Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
help:technical:znc [2017/05/25 16:26]
rubin
help:technical:znc [2017/05/26 15:54]
rubin
Line 44: Line 44:
   * compile: ''make''   * compile: ''make''
   * install: ''make install''   * install: ''make install''
 +  * Remove plugins (See list below) that you don't want around for security or irrelevance
   * Run for the first time, from the install directory: ''bin/znc --makeconf''   * Run for the first time, from the install directory: ''bin/znc --makeconf''
     * Username: admin     * Username: admin
Line 54: Line 55:
     * Load the cyrusauth module with subcomponents: ''/msg *status load cyrusauth saslauthd webirc impersonation''     * Load the cyrusauth module with subcomponents: ''/msg *status load cyrusauth saslauthd webirc impersonation''
     * Create a dummy user in znc to use as a skel/clone identity: ''/msg *controlpanel adduser zncclone somepassword''     * Create a dummy user in znc to use as a skel/clone identity: ''/msg *controlpanel adduser zncclone somepassword''
 +      * Configure this user how you want them. Mainly use your above zncadmin account to disable their flag access to bind.
     * Configure cyrusauth module: (''/msg *cyrusauth help'')     * Configure cyrusauth module: (''/msg *cyrusauth help'')
       * Set cyrusauth module to use it the cloneuser: ''cloneuser yourcloneusernamehere''       * Set cyrusauth module to use it the cloneuser: ''cloneuser yourcloneusernamehere''
Line 68: Line 70:
       * SASL Mechanism to support: ''mechanism PLAIN''       * SASL Mechanism to support: ''mechanism PLAIN''
       * Set <username> <password>: Not used, dont set this       * Set <username> <password>: Not used, dont set this
 +
 +===== Setup IRCD =====
 +  * Add a webIRC line:
 +
 +  WebIRC {
 +    description = "znc";
 +    host = "*@zncip";
 +    pass = "crypted password";
 +  };
 +  
 +  * Except block to protect znc from flood limits:
 +
 +  Except {
 +    host = "*@zncip";
 +    gline = yes;
 +    rdns = yes;
 +    ipcheck = yes;
 +    targetlimit = yes;
 +  };
 +
 +===== Security =====
 +I run this script after ''make install'' to disable a bunch of the plugins:
 +
 +<code>
 +#!/bin/bash
 +
 +RM='/bin/rm -v'
 +echo "Lets delete modules we dont trust or need for security!"
 +
 +#Lets remove unsafe modules!
 +#keep#lib/znc/adminlog.so
 +#keep#lib/znc/alias.so
 +#keep#lib/znc/autoattach.so
 +#keep#lib/znc/autocycle.so
 +#keep#lib/znc/autoop.so
 +#keep#lib/znc/autoreply.so
 +#keep#lib/znc/autovoice.so
 +#keep#lib/znc/awaynick.so
 +$RM lib/znc/awaystore.so
 +#keep#lib/znc/block_motd.so
 +#keep#lib/znc/blockuser.so
 +$RM lib/znc/bouncedcc.so
 +#keep#lib/znc/buffextras.so
 +$RM lib/znc/certauth.so
 +$RM lib/znc/cert.so
 +# ADD? #lib/znc/chanfilter.so
 +#keep#lib/znc/chansaver.so
 +#keep#lib/znc/clearbufferonmsg.so
 +# ADD? #lib/znc/clientaway.so
 +# ADD? #lib/znc/clientbuffer.so
 +#keep#lib/znc/clientnotify.so
 +$RM lib/znc/controlpanel.so
 +$RM lib/znc/crypt.so
 +#keep#lib/znc/ctcpflood.so
 +#keep#lib/znc/cyrusauth.so
 +$RM lib/znc/dcc.so
 +#keep#lib/znc/disconkick.so
 +#keep#lib/znc/fail2ban.so
 +#keep#lib/znc/flooddetach.so
 +#keep#lib/znc/identfile.so
 +$RM lib/znc/imapauth.so
 +#keep#lib/znc/keepnick.so
 +#keep#lib/znc/kickrejoin.so
 +#keep#lib/znc/lastseen.so
 +$RM lib/znc/listsockets.so
 +#keep#lib/znc/log.so
 +$RM lib/znc/missingmotd.so
 +#$RM lib/znc/modperl
 +$RM lib/znc/modperl.so
 +$RM lib/znc/modperl/startup.pl
 +$RM lib/znc/modperl/ZNC.pm
 +$RM lib/znc/modperl/ZNC.so
 +#$RM lib/znc/modpython
 +$RM lib/znc/modpython.so
 +$RM lib/znc/modpython/znc_core.py
 +$RM lib/znc/modpython/_znc_core.so
 +$RM lib/znc/modpython/znc.py
 +#keep#lib/znc/modules_online.so
 +$RM lib/znc/nickserv.so
 +$RM lib/znc/notes.so
 +#keep#lib/znc/notify_connect.so
 +# ADD? #lib/znc/partdetach2.cpp
 +#keep#lib/znc/partyline.so
 +#keep#lib/znc/perform.so
 +$RM lib/znc/perleval.pm
 +$RM lib/znc/pyeval.py
 +$RM lib/znc/q.so
 +$RM lib/znc/raw.so
 +# ADD? #lib/znc/playback.so
 +# ADD? #lib/znc/privmsg_auto.so
 +#keep#lib/znc/route_replies.so
 +$RM lib/znc/sample.so
 +#keep#lib/znc/sasl.so
 +$RM lib/znc/savebuff.so
 +$RM lib/znc/schat.so
 +$RM lib/znc/send_raw.so
 +#keep#lib/znc/shell.so
 +#keep#lib/znc/simple_away.so
 +# ADD? #lib/znc/snomask.so
 +#keep#lib/znc/stickychan.so
 +#keep#lib/znc/watch.so
 +#keep#lib/znc/webadmin.so
 +</code>