Dev/Control Port Filter Proxy/tor-controlport-filter/config

From Whonix
Jump to navigation Jump to search

Control Port Filter Proxy - filtering dangerous Tor Control Port commands - Design Documentation

Use Case[edit]

Whonix by default needs to ship some default config so Whonix deployed in its default setup will work out of the box. 30_whonix.conf

Now, sometimes users want to modify the config that Whonix is provided by default. Either by the user changing the setting themselves or by installing some package that changes the config.

The problem is, we really don't want users to modify 30_whonix.conf. This is because, next time Whonix is updated, we might need to modify 30_whonix.conf. If both, the user and Whonix wants to modify that file, it won't work. apt/dpkg will throw an interactive conflict resolution dialog, asking the user to keep its user modified version or the new Whonix version or to manually merge these changes. This usually confuses users. If they keep their old file, something might not work. If they install the new config by Whonix, they loose their settings. And merging the files is difficult during upgrading for users. Also it makes the upgrade process interactive rather than easy non-interactive.

Also other packages who want to extend onion-grater config must not modify 30_whonix.conf. dpkg does not allow another package to modify an existing file on the system. (without hacks such as dpkg-divert which should be avoided due to issues) And some echo/sed style replacement by the new package would also throw an interactive dpkg confict resolution dialog when Whonix is updated. echo/sed style config file modifications are a Debian policy violation as well.

Whonix will ship by default a locked down config. Opening as little attack surface as possible. If users want to use other functions such as OnionShare they need to compromise security. They need to allow additional Tor control protocol commands so their application such as OnionShare can work.


on various .d style implementation flavors[edit]

Different software packages such as apt vs grub all implement their '.d' folders a bit differently. They're most times sources in lexical order and the new convention is to only use configs ending with '.conf'.

  • For example for /etc/grub.d lets one add additional boot menu entries. It however does not allow (without bad hacks) to remove/modify existing boot menu entries.
  • /etc/default/grub.d lets users (and packages) change global grub settings. Such as /etc/default/grub.d/30_debian.conf could say resolution=640x480 (made up that variable name for the sake of an example) and /etc/default/grub.d/50_user.conf resolution=1024x768. Ultimately resolution=1024x768 would win.
  • With /etc/default/grub.d it is also possible to unset changes. (I think.) /etc/default/grub.d/60_test.conf could say resolution=. So resolution= would win.
  • /etc/bashrc.d does something like this
for file_name in /etc/bashrc.d ; do
   source "$file_name"
done
  • For /etc/onion-grater-merger.d configuration drop-in folder which is configuration language wise complicated enough, best we can do is merging all config files.
    • This means, higher priority config files will probably not be able to disable settings my lower priority config files. However, that should not matter. At the moment there is no use case where this would be useful.
    • While 30_whonix.conf comes by default, Whonix user documentation will explain how to get OnionShare, ricochet etc. to work.
    • For OnionShare for example we can just say symlink /usr/share/doc/onion-grater-merger/examples/40_onionshare.yml to /usr/local/etc/onion-grater-merger.d/.
      • sudo ln -s /usr/share/doc/onion-grater-merger/examples/40_onionshare.yml /usr/local/etc/onion-grater-merger.d/
    • Similar for other applications such as ricochet etc.
    • So users who just have both 50_onionshare.conf and 50_ricochet.conf can use both programs.
    • Running commands, creating files and pasting stuff is usually something that users easily understand. What they don't easily understand is to explain "open file 30_whonix.conf and then inject X at that line and Y and that line etc.".

How[edit]

onion-grater in Whonix cannot filter per application. Whonix-Gateway does not have access to the program name it is talking to it. Therefore onion-grater in Whonix can only have one global whitelist. However, that global whitelist can be split into multiple files.

Configuration drop-in snippets are processes in lexical order.

