Pārlūkot izejas kodu

Fixing the IRC server

Bob Mottram 10 gadus atpakaļ
vecāks
revīzija
b83c031968
1 mainītis faili ar 211 papildinājumiem un 130 dzēšanām
  1. 211
    130
      beaglebone.txt

+ 211
- 130
beaglebone.txt Parādīt failu

@@ -3302,199 +3302,272 @@ Now visit your blog and follow the setup instructions, which are quite minimal.
3302 3302
 
3303 3303
 IRC is not an especially secure system.  For instance, even with the best encryption it's easily possible to imagine IRC-specific cribs which could be used by cryptanalytic systems.  However, we'll try to implement it in a manner which will at least give the surveillance aparatus something to ponder over.
3304 3304
 
3305
-Because hybrid doesn't support OpenSSL by default, you have to do a manual patch to get it working.
3306
-
3307 3305
 #+BEGIN_SRC: bash
3306
+adduser ircserver
3308 3307
 cd ~/build
3309
-mkdir hybrid
3310
-cd hybrid
3311
-apt-get update
3312
-apt-get install build-essential openssl libssl-dev debhelper dpatch docbook-to-man flex bison libpcre3-dev screen
3313
-apt-get source ircd-hybrid
3308
+wget http://freedombone.uk.to/ircd-hybrid-8.1.20.tgz
3314 3309
 #+END_SRC
3315 3310
 
3316
-To enable SSL
3311
+Verify the download.
3317 3312
 
3318 3313
 #+BEGIN_SRC: bash
3319
-editor ircd-hybrid-*/debian/rules
3314
+sha256sum ircd-hybrid-8.1.20.tgz
3315
+5570be89fa76b2712d7f08d6c828d613d201daed8c1064be7245fe10bdffa228
3320 3316
 #+END_SRC
3321 3317
 
3322
-At the top add:
3318
+Download Anope.
3323 3319
 
3324 3320
 #+BEGIN_SRC: bash
3325
-USE_OPENSSL = 1
3321
+wget http://freedombone.uk.to/anope-2.0.1-source.tar.gz
3326 3322
 #+END_SRC
3327 3323
 
3328
-So the file should looks like:
3324
+And verify it.
3329 3325
 
3330 3326
 #+BEGIN_SRC: bash
3331
-# ...
3332
-# Some useful stuff to edit here.
3333
-# Beware: TOPICLEN may not exceed 390.
3334
-NICKLEN = 15
3335
-TOPICLEN = 350
3336
-MAXCLIENTS = 200
3337
-USE_OPENSSL = 1
3338
-8# ...
3327
+sha256sum anope-2.0.1-source.tar.gz
3328
+539f603adc4f982e3a5ffd175ecb007aadc619a692409b3e9e1f7f15fb1288e6
3339 3329
 #+END_SRC
3340 3330
 
3341
-Save and exit, then rebuild the deb-file and install it:
3331
+Then compile and install them.
3342 3332
 
3343 3333
 #+BEGIN_SRC: bash
3344
-cd ircd-hybrid-*
3345
-dpkg-buildpackage -rfakeroot -uc -b
3346
-cd ..
3347
-dpkg -i ircd-hybrid_*.deb
3334
+apt-get install libssl-dev cmake
3335
+tar -xvf ircd-hybrid-8.1.20.tgz
3336
+tar -xvf anope-2.0.1-source.tar.gz
3337
+cd ~/build/ircd-hybrid-8.1.20
3338
+./configure -prefix="/home/ircserver/ircd"
3339
+make
3340
+make install
3341
+cd ~/build/anope-2.0.1-source
3342
+./Config
3348 3343
 #+END_SRC
3349 3344
 
3350
-Edit connect, listen and operator settings:
3345
+Answer the questions as follows:
3351 3346
 
3352 3347
 #+BEGIN_SRC: bash
3353
-editor /etc/ircd-hybrid/ircd.conf
3348
+In what directory do you want the binaries to be installed?
3349
+/home/ircserver/services
3350
+
3351
+Create it?
3352
+y
3353
+
3354
+Where do you want the data files to be installed?
3355
+/home/ircserver/services
3356
+
3357
+Which group should all Services data files be owned by?
3358
+ircserver
3359
+
3360
+What should the default umask for data files be (in octal)?
3361
+007
3362
+
3363
+Would you like to build a debug version of Anope?
3364
+n
3365
+
3366
+Would you like to utilize run-cc.pl?
3367
+n
3368
+
3369
+Do you want to build using precompiled headers?
3370
+n
3371
+
3372
+If you need no extra include directories.
3373
+NONE
3374
+
3375
+Are there any extra arguments you wish to pass to CMake?
3376
+NONE
3354 3377
 #+END_SRC
3355 3378
 
