BadB
Professional
- Messages
- 1,709
- Reaction score
- 1,697
- Points
- 113
Whonix is a Debian-based distribution in two parts. When I say two-part, I mean that Whonix needs two virtual machines to run. The first is a gateway (Whonix Gateway), which works only through Tor and Torifies absolutely all traffic, and the second is a completely isolated workstation (Whonix Workstation), configured in such a way that it connects only to the gateway and takes the Internet only from there.
Thus, absolutely all applications running on a workstation send their traffic through Tor, because Workstation takes the Internet from the Gateway. At the same time, the Workstation does not know its real IP address, and if the workstation is hacked, the attacker will never be able to find out your real IP address.
Of the features of Whonix, one can also highlight the fact that each application pre-installed in it runs on a separate Socks port, which means that a separate chain of Tor nodes is created for each such application. Whonix is well protected against DNS leaks. Whonix has good protection against user identification using the so-called Fingerprinting.
How to install Whonix
First you need download VirtualBox. Now go to the site Whonix and download two ".ova" images - Whonix Gateway and Whonix Workstation. Download images from this page: Images for VirtualBox. Follow the links "Download Whonix-Gateway" and "Download Whonix-Workstation".
Open the virtualbox, click File -> Import Appliance. Select the downloaded Whonix Gateway image, click "Next". A window with settings will appear, we leave everything by default, except for the RAM column, this column can be changed if desired. Click "Import" and wait.
We do exactly the same operation for Whonix Workstation. Personally, I usually allocate at least 1024mb RAM for Whonix Workstation (if possible, allocate more gig), and for the first launch of Whonix Gateway I leave it by default (768mb).
Now we have two virtual machines in our virtualbox, but we are not starting them yet. Let's tweak it a bit. Click on the virtual machine, then "Settings", go to the "System" tab. Here we have to change the boot order and uncheck the extra checkboxes. Select "Hard Disk" and use the arrows to move it to the first line, "Optical" - to the second line. Uncheck the boxes for "Floppy" and "Optical", leave only on "Hard Disk". Now go to the "Storage" tab, there on the Controller we check the "Use Host I / O Cache" box. We do exactly the same operation with the second virtual machine.
How to start Whonix
Launch GW (Gateway) and WS (Workstation). The startup order is as follows: first Gateway, then Workstation.
A window will immediately appear in front of us, click "Understood" twice (but read it first!). GW should be marked "Iam Ready to Enable Tor", wait for "Next" several times, then "Yes. Automatically install updates from the Whonix team", click "Next", select "Whonix Stable Repository" (I recommend choosing this one) and on to the end. On WS everything is the same. Now the so-called whonixcheck should start automatically on both virtual machines.
When whonixcheck passed, it will show "Warning", where it will swear that the system is not up to date.
On both virtual machines, open the Konsole terminal emulator from the shortcut on the desktop.
On both VMs, enter
Asks for a password.
Standard login - user
User password - changeme
Root password - changeme
We will change the password later. We enter the password -> we sit with our mouth open and wait until the update is over, the process is not fast. The update may be interrupted for unknown reasons, if this happened, re-enter the command above, the process will continue.
If everything went well, then re-launch whonixcheck - enter whonixcheck in the terminal or launch WhonixCheck from the shortcut on the desktop. Personally, I prefer to do whonixcheck in the terminal. We make sure that there is no "Warning". If there is a "Warning" in the same place as in the last launch, then go back to the paragraph above and update the system. If there is no "Warning", then move on.
Now on the Workstation we need to download / update the Tor Browser. We bake Tor Browser Downloader from the shortcut to the slave. desktop or enter update-torbrowser in the terminal. The process will begin, you will be asked to select the version of the Tor Browser to download, 6.0.7 and others. Version 6.0.7 is a stable version, all other versions are testing or developers. I put 6.0.7, you put whatever you want (better stable). If the program was launched from a shortcut to a slave. table, mark the required version with a circle (radiobutton), if you run the script through the terminal, enter the required version manually as soon as prompted to do this (in my case, I entered "6.0.7") and press inter. After downloading, you will be prompted to install it, press the 'Yes' button or enter "y" in the terminal and press inter. Version "6.0.7"
Change the default password. Open a terminal, enter
We enter the password, now we are working as root. Change the password, first for root
Enter the password twice. Now the root password has changed. Now for user
Enter the password twice. Now the user password has changed. Now we enter exit.
