Set up new server as Tor relay

tor-relay-setup.sh

##
# Ubuntu 16.04 Xenial Xerus
##

######################################
# INITIAL SERVER SETUP & HARDENING
######################################

ssh [email protected]

##
# set hostname
##
echo "my.hostname.com" > /etc/hostname
hostname -F /etc/hostname

# check that the file /etc/default/dhcpcd doesn’t exist, if it does, go in and comment out SET_HOSTNAME=‘yes’:
vi /etc/default/dhcpcd

  #SET_HOSTNAME='yes’

vi /etc/hosts

  IP     my.hostname.com

# add DNS A record for hostname pointing to IP


##
# Update all the things
##
apt-get update && apt-get upgrade
apt-get autoremove


##
# Set timezone
##
dpkg-reconfigure tzdata
apt-get install ntp


##
# Create new user
##
adduser USERNAME
usermod -a -G sudo USERNAME

# passwordless sudo
visudo
  
  # add to very end of file
  USERNAME ALL=NOPASSWD: ALL

# copy over authorized_keys file to new user
mkdir /home/USERNAME/.ssh
cp .ssh/authorized_keys /home/USERNAME/.ssh/authorized_keys
chown -R USERNAME:USERNAME /home/USERNAME/.ssh
chmod 700 /home/USERNAME/.ssh
chmod 600 /home/USERNAME/.ssh/authorized_keys

logout
ssh [email protected]

##
# SSH key auth
##
mkdir ~/.ssh
chmod 700 ~/.ssh

vi ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

##
# SSH configuration
##
sudo vi /etc/ssh/sshd_config

  # disable root login & password login
  PermitRootLogin no
  PasswordAuthentication no

sudo service ssh restart


##
# Generate machine SSH key
##
ssh-keygen -t rsa -b 4096 -C "[email protected]"
cat ~/.ssh/id_rsa.pub


##
# Firewall
##
sudo apt-get install ufw

# setup defaults
sudo ufw default deny incoming
sudo ufw default allow outgoing

# allow specific services
sudo ufw allow ssh
sudo ufw allow ntp
sudo ufw allow 9001 # Tor ORPort
sudo ufw allow 9030 # Tor DirPort

sudo apt-get install fail2ban
sudo service fail2ban start


######################################
# TOR INSTALLATION
######################################

##
# Add new package source & keys
##
sudo sh -c 'echo "deb http://deb.torproject.org/torproject.org xenial main" >> /etc/apt/sources.list.d/torproject.list'
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

##
# Refresh package list and install Tor
##
sudo apt-get update && sudo apt-get install tor deb.torproject.org-keyring


######################################
# TOR SETUP
######################################

##
# Edit Tor config file
##
sudo vi /etc/tor/torrc
  
  SocksPort 0 # Pure relay configuration without local socks proxy
  ORPort 9001
  Nickname YOURRELAYNAME
  RelayBandwidthRate 500 Mbits
  RelayBandwidthBurst 100 Mbits 
  AccountingMax 40 GBytes
  AccountingStart month 1 01:00
  ContactInfo 0xPGPGPGPGP Your Name <email AT domain dot com>
  DirPort 9030
  ExitPolicy reject *:* # no exits allowed making server a middle relay
  DisableDebuggerAttachment 0 # for arm
  HardwareAccel 1 # Look for OpenSSL hardware cryptographic support

##
# Restart Tor to pickup config file changes
##
sudo service tor restart


######################################
# TOR MONITORING
######################################

##
# Tor logs
##
tail -f /var/log/tor/log

##
# Monitor with ARM
##
sudo apt-get install tor-arm
sudo -u debian-tor arm