3356
-Edit the connect section.  Set *name* to the name of your server, and set a description.
3379
+Then build and install Anope.
3357 3380
 
3358
-#+BEGIN_SRC: c
3359
-connect {
3360
-        /* name: the name of the server */
3361
-        name = "myircdomainname.com";
3362
-Set a *network_name* and *network_desc*.
3363
-        /* host: the host or IP to connect to.  If a hostname is used it
3364
-         * must match the reverse dns of the server.
3365
-         */
3366
-        host = "127.0.0.1";
3381
+#+BEGIN_SRC: bash
3382
+cd build
3383
+make
3384
+make install
3385
+cd /home/ircserver/ircd/etc
3386
+cp reference.conf ircd.conf
3367 3387
 #+END_SRC
3368 3388
 
3369
-Set max_clients to 20.
3389
+Create some ssl certificates:
3370 3390
 
3371
-#+BEGIN_SRC: c
3372
-        /* passwords: the passwords we send (OLD C:) and accept (OLD N:).
3373
-         * The remote server will have these passwords reversed.
3374
-         */
3375
-        send_password = "password";
3376
-        accept_password = "password";
3391
+#+BEGIN_SRC: bash
3392
+mkdir /home/ircserver/ircd/ssl
3393
+openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
3394
+openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
3377 3395
 #+END_SRC
3378 3396
 
3379
-Within the admin section set your *name* and *email*.
3397
+You will be asked for some details. The next step will take a few minutes to gather entropy, so go and do something else.
3398
+
3399
+#+BEGIN_SRC: bash
3400
+openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
3401
+#+END_SRC
3380 3402
 
3381
-Enable compression.
3403
+Now alter the permissions on the files so that they're accessible to the /ircserver/ user:
3382 3404
 
3383
-#+BEGIN_SRC: c
3384
-        /* compressed: controls whether traffic is compressed via ziplinks.
3385
-         * By default this is disabled
3386
-         */
3387
-        compressed = yes;
3388
-};
3405
+#+BEGIN_SRC: bash
3406
+chmod 600 /home/ircserver/ircd/ssl/ircd.key
3407
+chmod 600 /home/ircserver/ircd/ssl/ircd.pem
3408
+chmod 600 /home/ircserver/ircd/ssl/dhparam.pem
3409
+chown -R ircserver:ircserver /home/ircserver/ircd
3410
+chown -R ircserver:ircserver /home/ircserver/services
3389 3411
 #+END_SRC
3390 3412
 
3391
-Within the *listen* section set host to your fixed IP address (in the earlier sections it was 192.168.1.60).
3413
+Now edit the configuration:
3392 3414
 
3393
-#+BEGIN_SRC: c
3394
-/* listen {}: contain information about the ports ircd listens on (OLD P:) */
3395
-listen {
3396
-/* port: the specific port to listen on. if no host is specified
3397
- * before, it will listen on all available IPs.
3398
- *
3399
- * ports are seperated via a comma, a range may be specified using ".."
3400
- */
3415
+#+BEGIN_SRC: bash
3416
+editor /home/ircserver/ircd/etc/ircd.conf
3417
+#+END_SRC
3418
+
3419
+Comment out:
3420
+
3421
+#+BEGIN_SRC: bash
3422
+// havent_read_conf = 1;
3423
+// flags = need_ident;
3424
+#+END_SRC
3401 3425
 
3402
-/* port: listen on all available IPs, ports 6665 to 6669 */
3403
-host = "127.0.0.1";
3404
-port = 6665 .. 6669;
3426
+Uncomment and change the following lines:
3405 3427
 
3406
-/* sslport: ports to accept ONLY ssl connections on */
3407
-flags = ssl;
3408
-port = 6697
3409
-};
3428
+#+BEGIN_SRC: bash
3429
+rsa_private_key_file = "/home/ircserver/ircd/ssl/ircd.key";
3430
+ssl_certificate_file = "/home/ircserver/ircd/ssl/ircd.pem";
3431
+ssl_dh_param_file = "/home/ircserver/ircd/ssl/dhparam.pem";
3410 3432
 #+END_SRC
3411 3433
 
3412
-Generate a password for the IRC operator using mkpasswd tool.
3434
+Above the ssl parameters set *network_name* to your domain name.
3435
+
3436
+Uncomment:
3413 3437
 
3414 3438
 #+BEGIN_SRC: bash
3415
-mkpasswd -Hmd5
3439
+ssl_server_method = tldv1, sslv3;
3416 3440
 #+END_SRC
3417 3441
 
3418
-Search for operator block and change it to look like this, including the password which you just generated:
3442
+Within the *operator* section (line 424):
3419 3443
 
