spior 0.3.5 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +6 -0
- data/README.md +12 -2
- data/lib/auth.rb +7 -1
- data/lib/spior/iptables/rules.rb +9 -3
- data/lib/spior/ipv6.rb +13 -0
- data/lib/spior/service/enable.rb +29 -4
- data/lib/spior/tor/config.rb +1 -1
- data/lib/spior/tor/data.rb +2 -1
- data/lib/spior/tor/stop.rb +0 -7
- data/lib/spior/version.rb +1 -1
- data/spior.gemspec +2 -2
- data.tar.gz.sig +0 -0
- metadata +6 -6
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6e9226877b6a3f11c1b02a6cea0dd51f6342096772624dbf332fdf7928c77f5e
|
|
4
|
+
data.tar.gz: 00b1d3325b22ddf4ef2bd3423125151a1cfaa951670d7ceeb3e7eb8a071e0d5d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 26fe94bd00c3fdfe3e4edfac13bb75780ed00401bb218c90f35496d0b084bec68785cb71461c3ddbbef1d9df7d4ee9c5751dc4be3c2997627114d6511ea17f55
|
|
7
|
+
data.tar.gz: e1b403d42966e8010d3634b7cddb50e0df4bef5539891534b3da4ed6ebc3c45afb4e6fb63cd8744efaa730974e5898036770ee94a9b5bcc652b6becc13ba0b52
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## 0.3.7, release 2023-10-27
|
|
2
|
+
* Persist mode may require manual intervention to work, look the [readme](https://github.com/szorfein/spior/tree/master#left-over)
|
|
3
|
+
* Persist and runtime corrected on Voidlinux.
|
|
4
|
+
* Spior check the presence of 'simple_firewall.rules' when you use the --clearnet
|
|
5
|
+
* Create a `/etc/sysctl.d/40-ipv6.conf` with the persist mode in order to block ipv6 at boot.
|
|
6
|
+
|
|
1
7
|
## 0.3.5, release 2023-10-26
|
|
2
8
|
* Better code style, only 11 alerts from rubocop.
|
|
3
9
|
* spior -t also block ipv6 traffic, no need to reboot.
|
data/README.md
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
<br/>
|
|
5
5
|
|
|
6
6
|
[](https://badge.fury.io/rb/spior)
|
|
7
|
-
](https://img.shields.io/github/workflow/status/szorfein/spior/Rubocop/devel)
|
|
8
8
|
[](https://github.com/rubocop/rubocop)
|
|
9
9
|
|
|
10
10
|
|
|
@@ -54,6 +54,16 @@ Return to clearnet navigation
|
|
|
54
54
|
|
|
55
55
|
## Left Over
|
|
56
56
|
|
|
57
|
+
### Troubleshoooting
|
|
58
|
+
When you enable the `--persist` mode, Spior try to block ipv6 with sysctl. It can fail on some system, so you may need to manually disable ipv6 via kernel argument.
|
|
59
|
+
An exemple with GRUB, edit `/etc/default/grub.cfg` and change the line bellow:
|
|
60
|
+
|
|
61
|
+
```
|
|
62
|
+
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
Recompile the initrd after that and it should be good.
|
|
66
|
+
|
|
57
67
|
### Issues
|
|
58
68
|
For any questions, comments, feedback or issues, submit a [new issue](https://github.com/szorfein/spior/issues/new).
|
|
59
69
|
|
|
@@ -61,4 +71,4 @@ For any questions, comments, feedback or issues, submit a [new issue](https://gi
|
|
|
61
71
|
+ https://rubyreferences.github.io/rubyref
|
|
62
72
|
+ https://rubystyle.guide/
|
|
63
73
|
+ https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
|
|
64
|
-
+ https://github.com/epidemics-scepticism/writing/blob/master/misconception.md
|
|
74
|
+
+ https://github.com/epidemics-scepticism/writing/blob/master/misconception.md
|
data/lib/auth.rb
CHANGED
|
@@ -10,7 +10,7 @@ class Auth
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def mkdir(path)
|
|
13
|
-
return
|
|
13
|
+
return if Dir.exist?(path)
|
|
14
14
|
|
|
15
15
|
x("mkdir -p #{path}")
|
|
16
16
|
end
|
|
@@ -21,6 +21,12 @@ class Auth
|
|
|
21
21
|
x("sysctl -w #{flag}=#{value}")
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
+
def write(content, file)
|
|
25
|
+
temp = Tempfile.new
|
|
26
|
+
File.write(temp.path, "#{content}\n")
|
|
27
|
+
x("cp #{temp.path} #{file}")
|
|
28
|
+
end
|
|
29
|
+
|
|
24
30
|
protected
|
|
25
31
|
|
|
26
32
|
def search_app
|
data/lib/spior/iptables/rules.rb
CHANGED
|
@@ -43,6 +43,8 @@ module Spior
|
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
def search_for_comment(filename)
|
|
46
|
+
return false unless File.exist? filename
|
|
47
|
+
|
|
46
48
|
File.open(filename) do |f|
|
|
47
49
|
f.each do |line|
|
|
48
50
|
return true if line.match(/saved by Spior/)
|
|
@@ -72,13 +74,15 @@ module Spior
|
|
|
72
74
|
end
|
|
73
75
|
|
|
74
76
|
def restoring_older_rules(filename)
|
|
75
|
-
files = %W[#{filename}-backup #{filename}]
|
|
77
|
+
files = %W[#{filename}-backup /etc/iptables/simple_firewall.rules #{filename}]
|
|
76
78
|
files.each do |f|
|
|
77
79
|
next unless File.exist?(f) || search_for_comment(f)
|
|
78
80
|
|
|
79
81
|
Iptables::Root.new.stop!
