   def info(text)
-    puts Rainbow("-").blue + Rainbow("-").white + Rainbow("-").blue + " " + text + " " + Rainbow("-").blue + Rainbow("-").white + Rainbow("-").blue
+    print Rainbow('-').blue + Rainbow('-').white + Rainbow('-').blue
+    print " #{text} "
+    print Rainbow('-').blue + Rainbow('-').white + Rainbow('-').blue + "\n"
   end
   def report(text)
-    puts ""
+    puts
     info text
-    puts "Please, report this issue at https://github.com/szorfein/spior/issues"
-    puts ""
+    puts 'Please, report this issue at https://github.com/szorfein/spior/issues'
+    puts
+    exit 1
   end
 end

data/lib/spior/options.rb CHANGED Viewed

@@ -1,13 +1,10 @@
+# frozen_string_literal: true
 require 'optparse'
 module Spior
   class Options
-    attr_reader :install , :tor , :persist
     def initialize(argv)
-      @install = false
-      @tor = false
-      @persist = false
       parse(argv)
     end
@@ -15,46 +12,46 @@ module Spior
     def parse(argv)
       OptionParser.new do |opts|
-        opts.on("-i", "--install", "Install the dependencies") do
-          @install = true
+        opts.on('-i', '--install', 'Install the dependencies.') do
+          Spior::Dep.looking
         end
-        opts.on("-t", "--tor", "Redirect traffic through TOR") do
-          @tor = true
+        opts.on('-t', '--tor', 'Redirect traffic through TOR.') do
+          Spior::Service.start
         end
-        opts.on("-r", "--reload", "Reload TOR to change your ip") do
+        opts.on('-r', '--reload', 'Reload TOR to change your IP.') do
           Spior::Service.restart
           exit
         end
-        opts.on("-c", "--clearnet", "Reset iptables and return to clearnet navigation") do
-          Spior::Clear.all
+        opts.on('-c', '--clearnet', 'Reset iptables and return to clearnet navigation.') do
+          Spior::Service.stop
         end
-        opts.on("-s", "--status", "Look infos about your current ip") do
+        opts.on('-s', '--status', 'Look infos about your current IP.') do
           Spior::Status.info
           exit
         end
-        opts.on("-p", "--persist", "Active Spior at every boot.") do
-          @persist = true
+        opts.on('-p', '--persist', 'Active Spior at every boot.') do
+          Spior::Service.enable
         end
-        opts.on("-m", "--menu", "Display an interactive menu") do
+        opts.on('-m', '--menu', 'Display an interactive menu.') do
           Spior::Menu.run
         end
-        opts.on("-h", "--help", "Show this message") do
+        opts.on('-h', '--help', 'Show this message.') do
           puts opts
           exit
         end
         begin
-          argv = ["-m"] if argv.empty?
+          argv = ['-m'] if argv.empty?
           opts.parse!(argv)
         rescue OptionParser::ParseError => e
-          STDERR.puts e.message, "\n", opts
+          warn e.message, "\n", opts
           exit(-1)
         end
       end

data/lib/spior/service/enable.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+require 'nomansland'
+module Spior
+  module Service
+    extend self
+    # enable the Tor redirection when you boot your system
+    #
+    # It should use and enable the services:
+    # + tor
+    # + iptables
+    def enable
+      case Nomansland.distro?
+      when :gentoo
+        for_gentoo
+      when :archlinux
+        Iptables::Rules.new.backup
+        Tor::Config.new(Tempfile.new('torrc')).backup
+        Helpers::Exec.new('systemctl').run('enable iptables tor')
+        Msg.p 'Services enabled for Archlinux...'
+      else
+        Msg.report 'Your distro is not yet supported.'
+      end
+    end
+    private
+    def for_gentoo
+      case Nomansland.init?
+      when :systemd
+        systemd_start('iptables-store')
+        systemd_enable('iptables-restore')
+        systemd_enable('tor')
+      when :openrc
+        system('sudo /etc/init.d/iptables save')
+        rc_upd = Helpers::Exec.new('rc-update')
+        rc_upd.run('rc-update add iptables boot')
+        rc_upd.run('rc-update add tor')
+        rc_upd.run('rc-update add tor default')
+      else
+        Msg.report 'Init no yet supported for start Iptables at boot'
+      end
+    end
+    def systemd_enable(service)
+      systemctl = Helpers::Exec.new('systemctl')
+      Msg.p "Search for service #{service}..."
+      unless system("systemctl is-enabled #{service}")
+        systemctl.run("enable #{service}")
+      end
+    end
+    def systemd_start(service)
+      systemctl = Helpers::Exec.new('systemctl')
+      Msg.p "Search for service #{service}..."
+      unless system("systemctl is-active #{service}")
+        systemctl.run("start #{service}")
+      end
+    end
+  end
+end