3420
-#+BEGIN_SRC: c
3421
-# ...
3422
-operator {
3423
-/* name: the name of the oper */
3424
-name = "root";
3444
+#+BEGIN_SRC: bash
3445
+name = "myusername";
3446
+user = "*@192.168.1.*";
3447
+password = "mypassword";
3448
+encrypted = no;
3449
+#+END_SRC
3425 3450
 
3426
-/* user: the user@host required for this operator. CIDR is not
3427
- * supported. multiple user="" lines are supported.
3428
- */
3429
-user = "*@*";
3451
+Within the *connect* section (line 555):
3430 3452
 
3431
-/* password: the password required to oper. By default this will
3432
- * need to be encrypted using '/usr/bin/mkpasswd'.
3433
- * WARNING: Please do not mix up the 'mkpasswd' program from
3434
- * /usr/sbin with this one. If you are root, typing 'mkpasswd'
3435
- * will run that one instead and you will receive a strange error.
3436
- *
3437
- * MD5 is supported. If you want to use it, use mkpasswd -Hmd5.
3438
- */
3439
-password = "#MD5 PASSWORD HERE#";
3440
-# ...
3453
+#+BEGIN_SRC: bash
3454
+name = "mydomainname.com";
3455
+host = "192.168.1.60";
3456
+vhost = "192.168.1.60";
3457
+send_password = "mysendacceptpassword";
3458
+accept_password = "mysendacceptpassword";
3441 3459
 #+END_SRC
3442 3460
 
3443
-Within the *auth* section set user = "*@192.168.1.60" - or whatever the fixed IP address of the BBB is on your network.
3461
+And within the *service* section:
3462
+
3463
+#+BEGIN_SRC: bash
3464
+name = "mydomainname.com";
3465
+#+END_SRC
3466
+
3467
+Within the serverinfo section change *name*, *network_name* and *network_desc* to a name and description for your IRC server. To avoid confusion you could make the name and network name the same as your domain name.
3468
+
3469
+Change *max_clients* to 20, or a number which is sufficient for the number of simultaneous users you expect.
3444 3470
 
3445 3471
 Save and exit.
3446 3472
 
3447
-#+BEGIN_SRC: c
3448
-service ircd-hybrid restart
3473
+#+BEGIN_SRC: bash
3474
+cd /home/ircserver/services/conf
3475
+cp example.conf services.conf
3476
+editor services.conf
3449 3477
 #+END_SRC
3450 3478
 
3451
-Now open ports 6665 to 6669 on your internet router/firewall.
3479
+Set the following, replacing /operatorpassword/ with a password which will be used to manage your IRC channels, /mydomainname.com/ with your domain name and /myusername/ with your username:
3452 3480
 
3453
-After connecting to IRC server you should see something like this:
3481
+Within the *module* section set *name* to "hybrid".
3482
+
3483
+Within the *uplink* section set *password* to the /sendacceptpassword/.
3484
+
3485
+Uncomment *#oper* and *name* underneath it, and change the name to your username.
3486
+
3487
+Save and exit, then create a daemon.
3454 3488
 
3455 3489
 #+BEGIN_SRC: bash
3456
-23:50 -!- - hybrid7.debian.local Message of the Day -
3457
-23:50 -!- -         _,met$$$$$gg.       ircd-hybrid 7.2.2
3458
-23:50 -!- -      ,g$$$$$$$$$$$$$$$P.    -----------------
3459
-23:50 -!- -    ,g$$P""       """Y$$.".
3460
-23:50 -!- -   ,$$P'              `$$$.  If you are seeing this, you have
3461
-23:50 -!- - ',$$P       ,ggs.     `$$b: installed the ircd-hybrid package and
3462
-23:50 -!- - `d$$'     ,$P"'   .    $$$  you are now connected to your new IRC
3463
-23:50 -!- -  $$P      d$'     ,    $$P  server -- congratulations.
3464
-23:50 -!- -  $$:      $$.   -    ,d$$'
3465
-23:50 -!- -  $$;      Y$b._   _,d$P'    Since you have just installed the
3466
-23:50 -!- -  Y$$.    `.`"Y$$$$P"'       package, there are some things you
3467
-23:50 -!- -  `$$b      "-.__            should do before going any further:
3468
-23:50 -!- -   `Y$$b
3469
-23:50 -!- -    `Y$$.                    1. Edit /etc/ircd-hybrid/ircd.conf to
3470
-23:50 -!- -      `$$b.                  suit your needs. Beware some options have
3471
-23:50 -!- -        `Y$$b.               been removed or moved into other blocks in
3472
-23:50 -!- -          `"Y$b._            the configuration file since
3473
-23:50 -!- -             `""""           ircd-hybrid 7.0.3.
3474
-23:50 -!- -
3475
-23:50 -!- -                             2. Edit /etc/ircd-hybrid/ircd.motd (this
3476
-23:50 -!- -                             MOTD) to suit your needs. You are free
3477
-23:50 -!- -                             to use this Debian swirl under the
3478
-23:50 -!- -                             Debian Open Use Logo License. :)
3479
-23:50 -!- -
3480
-23:50 -!- -                             3. Restart the server using invoke-rc.d
3481
-23:50 -!- -                             ircd-hybrid restart.
3482
-23:50 -!- -
3483
-23:50 -!- End of /MOTD command.
3490
+editor /etc/init.d/ircd-hybrid
3484 3491
 #+END_SRC
3485 3492
 
