Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
help:technical:ircd [2010/02/07 23:33]
dcraig
help:technical:ircd [2020/05/19 10:58] (current)
rubin [gitsync]
Line 3: Line 3:
 ssh into your server. ssh into your server.
  
-Then run: 
-  svn co https://evilnet.svn.sourceforge.net/svnroot/evilnet/branches/nefarious-1.2/ 
  
-The system will begin to download the latest version of the nefarious ircu. 
  
 Before we continue, we'd like to make sure you have the packages needed for a successful install. Before we continue, we'd like to make sure you have the packages needed for a successful install.
Line 13: Line 10:
   openssl   openssl
   libssl-dev (for enabling ssl -- openssl-devel on redhat)   libssl-dev (for enabling ssl -- openssl-devel on redhat)
-  autoconf (to avoid errors when running make)+  autoconf   (to avoid errors when running make)
   automake   automake
 +  flex 
 +  libpcre3-dev 
 +  byacc 
 +  gawk 
 +  
 The named packages above can be fetched (on a Debian based system) with apt-get: The named packages above can be fetched (on a Debian based system) with apt-get:
  
-  sudo apt-get install openssl libssl-dev autoconf automake+  sudo apt-get install git openssl libssl-dev autoconf automake flex libpcre3-dev byacc gawk
  
 Note: The names of the packages above may vary, depending on your distribution. Note: The names of the packages above may vary, depending on your distribution.
 +
 +run:
 +  git clone https://github.com/evilnet/nefarious2.git
 +
 +The system will begin to download the latest version of the nefarious ircu.
  
 With that said, we now move on to getting the server up and running. With that said, we now move on to getting the server up and running.
  
-  cd nefarious+  cd nefarious2
  
-For your own convenience, we recommend using one centralized directory when running the configure script (it's up to you though). And DO NOT forget to enable ssl:+For your own convenience, we recommend using one centralized directory when running the configure script (it's up to you though). ssl is enabled now by default. The following will install everything into $HOME/ircd/
  
-  ./configure --libdir=/home/user/ircd --mandir=/home/user/ircd --bindir=/home/user/ircd --enable-ssl+  ./configure --libdir=$HOME/ircd --mandir=$HOME/ircd --bindir=$HOME/ircd
  
 Once that is done, run: Once that is done, run:
Line 42: Line 48:
   cd /home/user/ircd   cd /home/user/ircd
  
-Then fetch the ircd.conf to the ircd directory:+Then fetch the [[http://www.afternet.org/downloads/ircd.conf|ircd.conf]] to the ircd directory:
  
   wget -O ircd.conf http://www.afternet.org/downloads/ircd.conf   wget -O ircd.conf http://www.afternet.org/downloads/ircd.conf
- 
-(or for 1.3 beta testing servers, use:) 
-  wget -O ircd.conf http://www.afternet.org/downloads/ircd13.conf 
- 
  
 You'll have to edit the configuration file a bit (for simplicity, nano is used in this example): You'll have to edit the configuration file a bit (for simplicity, nano is used in this example):
  
-  nano ircd.conf+  nano -w ircd.conf
  
-Change the M:line to look similar to this:+Change the options in the General and Admin sections.
  
-  M:MyServerName.US.AfterNET.Org:*:Your Server Description Here::YourNumeric+Where YourNumeric will be changed to a number we give you before you link.
  
-Where YourNumeric would be changed to a number we give you. +You might also want to give yourself an oper block, otherwise you can't oper up. Now save the file.
- +
-Next change the A:line: +
- +
-  A:YourNickname:yourdomain.com:youremail@yourdomain.com +
- +
-You might also want to give yourself an O:line, otherwise you can't oper up. Now save the file.+
  
 You are now ready to start your IRC server, run: You are now ready to start your IRC server, run:
Line 82: Line 78:
 read the unix manual to crontab for more information. read the unix manual to crontab for more information.
  
-===== Please install the following cronjobs: =====+====== Install iauthd.pl ======
  