|
|
80
82
|
Msg.p "Found older rules #{f}, restoring..."
|
|
81
|
-
Helpers::Exec.new('
|
|
83
|
+
Helpers::Exec.new('cp').run("#{f} #{@save_path}")
|
|
84
|
+
Helpers::Exec.new('iptables-restore').run(@save_path)
|
|
85
|
+
|
|
82
86
|
return true
|
|
83
87
|
end
|
|
84
88
|
false
|
|
@@ -88,7 +92,9 @@ module Spior
|
|
|
88
92
|
|
|
89
93
|
def search_iptables_config
|
|
90
94
|
case Nomansland.distro?
|
|
91
|
-
when :archlinux
|
|
95
|
+
when :archlinux
|
|
96
|
+
'/etc/iptables/iptables.rules'
|
|
97
|
+
when :void
|
|
92
98
|
'/etc/iptables/iptables.rules'
|
|
93
99
|
when :debian
|
|
94
100
|
'/etc/iptables.up.rules'
|
data/lib/spior/ipv6.rb
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'auth'
|
|
5
|
+
require 'interfacez'
|
|
5
6
|
|
|
6
7
|
module Spior
|
|
7
8
|
# Block or Allow ipv6 traffic with sysctl
|
|
@@ -22,6 +23,18 @@ module Spior
|
|
|
22
23
|
Msg.p 'ipv6 blocked' if @changed
|
|
23
24
|
end
|
|
24
25
|
|
|
26
|
+
def block_persist
|
|
27
|
+
Auth.new.mkdir '/etc/sysctl.d'
|
|
28
|
+
interfaces = ['net.ipv6.conf.all.disable_ipv6 = 1',
|
|
29
|
+
'net.ipv6.conf.default.disable_ipv6 = 1']
|
|
30
|
+
Interfacez.all { |i| interfaces << "net.ipv6.conf.#{i}.disable_ipv6 = 1" }
|
|
31
|
+
if Process::Sys.getuid == '0'
|
|
32
|
+
File.write('/etc/sysctl.d/40-ipv6.conf', interfaces.join("\n"))
|
|
33
|
+
else
|
|
34
|
+
Auth.new.write(interfaces.join("\n"), '/etc/sysctl.d/40-ipv6.conf')
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
25
38
|
private
|
|
26
39
|
|
|
27
40
|
def apply_option(flag, value)
|
data/lib/spior/service/enable.rb
CHANGED
|
@@ -17,6 +17,8 @@ module Spior
|
|
|
17
17
|
for_gentoo
|
|
18
18
|
when :archlinux
|
|
19
19
|
for_arch
|
|
20
|
+
when :void
|
|
21
|
+
for_void
|
|
20
22
|
else
|
|
21
23
|
Msg.report 'Your distro is not yet supported.'
|
|
22
24
|
end
|
|
@@ -37,13 +39,23 @@ module Spior
|
|
|
37
39
|
else
|
|
38
40
|
Msg.report 'Init no yet supported for start Iptables at boot'
|
|
39
41
|
end
|
|
42
|
+
Ipv6.new.block_persist
|
|
40
43
|
end
|
|
41
44
|
|
|
42
45
|
def for_arch
|
|
43
46
|
Iptables::Rules.new.save
|
|
44
47
|
Tor::Config.new(Tempfile.new('torrc')).backup
|
|
45
48
|
systemd_enable('iptables', 'tor')
|
|
46
|
-
|
|
49
|
+
Ipv6.new.block_persist
|
|
50
|
+
Msg.p 'Persist enabled for Arch...'
