Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
help:technical:znc [2017/05/25 23:13] rubinhelp:technical:znc [2017/05/26 22:55] (current) rubin
Line 1: Line 1:
 ====== ZNC install for network Administrators ====== ====== ZNC install for network Administrators ======
 +
 +This is a guide for IRC Network Administrators. If you just want to connect to AfterNET's ZNC bouncer, go to [[:help:connecting:znc]]
  
 If you use X3 with ldap support (Or any services with ldap support) you can host a ZNC bouncer for all your users to use, by using ZNC's cyrusauth module. Here is how we build ZNC for afternet: If you use X3 with ldap support (Or any services with ldap support) you can host a ZNC bouncer for all your users to use, by using ZNC's cyrusauth module. Here is how we build ZNC for afternet:
Line 44: Line 46:
   * compile: ''make''   * compile: ''make''
   * install: ''make install''   * install: ''make install''
 +  * Remove plugins (See list below) that you don't want around for security or irrelevance
   * Run for the first time, from the install directory: ''bin/znc --makeconf''   * Run for the first time, from the install directory: ''bin/znc --makeconf''
     * Username: admin     * Username: admin
Line 54: Line 57:
     * Load the cyrusauth module with subcomponents: ''/msg *status load cyrusauth saslauthd webirc impersonation''     * Load the cyrusauth module with subcomponents: ''/msg *status load cyrusauth saslauthd webirc impersonation''
     * Create a dummy user in znc to use as a skel/clone identity: ''/msg *controlpanel adduser zncclone somepassword''     * Create a dummy user in znc to use as a skel/clone identity: ''/msg *controlpanel adduser zncclone somepassword''
 +      * Configure this user how you want them. Mainly use your above zncadmin account to disable their flag access to bind.
     * Configure cyrusauth module: (''/msg *cyrusauth help'')     * Configure cyrusauth module: (''/msg *cyrusauth help'')
       * Set cyrusauth module to use it the cloneuser: ''cloneuser yourcloneusernamehere''       * Set cyrusauth module to use it the cloneuser: ''cloneuser yourcloneusernamehere''
Line 59: Line 63:
       * Your services/ircd need to provide an account to auth as, which can set the users account on IRC (Impersonization). In X3/nefarious this is the I flag in authserv. Create an account with this flag and set its details here: ''setimpersonateaccount znc somepassword''       * Your services/ircd need to provide an account to auth as, which can set the users account on IRC (Impersonization). In X3/nefarious this is the I flag in authserv. Create an account with this flag and set its details here: ''setimpersonateaccount znc somepassword''
       * A network to configure for cloned users: ''setNetworkName yournetwork''       * A network to configure for cloned users: ''setNetworkName yournetwork''
-      * A server to configure for them: ''setServer irc.yournetwork.org 6697 ssl''+      * A server to configure for them: ''setServer irc.yournetwork.org 6697 true''
       * Salt is used to unpredictibly hash usernames: ''set UserSalt somethingrandom''       * Salt is used to unpredictibly hash usernames: ''set UserSalt somethingrandom''
       * A WebIRC Block in nefarious lets us setup our hostname: ''setWebIrc username password''       * A WebIRC Block in nefarious lets us setup our hostname: ''setWebIrc username password''
Line 68: Line 72:
       * SASL Mechanism to support: ''mechanism PLAIN''       * SASL Mechanism to support: ''mechanism PLAIN''
       * Set <username> <password>: Not used, dont set this       * Set <username> <password>: Not used, dont set this
 +
 +===== Setup IRCD =====
 +  * Add a webIRC line:
 +
 +  WebIRC {
 +    description = "znc";
 +    host = "*@zncip";
 +    pass = "crypted password";
 +  };
 +  
 +  * Except block to protect znc from flood limits:
 +
 +  Except {
 +    host = "*@zncip";
 +    gline = yes;
 +    rdns = yes;
 +    ipcheck = yes;
 +    targetlimit = yes;
 +  };
 +
 +===== Security =====
 +I run this script after ''make install'' to disable a bunch of the plugins:
 +
 +<code>
 +#!/bin/bash
 +
 +RM='/bin/rm -v'
 +echo "Lets delete modules we dont trust or need for security!"
 +
 +#Lets remove unsafe modules!
 +#keep#lib/znc/adminlog.so
 +#keep#lib/znc/alias.so
 +#keep#lib/znc/autoattach.so
 +#keep#lib/znc/autocycle.so
 +#keep#lib/znc/autoop.so
 +#keep#lib/znc/autoreply.so
 +#keep#lib/znc/autovoice.so
 +#keep#lib/znc/awaynick.so
 +$RM lib/znc/awaystore.so
 +#keep#lib/znc/block_motd.so
 +#keep#lib/znc/blockuser.so
 +$RM lib/znc/bouncedcc.so
 +#keep#lib/znc/buffextras.so
 +$RM lib/znc/certauth.so
 +$RM lib/znc/cert.so
 +# ADD? #lib/znc/chanfilter.so
 +#keep#lib/znc/chansaver.so
 +#keep#lib/znc/clearbufferonmsg.so
 +# ADD? #lib/znc/clientaway.so
 +# ADD? #lib/znc/clientbuffer.so
 +#keep#lib/znc/clientnotify.so
 +$RM lib/znc/controlpanel.so
 +$RM lib/znc/crypt.so
 +#keep#lib/znc/ctcpflood.so
 +#keep#lib/znc/cyrusauth.so
 +$RM lib/znc/dcc.so
 +#keep#lib/znc/disconkick.so
 +#keep#lib/znc/fail2ban.so
 +#keep#lib/znc/flooddetach.so
 +#keep#lib/znc/identfile.so
 +$RM lib/znc/imapauth.so
 +#keep#lib/znc/keepnick.so
 +#keep#lib/znc/kickrejoin.so
 +#keep#lib/znc/lastseen.so
 +$RM lib/znc/listsockets.so
 +#keep#lib/znc/log.so
 +$RM lib/znc/missingmotd.so
 +#$RM lib/znc/modperl
 +$RM lib/znc/modperl.so
 +$RM lib/znc/modperl/startup.pl
 +$RM lib/znc/modperl/ZNC.pm
 +$RM lib/znc/modperl/ZNC.so
 +#$RM lib/znc/modpython
 +$RM lib/znc/modpython.so
 +$RM lib/znc/modpython/znc_core.py
 +$RM lib/znc/modpython/_znc_core.so
 +$RM lib/znc/modpython/znc.py
 +#keep#lib/znc/modules_online.so
 +$RM lib/znc/nickserv.so
 +$RM lib/znc/notes.so
 +#keep#lib/znc/notify_connect.so
 +# ADD? #lib/znc/partdetach2.cpp
 +#keep#lib/znc/partyline.so
 +#keep#lib/znc/perform.so
 +$RM lib/znc/perleval.pm
 +$RM lib/znc/pyeval.py
 +$RM lib/znc/q.so
 +$RM lib/znc/raw.so
 +# ADD? #lib/znc/playback.so
 +# ADD? #lib/znc/privmsg_auto.so
 +#keep#lib/znc/route_replies.so
 +$RM lib/znc/sample.so
 +#keep#lib/znc/sasl.so
 +$RM lib/znc/savebuff.so
 +$RM lib/znc/schat.so
 +$RM lib/znc/send_raw.so
 +#keep#lib/znc/shell.so
 +#keep#lib/znc/simple_away.so
 +# ADD? #lib/znc/snomask.so
 +#keep#lib/znc/stickychan.so
 +#keep#lib/znc/watch.so
 +#keep#lib/znc/webadmin.so
 +</code>