Common Whonix CLI Commands

From Whonix
Jump to navigation Jump to search

There are a number of common command line operations that are performed by users of all skill levels in the Whonix environment. This wiki page is intended to serve as a quick and handy reference guide for locating these, but it is not a substitute for reading relevant wiki entries that provide detailed instructions for various activities. [1] Additional, useful commands will be added here over time.

Whonix-Gateway[edit]

Table: Whonix-Gateway Common Commands

Category Commands
Change Keyboard Layout
  • To change the keyboard layout:
    • sudo dpkg-reconfigure keyboard-configuration
    • sudo dpkg-reconfigure console-data
  • Make the reconfigured keyboard-configuration change take effect:
    • sudo setupcon
Circumvent uwt Wrapper Use [2]
  • /usr/bin/apt-get.anondist-orig
  • /usr/bin/wget.anondist-orig
  • /usr/bin/curl.anondist-orig
  • /usr/bin/gpg.anondist-orig
  • /usr/bin/ssh.anondist-orig
Connection Wizard (Enable/Disable Tor)
  • lxsudo anon-connection-wizard
  • sudo setup-wizard-dist
Default Username and Password [3]
  • Default username: user
  • Default password: changeme
Important Configuration Files / Folders
  • Important configuration files:
    • sudoedit /usr/local/etc/torrc.d/50_user.conf
    • sudoedit /etc/whonix_firewall.d/50_user.conf
  • Important configuration folders:
    • /etc/whonix_firewall.d/
Important Logs
  • sudo tail -f /var/log/syslog
  • sdwdate-log-viewer
  • sudo tail -f /var/run/tor/log
Nyx: Tor Command Line Monitor [4]
  • Launch Nyx:

nyx

OS Updates
  • upgrade-nonroot or
  • sudo apt update && sudo apt full-upgrade
Switch to Clearnet User [5]
  • sudo su clearnet
systemcheck
  • Network Time Synchronization and Tor Connection Check:

systemcheck

Time
  • Report the date in UTC:

date -u

  • Manually set the system clock:

sudo date -s "17 FEB 2019 24:00:00" && sudo hwclock -w

  • Randomize the time: [6] [7]
    • clock-random-manual-gui: a randomized clock setting (in UTC) is entered via a GUI.
    • clock-random-manual-cli: a randomized clock setting (in UTC) is entered on the command line. For example: echo "Wed Dec 04 06:20:13 UTC 2019" | /usr/bin/clock-random-manual-cli
Tor
  • Restart Network:

sudo service networking restart

  • Restart Tor:

sudo service tor restart

  • Stop Tor:

sudo systemctl stop tor@default

  • Check the Tor version:

anon-info

  • Check the Tor configuration:

anon-verify sudo -u debian-tor tor --verify-config

Virtual Consoles
  • Text console: Press Alt + Crtl + F1
    • Additional text consoles: Press Alt + Crtl + F2 or F3 and so on.
  • Graphical console: Press Alt + Crtl + F7
VM Operations
  • Reboot:

sudo reboot

  • Power off:

sudo poweroff

Whonix Version
  • Whonix version:

cat /etc/whonix_version

Whonix-Workstation[edit]

Table: Whonix-Workstation Common Commands

Category Commands
Change Keyboard Layout
  • sudo dpkg-reconfigure keyboard-configuration
  • sudo dpkg-reconfigure console-data
Circumvent uwt Wrapper Use [2]
  • /usr/bin/apt-get.anondist-orig
  • /usr/bin/wget.anondist-orig
  • /usr/bin/curl.anondist-orig
  • /usr/bin/gpg.anondist-orig
  • /usr/bin/git.anondist-orig
  • /usr/bin/ssh.anondist-orig
Default Username and Password [3]
  • Default username: user
  • Default password: changeme
DNS Resolution Functionality Test
  • nslookup check.torproject.org
GnuPG (OpenPGP)
  • Retrieve keys (example):
  • Display key fingerprint (example):

sudo apt-key adv --fingerprint A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

