Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
help:technical:znc [2017/05/25 00:20]
rubin 		help:technical:znc [2017/05/26 15:54]
rubin
Line 1: Line 1:
 ====== ZNC install for network Administrators ====== ====== ZNC install for network Administrators ======
-This guide tells how we install ZNC for our whole network, with integrated login to our X3 services.+ 
 +If you use X3 with ldap support (Or any services with ldap support) you can host a ZNC bouncer for all your users to use, by using ZNC's cyrusauth moduleHere is how we build ZNC for afternet:
  
 ===== Install saslauthd ===== ===== Install saslauthd =====
Line 30: Line 31:
 Assuming a debian 8 (jessie) base system: Assuming a debian 8 (jessie) base system:
  
 +  * Add the znc user account to the sasl group: ''sudo adduser yourzncuser sasl'' **log out and back in**
   * Install debian backports: add ''deb http://ftp.debian.org/debian jessie-backports main'' to /etc/apt/sources.list. dont forget to ''sudo apt-get update''   * Install debian backports: add ''deb http://ftp.debian.org/debian jessie-backports main'' to /etc/apt/sources.list. dont forget to ''sudo apt-get update''
   * Install build dependencies by cheating a bit using the debian dependency list: ''sudo apt-get build-dep znc''   * Install build dependencies by cheating a bit using the debian dependency list: ''sudo apt-get build-dep znc''
Line 42: Line 44:
   * compile: ''make''   * compile: ''make''
   * install: ''make install''   * install: ''make install''
 +  * Remove plugins (See list below) that you don't want around for security or irrelevance
   * Run for the first time, from the install directory: ''bin/znc --makeconf''   * Run for the first time, from the install directory: ''bin/znc --makeconf''
     * Username: admin     * Username: admin
Line 50: Line 53:
     * Bind host: empty     * Bind host: empty
   * Connect to the ZNC using an irc client as the above user   * Connect to the ZNC using an irc client as the above user
-    * Load the cyrusauth module: ''/msg *status load cyrusauth saslauthd'' +    * Load the cyrusauth module with subcomponents: ''/msg *status load cyrusauth saslauthd webirc impersonation'' 
-      * Create a dummy user in znc to use as a skel/clone identity +    * Create a dummy user in znc to use as a skel/clone identity: ''/msg *controlpanel adduser zncclone somepassword'' 
-      * Set cyrusauth module to use it: ''/msg *cyrusauth cloneuser yourcloneusernamehere'' +      * Configure this user how you want them. Mainly use your above zncadmin account to disable their flag access to bind. 
-      * Let it create users: ''/msg *cyrusauth createuser Yes''+    * Configure cyrusauth module: (''/msg *cyrusauth help''
 +      * Set cyrusauth module to use it the cloneuser: ''cloneuser yourcloneusernamehere'' 
 +      * Let it create users: ''createuser Yes'' 
 +      * Your services/ircd need to provide an account to auth as, which can set the users account on IRC (Impersonization). In X3/nefarious this is the I flag in authserv. Create an account with this flag and set its details here: ''setimpersonateaccount znc somepassword'' 
 +      * A network to configure for cloned users: ''setNetworkName yournetwork'' 
 +      * A server to configure for them: ''setServer irc.yournetwork.org 6697 true'' 
 +      * Salt is used to unpredictibly hash usernames: ''set UserSalt somethingrandom'' 
