|
@@ -3302,199 +3302,272 @@ Now visit your blog and follow the setup instructions, which are quite minimal.
|
3302
|
3302
|
|
3303
|
3303
|
IRC is not an especially secure system. For instance, even with the best encryption it's easily possible to imagine IRC-specific cribs which could be used by cryptanalytic systems. However, we'll try to implement it in a manner which will at least give the surveillance aparatus something to ponder over.
|
3304
|
3304
|
|
3305
|
|
-Because hybrid doesn't support OpenSSL by default, you have to do a manual patch to get it working.
|
3306
|
|
-
|
3307
|
3305
|
#+BEGIN_SRC: bash
|
|
3306
|
+adduser ircserver
|
3308
|
3307
|
cd ~/build
|
3309
|
|
-mkdir hybrid
|
3310
|
|
-cd hybrid
|
3311
|
|
-apt-get update
|
3312
|
|
-apt-get install build-essential openssl libssl-dev debhelper dpatch docbook-to-man flex bison libpcre3-dev screen
|
3313
|
|
-apt-get source ircd-hybrid
|
|
3308
|
+wget http://freedombone.uk.to/ircd-hybrid-8.1.20.tgz
|
3314
|
3309
|
#+END_SRC
|
3315
|
3310
|
|
3316
|
|
-To enable SSL
|
|
3311
|
+Verify the download.
|
3317
|
3312
|
|
3318
|
3313
|
#+BEGIN_SRC: bash
|
3319
|
|
-editor ircd-hybrid-*/debian/rules
|
|
3314
|
+sha256sum ircd-hybrid-8.1.20.tgz
|
|
3315
|
+5570be89fa76b2712d7f08d6c828d613d201daed8c1064be7245fe10bdffa228
|
3320
|
3316
|
#+END_SRC
|
3321
|
3317
|
|
3322
|
|
-At the top add:
|
|
3318
|
+Download Anope.
|
3323
|
3319
|
|
3324
|
3320
|
#+BEGIN_SRC: bash
|
3325
|
|
-USE_OPENSSL = 1
|
|
3321
|
+wget http://freedombone.uk.to/anope-2.0.1-source.tar.gz
|
3326
|
3322
|
#+END_SRC
|
3327
|
3323
|
|
3328
|
|
-So the file should looks like:
|
|
3324
|
+And verify it.
|
3329
|
3325
|
|
3330
|
3326
|
#+BEGIN_SRC: bash
|
3331
|
|
-# ...
|
3332
|
|
-# Some useful stuff to edit here.
|
3333
|
|
-# Beware: TOPICLEN may not exceed 390.
|
3334
|
|
-NICKLEN = 15
|
3335
|
|
-TOPICLEN = 350
|
3336
|
|
-MAXCLIENTS = 200
|
3337
|
|
-USE_OPENSSL = 1
|
3338
|
|
-8# ...
|
|
3327
|
+sha256sum anope-2.0.1-source.tar.gz
|
|
3328
|
+539f603adc4f982e3a5ffd175ecb007aadc619a692409b3e9e1f7f15fb1288e6
|
3339
|
3329
|
#+END_SRC
|
3340
|
3330
|
|
3341
|
|
-Save and exit, then rebuild the deb-file and install it:
|
|
3331
|
+Then compile and install them.
|
3342
|
3332
|
|
3343
|
3333
|
#+BEGIN_SRC: bash
|
3344
|
|
-cd ircd-hybrid-*
|
3345
|
|
-dpkg-buildpackage -rfakeroot -uc -b
|
3346
|
|
-cd ..
|
3347
|
|
-dpkg -i ircd-hybrid_*.deb
|
|
3334
|
+apt-get install libssl-dev cmake
|
|
3335
|
+tar -xvf ircd-hybrid-8.1.20.tgz
|
|
3336
|
+tar -xvf anope-2.0.1-source.tar.gz
|
|
3337
|
+cd ~/build/ircd-hybrid-8.1.20
|
|
3338
|
+./configure -prefix="/home/ircserver/ircd"
|
|
3339
|
+make
|
|
3340
|
+make install
|
|
3341
|
+cd ~/build/anope-2.0.1-source
|
|
3342
|
+./Config
|
3348
|
3343
|
#+END_SRC
|
3349
|
3344
|
|
3350
|
|
-Edit connect, listen and operator settings:
|
|
3345
|
+Answer the questions as follows:
|
3351
|
3346
|
|
3352
|
3347
|
#+BEGIN_SRC: bash
|
3353
|
|
-editor /etc/ircd-hybrid/ircd.conf
|
|
3348
|
+In what directory do you want the binaries to be installed?