data/lib/spior/service/restart.rb CHANGED Viewed

@@ -1,21 +1,13 @@
-require 'tty-which'
+# frozen_string_literal: true
 module Spior
   module Service
     module_function
     def restart
-      if TTY::Which.exist?('systemctl')
-        Helpers::Exec.new("systemctl").run("restart tor")
-        Msg.p "ip changed."
-      elsif TTY::Which.exist? 'sv'
-        Helpers::Exec.new('sv').run('restart tor')
-        Msg.p 'ip changed.'
-      elsif File.exist? '/etc/init.d/tor'
-        Helpers::Exec.new('/etc/init.d/tor').run('restart')
-      else
-        Msg.report "Don't known yet how to restart Tor for your system."
-      end
+      Service.stop
+      Service.start
+      Msg.p 'ip changed.'
     end
   end
 end

data/lib/spior/service/start.rb CHANGED Viewed

@@ -1,26 +1,14 @@
-require 'tty-which'
+# frozen_string_literal: true
 module Spior
   module Service
     module_function
+    # Service.start should start Tor if not alrealy running
+    # And start to redirect the local traffic with Iptables
     def start
-      if TTY::Which.exist?('systemctl')
-        state = `systemctl is-active tor`.chomp
-        unless state == 'active'
-          Helpers::Exec.new("systemctl").run("start tor")
-          Msg.p "TOR started."
-        end
-      elsif TTY::Which.exist? 'sv'
-        unless File.exist? '/var/service/tor'
-          Helpers::Exec.new('ln').run('-s /etc/sv/tor /var/service/tor')
-          Msg.p "TOR started."
-        end
-      elsif File.exist? '/etc/init.d/tor'
-        Helpers::Exec.new('/etc/init.d/tor').run('start')
-      else
-        Msg.report "Don't known yet how to start Tor for your system."
-      end
+      Tor.start
+      Iptables::Tor.new.run!
     end
   end
 end

data/lib/spior/service/stop.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module Spior
+  module Service
+    module_function
+    def stop
+      Tor.stop
+      Iptables::Rules.new.restore
+    end
+  end
+end

data/lib/spior/service.rb CHANGED Viewed

@@ -1,7 +1,12 @@
+# frozen_string_literal: true
 module Spior
+  # Service should start/stop/restart Tor and Iptable.
   module Service
   end
 end
 require_relative 'service/start'
+require_relative 'service/stop'
 require_relative 'service/restart'
+require_relative 'service/enable'

data/lib/spior/status.rb CHANGED Viewed

@@ -1,38 +1,46 @@
+# frozen_string_literal: true
 require 'open-uri'
 require 'json'
 module Spior
+  # Status display information on your current IP addresse
+  #
+  # If you use an IPV6 address, it should fail to display a Tor IP...
   module Status
+    # Check on https://check.torproject.org/api/ip if Tor is enable or not
+    # and display the result.
     def self.enable
-      begin
-        status = "Disable"
-        api_check = "https://check.torproject.org/api/ip"
-        URI.open(api_check) do |l|
-          hash = JSON.parse l.read
-          status = "Enable" if hash["IsTor"] == true
-        end
-        status
-      rescue OpenURI::HTTPError => error
-        res = error.io
-        puts "Fail to join server #{res.status}"
+      status = 'Disable'
+      URI.open('https://check.torproject.org/api/ip') do |l|
+        hash = JSON.parse l.read
+        status = 'Enable' if hash['IsTor'] == true
       end
+      status
+    rescue OpenURI::HTTPError => error
+      res = error.io
+      puts "Fail to join server #{res.status}"
     end
+    # info check and display information from https://ipleak.net/json
+    #
+    # Check for:
+    # * +ip+
+    # * +continent_name+
+    # * +time_zone+
+    #
+    # We can add later info on City/Region or other things.
     def self.info
-      begin
-        api_check = "https://ipleak.net/json"
-        URI.open(api_check) do |l|
-          hash = JSON.parse l.read
-          puts
-          puts " Current ip  ===>  #{hash["ip"]}"
-          puts " Continent   ===>  #{hash["continent_name"]}"
-          puts " Timezone    ===>  #{hash["time_zone"]}"
-        end
-        puts " Status      ===>  #{enable}"
-      rescue OpenURI::HTTPError => error
-        res = error.io
-        puts "Fail to join server #{res.status}"
+      URI.open('https://ipleak.net/json') do |l|
+        hash = JSON.parse l.read
+        puts "  Current ip  ===>  #{hash['ip']}"
+        puts "  Continent   ===>  #{hash['continent_name']}"
+        puts "  Timezone    ===>  #{hash['time_zone']}"
       end
+      puts "  Status      ===>  #{enable}"
+    rescue OpenURI::HTTPError => error
+      res = error.io
+      puts "Fail to join server #{res.status}"
     end
   end
 end