It is desirable that the password for root and user are different. This operation can be done on both virtual machines.
Updating locales. Introduce
sudo dpkg - reconfigure locales
A graphical window will appear. Navigation up and down - arrows on the keyboard. Scroll down and look for <ru_RU.UTF-8 UTF-8>. We mark it by pressing the space bar. After pressing Tab, switch to <Ok>. Now we will be prompted to select the default language in the system, here at your discretion. I'll keep English (which is what I recommend to you), so I choose <en_US.UTF-8>, and you can choose <ru_RU.UTF-8>.
We put some software / packages that you may need
sudo apt - get install htop git openvpn openssl nmap psi - plus etherape openssh - client
htop - console task manager
git - git
nmap - port scanner
psi-plus - Jabber client. It can be pidgin instead
etherape - for graphical monitoring of network traffic
openssh-client - to ssh someplace
We also put this group of packages
sudo apt - get install build - essential pkg - config make automake autoconf
Working with Whonix Gateway
Personally, I start GW in console mode, because firstly, the GUI eats quite a lot of RAM, and secondly, the GUI doesn't really need GW - all operations can be done through the console, all the shortcuts to the slave. the table is quietly replaced by commands in the console.
So, in order to run GW in console mode, you need to allocate less RAM to the virtual machine. By default, the minimum RAM value that must be allocated for the GW to run in GUI mode is 480mb. This means that if less than 480mb is allocated, then GW will start in console mode.
Go to virtualbox, select GW -> press settings -> go to the "System" tab -> move the slider. Choose a value less than 480.
But what if we want to allocate more RAM to GW, say 512 or keep 768, but run in console mode? Editing the file /etc/rads.d/30_default.conf
We are looking for the line "rads_minimum_ram". This line tells the system how much RAM must be allocated in order for the machine to start in GUI mode. As you can see, the default is 480. Take and change the value to any other, say, 1024 -> save -> exit. We go to the Wirth settings. the Gateway machine (above) and allocate how much RAM is needed and within 1024mb - it will run in console mode.
Whonix Gateway Labels
Roughly speaking, labels can be roughly divided into five groups:
1) Shortcuts to control Tor (Stop Tor, Reload Tor, Restart Tor)
2) Shortcuts to manage Firewall (Global Firewall Settings, User Firewall Settings, Reload Firewall)
3) Shortcuts for editing Tor configuration files (Tor User Config, Tor Examples, Tor Data)
4) Whonix Labels (WhonixCheck, WhonixSetup, Whonix Repository)
5) The rest of the shortcuts are applications (Konsole, Arm)
Stop Tor - stop the Tor service. After completion, the Internet will disappear and applications on Whonix Workstation will not work. Replaced by the following command in the console
Reload Tor - Reloads the Tor service. When executed, rereads the configuration files and reloads the Tor chain for applications on the Whonix Workstation. Replaced by the following command in the console
Restart Tor - Restarts the Tor service. It will be difficult now to explain how it differs from Reload Tor. The Tor service first stops, then starts over again. If you need to reload the chain, then use Tor Reload. Replaced by the following command in the console
Global Firewall Settings - Opens the global Firewall settings at /etc/whonix_firewall.d/30_default.conf in the kwrite text editor. If you do not know why this is needed, then do not use this shortcut. Replaced by the following command in the console
User Firewall Settings - Opens custom Firewall settings at /etc/whonix_firewall.d/50_user.conf in the kwrite text editor. If you do not know why this is needed, then do not use this shortcut. Replaced by the following command in the console
Reload Firewall - reloads the Firewall if you make changes to /etc/whonix_firewall.d/30_default.conf or /etc/whonix_firewall.d/50_user.conf. Replaced by the following command in the console
Tor User Config - opens the main configuration file / etc / tor / torrc in the kwrite text editor. If you do not know anything about the torrc configuration file, why you need it, what to add there and how to work with it, then do not change anything there. /etc/whonix_firewall.d/30_default.conf or /etc/whonix_firewall.d/50_user.conf. Replaced by the following command in the console
Tor Examples - Opens the file /etc/tor/torrc.examples, which is roughly the configuration file / etc / tor / torrc in a read-only text editor. This is an example, you don't need to edit anything in this file. If interested, you can read it. Replaced by the following command in the console
Tor Data - opens the / var / lib / tor / folder in the Dolphin file manager. Replaced by the following command in the console
WhonixCheck - starts a check. Cannot be run from root. Replaced by the following command in the console
WhonixSetup - launches the Junix Setup Wizard. Replaced by the following command in the console
Arm is a powerful tool for monitoring Thor. With it, you can control Thor in various ways. Replaced by the following command in the console
How to connect to Dedicated Server via torus
To connect to Dedicated Servers, we will use Remmina
On the desktop, double-click Konsole (terminal)
We enter in the terminal
Let's add the Russian layout. Remmina System Settings> Input Devices. Next, "Add" - select the Russian layout.