|
|
3349
|
+/home/ircserver/services
|
|
3350
|
+
|
|
3351
|
+Create it?
|
|
3352
|
+y
|
|
3353
|
+
|
|
3354
|
+Where do you want the data files to be installed?
|
|
3355
|
+/home/ircserver/services
|
|
3356
|
+
|
|
3357
|
+Which group should all Services data files be owned by?
|
|
3358
|
+ircserver
|
|
3359
|
+
|
|
3360
|
+What should the default umask for data files be (in octal)?
|
|
3361
|
+007
|
|
3362
|
+
|
|
3363
|
+Would you like to build a debug version of Anope?
|
|
3364
|
+n
|
|
3365
|
+
|
|
3366
|
+Would you like to utilize run-cc.pl?
|
|
3367
|
+n
|
|
3368
|
+
|
|
3369
|
+Do you want to build using precompiled headers?
|
|
3370
|
+n
|
|
3371
|
+
|
|
3372
|
+If you need no extra include directories.
|
|
3373
|
+NONE
|
|
3374
|
+
|
|
3375
|
+Are there any extra arguments you wish to pass to CMake?
|
|
3376
|
+NONE
|
3354
|
3377
|
#+END_SRC
|
3355
|
3378
|
|
3356
|
|
-Edit the connect section. Set *name* to the name of your server, and set a description.
|
|
3379
|
+Then build and install Anope.
|
3357
|
3380
|
|
3358
|
|
-#+BEGIN_SRC: c
|
3359
|
|
-connect {
|
3360
|
|
- /* name: the name of the server */
|
3361
|
|
- name = "myircdomainname.com";
|
3362
|
|
-Set a *network_name* and *network_desc*.
|
3363
|
|
- /* host: the host or IP to connect to. If a hostname is used it
|
3364
|
|
- * must match the reverse dns of the server.
|
3365
|
|
- */
|
3366
|
|
- host = "127.0.0.1";
|
|
3381
|
+#+BEGIN_SRC: bash
|
|
3382
|
+cd build
|
|
3383
|
+make
|
|
3384
|
+make install
|
|
3385
|
+cd /home/ircserver/ircd/etc
|
|
3386
|
+cp reference.conf ircd.conf
|
3367
|
3387
|
#+END_SRC
|
3368
|
3388
|
|
3369
|
|
-Set max_clients to 20.
|
|
3389
|
+Create some ssl certificates:
|
3370
|
3390
|
|
3371
|
|
-#+BEGIN_SRC: c
|
3372
|
|
- /* passwords: the passwords we send (OLD C:) and accept (OLD N:).
|
3373
|
|
- * The remote server will have these passwords reversed.
|
3374
|
|
- */
|
3375
|
|
- send_password = "password";
|
3376
|
|
- accept_password = "password";
|
|
3391
|
+#+BEGIN_SRC: bash
|
|
3392
|
+mkdir /home/ircserver/ircd/ssl
|
|
3393
|
+openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
|
|
3394
|
+openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
|
3377
|
3395
|
#+END_SRC
|
3378
|
3396
|
|
3379
|
|
-Within the admin section set your *name* and *email*.
|
|
3397
|
+You will be asked for some details. The next step will take a few minutes to gather entropy, so go and do something else.
|
|
3398
|
+
|
|
3399
|
+#+BEGIN_SRC: bash
|
|
3400
|
+openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
|
|
3401
|
+#+END_SRC
|
3380
|
3402
|
|
3381
|
|
-Enable compression.
