diff options
Diffstat (limited to 'files')
| -rwxr-xr-x | files/munin/tor_connections | 162 | ||||
| -rw-r--r-- | files/munin/tor_openfds | 38 | ||||
| -rw-r--r-- | files/polipo/polipo.conf | 164 |
3 files changed, 38 insertions, 326 deletions
diff --git a/files/munin/tor_connections b/files/munin/tor_connections deleted file mode 100755 index c1d0a92..0000000 --- a/files/munin/tor_connections +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/bin/perl -w -# -# Munin plugin to monitor Tor -# -# Author: Ge van Geldorp <ge@gse.nl> -# -# Parameters understood: -# -# host - Change which host to graph (default localhost) -# port - Change which port to connect to (default 9051) -# password - Plain-text control channel password (see torrc -# HashedControlPassword parameter) -# cookiefile - Name of the file containing the control channel cookie -# (see torrc CookieAuthentication parameter) -# -# Using HashedControlPassword authentication has the problem that you must -# include the plain-text password in the munin config file. To have any -# effect, that file shouldn't be world-readable. -# If you're using CookieAuthentication, you should run this plugin as a user -# which has read access to the tor datafiles. Also note that bugs in versions -# upto and including 0.1.1.20 prevent CookieAuthentication from working. -# -# Usage: place in /etc/munin/node.d/ (or link it there using ln -s) -# -# Parameters understood: -# config (required) -# autoconf (optional - used by munin-config) -# -# -# Magic markers - optional - used by installation scripts and -# munin-config: -# -#%# family=contrib -#%# capabilities=autoconf - -use strict; -use IO::Socket::INET; - -# Config -our $address = $ENV{host} || "localhost"; # Default: localhost -our $port = $ENV{port} || 9051; # Default: 9051 - -# Don't edit below this line - -sub Authenticate -{ - my ($socket) = @_; - my $authline = "AUTHENTICATE"; - if (defined($ENV{cookiefile})) { - if (open(COOKIE, "<$ENV{cookiefile}")) { - binmode COOKIE; - my $cookie; - $authline .= " "; - while (read(COOKIE, $cookie, 32)) { - foreach my $byte (unpack "C*", $cookie) { - $authline .= sprintf "%02x", $byte; - } - } - close COOKIE; - } - } elsif (defined($ENV{password})) { - $authline .= ' "' . $ENV{password} . '"'; - } - print $socket "$authline\r\n"; - my $replyline = <$socket>; - if (substr($replyline, 0, 1) != '2') { - $replyline =~ s/\s*$//; - return "Failed to authenticate: $replyline"; - } - - return; -} - -if ($ARGV[0] and $ARGV[0] eq "autoconf") { - # Try to connect to the daemon - my $socket = IO::Socket::INET->new("$address:$port") - or my $failed = 1; - - if ($failed) { - print "no (failed to connect to $address port $port)\n"; - exit 1; - } - - my $msg = Authenticate($socket); - if (defined($msg)) { - print $socket "QUIT\r\n"; - close($socket); - print "no ($msg)\n"; - exit 1; - } - - print $socket "QUIT\r\n"; - close($socket); - print "yes\n"; - exit 0; -} - -my %connections = ("new", 0, - "launched", 0, - "connected", 0, - "failed", 0, - "closed", 0); - -if ($ARGV[0] and $ARGV[0] eq "config") { - print "graph_title Connections\n"; - print "graph_args -l 0 --base 1000\n"; - print "graph_vlabel connections\n"; - print "graph_category Tor\n"; - print "graph_period second\n"; - print "graph_info This graph shows the number of Tor OR connections.\n"; - - foreach my $status (keys %connections) { - print "$status.label $status\n"; - print "$status.type GAUGE\n"; - print "$status.max 50000\n"; - print "$status.min 0\n"; - } - - exit 0; -} - -my $socket = IO::Socket::INET->new("$address:$port") - or die("Couldn't connect to $address port $port: $!"); - -my $msg = Authenticate($socket); -if (defined($msg)) { - print $socket "QUIT\r\n"; - close($socket); - die "$msg\n"; -} - -print $socket "GETINFO orconn-status\r\n"; -my $replyline = <$socket>; -if (substr($replyline, 0, 1) != '2') { - print $socket "QUIT\r\n"; - close($socket); - $replyline =~ s/\s*$//; - die "Failed to get orconn-status info: $replyline\n"; -} - -while (! (($replyline = <$socket>) =~ /^\.\s*$/)) { - my @reply = split(/\s+/, $replyline); - $connections{lc($reply[1])}++; -} -$replyline = <$socket>; -if (substr($replyline, 0, 1) != '2') { - print $socket "QUIT\r\n"; - close($socket); - $replyline =~ s/\s*$//; - die "Failed to authenticate: $replyline\n"; -} - -print $socket "QUIT\r\n"; -close($socket); - -while (my ($status, $count) = each(%connections)) { - print "$status.value $count\n"; -} - -exit 0; - -# vim:syntax=perl diff --git a/files/munin/tor_openfds b/files/munin/tor_openfds new file mode 100644 index 0000000..9c14852 --- /dev/null +++ b/files/munin/tor_openfds @@ -0,0 +1,38 @@ +#!