3486
-If necessary you can change the message of the day with:
3493
+Add the following:
3487 3494
 
3488 3495
 #+BEGIN_SRC: bash
3489
-editor /etc/ircd-hybrid/ircd.motd
3496
+#!/bin/bash
3497
+# /etc/init.d/ircd-hybrid
3498
+
3499
+### BEGIN INIT INFO
3500
+# Provides:          ircd-hybrid
3501
+# Required-Start:    $remote_fs $syslog
3502
+# Required-Stop:     $remote_fs $syslog
3503
+# Default-Start:     2 3 4 5
3504
+# Default-Stop:      0 1 6
3505
+# Short-Description: starts irc server
3506
+# Description:       starts irc server
3507
+### END INIT INFO
3508
+
3509
+# Author: Bob Mottram <bob@robotics.uk.to>
3510
+
3511
+#Settings
3512
+SERVICE='ircd-hybrid'
3513
+COMMAND='ircd'
3514
+USER='ircserver'
3515
+NICELEVEL=19 # from 0-19 the bigger the number, the less the impact on system resources
3516
+HISTORY=1024
3517
+INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
3518
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin:/home/ircserver/ircd/sbin:/home/ircserver/ircd/bin'
3519
+
3520
+
3521
+irc_start() {
3522
+echo "Starting $SERVICE..."
3523
+cd /home/$USER/ircd
3524
+su --command "bin/$COMMAND" $USER
3525
+su --command "/home/$USER/services/bin/services" $USER
3526
+}
3527
+
3528
+
3529
+irc_stop() {
3530
+echo "Stopping $SERVICE"
3531
+killall -15 $COMMAND
3532
+killall -15 $USER
3533
+}
3534
+
3535
+
3536
+#Start-Stop here
3537
+case "$1" in
3538
+  start)
3539
+    irc_start
3540
+    ;;
3541
+  stop)
3542
+    irc_stop
3543
+    ;;
3544
+  restart)
3545
+    irc_stop
3546
+    sleep 10s
3547
+    irc_start
3548
+    ;;
3549
+    *)
3550
+  echo "Usage: $0 {start|stop|restart}"
3551
+  exit 1
3552
+  ;;
3553
+esac
3554
+
3555
+exit 0
3490 3556
 #+END_SRC
3491 3557
 
3492
-The restart the irc server.
3558
+Save and exit, then start the daemon.
3493 3559
 
3494 3560
 #+BEGIN_SRC: bash
3561
+chmod +x /etc/init.d/ircd-hybrid
3562
+update-rc.d ircd-hybrid defaults
3495 3563
 service ircd-hybrid start
3496 3564
 #+END_SRC
3497 3565
 
3566
+NOTE: to debug anope
3567
+su - ircserver
3568
+cd ~/services/bin
3569
+./services -debug -nofork
3570
+
3498 3571
 *** Channel management
3499 3572
 
3500 3573
 To to install channel management tools.
@@ -7519,10 +7592,18 @@ chown prosody:prosody /etc/ssl/certs/xmpp.crt
7519 7592
 And regenerate the IRC server keys:
7520 7593
 
7521 7594
 #+BEGIN_SRC: bash
7522
-openssl genrsa -out /etc/ircd-hybrid/key/ircd.key 4096
7523
-openssl req -new -x509 -key /etc/ircd-hybrid/key/ircd.key -out /etc/ircd-hybrid/key/ircd.pem -days 3650
7524
-chmod 600 /etc/ircd-hybrid/key/ircd.key
7525
-chmod 600 /etc/ircd-hybrid/key/ircd.pem
7595
+openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
7596
+openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
7597
+openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
7598
+#+END_SRC
7599
+
7600
+This will take a few minutes to gather entropy.
7601
+
7602
+#+BEGIN_SRC: bash
7603
+chmod 600 /home/ircserver/ircd/ssl/ircd.key
7604
+chmod 600 /home/ircserver/ircd/ssl/ircd.pem
7605
+chmod 600 /home/ircserver/ircd/ssl/dhparam.pem
7606
+chown -R ircserver:ircserver /home/ircserver/ircd/ssl
7526 7607
 #+END_SRC
7527 7608
 
7528 7609
 Regenerate email certificate.