  • Check file signatures (example):

gpg --verify tor-browser-linux64-8.5_en-US.tar.xz.asc tor-browser-linux64-8.5_en-US.tar.xz

HexChat
  • Reset HexChat identity:

hexchat-reset

Important Configuration Folders and Logs
  • Important configuration folders:
    • /etc/whonix_firewall.d/
  • Important logs:
    • sudo tail -f /var/log/syslog
    • sdwdate-log-viewer
Leak Test [8]
  • leaktest
Network Restart
  • sudo service networking restart
OS Updates / Software Installation
  • upgrade-nonroot or
  • sudo apt update && sudo apt full-upgrade
  • Install the package-name package.

sudo apt install package-name

  • Install the package-name package from Debian backports. Requires enabling backports repository.

sudo apt -t bookworm-backports install package-name

systemcheck
  • Network Time Synchronization and Tor Connection Check: [9]

systemcheck

Time
  • Manually set the system clock:

sudo date -s "17 FEB 2019 24:00:00" && sudo hwclock -w

Tor Browser

Note: Tor Browser can only be started when a graphical desktop environment (DE) such as Xfce is running (Whonix Xfce). At time of writing Tor Browser cannot be run without a running DE (Whonix CLI without a custom installed DE). However, graphical applications such as Tor Browser can be started from command line when a DE is running. [10]

  • Important folders:
    • ~/.tb/tor-browser
    • ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser
  • Tor Browser Launcher:

torbrowser

  • Tor Browser in debugging mode:

~/.tb/tor-browser/Browser/start-tor-browser --debug

update-torbrowser

Virtual Consoles
  • Text console: Press Alt + Crtl + F1
    • Additional text consoles: Press Alt + Crtl + F2 or F3 and so on.
  • Graphical console: Press Alt + Crtl + F7
VM Operations
  • Reboot:

sudo reboot

  • Power off:

sudo poweroff

Whonix Version
  • Whonix version:

cat /etc/whonix_version

Footnotes[edit]

  1. This entry has been inspired by the relatively unknown whonix command, which already lists common Whonix command line operations.
  2. 2.0 2.1 Experts / debugging only!
  3. 3.0 3.1 For both Whonix-Gateway and Whonix-Workstation.
  4. This is a Tor Controller which runs as a console application.
  5. The whonix DNS notes state:

    Check if DNS resolution is functional:

    • Experts only!
    • This is only a summary.
    • You normally do not need to manually resolve DNS on Whonix-Gateway.
    • Whonix has by default a feature to hide the fact, that you are a Whonix user.

    - This will NOT hide the fact that you are a Tor user from your ISP! -- Hiding the fact, that you are a Tor user, is available as an optional configuration.

    • Whonix-Workstations traffic goes through Tors Socks-, Dns- or TransPorts.

    - Whonix-Gateway can only send traffic through Tor as well.
    -- Whonix-Gateway has no longer a Trans- or DnsPort.
    -- For example, APT will actually call the uwt wrapper /usr/bin/apt-get.
    -- The APT uwt wrapper will with help of uwt and torsocks force also Whonix-Gateways traffic through Tor.
    -- Thus hiding the fact, that you are a Whonix user.

    • Only as either,

    - as clearnet user or
    - after activation of transparent proxying for Whonix-Gateway
    - in /etc/whonix_firewall.d/ or
    - after allowing Whonix-Gateways root sending non-Tor traffic in /etc/whonix_firewall.d/

    • nslookup check.torproject.org
  6. A non-zero exit codes signifies an error, while 0 means it succeeded.
  7. Also see: man clock-random-manual-gui man clock-random-manual-cli
  8. See: Leak Tests
  9. Additionallly in Whonix-Workstation, notifications are made regarding OS updates, the Whonix version and news.
  10. https://forums.whonix.org/t/tor-browser-on-whonix-workstation-cli/10020/8archive.org

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!