By default, the combination "ctr + alt + k" is used to change the layout, but you can change it by specifying a value in the Shortcut item.
Launch Remmina and click "New". We fill in the fields. Then "Save" or "Connect". We accept the certificate.
Let's check from which IP we are currently connected.
Go to Dedicated Server Manager> Diagnostics> Event Viewer> Applications ans Services Logs> Microsoft> Windows> TerminalServices-LocalSessionManager> Operational
Open the log on Dedicated Server> Server Manager> Diagnostics> Event Viewer> Applications ans Services Logs> Microsoft> Windows> TerminalServices-LocalSessionManager> Operational
And we see the IP of the Tor network.
Remmina's analogue is rdesktop. Install
Using rdesktop
Where 255.255.255.255 is the ip of the Dedicated Server.
Thus, absolutely all applications running on a workstation send their traffic through Tor, because Workstation takes the Internet from the Gateway. At the same time, the Workstation does not know its real IP address, and if the workstation is hacked, the attacker will never be able to find out your real IP address.
Of the features of Whonix, one can also highlight the fact that each application pre-installed in it runs on a separate Socks port, which means that a separate chain of Tor nodes is created for each such application. Whonix is well protected against DNS leaks. Whonix has good protection against user identification using the so-called Fingerprinting.
How to install Whonix
First you need download VirtualBox. Now go to the site Whonix and download two ".ova" images - Whonix Gateway and Whonix Workstation. Download images from this page: Images for VirtualBox. Follow the links "Download Whonix-Gateway" and "Download Whonix-Workstation".
Open the virtualbox, click File -> Import Appliance. Select the downloaded Whonix Gateway image, click "Next". A window with settings will appear, we leave everything by default, except for the RAM column, this column can be changed if desired. Click "Import" and wait.
We do exactly the same operation for Whonix Workstation. Personally, I usually allocate at least 1024mb RAM for Whonix Workstation (if possible, allocate more gig), and for the first launch of Whonix Gateway I leave it by default (768mb).
Now we have two virtual machines in our virtualbox, but we are not starting them yet. Let's tweak it a bit. Click on the virtual machine, then "Settings", go to the "System" tab. Here we have to change the boot order and uncheck the extra checkboxes. Select "Hard Disk" and use the arrows to move it to the first line, "Optical" - to the second line. Uncheck the boxes for "Floppy" and "Optical", leave only on "Hard Disk". Now go to the "Storage" tab, there on the Controller we check the "Use Host I / O Cache" box. We do exactly the same operation with the second virtual machine.
How to start Whonix
Launch GW (Gateway) and WS (Workstation). The startup order is as follows: first Gateway, then Workstation.
A window will immediately appear in front of us, click "Understood" twice (but read it first!). GW should be marked "Iam Ready to Enable Tor", wait for "Next" several times, then "Yes. Automatically install updates from the Whonix team", click "Next", select "Whonix Stable Repository" (I recommend choosing this one) and on to the end. On WS everything is the same. Now the so-called whonixcheck should start automatically on both virtual machines.
When whonixcheck passed, it will show "Warning", where it will swear that the system is not up to date.