|
|
3403
|
+Now alter the permissions on the files so that they're accessible to the /ircserver/ user:
|
3382
|
3404
|
|
3383
|
|
-#+BEGIN_SRC: c
|
3384
|
|
- /* compressed: controls whether traffic is compressed via ziplinks.
|
3385
|
|
- * By default this is disabled
|
3386
|
|
- */
|
3387
|
|
- compressed = yes;
|
3388
|
|
-};
|
|
3405
|
+#+BEGIN_SRC: bash
|
|
3406
|
+chmod 600 /home/ircserver/ircd/ssl/ircd.key
|
|
3407
|
+chmod 600 /home/ircserver/ircd/ssl/ircd.pem
|
|
3408
|
+chmod 600 /home/ircserver/ircd/ssl/dhparam.pem
|
|
3409
|
+chown -R ircserver:ircserver /home/ircserver/ircd
|
|
3410
|
+chown -R ircserver:ircserver /home/ircserver/services
|
3389
|
3411
|
#+END_SRC
|
3390
|
3412
|
|
3391
|
|
-Within the *listen* section set host to your fixed IP address (in the earlier sections it was 192.168.1.60).
|
|
3413
|
+Now edit the configuration:
|
3392
|
3414
|
|
3393
|
|
-#+BEGIN_SRC: c
|
3394
|
|
-/* listen {}: contain information about the ports ircd listens on (OLD P:) */
|
3395
|
|
-listen {
|
3396
|
|
-/* port: the specific port to listen on. if no host is specified
|
3397
|
|
- * before, it will listen on all available IPs.
|
3398
|
|
- *
|
3399
|
|
- * ports are seperated via a comma, a range may be specified using ".."
|
3400
|
|
- */
|
|
3415
|
+#+BEGIN_SRC: bash
|
|
3416
|
+editor /home/ircserver/ircd/etc/ircd.conf
|
|
3417
|
+#+END_SRC
|
|
3418
|
+
|
|
3419
|
+Comment out:
|
|
3420
|
+
|
|
3421
|
+#+BEGIN_SRC: bash
|
|
3422
|
+// havent_read_conf = 1;
|
|
3423
|
+// flags = need_ident;
|
|
3424
|
+#+END_SRC
|
3401
|
3425
|
|
3402
|
|
-/* port: listen on all available IPs, ports 6665 to 6669 */
|
3403
|
|
-host = "127.0.0.1";
|
3404
|
|
-port = 6665 .. 6669;
|
|
3426
|
+Uncomment and change the following lines:
|
3405
|
3427
|
|
3406
|
|
-/* sslport: ports to accept ONLY ssl connections on */
|
3407
|
|
-flags = ssl;
|
3408
|
|
-port = 6697
|
3409
|
|
-};
|
|
3428
|
+#+BEGIN_SRC: bash
|
|
3429
|
+rsa_private_key_file = "/home/ircserver/ircd/ssl/ircd.key";
|
|
3430
|
+ssl_certificate_file = "/home/ircserver/ircd/ssl/ircd.pem";
|
|
3431
|
+ssl_dh_param_file = "/home/ircserver/ircd/ssl/dhparam.pem";
|
3410
|
3432
|
#+END_SRC
|
3411
|
3433
|
|
3412
|
|
-Generate a password for the IRC operator using mkpasswd tool.
|
|
3434
|
+Above the ssl parameters set *network_name* to your domain name.
|
|
3435
|
+
|
|
3436
|
+Uncomment:
|
3413
|
3437
|
|
3414
|
3438
|
#+BEGIN_SRC: bash
|
3415
|
|
-mkpasswd -Hmd5
|
|
3439
|
+ssl_server_method = tldv1, sslv3;
|
3416
|
3440
|
#+END_SRC
|
3417
|
3441
|
|
3418
|
|
-Search for operator block and change it to look like this, including the password which you just generated:
|
|
3442
|
+Within the *operator* section (line 424):
|
3419
|
3443
|
|
3420
|
|
-#+BEGIN_SRC: c
|
3421
|
|
-# ...
