IRCD – Hybrid

IRC ist eine ganz witzige Sache. So kann man damit z.B. auch die Organisationsinterne
Kommunikation verbessern. – Auch wenn IRC-Server gerne und gut Angegriffen
und Mißbraucht werden. Hier eine Anleitung für einen, vollausgestatteten, IRC-Server.
Am besten zu bauen und am einfachsten zu konfigurieren erwies sich der ircd-hybrid.


Der irc2.11.0, aus u.a. dem der hybrid teilweise entsanden ist, ist zwar genauso
einfach und man konnte ihm auch gleich ein chroot einkompilieren aber er bietet
mir zu wenig.

Vorarbeiten:
– User ircd erstellen:
/etc/passwd: ircd:x:6667:6667:IRC Daemon:/usr/local/ircd:/usr/local/bin/bash
/etc/shadow: ircd:!:12891:0:99999:7:::
/etc/groups: ircd:x:6667:

Installieren:
Dependencies: gettext >=0.10.35 (braucht libgcj); yacc oder bison (braucht m4); flex; openssl; zlib

Hinweis: Die Nicklänge(nicklen=) muss im ganzen IRC-Netz, so man eins macht oder
an einem teilnimmt gleich sein.

/usr/local/src # wget http://www.irc.at/site/dl/ircd-hybrid-7.0.2.tgz
/usr/local/src # tar xzf ircd-hybrid-7.0.2.tgz
/usr/local/src # cd ircd-hybrid-7.0.2/
/usr/local/src/ircd-hybrid-7.0.2 # ./configure –prefix=/usr/local/ircd –disable-assert –enable-openssl –enable-zlib –with-nicklen=16 –with-maxclients=1000
/usr/local/src/ircd-hybrid-7.0.2 # make && make install
/usr/local/src/ircd-hybrid-7.0.2 # cd /usr/local/ircd/logs/
/usr/local/ircd/logs # touch userlog
/usr/local/ircd/logs # touch operlog
/usr/local/ircd/logs # touch foperlog
/usr/local/ircd/logs # cd /usr/local/
/usr/local # chown -R 6667:6667 ircd
/usr/local # chmod 750 ircd

Konfigurieren (Root-Rechte hierfür unnötig, ergo nur als user ircd):
/usr/local # su – ircd
$ cd etc/
etc $ vi ircd.conf
oder
etc $ /usr/local/ircd/bin/viconf

serverinfo {
name = "irc.futzelnet.de";
description = "Futzelnet IRC Server";
network_name = "FutzelNet";
network_desc = "Futzelnet IRC";
hub = no;
#vhost = "192.169.0.100";
max_clients = 1000;
#rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
};

admin {
name = "IRC Admin";
description = "Main Server Administrator";
email = "";
};

logging {
log_level = L_INFO;
};

class {
name = "users";
ping_time = 2 minutes;
number_per_ip = 1;
max_number = 1000;
sendq = 100 kbytes;
};

class {
name = "opers";
ping_time = 5 minutes;
number_per_ip = 10;
max_number = 100;
sendq = 100kbytes;
};

class {
name = "server";
ping_time = 5 minutes;
connectfreq = 5 minutes;
max_number = 1;
sendq=2 megabytes;
};

listen {
port = 6665 .. 6669;
};

auth {
user = "*@*";
class = "users";
#password = "geheimesklartextpasswort";
spoof = "irc.futzelnet.de";
have_ident = yes;
};

auth {
user = "*@127.0.0.1";
user = "*@loopback";
user = "*@futzelnet.de";
class = "opers";
password = "strenggeheimesklartextpasswort";
exceed_limit = yes;
kline_exempt = yes;
gline_exempt = yes;
have_ident = yes;
};

operator {
name = "irc-god";
class = "opers";
user = "*irc-god@futzelnet.de";
user = "*@127.0.0.1";
password = "etcnjl8juSU1E";
#rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
global_kill = yes;
remote = yes;
kline = yes;
unkline = yes;
gline = yes;
die = yes;
rehash = yes;
nick_changes = yes;
admin = yes;
};

# Auskommentiert da dies ein standalone Server sein soll
#connect {
#        name = "irc.uplink.com";
#        class = "server";
#        host = "192.168.0.1";
#        send_password = "password";
#        accept_password = "password";
#        encrypted = no;
#        port = 6666;
#        hub_mask = "*";
#        autoconn = yes;
#        #compressed = yes;
#        #cryptlink = yes;
#        #rsa_public_key_file = "etc/remote.server.keyfile";
#        #cipher_preference = "BF/168";
#};

#shared {
#};

kill {
user = "*@*aol*";
reason = "We dont like AOL-Users";
};

#deny {
#};

#exempt {
#};

#resv {
#};

gecos {
name = "sub7server";
reason = "Trojan drone";
action = reject;
#action = warn;
#action = silent;
};

channel {
use_invex = yes;
use_except = yes;
use_halfops = yes;
use_anonops = no;
use_vchans = yes;
use_knock = yes;
knock_delay = 15 minutes;
knock_delay_channel = 5 minute;
max_chans_per_user = 15;
quiet_on_ban = yes;
max_bans = 50;
default_split_user_count = 0;
default_split_server_count = 0;
no_create_on_split = no;
no_join_on_split = no;
oper_pass_resv = yes;
};

serverhide {
flatten_links = no;
links_delay = 5 minutes;
hidden = no;
disable_hidden = no;
hide_servers = no;
disable_remote_commands = no;
disable_local_channels = no;
};