data/lib/spior/tor/config.rb ADDED Viewed

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+require 'digest'
+module Spior
+  module Tor
+    # Generate a config file (torrc) for Spior
+    class Config
+      # ==== Attributes
+      #
+      # * +filename+ - A reference to a tempfile like filename=Tempfile.new('foo')
+      #
+      def initialize(filename)
+        @filename = filename
+        @content = ['# Generated by Spior, don\'t edit.', 'RunAsDaemon 1',
+                    'ClientOnly 1', 'SocksPort 0']
+        @content_torrc = []
+      end
+      # Generate a `torrc` compatible file for Spior
+      # Use value from Spior::CONFIG
+      def generate
+        generate_content(@content)
+        return if @content.length == 4
+        File.write @filename.path, @content.join("\n") + "\n"
+        Msg.p 'Generating Tor config...'
+      end
+      # Save current Tor options (Spior::CONFIG) in /etc/tor/torrc
+      # Only if theses options are not alrealy present
+      def backup
+        generate_content(@content_torrc)
+        outfile = File.open(@filename.path, 'w')
+        outfile.puts(File.read('/etc/tor/torrc'))
+        outfile.puts(@content_torrc.join("\n")) if @content_torrc != []
+        outfile.chmod(0644)
+        outfile.close
+        Msg.p 'Saving Tor options...'
+        move(@filename.path, '/etc/tor/torrc')
+      end
+      protected
+      def generate_content(content)
+        adding content, 'AutomapHostsOnResolve 1'
+        adding content, "DNSPort #{CONFIG.dns_port}"
+        adding content, "VirtualAddrNetworkIpv4 #{CONFIG.virt_addr}"
+        adding content, "TransPort #{CONFIG.trans_port} IsolateClientAddr
+               IsolateClientProtocol IsolateDestAddr IsolateDestPort"
+      end
+      private
+      def search(option_name)
+        File.open('/etc/tor/torrc') do |f|
+          f.each do |line|
+            return Regexp.last_match(1) if line.match(/#{option_name} ([a-z0-9]*)/i)
+          end
+        end
+        false
+      end
+      def adding(content, option)
+        o = option.split(' ')
+        all = o[1..o.length].join(' ')
+        unless search(o[0])
+          content << "#{o[0]} #{all}"
+        end
+      end
+      def digest_match?(src, dest)
+        md5_src = Digest::MD5.file src
+        md5_dest = Digest::MD5.file dest
+        md5_src == md5_dest
+      end
+      # Permission for Archlinux on a torrc are chmod 644, chown root:root
+      def fix_perm(file)
+        if Process::Sys.getuid == '0'
+          file.chown(0, 0)
+        else
+          Helpers::Exec.new('chown').run("root:root #{file}")
+        end
+      end
+      def move(src, dest)
+        return if digest_match? src, dest
+        fix_perm(@filename.path)
+        if Process::Sys.getuid == '0'
+          FileUtils.mv(src, dest)
+        else
+          Helpers::Exec.new('mv').run("#{src} #{dest}")
+        end
+      end
+    end
+  end
+end

data/lib/spior/tor/data.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+require 'nomansland'
+module Spior
+  module Tor
+    ##
+    # Data
+    # Fill Spior::CONFIG with data found on `/etc/tor/torrc` or set default.
+    #
+    # ==== Attributes
+    #
+    # * +user+ - Username used by Tor on your distro, e.g 'tor' on Archlinux
+    # * +dns_port+ - Open this port to listen for UDP DNS requests, and resolve them anonymously
+    # * +uid+ - The uid value from the user attribute.
+    # * +trans_port+ - Port to open to listen for transparent proxy connections.
+    # * +virt_addr+ - Default use '10.192.0.0/10'.
+    #
+    class Data
+      attr_accessor :user, :dns_port, :trans_port, :virt_addr, :uid
+      def initialize
+        @user = search('User') || 'tor'
+        @dns_port = search('DNSPort') || '9061'
+        @trans_port = search('TransPort') || '9040'
+        @virt_addr = search('VirtualAddrNetworkIPv4') || '10.192.0.0/10'
+        @uid = search_uid || 0
+      end
+      private
+      # Search value of option_name in the /etc/tor/torrc
+      # Return false by default
+      def search(option_name)
+        File.open('/etc/tor/torrc') do |f|
+          f.each do |line|
+            return Regexp.last_match(1) if line.match(/#{option_name} ([a-z0-9.\/]*)/i)
+          end
+        end
+        false
+      end
+      def search_uid
+        case Nomansland.distro?
+        when :debian || :ubuntu
+          `id -u debian-tor`.chomp
+        else
+          `id -u #{@user}`.chomp
+        end
+      end
+    end
+  end
+end