|
3422
|
|
-operator {
|
3423
|
|
-/* name: the name of the oper */
|
3424
|
|
-name = "root";
|
|
3444
|
+#+BEGIN_SRC: bash
|
|
3445
|
+name = "myusername";
|
|
3446
|
+user = "*@192.168.1.*";
|
|
3447
|
+password = "mypassword";
|
|
3448
|
+encrypted = no;
|
|
3449
|
+#+END_SRC
|
3425
|
3450
|
|
3426
|
|
-/* user: the user@host required for this operator. CIDR is not
|
3427
|
|
- * supported. multiple user="" lines are supported.
|
3428
|
|
- */
|
3429
|
|
-user = "*@*";
|
|
3451
|
+Within the *connect* section (line 555):
|
3430
|
3452
|
|
3431
|
|
-/* password: the password required to oper. By default this will
|
3432
|
|
- * need to be encrypted using '/usr/bin/mkpasswd'.
|
3433
|
|
- * WARNING: Please do not mix up the 'mkpasswd' program from
|
3434
|
|
- * /usr/sbin with this one. If you are root, typing 'mkpasswd'
|
3435
|
|
- * will run that one instead and you will receive a strange error.
|
3436
|
|
- *
|
3437
|
|
- * MD5 is supported. If you want to use it, use mkpasswd -Hmd5.
|
3438
|
|
- */
|
3439
|
|
-password = "#MD5 PASSWORD HERE#";
|
3440
|
|
-# ...
|
|
3453
|
+#+BEGIN_SRC: bash
|
|
3454
|
+name = "mydomainname.com";
|
|
3455
|
+host = "192.168.1.60";
|
|
3456
|
+vhost = "192.168.1.60";
|
|
3457
|
+send_password = "mysendacceptpassword";
|
|
3458
|
+accept_password = "mysendacceptpassword";
|
3441
|
3459
|
#+END_SRC
|
3442
|
3460
|
|
3443
|
|
-Within the *auth* section set user = "*@192.168.1.60" - or whatever the fixed IP address of the BBB is on your network.
|
|
3461
|
+And within the *service* section:
|
|
3462
|
+
|
|
3463
|
+#+BEGIN_SRC: bash
|
|
3464
|
+name = "mydomainname.com";
|
|
3465
|
+#+END_SRC
|
|
3466
|
+
|
|
3467
|
+Within the serverinfo section change *name*, *network_name* and *network_desc* to a name and description for your IRC server. To avoid confusion you could make the name and network name the same as your domain name.
|
|
3468
|
+
|
|
3469
|
+Change *max_clients* to 20, or a number which is sufficient for the number of simultaneous users you expect.
|
3444
|
3470
|
|
3445
|
3471
|
Save and exit.
|
3446
|
3472
|
|
3447
|
|
-#+BEGIN_SRC: c
|
3448
|
|
-service ircd-hybrid restart
|
|
3473
|
+#+BEGIN_SRC: bash
|
|
3474
|
+cd /home/ircserver/services/conf
|
|
3475
|
+cp example.conf services.conf
|
|
3476
|
+editor services.conf
|
3449
|
3477
|
#+END_SRC
|
3450
|
3478
|
|
3451
|
|
-Now open ports 6665 to 6669 on your internet router/firewall.
|
|
3479
|
+Set the following, replacing /operatorpassword/ with a password which will be used to manage your IRC channels, /mydomainname.com/ with your domain name and /myusername/ with your username:
|
3452
|
3480
|
|
3453
|
|
-After connecting to IRC server you should see something like this:
|
|
3481
|
+Within the *module* section set *name* to "hybrid".
|
|
3482
|
+
|
|
3483
|
+Within the *uplink* section set *password* to the /sendacceptpassword/.
|
|
3484
|
+
|
|
3485
|
+Uncomment *#oper* and *name* underneath it, and change the name to your username.
|
|
3486
|
+
|
|
3487
|
+Save and exit, then create a daemon.
|
3454
|
3488
|
|
3455
|
3489
|
#+BEGIN_SRC: bash
|
3456
|
|
-23:50 -!- - hybrid7.debian.local Message of the Day -
|
3457
|
|
-23:50 -!- - _,met$$$$$gg. ircd-hybrid 7.2.2
|
3458
|
|
-23:50 -!- - ,g$$$$$$$$$$$$$$$P. -----------------
|
3459
|
|
-23:50 -!- - ,g$$P"" """Y$$.".
