Differences

This shows you the differences between two versions of the page.

--- help:technical:znc [2017/05/25 01:03]
rubin [ZNC install for network Administrators]
+++ help:technical:znc [2017/05/26 15:55] (current)
rubin
@@ Line 1: / Line 1: @@
 ====== ZNC install for network Administrators ======
+This is a guide for IRC Network Administrators. If you just want to connect to AfterNET's ZNC bouncer, go to [[:help:connecting:znc]]
 If you use X3 with ldap support (Or any services with ldap support) you can host a ZNC bouncer for all your users to use, by using ZNC's cyrusauth module. Here is how we build ZNC for afternet:
@@ Line 44: / Line 46: @@
   * compile: ''make''
   * install: ''make install''
+  * Remove plugins (See list below) that you don't want around for security or irrelevance
   * Run for the first time, from the install directory: ''bin/znc --makeconf''
     * Username: admin
@@ Line 52: / Line 55: @@
     * Bind host: empty
   * Connect to the ZNC using an irc client as the above user
-    * Load the cyrusauth module: ''/msg *status load cyrusauth saslauthd''
+    * Load the cyrusauth module with subcomponents: ''/msg *status load cyrusauth saslauthd webirc impersonation''
-      * Create a dummy user in znc to use as a skel/clone identity
+    * Create a dummy user in znc to use as a skel/clone identity: ''/msg *controlpanel adduser zncclone somepassword''
-      * Set cyrusauth module to use it: ''/msg *cyrusauth cloneuser yourcloneusernamehere''
+      * Configure this user how you want them. Mainly use your above zncadmin account to disable their flag access to bind.
-      * Let it create users: ''/msg *cyrusauth createuser Yes''
+    * Configure cyrusauth module: (''/msg *cyrusauth help'')
+      * Set cyrusauth module to use it the cloneuser: ''cloneuser yourcloneusernamehere''
+      * Let it create users: ''createuser Yes''
+      * Your services/ircd need to provide an account to auth as, which can set the users account on IRC (Impersonization). In X3/nefarious this is the I flag in authserv. Create an account with this flag and set its details here: ''setimpersonateaccount znc somepassword''
+      * A network to configure for cloned users: ''setNetworkName yournetwork''
+      * A server to configure for them: ''setServer irc.yournetwork.org 6697 true''
+      * Salt is used to unpredictibly hash usernames: ''set UserSalt somethingrandom''
+      * A WebIRC Block in nefarious lets us setup our hostname: ''setWebIrc username password''
+      * What hostname to use: ''setWebIrcHost .users.yournetwork.org''
     * Load the sasl module: ''/msg *status load sasl''
-      * Require authentication: ''/msg *sasl requireauth yes''
+    * Configure the sasl module (''/msg *sasl help''):
-      *
+      * Require authentication: ''requireauth yes''
-    * Configure the modules
+      * SASL Mechanism to support: ''mechanism PLAIN''
+      * Set <username> <password>: Not used, dont set this
+===== Setup IRCD =====
+  * Add a webIRC line:
+  WebIRC {
+    description = "znc";
+    host = "*@zncip";
+    pass = "crypted password";
+  };
+  * Except block to protect znc from flood limits:
+  Except {
+    host = "*@zncip";
+    gline = yes;
+    rdns = yes;
+    ipcheck = yes;
+    targetlimit = yes;
+  };
+===== Security =====
+I run this script after ''make install'' to disable a bunch of the plugins:
+<code>
+#!/bin/bash
+RM='/bin/rm -v'
+echo "Lets delete modules we dont trust or need for security!"
+#Lets remove unsafe modules!
+#keep#lib/znc/adminlog.so
+#keep#lib/znc/alias.so
+#keep#lib/znc/autoattach.so
+#keep#lib/znc/autocycle.so
+#keep#lib/znc/autoop.so
+#keep#lib/znc/autoreply.so
+#keep#lib/znc/autovoice.so
+#keep#lib/znc/awaynick.so
+$RM lib/znc/awaystore.so
+#keep#lib/znc/block_motd.so
+#keep#lib/znc/blockuser.so
+$RM lib/znc/bouncedcc.so
+#keep#lib/znc/buffextras.so
+$RM lib/znc/certauth.so
+$RM lib/znc/cert.so
+# ADD? #lib/znc/chanfilter.so
+#keep#lib/znc/chansaver.so
+#keep#lib/znc/clearbufferonmsg.so
+# ADD? #lib/znc/clientaway.so
+# ADD? #lib/znc/clientbuffer.so
+#keep#lib/znc/clientnotify.so
+$RM lib/znc/controlpanel.so
+$RM lib/znc/crypt.so
+#keep#lib/znc/ctcpflood.so
+#keep#lib/znc/cyrusauth.so
+$RM lib/znc/dcc.so
+#keep#lib/znc/disconkick.so
+#keep#lib/znc/fail2ban.so
+#keep#lib/znc/flooddetach.so
+#keep#lib/znc/identfile.so
+$RM lib/znc/imapauth.so
+#keep#lib/znc/keepnick.so
+#keep#lib/znc/kickrejoin.so
+#keep#lib/znc/lastseen.so
+$RM lib/znc/listsockets.so
+#keep#lib/znc/log.so
+$RM lib/znc/missingmotd.so
+#$RM lib/znc/modperl
+$RM lib/znc/modperl.so
+$RM lib/znc/modperl/startup.pl
+$RM lib/znc/modperl/ZNC.pm
+$RM lib/znc/modperl/ZNC.so
+#$RM lib/znc/modpython
+$RM lib/znc/modpython.so
+$RM lib/znc/modpython/znc_core.py
+$RM lib/znc/modpython/_znc_core.so
+$RM lib/znc/modpython/znc.py
+#keep#lib/znc/modules_online.so
+$RM lib/znc/nickserv.so
+$RM lib/znc/notes.so
+#keep#lib/znc/notify_connect.so
+# ADD? #lib/znc/partdetach2.cpp
+#keep#lib/znc/partyline.so
+#keep#lib/znc/perform.so
+$RM lib/znc/perleval.pm
+$RM lib/znc/pyeval.py
+$RM lib/znc/q.so
+$RM lib/znc/raw.so
+# ADD? #lib/znc/playback.so
+# ADD? #lib/znc/privmsg_auto.so
+#keep#lib/znc/route_replies.so
+$RM lib/znc/sample.so
+#keep#lib/znc/sasl.so
+$RM lib/znc/savebuff.so
+$RM lib/znc/schat.so
+$RM lib/znc/send_raw.so
+#keep#lib/znc/shell.so
+#keep#lib/znc/simple_away.so
+# ADD? #lib/znc/snomask.so
+#keep#lib/znc/stickychan.so
+#keep#lib/znc/watch.so
+#keep#lib/znc/webadmin.so
+</code>

Differences

Page Tools