install TOR on a centOS 7 server

Question

I have tried downloading TOR by following this article but I am getting 503 errors. So is there no other way to download TOR? Please can someone help me as I have to do a research project on it.

I am using a centOS server: CentOS Linux release 7.3.1611 (Core) but am getting the follwing errors,

[sam@xx etc]$ sudo yum install tor
[sudo] password for sam:
Loaded plugins: fastestmirror, langpacks
base                                                     | 3.6 kB     00:00
extras                                                   | 3.4 kB     00:00
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.
http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable
Trying other mirror.

Answer 1

Tor no longer recommends using their repo for CentoOS and to instead use epel repos. You'll just end up with a very old version out of their repos.

Instead do:

yum install epel-release
yum install tor

This will get you a current version of Tor managed by a repo. This is perfectly fine.

---

For CentOS, I have been self-compiling for a while. I have a hacky shell script I'm not yet willing to post here ;) but really it's just compiling Tor and OpenSSL. I'd still recommend using the epel-release since its more tested.

To try building Tor statically linked to OpenSSL yourself, grab a recent copy of OpenSSL (e.g. 1.1.1x), then grab the version of Tor you want to build (e.g. 0.4.1.6).

First you will need to install some prerequisites:

yum install -y \
gcc gcc-c++ \
zlib-devel \
perl-Module-Load-Conditional perl-Test-Harness \
libevent-devel \
libzstd-devel xz-devel \
libscrypt-devel libseccomp-devel

From OpenSSL source dir:

./config --prefix=/opt/openssl --openssldir=/opt/openssl \
-fPIC zlib-dynamic no-shared enable-ec_nistp_64_gcc_128
make
make test
make install

OpenSSL 1.1.1 note: Remove the no-shared option when building OpenSSL, otherwise Tor configuration will fail with an error that it can't find a linkable OpenSSL even though it is being built statically. Tor will still link a static OpenSSL but it seems to require the shared libraries to work. This appears to be fixed in 1.1.1c and later.

This installs OpenSSL to /opt/openssl so it doesn't interfere or replace the system's OpenSSL.

Then, build Tor:

./configure --prefix=/opt/tor-VERSION --sysconfdir=/etc --localstatedir=/var \
--enable-static-openssl --with-openssl-dir=/opt/openssl \
--with-tor-user=tor --with-tor-group=tor \
--enable-lzma --enable-zstd

make
make test
make install
unlink /usr/bin/tor && ln -s /opt/tor-VERSION/bin/tor /usr/bin/tor

The systemd service file I use is:

[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target

[Service]
Type=forking
PidFile=/var/run/tor/tor.pid
NotifyAccess=all
ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
ExecStart=/usr/bin/tor -f /etc/tor/torrc --RunAsDaemon 1
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutStartSec=120
TimeoutStopSec=60
Restart=on-failure
LimitNOFILE=65536

# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER

[Install]
WantedBy=multi-user.target