|
3460
|
|
-23:50 -!- - ,$$P' `$$$. If you are seeing this, you have
|
3461
|
|
-23:50 -!- - ',$$P ,ggs. `$$b: installed the ircd-hybrid package and
|
3462
|
|
-23:50 -!- - `d$$' ,$P"' . $$$ you are now connected to your new IRC
|
3463
|
|
-23:50 -!- - $$P d$' , $$P server -- congratulations.
|
3464
|
|
-23:50 -!- - $$: $$. - ,d$$'
|
3465
|
|
-23:50 -!- - $$; Y$b._ _,d$P' Since you have just installed the
|
3466
|
|
-23:50 -!- - Y$$. `.`"Y$$$$P"' package, there are some things you
|
3467
|
|
-23:50 -!- - `$$b "-.__ should do before going any further:
|
3468
|
|
-23:50 -!- - `Y$$b
|
3469
|
|
-23:50 -!- - `Y$$. 1. Edit /etc/ircd-hybrid/ircd.conf to
|
3470
|
|
-23:50 -!- - `$$b. suit your needs. Beware some options have
|
3471
|
|
-23:50 -!- - `Y$$b. been removed or moved into other blocks in
|
3472
|
|
-23:50 -!- - `"Y$b._ the configuration file since
|
3473
|
|
-23:50 -!- - `"""" ircd-hybrid 7.0.3.
|
3474
|
|
-23:50 -!- -
|
3475
|
|
-23:50 -!- - 2. Edit /etc/ircd-hybrid/ircd.motd (this
|
3476
|
|
-23:50 -!- - MOTD) to suit your needs. You are free
|
3477
|
|
-23:50 -!- - to use this Debian swirl under the
|
3478
|
|
-23:50 -!- - Debian Open Use Logo License. :)
|
3479
|
|
-23:50 -!- -
|
3480
|
|
-23:50 -!- - 3. Restart the server using invoke-rc.d
|
3481
|
|
-23:50 -!- - ircd-hybrid restart.
|
3482
|
|
-23:50 -!- -
|
3483
|
|
-23:50 -!- End of /MOTD command.
|
|
3490
|
+editor /etc/init.d/ircd-hybrid
|
3484
|
3491
|
#+END_SRC
|
3485
|
3492
|
|
3486
|
|
-If necessary you can change the message of the day with:
|
|
3493
|
+Add the following:
|
3487
|
3494
|
|
3488
|
3495
|
#+BEGIN_SRC: bash
|
3489
|
|
-editor /etc/ircd-hybrid/ircd.motd
|
|
3496
|
+#!/bin/bash
|
|
3497
|
+# /etc/init.d/ircd-hybrid
|
|
3498
|
+
|
|
3499
|
+### BEGIN INIT INFO
|
|
3500
|
+# Provides: ircd-hybrid
|
|
3501
|
+# Required-Start: $remote_fs $syslog
|
|
3502
|
+# Required-Stop: $remote_fs $syslog
|
|
3503
|
+# Default-Start: 2 3 4 5
|
|
3504
|
+# Default-Stop: 0 1 6
|
|
3505
|
+# Short-Description: starts irc server
|
|
3506
|
+# Description: starts irc server
|
|
3507
|
+### END INIT INFO
|
|
3508
|
+
|
|
3509
|
+# Author: Bob Mottram <bob@robotics.uk.to>
|
|
3510
|
+
|
|
3511
|
+#Settings
|
|
3512
|
+SERVICE='ircd-hybrid'
|
|
3513
|
+COMMAND='ircd'
|
|
3514
|
+USER='ircserver'
|
|
3515
|
+NICELEVEL=19 # from 0-19 the bigger the number, the less the impact on system resources
|
|
3516
|
+HISTORY=1024
|
|
3517
|
+INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
|
|
3518
|
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin:/home/ircserver/ircd/sbin:/home/ircserver/ircd/bin'
|
|
3519
|
+
|
|
3520
|
+
|
|
3521
|
+irc_start() {
|
|
3522
|
+echo "Starting $SERVICE..."