 +      * A WebIRC Block in nefarious lets us setup our hostname: ''setWebIrc username password'' 
 +      * What hostname to use: ''setWebIrcHost .users.yournetwork.org''
     * Load the sasl module: ''/msg *status load sasl''     * Load the sasl module: ''/msg *status load sasl''
-      Require authentication: ''/msg *sasl requireauth yes'' +    Configure the sasl module (''/msg *sasl help''): 
-      *  +      * Require authentication: ''requireauth yes'' 
-    * Configure the modules+      * SASL Mechanism to support: ''mechanism PLAIN'' 
 +      * Set <username> <password>: Not used, dont set this 
 + 
 +===== Setup IRCD ===== 
 +  * Add a webIRC line: 
 + 
 +  WebIRC { 
 +    description = "znc"; 
 +    host = "*@zncip"; 
 +    pass = "crypted password"; 
 +  }; 
 +   
 +  * Except block to protect znc from flood limits: 
 + 
 +  Except { 
 +    host = "*@zncip"; 
 +    gline = yes; 
 +    rdns = yes; 
 +    ipcheck = yes; 
 +    targetlimit = yes; 
 +  }; 
 + 
 +===== Security ===== 
 +I run this script after ''make install'' to disable a bunch of the plugins: 
 + 
 +<code> 
 +#!/bin/bash 
 + 
 +RM='/bin/rm -v' 
 +echo "Lets delete modules we dont trust or need for security!" 
 + 
 +#Lets remove unsafe modules! 
 +#keep#lib/znc/adminlog.so 
 +#keep#lib/znc/alias.so 
 +#keep#lib/znc/autoattach.so 
 +#keep#lib/znc/autocycle.so 
 +#keep#lib/znc/autoop.so 
 +#keep#lib/znc/autoreply.so 
 +#keep#lib/znc/autovoice.so 
 +#keep#lib/znc/awaynick.so 
 +$RM lib/znc/awaystore.so 
 +#keep#lib/znc/block_motd.so 
 +#keep#lib/znc/blockuser.so 
 +$RM lib/znc/bouncedcc.so 
 +#keep#lib/znc/buffextras.so 
 +$RM lib/znc/certauth.so 
 +$RM lib/znc/cert.so 
 +# ADD? #lib/znc/chanfilter.so 
 +#keep#lib/znc/chansaver.so 
 +#keep#lib/znc/clearbufferonmsg.so 
 +# ADD? #lib/znc/clientaway.so 
 +# ADD? #lib/znc/clientbuffer.so 
 +#keep#lib/znc/clientnotify.so 
 +$RM lib/znc/controlpanel.so 
 +$RM lib/znc/crypt.so 
 +#keep#lib/znc/ctcpflood.so 
 +#keep#lib/znc/cyrusauth.so 
 +$RM lib/znc/dcc.so 
 +#keep#lib/znc/disconkick.so 
 +#keep#lib/znc/fail2ban.so 
 +#keep#lib/znc/flooddetach.so 
 +#keep#lib/znc/identfile.so 
 +$RM lib/znc/imapauth.so 
 +#keep#lib/znc/keepnick.so 
 +#keep#lib/znc/kickrejoin.so 
 +#keep#lib/znc/lastseen.so 
 +$RM lib/znc/listsockets.so 
 +#keep#lib/znc/log.so 
 +$RM lib/znc/missingmotd.so 
 +#$RM lib/znc/modperl 
 +$RM lib/znc/modperl.so 
 +$RM lib/znc/modperl/startup.pl 
 +$RM lib/znc/modperl/ZNC.pm 
 +$RM lib/znc/modperl/ZNC.so 
 +#$RM lib/znc/modpython 
 +$RM lib/znc/modpython.so 
 +$RM lib/znc/modpython/znc_core.py 
 +$RM lib/znc/modpython/_znc_core.so 
 +$RM lib/znc/modpython/znc.py 
 +#keep#lib/znc/modules_online.so 
 +$RM lib/znc/nickserv.so 
 +$RM lib/znc/notes.so 
 +#keep#lib/znc/notify_connect.so 
 +# ADD? #lib/znc/partdetach2.cpp 
 +#keep#lib/znc/partyline.so 
 +#keep#lib/znc/perform.so 
 +$RM lib/znc/perleval.pm 
 +$RM lib/znc/pyeval.py 
 +$RM lib/znc/q.so 
 +$RM lib/znc/raw.so 
 +# ADD? #lib/znc/playback.so 
 +# ADD? #lib/znc/privmsg_auto.so 
 +#keep#lib/znc/route_replies.so 
 +$RM lib/znc/sample.so 
 +#keep#lib/znc/sasl.so 
 +$RM lib/znc/savebuff.so 
 +$RM lib/znc/schat.so 
 +$RM lib/znc/send_raw.so 
 +#keep#lib/znc/shell.so 
 +#keep#lib/znc/simple_away.so 
 +# ADD? #lib/znc/snomask.so 
 +#keep#lib/znc/stickychan.so 
 +#keep#lib/znc/watch.so 
 +#keep#lib/znc/webadmin.so 
 +</code> 

Page Tools