/usr/bin/perl -w +# https://lists.torproject.org/pipermail/tor-talk/2006-June/010486.html + +use strict; + +# Script to monitor the amount of FDs used by +# the Tor process (var/run/tor/tor.pid) + +if ($ARGV[0] and $ARGV[0] =~ /^\s*config\s*$/i) +{ + print "graph_title Open file descriptors for Tor\n"; + print "graph_args --base 1000 -l 0\n"; + print "graph_vlabel open FDs\n"; + print "graph_category Tor\n"; + print "count.label TorFDs\n"; + exit 0; +} + +my $pidfile = "/var/run/tor/tor.pid"; +my $pid = ''; +if (-e $pidfile) { + open (PID, $pidfile) or exit 1; + $pid = <PID>; + close PID; +} else { + $pid = `pidof tor`; +} +chomp $pid; + +$pid =~ /^[0-9]+$/ or exit 1; + +opendir (FDS, "/proc/$pid/fd") or exit 1; +my @fds = readdir(FDS); +closedir FDS; + +my $count = scalar @fds - 2; + +print "count.value $count\n"; diff --git a/files/polipo/polipo.conf b/files/polipo/polipo.conf deleted file mode 100644 index 12b10c4..0000000 --- a/files/polipo/polipo.conf +++ /dev/null @@ -1,164 +0,0 @@ -# Polipo Configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf -# Managed by puppet. - -### Basic configuration -### ******************* - -# Uncomment one of these if you want to allow remote clients to -# connect: - -# proxyAddress = "::0" # both IPv4 and IPv6 -# proxyAddress = "0.0.0.0" # IPv4 only - -proxyAddress = "127.0.0.1" -proxyPort = 8118 - -# If you do that, you'll want to restrict the set of hosts allowed to -# connect: - -# allowedClients = "127.0.0.1, 134.157.168.57" -# allowedClients = "127.0.0.1, 134.157.168.0/24" - -allowedClients = 127.0.0.1 -allowedPorts = 1-65535 - -# Uncomment this if you want your Polipo to identify itself by -# something else than the host name: - -proxyName = "localhost" - -# Uncomment this if there's only one user using this instance of Polipo: - -cacheIsShared = false - -# Uncomment this if you want to use a parent proxy: - -# parentProxy = "squid.example.org:3128" - -# Uncomment this if you want to use a parent SOCKS proxy: - -socksParentProxy = "localhost:9050" -socksProxyType = socks5 - - -### Memory -### ****** - -# Uncomment this if you want Polipo to use a ridiculously small amount -# of memory (a hundred C-64 worth or so): - -# chunkHighMark = 819200 -# objectHighMark = 128 - -# Uncomment this if you've got plenty of memory: - -# chunkHighMark = 50331648 -# objectHighMark = 16384 - -chunkHighMark = 67108864 - -### On-disk data -### ************ - -# Uncomment this if you want to disable the on-disk cache: - -diskCacheRoot = "" - -# Uncomment this if you want to put the on-disk cache in a -# non-standard location: - -# diskCacheRoot = "~/.polipo-cache/" - -# Uncomment this if you want to disable the local web server: - -localDocumentRoot = "" - -# Uncomment this if you want to enable the pages under /polipo/index? -# and /polipo/servers?. This is a serious privacy leak if your proxy -# is shared. - -# disableIndexing = false -# disableServersList = false - -disableLocalInterface = true -disableConfiguration = true - -### Domain Name System -### ****************** - -# Uncomment this if you want to contact IPv4 hosts only (and make DNS -# queries somewhat faster): -# -# dnsQueryIPv6 = no - -# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for -# double-stack hosts: -# -# dnsQueryIPv6 = reluctantly - -# Uncomment this to disable Polipo's DNS resolver and use the system's -# default resolver instead. If you do that, Polipo will freeze during -# every DNS query: - -dnsUseGethostbyname = yes - - -### HTTP -### **** - -# Uncomment this if you want to enable detection of proxy loops. -# This will cause your hostname (or whatever you put into proxyName -# above) to be included in every request: - -disableVia = true - -# Uncomment this if you want to slightly reduce the amount of -# information that you leak about yourself: - -# censoredHeaders = from, accept-language -# censorReferer = maybe - -censoredHeaders = from,accept-language,x-pad,link -censorReferer = maybe - -# Uncomment this if you're paranoid. This will break a lot of sites, -# though: - -# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language -# censorReferer = true - -# Uncomment this if you want to use Poor Man's Multiplexing; increase -# the sizes if you're on a fast line. They should each amount to a few -# seconds' worth of transfer; if pmmSize is small, you'll want -# pmmFirstSize to be larger. - -# Note that PMM is somewhat unreliable. - -# pmmFirstSize = 16384 -# pmmSize = 8192 - -# Uncomment this if your user-agent does something reasonable with -# Warning headers (most don't): - -# relaxTransparency = maybe - -# Uncomment this if you never want to revalidate instances for which -# data is available (this is not a good idea): - -# relaxTransparency = yes - -# Uncomment this if you have no network: - -# proxyOffline = yes - -# Uncomment this if you want to avoid revalidating instances with a -# Vary header (this is not a good idea): - -# mindlesslyCacheVary = true - -# Suggestions from Incognito configuration -maxConnectionAge = 5m -maxConnectionRequests = 120 -serverMaxSlots = 8 -serverSlots = 2 -tunnelAllowedPorts = 1-65535 |