  • /etc/onion-grater-merger.d gets processed first (lower priority)
  • /usr/local/etc/onion-grater-merger.d gets processed second (higher priority)

pseudo code in shell / bash:

for file_name in /etc/onion-grater-merger.d/*.yml ; do
   file_list="$file_list $file_name"
done

for file_name in /usr/local/etc/onion-grater-merger.d/*.yml ; do
   file_list="$file_list $file_name"
done

for item in $file_list ; do
   source "$item"
done

match-exe-paths[edit]

Whonix is currently using the following.

 match-exe-paths:
   - '*'

This is because that information gets lost during the workstation → gateway transfer. Hard to have it both ways at the same time. One one hand, fine tuned restricted application white lists (which are great). And at the same time at the other hand the Whonix workstation → gateway split model.


match-users[edit]

  match-users:
    - '*'

Same as above.


match-hosts[edit]

Whonix is currently using the following.

  match-hosts:
    - '*'

Using something other than * is not possible in Whonix. [1]


variables at the python level[edit]

For python everything in a yaml file is a _recursive_ key value pair. E.g.

{'match-exe-paths:',''*''}
{'Command','a bunch of key value pairs'}
{'Command','{'SIGNAL',NEWNYM},{'SAVECONF',CRLF}',....}
{'events',bunch of key value pairs}
{'events',{'SIGNAL',another key value pair},{'CONF_CHANGED',another key value pair},....}
{'events',{'SIGNAL',{'suppress',false}},{'CONF_CHANGED',{'suppress',false}},....}

overwriting vs merge/union[edit]

  • 1) *overwriting *a "value" for a key
  • b) *keeping both* the "value"s for a single key - i.e. merge/union them.

Current Rules Implemented in onion-grater-merger[edit]

We will merge/unionise in all cases except

  • 1) {suppress, true/false} - Will be overwritten
  • 2) {match-hosts, ipaddress} - Will be overwritten
  • 3) {match-exe, '*'} - overwrite with * always
  • 4) {match-user,'*'} - overwrite with * always
  • 5) If Response: Pattern is same, then overwrite values of the "replacement" [ else, merge]

Typically, everything is key value pair. What we should do with "value", depends upon *its* "key". But in case of #5, what we do with "replacement"s value depends on the value of previous element "pattern".


suppress overwriting example[edit]

1_file.yml:

  events:
    SIGNAL:
      suppress: true
    CONF_CHANGED:
      suppress: true

2_file.yml:

  events:
    SIGNAL:
      suppress: true
    CONF_CHANGED:
      suppress: false

merged_file.yml:

  events:
    SIGNAL:
      suppress: true
    CONF_CHANGED:
      suppress: false

yml config file merging[edit]

Perhaps the following will become Whonix minimal config file. It white lists everything required by Tor Browser and whonixcheck. Perhaps we name it 30_whonix.confarchive.org.

--- - match-exe-paths: - '*' match-users: - '*' match-hosts: - '*' commands: SIGNAL: - 'NEWNYM' GETINFO: - 'status/circuit-established' - 'version' - pattern: 'net/listeners/socks' response: - pattern: '250-net/listeners/socks=".*"' replacement: '250-net/listeners/socks="127.0.0.1:9150"' confs: __owningcontrollerprocess: events: SIGNAL: suppress: true CONF_CHANGED: suppress: true


Most likely the following config file allows all stuff that is required for onionshare. Perhaps we name it 40_onionshare.confarchive.org.

--- - match-exe-paths: - '*' match-users: - '*' match-hosts: - '*' commands: GETINFO: - 'onions/current' ADD_ONION: - pattern: 'NEW:BEST Port=80,(176[0-5][0-9])' replacement: 'NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK' DEL_ONION: - '.+' confs: __owningcontrollerprocess: events: SIGNAL: suppress: true CONF_CHANGED: suppress: true HS_DESC: response: - pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)' replacement: '650 HS_DESC CREATED {} {} {} redacted {}' - pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*' replacement: '650 HS_DESC UPLOAD {} {} redacted redacted' - pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+' replacement: '650 HS_DESC UPLOADED {} {} redacted' - pattern: '.*' replacement: ''


Now, ideally, once onion-grater start it would read both (or any number) config files and for internal use merge them to the following. It still does everything that 30_whonix.conf is white listing and goes beyond that, also allows everything 40_onionshare.conf is white listing.