On both virtual machines, open the Konsole terminal emulator from the shortcut on the desktop.
On both VMs, enter
Code:
sudo apt - get update & amp ; & amp ; sudo apt - get upgrade - y & amp ; & amp ; sudo apt - get dist - upgrade - yAsks for a password.
Standard login - user
User password - changeme
Root password - changeme
We will change the password later. We enter the password -> we sit with our mouth open and wait until the update is over, the process is not fast. The update may be interrupted for unknown reasons, if this happened, re-enter the command above, the process will continue.
If everything went well, then re-launch whonixcheck - enter whonixcheck in the terminal or launch WhonixCheck from the shortcut on the desktop. Personally, I prefer to do whonixcheck in the terminal. We make sure that there is no "Warning". If there is a "Warning" in the same place as in the last launch, then go back to the paragraph above and update the system. If there is no "Warning", then move on.
Now on the Workstation we need to download / update the Tor Browser. We bake Tor Browser Downloader from the shortcut to the slave. desktop or enter update-torbrowser in the terminal. The process will begin, you will be asked to select the version of the Tor Browser to download, 6.0.7 and others. Version 6.0.7 is a stable version, all other versions are testing or developers. I put 6.0.7, you put whatever you want (better stable). If the program was launched from a shortcut to a slave. table, mark the required version with a circle (radiobutton), if you run the script through the terminal, enter the required version manually as soon as prompted to do this (in my case, I entered "6.0.7") and press inter. After downloading, you will be prompted to install it, press the 'Yes' button or enter "y" in the terminal and press inter. Version "6.0.7"
Change the default password. Open a terminal, enter
Code:
sudo - iWe enter the password, now we are working as root. Change the password, first for root
Code:
passwd rootEnter the password twice. Now the root password has changed. Now for user
Code:
passwd userEnter the password twice. Now the user password has changed. Now we enter exit.
It is desirable that the password for root and user are different. This operation can be done on both virtual machines.
Updating locales. Introduce
sudo dpkg - reconfigure locales
A graphical window will appear. Navigation up and down - arrows on the keyboard. Scroll down and look for <ru_RU.UTF-8 UTF-8>. We mark it by pressing the space bar. After pressing Tab, switch to <Ok>. Now we will be prompted to select the default language in the system, here at your discretion. I'll keep English (which is what I recommend to you), so I choose <en_US.UTF-8>, and you can choose <ru_RU.UTF-8>.
We put some software / packages that you may need
sudo apt - get install htop git openvpn openssl nmap psi - plus etherape openssh - client
htop - console task manager
git - git
nmap - port scanner
psi-plus - Jabber client. It can be pidgin instead
etherape - for graphical monitoring of network traffic
openssh-client - to ssh someplace
We also put this group of packages
sudo apt - get install build - essential pkg - config make automake autoconf
Working with Whonix Gateway
Personally, I start GW in console mode, because firstly, the GUI eats quite a lot of RAM, and secondly, the GUI doesn't really need GW - all operations can be done through the console, all the shortcuts to the slave. the table is quietly replaced by commands in the console.
So, in order to run GW in console mode, you need to allocate less RAM to the virtual machine. By default, the minimum RAM value that must be allocated for the GW to run in GUI mode is 480mb. This means that if less than 480mb is allocated, then GW will start in console mode.
Go to virtualbox, select GW -> press settings -> go to the "System" tab -> move the slider. Choose a value less than 480.
But what if we want to allocate more RAM to GW, say 512 or keep 768, but run in console mode? Editing the file /etc/rads.d/30_default.conf
Code:
sudo nano / etc / rads . d / 30 _default . confWe are looking for the line "rads_minimum_ram". This line tells the system how much RAM must be allocated in order for the machine to start in GUI mode. As you can see, the default is 480. Take and change the value to any other, say, 1024 -> save -> exit. We go to the Wirth settings. the Gateway machine (above) and allocate how much RAM is needed and within 1024mb - it will run in console mode.
