arm (anonymizing relay monitor) - Terminal status monitor for Tor relays.
Developed by Damian Johnson (www.atagar.com - atagar1@gmail.com)
All code under the GPL v3 (http://www.gnu.org/licenses/gpl.html)
Project page: www.atagar.com/arm

Description:
Command line application for monitoring Tor relays, providing real time status
information such as the current configuration, bandwidth usage, message log,
connections, etc. This uses a curses interface much like 'top' does for system
usage. The application is intended for command-line aficionados, ssh
connections, and anyone stuck with a tty terminal for checking their relay's
status. Releases should be stable so if you manage to make it crash (or have a
feature request) then please let me know!

The project was originally proposed in 2008 by Jacob and Karsten:
  http://archives.seul.org/or/dev/Jan-2008/msg00005.html

An interview by Brenno Winter discussing the project is available at:
  http://www.atagar.com/arm/HFM_INT_0001.mp3

Requirements:
Python 2.5
TorCtl (this is included with arm)
Tor is running with an available control port. This means either...
  ... starting Tor with '--controlport <PORT>'
  ... or including 'ControlPort <PORT>' in your torrc

It's also highly suggested for the control port to require authentication.
This can be done either with a cookie or password:
  * Cookie Authentication - Controllers authenticate to Tor by providing the
    contents of the control_auth_cookie file. To set this up...
    - add "CookieAuthentication 1" to your torrc
    - either restart Tor or run "pkill -sighup tor"
    - this method of authentication is automatically handled by arm, so you
      can still start arm as you normally would
  
  * Password Authentication - Attaching to the control port requires a
    password. To set this up...
    - run "tor --hash-password <your password>"
    - add "HashedControlPassword <hashed password>" to your torrc
    - either restart Tor or run "pkill -sighup tor"
    - when starting up arm will prompt you for this password

For full functionality this also needs:
- To be ran with the same user as tor to avoid permission issues with
  connection resolution and reading the torrc.

- Common *nix commands including:
    * ps
    * a method of connection resolution (any of the following):
      * sockstat
      * netstat
      * ss
      * lsof
      * procstat
    * tail
    * pwdx
    * ulimit
    * pgrep or pidof
    * host (if dns lookups are enabled)

This is started via 'arm' (use the '--help' argument for usage).

-------------------------------------------------------------------------------

FAQ:
> Why is it called 'arm'?

Simple - because it makes the command short and memorable. Terminal
applications need to be easy to type (like 'top', 'ssh', etc), and anything
longer is just begging command-line aficionados to alias it down. I chose the
meaning of the acronym ('anonymizing relay monitor') afterward.

> If you're listing connections then what about exit nodes? Won't this include 
people's traffic?

No. Potential client and exit connections are specifically scrubbed of
identifying information. Be aware that it's highly discouraged for relay
operators to fetch this data, so please don't.

> Is it harmful to share the information provided by arm?

Not really, but it's discouraged. The original plan for arm included a special
emphasis that it wouldn't log any data. The reason is that if a large number of
relay operators published the details of their connections then correlation
attacks could break Tor user's anonymity. Just show some moderation in what you
share and it should be fine.

> Is there any chance that arm will leak data?

Not by default, arm is a passive listener with one exception. The second page
(connections) provides the hostnames of Tor relays you're connected to. This
means reverse DNS lookups which, if monitored, could leak your current
connections to an eavesdropper. However, this is disabled by default and
lookups are only made upon request (when showing connection details or listing
connections by hostname). See the page's help for how to enable lookups.

That said, this is not a terribly big whoop. ISPs and anyone sniffing your
connection already have this data - the only difference is that instead of
saying "I am talking to x" you're saying "I'm talking to x, who's x?", meaning
the resolver's also aware of who they are.

> When arm starts it gives "Unable to resolve tor pid, abandoning connection 
listing"... why?

If you're running multiple instances of tor then arm needs to figure out which
pid belongs to the open control port. If it's running as a different user (such
as being in a chroot jail) then it's probably failing due to permission issues.
Arm still runs, just no connection listing or ps stats.

> The bandwidth graph showing up

Some terminals, most notably screen sessions on Gentoo, appear to have a bug
where highlighted spaces aren't rendered. A reported workaround is to set:
  TERM="rxvt-unicode"

-------------------------------------------------------------------------------

Layout:

./
  arm     - startup script
  install - installation script
  
  arm.1        - man page
  armrc.sample - example arm configuration file with defaults
  ChangeLog    - revision history
  LICENSE      - copy of the gpl v3
  README       - um... guess you figured this one out
  setup.py     - distutils installation script for arm
  
  src/
    __init__.py
    starter.py        - parses and validates commandline parameters
    prereq.py         - checks python version and for required packages
    version.py        - version and last modified information
    test.py           - method for starting tests and demos
    settings.cfg      - attributes loaded for parsing tor related data
    torConfigDesc.txt - fallback descriptions of Tor's configuration options
    uninstall         - removal script
    
    interface/
      connections/
        __init__.py
        connPanel.py      - (page 2) lists the active tor connections
        circEntry.py      - circuit entries in the connection panel
        connEntry.py      - individual connections to or from the system
        entries.py        - common parent for connPanel display entries
      
      graphing/
        __init__.py
        graphPanel.py     - (page 1) presents graphs for data instances
        bandwidthStats.py - tracks tor bandwidth usage
        psStats.py        - tracks system information (such as cpu/memory usage)
        connStats.py      - tracks number of tor connections
      
      __init__.py
      controller.py          - main display loop, handling input and layout
      headerPanel.py         - top of all pages, providing general information
      
      logPanel.py            - (page 1) displays tor, arm, and torctl events
      fileDescriptorPopup.py - (popup) displays file descriptors used by tor
      
      connPanel.py           - (page 2) deprecated counterpart for connections/*
      descriptorPopup.py     - (popup) displays connection descriptor data
      
      configPanel.py         - (page 3) editor panel for the tor configuration
      torrcPanel.py          - (page 4) displays torrc and validation
    
    util/
      __init__.py
      conf.py        - loading and persistence for user configuration
      connections.py - service providing periodic connection lookups
      enum.py        - enumerations for ordered collections
      hostnames.py   - service providing nonblocking reverse dns lookups
      log.py         - aggregator for application events
      panel.py       - wrapper for safely working with curses subwindows
      procTools.py   - queries process & system information from /proc contents
      sysTools.py    - helper for system calls, providing client side caching
      torConfig.py   - functions for working with the torrc and config options
      torTools.py    - TorCtl wrapper, providing caching and derived information
      uiTools.py     - helper functions for presenting the user interface