--- - match-exe-paths: - '*' match-users: - '*' match-hosts: - '*' commands: SIGNAL: - 'NEWNYM' GETINFO: - 'status/circuit-established' - 'version' - pattern: 'net/listeners/socks' response: - pattern: '250-net/listeners/socks=".*"' replacement: '250-net/listeners/socks="127.0.0.1:9150"' - 'onions/current' ADD_ONION: - pattern: 'NEW:BEST Port=80,(176[0-5][0-9])' replacement: 'NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK' DEL_ONION: - '.+' confs: __owningcontrollerprocess: events: SIGNAL: suppress: true CONF_CHANGED: suppress: true HS_DESC: - pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)' replacement: '650 HS_DESC CREATED {} {} {} redacted {}' - pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*' replacement: '650 HS_DESC UPLOAD {} {} redacted redacted' - pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+' replacement: '650 HS_DESC UPLOADED {} {} redacted' - pattern: '.*' replacement: ''


Whonix 14 onionshare example log[edit]

Using these two config files:

sudo journalctl -f -u onion-grater
Jan 12 01:06:26 host onion-grater[4115]: Merged Filter File is [{'match-users': '*', 'commands': {'GETCONF': ['hiddenservicesinglehopmode'], 'ADD_ONION': [{'replacement': 'NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK', 'pattern': 'NEW:BEST Port=80,(176[0-5][0-9])'}, {'replacement': 'NEW:BEST Flags=BasicAuth Port=1,{client-address}:1 ClientAuth=onionshare Flags=DiscardPK', 'pattern': 'NEW:BEST Flags=BasicAuth Port=1,1 ClientAuth=onionshare'}, {'replacement': 'NEW:BEST Port=80,{client-address}:1 Flags=DiscardPK', 'pattern': 'NEW:BEST Port=80,0'}, {'replacement': 'NEW:BEST Flags=BasicAuth Port=80,{client-address}:{} ClientAuth=onionshare', 'pattern': 'NEW:BEST Flags=BasicAuth Port=80,(176[0-5][0-9]) ClientAuth=onionshare', 'response': [{'replacement': '250-PrivateKey={}:redacted', 'pattern': '250-PrivateKey=(\\S+):\\S+'}]}], 'DEL_ONION': ['.+'], 'SIGNAL': ['NEWNYM'], 'GETINFO': ['status/circuit-established', 'version', {'pattern': 'net/listeners/socks', 'response': [{'replacement': '250-net/listeners/socks="127.0.0.1:9150"', 'pattern': '250-net/listeners/socks=".*"'}]}, 'onions/current']}, 'confs': {'__owningcontrollerprocess': None}, 'events': {'SIGNAL': {'suppress': True}, 'CONF_CHANGED': {'suppress': True}, 'HS_DESC': {'response': [{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}, {'replacement': '650 HS_DESC UPLOAD {} {} redacted redacted', 'pattern': '650 HS_DESC UPLOAD (\\S+) (\\S+) .*'}, {'replacement': '650 HS_DESC UPLOADED {} {} redacted', 'pattern': '650 HS_DESC UPLOADED (\\S+) (\\S+) .+'}, {'replacement': '', 'pattern': '.*'}]}}, 'match-exe-paths': '*', 'name': 'merged_filter_files', 'match-hosts': ['*']}]
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files) connected: loaded filter: merged_filter_files
Jan 12 01:06:26 host onion-grater[4115]: Final rules:
Jan 12 01:06:26 host onion-grater[4115]: commands:
Jan 12 01:06:26 host onion-grater[4115]: ADD_ONION:
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: 'NEW:BEST Port=80,(176[0-5][0-9])', replacement: 'NEW:BEST Port=80,{client-address}:{}
Jan 12 01:06:26 host onion-grater[4115]: Flags=DiscardPK'}
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: 'NEW:BEST Flags=BasicAuth Port=1,1 ClientAuth=onionshare', replacement: 'NEW:BEST
Jan 12 01:06:26 host onion-grater[4115]: Flags=BasicAuth Port=1,{client-address}:1 ClientAuth=onionshare Flags=DiscardPK'}
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: 'NEW:BEST Port=80,0', replacement: 'NEW:BEST Port=80,{client-address}:1
Jan 12 01:06:26 host onion-grater[4115]: Flags=DiscardPK'}
Jan 12 01:06:26 host onion-grater[4115]: - pattern: NEW:BEST Flags=BasicAuth Port=80,(176[0-5][0-9]) ClientAuth=onionshare
Jan 12 01:06:26 host onion-grater[4115]: replacement: NEW:BEST Flags=BasicAuth Port=80,{client-address}:{} ClientAuth=onionshare
Jan 12 01:06:26 host onion-grater[4115]: response:
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: '250-PrivateKey=(\S+):\S+', replacement: '250-PrivateKey={}:redacted'}
Jan 12 01:06:26 host onion-grater[4115]: DEL_ONION:
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: .+}
Jan 12 01:06:26 host onion-grater[4115]: GETCONF:
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: hiddenservicesinglehopmode}
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: (__owningcontrollerprocess)}