-==== linesync ==== +iauthd provides for DNSBL blocking to protect us from drones. This script is include in the source nefarious2 was created when cloning the git repository to your server. 
-linesync updates your server 2x a day with the latest k: lines, features, and server connection lines. It is required. You should receive it from us when your testlink is approved.+ 
 +Requirements: 
 + 
 +You will need to install some perl dependencies for this script to run. 
 + 
 +Debian/Ubuntu/Mint: 
 + 
 +   sudo apt-get install libpoe-perl libpoe-component-client-dns-perl libterm-readkey-perl libfile-slurp-perl libtime-duration-perl 
 + 
 +Fedora/Redhat/Centos: 
 + 
 +   yum install perl-POE perl-POE-Component-Client-DNS perl-TermReadKey perl-slurp perl-Time-Duration 
 + 
 +Freebsd: 
 + 
 +  ports dns/p5-POE-Component-Client-DNS devel/p5-Time-Duration devel/p5-File-Slurp devel/p5-Term-ReadKey 
 + 
 +CPAN: 
 + 
 +  cpan install Term::ReadKey POE::Component::Client::DNS File::Slurp Time::Duration 
 + 
 +Installation: 
 + 
 +Simply copy the script from the /nefarious2/tools/iauthd.pl into the same directory as your ircd.conf file resides in order to make configuration easier.  
 + 
 +   Example: cp tools/iauthd.pl /home/your_ircd/ircd/lib/ 
 + 
 +Now edit your ircd.conf file and add the following block: 
 + 
 +   IAuth { 
 +       program "/usr/bin/perl" "iauthd.pl" "-v" "-d" "-c" "ircd.conf"; 
 +   }; 
 +    
 +Now, save the file and /rehash.  I all goes well you can verify that the script is functional by running the following command: 
 + 
 +   /stats iauth 
 +    
 +This should show something similar to this: 
 + 
 +   iauthd.pl :Up since Thu Jun 25 06:06:34 2015 (20 hours and 47 minutes) 
 +   iauthd.pl :Cache size: 837/2048 
 +   iauthd.pl :Total Passed: 197 
 +   iauthd.pl :Total Rejected: 14 
 +   iauthd.pl :dnsbl.sorbs.net (2,3,4,5,6,7,9):
 +   iauthd.pl :dnsbl.dronebl.org (2,3,5,6,7,8,9,10,13,14,15):
 +   iauthd.pl :rbl.efnetrbl.org (4): 17 
 +   iauthd.pl :rbl.efnetrbl.org (1,2,3,5): 0 
 +   iauthd.pl :dnsbl-2.uceprotect.net (2): 0 
 +   iauthd.pl :6667.173.122.134.230.173.ip-port.exitlist.torproject.org (2): 0 
 +   iauthd.pl :80.204.128.107.97.ip-port.exitlist.torproject.org (2): 10 
 +   iauthd.pl :443.204.128.107.97.ip-port.exitlist.torproject.org (2): 10 
 +   iauth: End of /STATS report          
 + 
 +If you would like to learn more about iauth please visit our [[https://github.com/evilnet/nefarious2/wiki/Setting-up-iauthd.pl|GitHub Wiki]] 
 +  
 +====== Please install the following cron jobs: ====== 
 + 
 +===== gitsync ===== 
 +gitsync updates your server every hour with the latest k: lines, features, and server connection info. It is required. There is a copy in nefarious2/tools/linesync/gitsync.sh it is best to symlink this to your ircd.conf directory, for example: ''ln -s /home/your/nefarious2/tools/linesync/gitsync.sh /home/your/ircd/gitsync.sh'' so it is easy to run and keep up to date. 
 + 
 +You must have an SSH key setup for the user that runs ircd. This is normally in ''~/.ssh/id_rsa.pub'' if not, run ''ssh-keygen'' and configure a key with empty password. Then, get an admin a copy of id_rsa.pub contents so he can add it to authorized access list of gitsync repository. 
 + 
 +Once you have been given access, you must initialize the repository: ''./gitsync.sh -i gitolite@afternet.org:gitsync'' 
 + 
 +If that works, you'll have our server list and additions added to your ircd.conf, and a new certificate (.pem) file.
  
 <code> <code>
-*/12 * * * /home/user/ircd/linesync.sh /home/user/ircd/ircd.conf /home/user/ircd/ircd.pid+* * * /home/user/ircd/gitsync.sh -s /home/user/.ssh/id_rsa -c yourserver.afternet.org-cert /home/user/ircd/ircd.conf /home/user/ircd/ircd.pid
 </code> </code>
  
-==== checkircd.sh ====+===== checkircd.sh =====
 This gem checks if the irc server is running, and if it isnt, starts it up. This will keep the ircd up after reboots, or in the case of a crash. Create the file using a text editor, pasting this code in: This gem checks if the irc server is running, and if it isnt, starts it up. This will keep the ircd up after reboots, or in the case of a crash. Create the file using a text editor, pasting this code in:
 <code> <code>
Line 97: Line 157:
 # don't start the server if it is already running # don't start the server if it is already running
 procs=`ps x` procs=`ps x`
-if echo "$procs" | grep ./ircd > /dev/null; then+if echo "$procs" | grep /home/user/ircd/ircd > /dev/null; then
    exit    exit
 fi fi
-cd /home/irc/ircd +/home/user/ircd/ircd
-./ircd +
-</code> +
-(be careful to use the right kind of `` ticks!) +
- +
-For unknown reasons (and particularly on Ubuntu), using cd to change directories and then starting the script via ./ircd sometimes doesn't work, so try this: +
- +
-<code> +
-#!/bin/sh +
-# don't start the server if it is already running +
-procs=`ps x` +
-if echo "$procs" | grep /home/irc/ircd/ircd > /dev/null; then +
-   exit +
-fi +
-/home/irc/ircd/ircd+
 </code> </code>
 (be careful to use the right kind of `` ticks!) (be careful to use the right kind of `` ticks!)
Line 129: Line 175:
 */5 * * * * /home/user/checkircd.sh */5 * * * * /home/user/checkircd.sh
 </code> </code>
-==== syncheck ==== 
  
-syncheck is our anti-ddos attack tool, you should have received from us on successful testlink. It requires iptables, and thus root access: Put it in /root (or wherever you want) and as root run: 
- 
-  crontab -e 
- 
-And install the following cronjob: 
-<code> 
-*/5 * * * * sh /root/syncheck 
-</code> 
 With these cronjobs installed, you are now ready to link your server to the network.  With these cronjobs installed, you are now ready to link your server to the network.