Whonix Gateway Labels
Roughly speaking, labels can be roughly divided into five groups:
1) Shortcuts to control Tor (Stop Tor, Reload Tor, Restart Tor)
2) Shortcuts to manage Firewall (Global Firewall Settings, User Firewall Settings, Reload Firewall)
3) Shortcuts for editing Tor configuration files (Tor User Config, Tor Examples, Tor Data)
4) Whonix Labels (WhonixCheck, WhonixSetup, Whonix Repository)
5) The rest of the shortcuts are applications (Konsole, Arm)
Stop Tor - stop the Tor service. After completion, the Internet will disappear and applications on Whonix Workstation will not work. Replaced by the following command in the console
Code:
sudo service tor @ default stopReload Tor - Reloads the Tor service. When executed, rereads the configuration files and reloads the Tor chain for applications on the Whonix Workstation. Replaced by the following command in the console
Code:
sudo service tor @ default reloadRestart Tor - Restarts the Tor service. It will be difficult now to explain how it differs from Reload Tor. The Tor service first stops, then starts over again. If you need to reload the chain, then use Tor Reload. Replaced by the following command in the console
Code:
sudo service tor @ default restartGlobal Firewall Settings - Opens the global Firewall settings at /etc/whonix_firewall.d/30_default.conf in the kwrite text editor. If you do not know why this is needed, then do not use this shortcut. Replaced by the following command in the console
Code:
sudo nano / etc / whonix_firewall . d / 30 _default . confUser Firewall Settings - Opens custom Firewall settings at /etc/whonix_firewall.d/50_user.conf in the kwrite text editor. If you do not know why this is needed, then do not use this shortcut. Replaced by the following command in the console
Code:
sudo nano / etc / whonix_firewall . d / 50 _user . confReload Firewall - reloads the Firewall if you make changes to /etc/whonix_firewall.d/30_default.conf or /etc/whonix_firewall.d/50_user.conf. Replaced by the following command in the console
Code:
sudo whonix_firewallTor User Config - opens the main configuration file / etc / tor / torrc in the kwrite text editor. If you do not know anything about the torrc configuration file, why you need it, what to add there and how to work with it, then do not change anything there. /etc/whonix_firewall.d/30_default.conf or /etc/whonix_firewall.d/50_user.conf. Replaced by the following command in the console
Code:
sudo nano / etc / tor / torrcTor Examples - Opens the file /etc/tor/torrc.examples, which is roughly the configuration file / etc / tor / torrc in a read-only text editor. This is an example, you don't need to edit anything in this file. If interested, you can read it. Replaced by the following command in the console
Code:
nano / etc / tor / torrc . examplesTor Data - opens the / var / lib / tor / folder in the Dolphin file manager. Replaced by the following command in the console
Code:
cd / var / lib / tor /WhonixCheck - starts a check. Cannot be run from root. Replaced by the following command in the console
Code:
whonixcheckWhonixSetup - launches the Junix Setup Wizard. Replaced by the following command in the console
Code:
sudo whonixsetupArm is a powerful tool for monitoring Thor. With it, you can control Thor in various ways. Replaced by the following command in the console
Code:
armHow to connect to Dedicated Server via torus
To connect to Dedicated Servers, we will use Remmina
On the desktop, double-click Konsole (terminal)
We enter in the terminal
Code:
sudo apt - get install remminaLet's add the Russian layout. Remmina System Settings> Input Devices. Next, "Add" - select the Russian layout.
By default, the combination "ctr + alt + k" is used to change the layout, but you can change it by specifying a value in the Shortcut item.
Launch Remmina and click "New". We fill in the fields. Then "Save" or "Connect". We accept the certificate.
Let's check from which IP we are currently connected.
Go to Dedicated Server Manager> Diagnostics> Event Viewer> Applications ans Services Logs> Microsoft> Windows> TerminalServices-LocalSessionManager> Operational
Open the log on Dedicated Server> Server Manager> Diagnostics> Event Viewer> Applications ans Services Logs> Microsoft> Windows> TerminalServices-LocalSessionManager> Operational
And we see the IP of the Tor network.
Remmina's analogue is rdesktop. Install
Code:
sudo apt - get install rdesktopUsing rdesktop
Code:
rdesktop 255.255 . 255.255 - u login - p passwordWhere 255.255.255.255 is the ip of the Dedicated Server.