Jan 12 01:06:26 host onion-grater[4115]: GETINFO:
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: status/circuit-established}
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: version}
Jan 12 01:06:26 host onion-grater[4115]: - pattern: net/listeners/socks
Jan 12 01:06:26 host onion-grater[4115]: response:
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: 250-net/listeners/socks=".*", replacement: '250-net/listeners/socks="127.0.0.1:9150"'}
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: onions/current}
Jan 12 01:06:26 host onion-grater[4115]: SIGNAL:
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: NEWNYM}
Jan 12 01:06:26 host onion-grater[4115]: events:
Jan 12 01:06:26 host onion-grater[4115]: CONF_CHANGED: {suppress: true}
Jan 12 01:06:26 host onion-grater[4115]: HS_DESC:
Jan 12 01:06:26 host onion-grater[4115]: response:
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: 650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+), replacement: '650
Jan 12 01:06:26 host onion-grater[4115]: HS_DESC CREATED {} {} {} redacted {}'}
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: 650 HS_DESC UPLOAD (\S+) (\S+) .*, replacement: '650 HS_DESC UPLOAD
Jan 12 01:06:26 host onion-grater[4115]: {} {} redacted redacted'}
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: 650 HS_DESC UPLOADED (\S+) (\S+) .+, replacement: '650 HS_DESC UPLOADED
Jan 12 01:06:26 host onion-grater[4115]: {} {} redacted'}
Jan 12 01:06:26 host onion-grater[4115]: - {pattern: .*, replacement: ''}
Jan 12 01:06:26 host onion-grater[4115]: SIGNAL: {suppress: true}
Jan 12 01:06:26 host onion-grater[4115]: restrict-stream-events: false
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → PROTOCOLINFO 1
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250-PROTOCOLINFO 1
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250-AUTH METHODS=NULL
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250-VERSION Tor="0.2.9.8 (git-a0df013ea241b026)"
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 OK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → AUTHENTICATE
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 OK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → SETEVENTS CONF_CHANGED SIGNAL
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): suppressed subscription to event 'CONF_CHANGED'
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): suppressed subscription to event 'SIGNAL'
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 OK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → GETCONF __owningcontrollerprocess
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 __OwningControllerProcess
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → GETINFO version
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- (multi-line)
Jan 12 01:06:26 host onion-grater[4115]: 250-version=0.2.9.8 (git-a0df013ea241b026)
Jan 12 01:06:26 host onion-grater[4115]: 250 OK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → GETCONF hiddenservicesinglehopmode
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 HiddenServiceSingleHopMode=0
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → ADD_ONION NEW:BEST Flags=BasicAuth Port=1,1 ClientAuth=onionshare
Jan 12 01:06:26 host onion-grater[4115]: line: 'ADD_ONION NEW:BEST Flags=BasicAuth Port=1,1 ClientAuth=onionshare'
Jan 12 01:06:26 host onion-grater[4115]: r: '{'replacement': 'ADD_ONION NEW:BEST Flags=BasicAuth Port=1,{client-address}:1 ClientAuth=onionshare Flags=DiscardPK', 'pattern': 'ADD_ONION NEW:BEST Flags=BasicAuth Port=1,1 ClientAuth=onionshare'}'
Jan 12 01:06:26 host onion-grater[4115]: pattern: 'ADD_ONION NEW:BEST Flags=BasicAuth Port=1,1 ClientAuth=onionshare'
Jan 12 01:06:26 host onion-grater[4115]: replacement: 'ADD_ONION NEW:BEST Flags=BasicAuth Port=1,{client-address}:1 ClientAuth=onionshare Flags=DiscardPK'
Jan 12 01:06:26 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 65), match='ADD_ONION NEW:BEST Flags=BasicAuth Port=1,1 Clien>'
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote command:
Jan 12 01:06:26 host onion-grater[4115]: ADD_ONION NEW:BEST Flags=BasicAuth Port=1,1 ClientAuth=onionshare
Jan 12 01:06:26 host onion-grater[4115]: to:
Jan 12 01:06:26 host onion-grater[4115]: ADD_ONION NEW:BEST Flags=BasicAuth Port=1,10.137.11.80:1 ClientAuth=onionshare Flags=DiscardPK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- (multi-line)
