DNF in the time of NSA

Thanks to Michal Sherer, a big computer security enthusiast, the DNF users are now able to enhance the privacy and the security of their systems using Tor network for metadata and packages downloading. For those of you who are not familiar with the basic concepts of Tor networking there is a short introduction available on the project pages. Hiding your identity during the communication with mirrors reduces the ability of potential sniffing attacker to determine the exact applications and their versions used on your system and most likely secures your downloading from the attacks like quantum insert.

Since this feature has been introduced in DNF-1.1.6-1, it should be already available in your supported up to date Fedora installations and it can be enabled in the following four easy steps:

1, Installation

First of all, you have to install tor package from your distribution repository. You can do so via your favorite package manager by executing ‘dnf install tor', that will install tor and torsocks packages into your system.

2, Configuration of Tor

By default, the Tor SOCKS proxy is configured to run in a client mode listening on your localhost port 9050. This default configuration might be altered by editing the torsocks.conf file located inside /etc/tor/ directory.

3, Activation of Tor service

Start the Tor proxy by systemct start tor and enable it permanently by systemctl enable tor.  Check whether Tor service is up and properly running by systemct status tor .

4, Configuration of DNF

On the DNF side of configuration, the only required step is to simply add proxy=socks5h://127.0.0.1:9050 line into your /etc/dnf/dnf.conf. From this point, any upcoming DNF communication with remote servers will be routed through the Tor network.

P.S.: I guess that even more of Tor awesomeness is coming soon in DNF plugins extras.

 

One thought on “DNF in the time of NSA

  1. Hello Michal Sherer,
    I have been install DNF for seurity basis. I ever thanks for share new latest or updated program. Anyone can use it very easily. And i think eackone should try it to make sure to safe computer data or more others.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current day month ye@r *