Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
help:technical:znc [2017/05/25 16:13]
rubin 		help:technical:znc [2017/05/26 15:54]
rubin
Line 44: Line 44:
   * compile: ''make''   * compile: ''make''
   * install: ''make install''   * install: ''make install''
 +  * Remove plugins (See list below) that you don't want around for security or irrelevance
   * Run for the first time, from the install directory: ''bin/znc --makeconf''   * Run for the first time, from the install directory: ''bin/znc --makeconf''
     * Username: admin     * Username: admin
Line 54: Line 55:
     * Load the cyrusauth module with subcomponents: ''/msg *status load cyrusauth saslauthd webirc impersonation''     * Load the cyrusauth module with subcomponents: ''/msg *status load cyrusauth saslauthd webirc impersonation''
     * Create a dummy user in znc to use as a skel/clone identity: ''/msg *controlpanel adduser zncclone somepassword''     * Create a dummy user in znc to use as a skel/clone identity: ''/msg *controlpanel adduser zncclone somepassword''
 +      * Configure this user how you want them. Mainly use your above zncadmin account to disable their flag access to bind.
     * Configure cyrusauth module: (''/msg *cyrusauth help'')     * Configure cyrusauth module: (''/msg *cyrusauth help'')
       * Set cyrusauth module to use it the cloneuser: ''cloneuser yourcloneusernamehere''       * Set cyrusauth module to use it the cloneuser: ''cloneuser yourcloneusernamehere''
Line 59: Line 61:
       * Your services/ircd need to provide an account to auth as, which can set the users account on IRC (Impersonization). In X3/nefarious this is the I flag in authserv. Create an account with this flag and set its details here: ''setimpersonateaccount znc somepassword''       * Your services/ircd need to provide an account to auth as, which can set the users account on IRC (Impersonization). In X3/nefarious this is the I flag in authserv. Create an account with this flag and set its details here: ''setimpersonateaccount znc somepassword''
       * A network to configure for cloned users: ''setNetworkName yournetwork''       * A network to configure for cloned users: ''setNetworkName yournetwork''
-      * A server to configure for them: ''setServer irc.yournetwork.org 6697 ssl''+      * A server to configure for them: ''setServer irc.yournetwork.org 6697 true''
       * Salt is used to unpredictibly hash usernames: ''set UserSalt somethingrandom''       * Salt is used to unpredictibly hash usernames: ''set UserSalt somethingrandom''
       * A WebIRC Block in nefarious lets us setup our hostname: ''setWebIrc username password''       * A WebIRC Block in nefarious lets us setup our hostname: ''setWebIrc username password''
Line 68: Line 70:
       * SASL Mechanism to support: ''mechanism PLAIN''       * SASL Mechanism to support: ''mechanism PLAIN''
       * Set <username> <password>: Not used, dont set this       * Set <username> <password>: Not used, dont set this
 +
 +===== Setup IRCD =====
 +  * Add a webIRC line:
 +
 +  WebIRC {
 +    description = "znc";
 +    host = "*@zncip";
 +    pass = "crypted password";
 +  };
 +  
 +  * Except block to protect znc from flood limits:
 +
 +  Except {
 +    host = "*@zncip";
 +    gline = yes;
 +    rdns = yes;
 +    ipcheck = yes;
 +    targetlimit = yes;
 +  };
 +
 +===== Security =====
 +I run this script after ''make install'' to disable a bunch of the plugins:
 +
 +<code>
 +#!/bin/bash
 +
 +RM='/bin/rm -v'
 +echo "Lets delete modules we dont trust or need for security!"
 +
 +#Lets remove unsafe modules!
 +#keep#lib/znc/adminlog.so
 +#keep#lib/znc/alias.so
 +#keep#lib/znc/autoattach.so
 +#keep#lib/znc/autocycle.so
 +#keep#lib/znc/autoop.so
 +#keep#lib/znc/autoreply.so
 +#keep#lib/znc/autovoice.so
 +#keep#lib/znc/awaynick.so
 +$RM lib/znc/awaystore.so
 +#keep#lib/znc/block_motd.so
 +#keep#lib/znc/blockuser.so
 +$RM lib/znc/bouncedcc.so
 +#keep#lib/znc/buffextras.so
 +$RM lib/znc/certauth.so
 +$RM lib/znc/cert.so
 +# ADD? #lib/znc/chanfilter.so
 +#keep#lib/znc/chansaver.so
 +#keep#lib/znc/clearbufferonmsg.so
 +# ADD? #lib/znc/clientaway.so
 +# ADD? #lib/znc/clientbuffer.so
 +#keep#lib/znc/clientnotify.so
 +$RM lib/znc/controlpanel.so
 +$RM lib/znc/crypt.so
 +#keep#lib/znc/ctcpflood.so
 +#keep#lib/znc/cyrusauth.so
 +$RM lib/znc/dcc.so
 +#keep#lib/znc/disconkick.so
 +#keep#lib/znc/fail2ban.so
 +#keep#lib/znc/flooddetach.so
 +#keep#lib/znc/identfile.so
 +$RM lib/znc/imapauth.so
 +#keep#lib/znc/keepnick.so
 +#keep#lib/znc/kickrejoin.so
 +#keep#lib/znc/lastseen.so
 +$RM lib/znc/listsockets.so
 +#keep#lib/znc/log.so
 +$RM lib/znc/missingmotd.so
 +#$RM lib/znc/modperl
 +$RM lib/znc/modperl.so
 +$RM lib/znc/modperl/startup.pl
 +$RM lib/znc/modperl/ZNC.pm
 +$RM lib/znc/modperl/ZNC.so
 +#$RM lib/znc/modpython
 +$RM lib/znc/modpython.so
 +$RM lib/znc/modpython/znc_core.py
 +$RM lib/znc/modpython/_znc_core.so
 +$RM lib/znc/modpython/znc.py
 +#keep#lib/znc/modules_online.so
 +$RM lib/znc/nickserv.so
 +$RM lib/znc/notes.so
 +#keep#lib/znc/notify_connect.so
 +# ADD? #lib/znc/partdetach2.cpp
 +#keep#lib/znc/partyline.so
 +#keep#lib/znc/perform.so
 +$RM lib/znc/perleval.pm
 +$RM lib/znc/pyeval.py
 +$RM lib/znc/q.so
 +$RM lib/znc/raw.so
 +# ADD? #lib/znc/playback.so
 +# ADD? #lib/znc/privmsg_auto.so
 +#keep#lib/znc/route_replies.so
 +$RM lib/znc/sample.so
 +#keep#lib/znc/sasl.so
 +$RM lib/znc/savebuff.so
 +$RM lib/znc/schat.so
 +$RM lib/znc/send_raw.so
 +#keep#lib/znc/shell.so
 +#keep#lib/znc/simple_away.so
 +# ADD? #lib/znc/snomask.so
 +#keep#lib/znc/stickychan.so
 +#keep#lib/znc/watch.so
 +#keep#lib/znc/webadmin.so
 +</code>
  

Page Tools