Jan 12 01:06:26 host onion-grater[4115]: 250-ServiceID=[manually redacted]
Jan 12 01:06:26 host onion-grater[4115]: 250-ClientAuth=onionshare:[manually redacted]
Jan 12 01:06:26 host onion-grater[4115]: 250 OK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → DEL_ONION [manually redacted]
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 OK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → SETEVENTS CONF_CHANGED SIGNAL HS_DESC
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): suppressed subscription to event 'CONF_CHANGED'
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): suppressed subscription to event 'SIGNAL'
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): subscribed to event 'HS_DESC'
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 OK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → ADD_ONION NEW:BEST Port=80,17600
Jan 12 01:06:26 host onion-grater[4115]: line: 'ADD_ONION NEW:BEST Port=80,17600'
Jan 12 01:06:26 host onion-grater[4115]: r: '{'replacement': 'ADD_ONION NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK', 'pattern': 'ADD_ONION NEW:BEST Port=80,(176[0-5][0-9])'}'
Jan 12 01:06:26 host onion-grater[4115]: pattern: 'ADD_ONION NEW:BEST Port=80,(176[0-5][0-9])'
Jan 12 01:06:26 host onion-grater[4115]: replacement: 'ADD_ONION NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK'
Jan 12 01:06:26 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 32), match='ADD_ONION NEW:BEST Port=80,17600'>'
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote command:
Jan 12 01:06:26 host onion-grater[4115]: ADD_ONION NEW:BEST Port=80,17600
Jan 12 01:06:26 host onion-grater[4115]: to:
Jan 12 01:06:26 host onion-grater[4115]: ADD_ONION NEW:BEST Port=80,10.137.11.80:17600 Flags=DiscardPK
Jan 12 01:06:26 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- (multi-line)
Jan 12 01:06:26 host onion-grater[4115]: 250-ServiceID=[manually redacted]
Jan 12 01:06:26 host onion-grater[4115]: 250 OK
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC CREATED [manually redacted] UNKNOWN UNKNOWN [manually redacted] REPLICA=0'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 95), match='650 HS_DESC CREATED [manually redacted] UNKNOWN UNKN>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC CREATED [manually redacted] UNKNOWN UNKNOWN [manually redacted] REPLICA=0
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC CREATED [manually redacted] UNKNOWN UNKNOWN redacted REPLICA=0
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC CREATED [manually redacted] UNKNOWN UNKNOWN redacted REPLICA=0
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC CREATED [manually redacted] UNKNOWN UNKNOWN [manually redacted] REPLICA=1'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 95), match='650 HS_DESC CREATED [manually redacted] UNKNOWN UNKN>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC CREATED [manually redacted] UNKNOWN UNKNOWN [manually redacted] REPLICA=1
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC CREATED [manually redacted] UNKNOWN UNKNOWN redacted REPLICA=1
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC CREATED [manually redacted] UNKNOWN UNKNOWN redacted REPLICA=1
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: 'None'
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC UPLOAD {} {} redacted redacted', 'pattern': '650 HS_DESC UPLOAD (\\S+) (\\S+) .*'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 126), match='650 HS_DESC UPLOAD [manually redacted] UNKNOWN $6ABA>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~kanmon [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: 'None'
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~kanmon [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC UPLOAD {} {} redacted redacted', 'pattern': '650 HS_DESC UPLOAD (\\S+) (\\S+) .*'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 125), match='650 HS_DESC UPLOAD [manually redacted] UNKNOWN $6AD6>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~kanmon [manually redacted]
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: 'None'
