Jump to: navigation, search

Whonix Configuration Files

Random News:

Interested in becoming author for Whonix blog? Writing about anonymity/privacy/security? Get in touch!

.d Style Configuration Folders[edit]

When you are editing configuration files, when available, it is recommended to prefer editing .d style configuration folders to avoid the disadvantage of ordinary configuration files.

This applies to Whonix as well as most, if not all, other Debian based Linux distributions.

Most of Whonix's packages provide flexible .d style configuration folders that work like other .d style configuration folders.

  • /etc/whonix.d
  • /etc/whonix_firewall.d
  • /etc/controlportfilt.d (Only up to Whonix-Gateway 9.)
  • /etc/cpfpy.d (Only on Whonix-Gateway 10 and above.)
  • /etc/whonix_buildconfig.d (Only if you build from source code.)
  • /etc/sdwdate.d
  • /etc/uwt.d

We'll explain it using an example. For example, /etc/whonix_firewall.d/30_default says.

## Please use "/etc/whonix_firewall.d/50_user" for your custom configuration,
## which will override the defaults found here. When Whonix is updated, this 
## file may be overwritten.

The same in other words.

## Instead of editing this file, please create and use the file
## "/etc/whonix_firewall.d/50_user". When Whonix is updated, 
## "/etc/whonix_firewall.d/30_default" will be overwritten. Files in folder 
## "/etc/whonix_firewall.d/" are sourced in alphabetical order. Anything in 
## "/etc/whonix_firewall.d/50_user" will always override the defaults,
## allowing the user to keep their settings after updating Whonix.

The same yet in other words... Files in .d folders are usually sourced in lexical order. That means, files named 30_... will always get overruled by files named 50_....

For example, directly editing /etc/whonix_firewall.d/30_default is recommended against. This is because, next time Whonix gets updated, /etc/whonix_firewall.d/30_default may get new settings and improved settings. You would end up with an dpkg interactive conflict resolution dialog, which would for example look the following.

Configuration file `/etc/whonix_firewall.d/30_default'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** interfaces (Y/I/N/O/D/Z) [default=N] ? N

Modifications coming with Whonix will always fall back to reasonable defaults, if you were still using an old version. However, to prevent such conflicts in the first place, you're better off reading /etc/whonix_firewall.d/30_default, leaving /etc/whonix_firewall.d/30_default untouched, copying settings you wish to overrule from /etc/whonix_firewall.d/30_default and pasting them into /etc/whonix_firewall.d/50_user.

Ordinary Configuration Files[edit]

There is something you should be aware of when editing ordinary, non-.d style configuration files. This applies to Whonix as well as most, if not all, other Debian based Linux distributions.

We'll explain it using an example. Let's take for example /etc/hdparm.conf.

There is no /etc/hdparm.d folder. Therefore, if you want to make changes, your only option is to edit /etc/hdparm.conf. But this comes with a disadvantage. Next time this file gets changed by the hdparm maintainer and you upgrade your system, you would end up with an dpkg interactive conflict resolution dialog, which would for example look the following.

Configuration file `/etc/hdparm.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** interfaces (Y/I/N/O/D/Z) [default=N] ? N

Check the differences (D), then make a decision. If you know you made changes to that file, you most likely want to keep them, i.e. select N. If you are unsure, after the upgrade finished, check again that config file and re-apply your settings if necessary.

Footnotes[edit]




Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate

https | Mirror | Mirror | Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.