|
|
3523
|
+cd /home/$USER/ircd
|
|
3524
|
+su --command "bin/$COMMAND" $USER
|
|
3525
|
+su --command "/home/$USER/services/bin/services" $USER
|
|
3526
|
+}
|
|
3527
|
+
|
|
3528
|
+
|
|
3529
|
+irc_stop() {
|
|
3530
|
+echo "Stopping $SERVICE"
|
|
3531
|
+killall -15 $COMMAND
|
|
3532
|
+killall -15 $USER
|
|
3533
|
+}
|
|
3534
|
+
|
|
3535
|
+
|
|
3536
|
+#Start-Stop here
|
|
3537
|
+case "$1" in
|
|
3538
|
+ start)
|
|
3539
|
+ irc_start
|
|
3540
|
+ ;;
|
|
3541
|
+ stop)
|
|
3542
|
+ irc_stop
|
|
3543
|
+ ;;
|
|
3544
|
+ restart)
|
|
3545
|
+ irc_stop
|
|
3546
|
+ sleep 10s
|
|
3547
|
+ irc_start
|
|
3548
|
+ ;;
|
|
3549
|
+ *)
|
|
3550
|
+ echo "Usage: $0 {start|stop|restart}"
|
|
3551
|
+ exit 1
|
|
3552
|
+ ;;
|
|
3553
|
+esac
|
|
3554
|
+
|
|
3555
|
+exit 0
|
3490
|
3556
|
#+END_SRC
|
3491
|
3557
|
|
3492
|
|
-The restart the irc server.
|
|
3558
|
+Save and exit, then start the daemon.
|
3493
|
3559
|
|
3494
|
3560
|
#+BEGIN_SRC: bash
|
|
3561
|
+chmod +x /etc/init.d/ircd-hybrid
|
|
3562
|
+update-rc.d ircd-hybrid defaults
|
3495
|
3563
|
service ircd-hybrid start
|
3496
|
3564
|
#+END_SRC
|
3497
|
3565
|
|
|
3566
|
+NOTE: to debug anope
|
|
3567
|
+su - ircserver
|
|
3568
|
+cd ~/services/bin
|
|
3569
|
+./services -debug -nofork
|
|
3570
|
+
|
3498
|
3571
|
*** Channel management
|
3499
|
3572
|
|
3500
|
3573
|
To to install channel management tools.
|
|
@@ -7519,10 +7592,18 @@ chown prosody:prosody /etc/ssl/certs/xmpp.crt
|
7519
|
7592
|
And regenerate the IRC server keys:
|
7520
|
7593
|
|
7521
|
7594
|
#+BEGIN_SRC: bash
|
7522
|
|
-openssl genrsa -out /etc/ircd-hybrid/key/ircd.key 4096
|
7523
|
|
-openssl req -new -x509 -key /etc/ircd-hybrid/key/ircd.key -out /etc/ircd-hybrid/key/ircd.pem -days 3650
|
7524
|
|
-chmod 600 /etc/ircd-hybrid/key/ircd.key
|
7525
|
|
-chmod 600 /etc/ircd-hybrid/key/ircd.pem
|
|
7595
|
+openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
|
|
7596
|
+openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
|
|
7597
|
+openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
|
|
7598
|
+#+END_SRC
|
|
7599
|
+
|
|
7600
|
+This will take a few minutes to gather entropy.
|
|
7601
|
+
|
|
7602
|
+#+BEGIN_SRC: bash
|
|
7603
|
+chmod 600 /home/ircserver/ircd/ssl/ircd.key
|
|
7604
|
+chmod 600 /home/ircserver/ircd/ssl/ircd.pem
|
|
7605
|
+chmod 600 /home/ircserver/ircd/ssl/dhparam.pem
|
|
7606
|
+chown -R ircserver:ircserver /home/ircserver/ircd/ssl
|
7526
|
7607
|
#+END_SRC
|
7527
|
7608
|
|
7528
|
7609
|
Regenerate email certificate.
|