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC UPLOAD {} {} redacted redacted', 'pattern': '650 HS_DESC UPLOAD (\\S+) (\\S+) .*'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 129), match='650 HS_DESC UPLOAD [manually redacted] UNKNOWN $6ADA>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~anatomypark [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: 'None'
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~anatomypark [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC UPLOAD {} {} redacted redacted', 'pattern': '650 HS_DESC UPLOAD (\\S+) (\\S+) .*'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 130), match='650 HS_DESC UPLOAD [manually redacted] UNKNOWN $DB0D>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~anatomypark [manually redacted]
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: 'None'
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC UPLOAD {} {} redacted redacted', 'pattern': '650 HS_DESC UPLOAD (\\S+) (\\S+) .*'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 134), match='650 HS_DESC UPLOAD [manually redacted] UNKNOWN $DB15>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: 'None'
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC UPLOAD {} {} redacted redacted', 'pattern': '650 HS_DESC UPLOAD (\\S+) (\\S+) .*'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 134), match='650 HS_DESC UPLOAD [manually redacted] UNKNOWN $DB19>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN [manually redacted]~[manually redacted] [manually redacted]
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC UPLOAD [manually redacted] UNKNOWN redacted redacted
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOADED [manually redacted] UNKNOWN [manually redacted]~[manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC CREATED {} {} {} redacted {}', 'pattern': '650 HS_DESC CREATED (\\S+) (\\S+) (\\S+) \\S+ (.+)'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
Jan 12 01:06:59 host onion-grater[4115]: match: 'None'
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOADED [manually redacted] UNKNOWN [manually redacted]~[manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC UPLOAD {} {} redacted redacted', 'pattern': '650 HS_DESC UPLOAD (\\S+) (\\S+) .*'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
Jan 12 01:06:59 host onion-grater[4115]: match: 'None'
Jan 12 01:06:59 host onion-grater[4115]: line: '650 HS_DESC UPLOADED [manually redacted] UNKNOWN [manually redacted]~[manually redacted]'
Jan 12 01:06:59 host onion-grater[4115]: r: '{'replacement': '650 HS_DESC UPLOADED {} {} redacted', 'pattern': '650 HS_DESC UPLOADED (\\S+) (\\S+) .+'}'
Jan 12 01:06:59 host onion-grater[4115]: pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+'
Jan 12 01:06:59 host onion-grater[4115]: replacement: '650 HS_DESC UPLOADED {} {} redacted'
Jan 12 01:06:59 host onion-grater[4115]: match: '<_sre.SRE_Match object; span=(0, 95), match='650 HS_DESC UPLOADED [manually redacted] UNKNOWN $6A>'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): rewrote received event:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOADED [manually redacted] UNKNOWN [manually redacted]~[manually redacted]
Jan 12 01:06:59 host onion-grater[4115]: to:
Jan 12 01:06:59 host onion-grater[4115]: 650 HS_DESC UPLOADED [manually redacted] UNKNOWN redacted
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 650 HS_DESC UPLOADED [manually redacted] UNKNOWN redacted
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → SETEVENTS CONF_CHANGED SIGNAL
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): unsubscribed to event 'HS_DESC'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): suppressed subscription to event 'CONF_CHANGED'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): suppressed subscription to event 'SIGNAL'
Jan 12 01:06:59 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 OK
Jan 12 01:07:41 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): → DEL_ONION [manually redacted]
Jan 12 01:07:41 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files): <- 250 OK
Jan 12 01:07:41 host onion-grater[4115]: 10.137.11.80:52642 (filter: merged_filter_files) disconnected: client quit

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

  1. More fine tuned control however would be desirable. A user using multiple Whonix-Workstation could configure the "default" match host * for Tor Browser / whonixcheck. And then configure another workstation (with IP 10.152.152.12 with match-hosts '10.152.152.12'.