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def for_void
|
|
54
|
+
Iptables::Rules.new.save
|
|
55
|
+
Tor::Config.new(Tempfile.new('torrc')).backup
|
|
56
|
+
runit_enable('iptables', 'tor')
|
|
57
|
+
Ipv6.new.block_persist
|
|
58
|
+
Msg.p 'Persist enabled for Void...'
|
|
47
59
|
end
|
|
48
60
|
|
|
49
61
|
private
|
|
@@ -51,15 +63,28 @@ module Spior
|
|
|
51
63
|
def systemd_enable(*services)
|
|
52
64
|
systemctl = Helpers::Exec.new('systemctl')
|
|
53
65
|
services.each do |s|
|
|
54
|
-
|
|
55
|
-
|
|
66
|
+
next if system("systemctl is-enabled #{s} >/dev/null")
|
|
67
|
+
|
|
68
|
+
systemctl.run("enable #{s}")
|
|
69
|
+
Msg.p "Enabling #{s}..."
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def runit_enable(*services)
|
|
74
|
+
services.each do |s|
|
|
75
|
+
next if File.exist? "/var/service/#{s}"
|
|
76
|
+
|
|
77
|
+
Helpers::Exec.new('ln').run("-s /etc/sv/#{s} /var/service/#{s}")
|
|
78
|
+
Msg.p "Enabling #{s}"
|
|
56
79
|
end
|
|
57
80
|
end
|
|
58
81
|
|
|
59
82
|
def systemd_start(service)
|
|
60
83
|
systemctl = Helpers::Exec.new('systemctl')
|
|
84
|
+
return if system("systemctl is-active #{service} >/dev/null")
|
|
85
|
+
|
|
61
86
|
Msg.p "Search for service #{service}..."
|
|
62
|
-
systemctl.run("start #{service}")
|
|
87
|
+
systemctl.run("start #{service}")
|
|
63
88
|
end
|
|
64
89
|
end
|
|
65
90
|
end
|
data/lib/spior/tor/config.rb
CHANGED
data/lib/spior/tor/data.rb
CHANGED
|
@@ -34,7 +34,8 @@ module Spior
|
|
|
34
34
|
def search(option_name)
|
|
35
35
|
File.open('/etc/tor/torrc') do |f|
|
|
36
36
|
f.each do |line|
|
|
37
|
-
|
|
37
|
+
line.match(%r{^#{option_name} ([a-z0-9./]*)}i) and
|
|
38
|
+
return Regexp.last_match(1)
|
|
38
39
|
end
|
|
39
40
|
end
|
|
40
41
|
false
|
data/lib/spior/tor/stop.rb
CHANGED
|
@@ -7,13 +7,6 @@ module Spior
|
|
|
7
7
|
# It also kill previous instance run by Spior
|
|
8
8
|
class Stop
|
|
9
9
|
def initialize
|
|
10
|
-
old_pid = `pgrep -f "tor -f /tmp/torrc*"`.chomp
|
|
11
|
-
|
|
12
|
-
if old_pid != ''
|
|
13
|
-
Msg.p "Found old pid > #{old_pid}, killing it..."
|
|
14
|
-
Helpers::Exec.new('kill').run("-9 #{old_pid}")
|
|
15
|
-
end
|
|
16
|
-
|
|
17
10
|
nomansland
|
|
18
11
|
end
|
|
19
12
|
|
data/lib/spior/version.rb
CHANGED
data/spior.gemspec
CHANGED
|
@@ -40,7 +40,7 @@ Gem::Specification.new do |s|
|
|
|
40
40
|
s.required_ruby_version = '>= 2.6'
|
|
41
41
|
|
|
42
42
|
s.add_runtime_dependency('interfacez', '~> 1.0')
|
|
43
|
-
s.add_runtime_dependency('nomansland', '~> 0.0')
|
|
43
|
+
s.add_runtime_dependency('nomansland', '~> 0.0.5')
|
|
44
44
|
s.add_runtime_dependency('rainbow', '~> 3.1')
|
|
45
|
-
s.add_runtime_dependency('tty-which', '~> 0.5')
|
|
45
|
+
s.add_runtime_dependency('tty-which', '~> 0.5.0')
|
|
46
46
|
end
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spior
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- szorfein
|
|
@@ -36,7 +36,7 @@ cert_chain:
|
|
|
36
36
|
urXgRIzALxd/xazPCnoLSXPzfJSI6Y77S1EBvhPd9RaSO8IyH9RhPDP9mnTvW2Kl
|
|
37
37
|
NAUnoL+txK5a
|
|
38
38
|
-----END CERTIFICATE-----
|
|
39
|
-
date: 2023-10-
|
|
39
|
+
date: 2023-10-27 00:00:00.000000000 Z
|
|
40
40
|
dependencies:
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: interfacez
|
|
@@ -58,14 +58,14 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 0.0.5
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 0.0.5
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rainbow
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version:
|
|
89
|
+
version: 0.5.0
|
|
90
90
|
type: :runtime
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version:
|
|
96
|
+
version: 0.5.0
|
|
97
97
|
description: " A tool to make TOR your default gateway\n"
|
|
98
98
|
email: szorfein@protonmail.com
|
|
99
99
|
executables:
|
metadata.gz.sig
CHANGED
|
Binary file
|