diff --git a/scripts/install_tails/README.md b/scripts/install_tails/README.md new file mode 100644 index 00000000..1f092c08 --- /dev/null +++ b/scripts/install_tails/README.md @@ -0,0 +1,11 @@ +# Steps to use (This has serious security concerns to tails threat model only run when you need to access haveno) + +## 1. Enable persistent storage and admin password before starting tails + +## 2. Get your haveno deb file in persistent storage, currently most people use haveno-reto (amd64 version for tails) + +## 3. Edit the path to the haveno deb file if necessary then run ```sudo ./haveno-install.sh``` +## 4. As amnesia run ```source ~/.bashrc``` +## 5. Start haveno using ```haveno-tails``` + +## You will need to run this script after each reset, but your data will be saved persistently in /home/amnesia/Persistence/Haveno-reto diff --git a/scripts/install_tails/haveno-install.sh b/scripts/install_tails/haveno-install.sh new file mode 100644 index 00000000..534baa91 --- /dev/null +++ b/scripts/install_tails/haveno-install.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +############################################################################# +# Written by BrandyJson, with heavy inspiration from bisq.wiki tails script # +############################################################################# +echo "Installing dpkg from persistent, (1.07-1, if this is out of date change the deb path in the script or manually install after running" +dpkg -i "/home/amnesia/Persistent/haveno_1.0.7-1_amd64.deb" +echo -e "Allowing amnesia to read tor control port cookie, only run this script when you actually want to use haveno\n\n!!! not secure !!!\n" +chmod o+r /var/run/tor/control.authcookie +echo "Updating apparmor-profile" +echo "--- +- apparmor-profiles: + - '/opt/haveno/bin/Haveno' + users: + - 'amnesia' + commands: + AUTHCHALLENGE: + - 'SAFECOOKIE .*' + SETEVENTS: + - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT' + GETINFO: + - pattern: 'status/bootstrap-phase' + response: + - pattern: '250-status/bootstrap-phase=*' + replacement: '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"' + - 'net/listeners/socks' + ADD_ONION: + - pattern: 'NEW:(\S+) Port=9999,(\S+)' + replacement: 'NEW:{} Port=9999,{client-address}:{}' + - pattern: '(\S+):(\S+) Port=9999,(\S+)' + replacement: '{}:{} Port=9999,{client-address}:{}' + DEL_ONION: + - '.+' + HSFETCH: + - '.+' + events: + CIRC: + suppress: true + ORCONN: + suppress: true + INFO: + suppress: true + NOTICE: + suppress: true + WARN: + suppress: true + ERR: + suppress: true + HS_DESC: + response: + - pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)' + replacement: '650 HS_DESC CREATED {} {} {} redacted {}' + - pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*' + replacement: '650 HS_DESC UPLOAD {} {} redacted redacted' + - pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+' + replacement: '650 HS_DESC UPLOADED {} {} redacted' + - pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH' + replacement: '650 HS_DESC REQUESTED {} NO_AUTH' + - pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+' + replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted' + - pattern: '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+' + replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted' + - pattern: '.*' + replacement: '' + HS_DESC_CONTENT: + suppress: true" > /etc/onion-grater.d/haveno.yml +echo "Adding rule to iptables to allow for monero-wallet-rpc to work" +iptables -I OUTPUT 2 -p tcp -d 127.0.0.1 -m tcp --dport 18081 -m owner --uid-owner 1855 -j ACCEPT +echo "Updating torsocks to allow for inbound connection" +sed -i 's/#AllowInbound/AllowInbound/g' /etc/tor/torsocks.conf + +echo "Restarting onion-grater service" + +systemctl restart onion-grater.service + +echo "alias haveno-tails='torsocks /opt/haveno/bin/Haveno --torControlPort 951 --torControlCookieFile=/var/run/tor/control.authcookie --torControlUseSafeCookieAuth --useTorForXmr=ON --userDataDir=/home/amnesia/Persistent/'" >> /home/amnesia/.bashrc +echo -e "Everything is set up just run\n\nsource ~/.bashrc\n\nThen you can start haveno using haveno-tails" \ No newline at end of file