general {
default_floodcount = 10;
failed_oper_notice = yes;
dots_in_ident=2;
dot_in_ip6_addr = yes;
min_nonwildcard = 3;
max_accept = 20;
anti_nick_flood = yes;
max_nick_time = 60 seconds;
max_nick_changes = 5;
anti_spam_exit_message_time = 10 minutes;
ts_warn_delta = 30 seconds;
ts_max_delta = 5 minutes;
client_exit = yes;
kline_with_reason = yes;
kline_with_connection_closed = no;
non_redundant_klines = yes;
warn_no_nline = yes;
stats_o_oper_only=yes;
stats_P_oper_only=no;
stats_i_oper_only=masked;
stats_k_oper_only=masked;
caller_id_wait = 1 minute;
pace_wait_simple = 1 second;
pace_wait = 10 seconds;
short_motd = no;
ping_cookie = yes;
no_oper_flood = yes;
true_no_oper_flood = yes;
glines = yes;
gline_time = 1 day;
idletime = 0;
maximum_links = 1;
#havent_read_conf = 1;
fname_userlog = "logs/userlog";
fname_operlog = "logs/operlog";
fname_foperlog = "logs/foperlog";
max_targets = 2;
client_flood = 20;
use_help = yes;
message_locale = "custom";
oper_only_umodes = bots, cconn, debug, full, skill, nchange, rej, spy, external, operwall, locops, unauth;
oper_umodes = locops, servnotice, operwall, wallop;
compression_level = 6;
throttle_time = 10;
};

modules {
path = "/usr/local/ircd/modules";
path = "/usr/local/ircd/modules/autoload";
#module = "some_module.so";
};


etc $ chmod 440 *.conf

Dies ist eine (bis auf Passwörter, IPs und Hostnamen) voll funktionsfähige Konfig!
Jeder Admin sollte sie aber nochmal überdenken und anpassen! 🙂
Hierzu sollte die Datei /usr/local/ircd/etc/example.conf konsultiert werden.
Gecryptete Passwörter können mit /usr/local/ircd/bin/mkpasswd erzeugt werden.

etc $ vi ircd.motd
oder:
etc $ /usr/local/ircd/bin/vimotd

Welcome at Futzelnet IRC Network
-------------------------------------------------------------------------------

Local IRC operators:
- ircop <ircop@irc.futzelnet.de>

-------------------------------------------------------------------------------

The use of this server and network is a priviledge, not a right!
The network operators may deny network access to anyone, for any
reason, at their sole discretion.

-------------------------------------------------------------------------------

Rules:
- No Flooding.
- No Clones.
- No Bots.
- No attempts to takeover existing nicks, channels or network services.
- No hacking (including Virus/Trojan distribution).
- No distribution of copyrighted material(eg, warez, mp3, movies) or porn.
- No Racism and/or Nazism.
- No spamming and/or advertising.
- Only one connection per IP.

By connecting to this network you accept the rules and give us permission
to come and take your liver if you break them.

-------------------------------------------------------------------------------


(Dieses MOTD darf frei kopiert werden.)

etc $ touch xline.conf
etc $ touch nresv.conf
etc $ touch cresv.conf

Testlauf:
etc $ cd ../bin
bin $ ./ircd
bin $ netstat -an | grep 666

tcp        0      0 0.0.0.0:6665            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6666            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6667            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6668            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6669            0.0.0.0:*               LISTEN

Startscript bauen (als root):
# vi /etc/init.d/ircd

#!/bin/sh

case "$1" in
start)
su - ircd -c '/usr/local/ircd/bin/ircd'
stop)
kill `cat /usr/local/ircd/etc/ircd.pid`
;;
restart)
$0 stop
$0 start
reload)
kill -HUP `cat /usr/local/ircd/etc/ircd.pid`
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
;;
esac


# chmod +x /etc/init.d/ircd

Fertig ist der ircd selbst.

Nun die Services wie NickServ, ChanServ und Co – man will es ja komfortabel haben.
HP http://www.ircservices.esper.net/version5.html

Installieren:
/usr/local/src # wget ftp://ftp.freenet.de/pub/ftp.ircservices.za.net/pub/ircservices/current.tar.gz
/usr/local/src # tar xzf current.tar.gz
/usr/local/src # cd ircservices-5.0.51
/usr/local/src/ircservices-5.0.51 # ./configure -ignore-cache -prefix /usr/local/ircd/services
/usr/local/src/ircservices-5.0.51 # mkdir -p /usr/local/ircd/services/sbin
/usr/local/src/ircservices-5.0.51 # make && make install
/usr/local/src/ircservices-5.0.51 # cd ../ircd-hybrid-7.0.2/contrib
/usr/local/src/ircd-hybrid-7.0.2/contrib # make m_tburst.so && cp m_tburst.so /usr/local/ircd/modules/autoload/
/usr/local/src/ircd-hybrid-7.0.2/contrib # chown -R ircd:ircd /usr/local/ircd/services
/usr/local/src/ircd-hybrid-7.0.2/contrib # chown ircd:ircd /usr/local/ircd/modules/autoload/m_tburst.so

Konfigurieren (auch wieder als User ircd):
# su – ircd
$ cd services/lib/services/
services/lib/services $ cp example-ircservices.conf ircservices.conf
services/lib/services $ cp example-modules.conf modules.conf

/usr/local/ircd/services/lib/services $ vi ircservices.conf

RemoteServer 127.0.0.1 6665 „password“
ServerName „services.futzelnet.de“
ServerDesc „Services for futzelnet IRC Networks“
ServiceUser „services@futzelnet.de“
RunGroup =6667
LoadModule protocol/hybrid
#LoadModule httpd/main
#LoadModule httpd/auth-ip
#LoadModule httpd/auth-password

(Nur geänderte Zeilen angegeben.)

services/lib/services $ vi modules.conf

Module protocol/hybrid
NetworkDomain „futzelnet.de“
FromAddress irc-services@futzelnet.de
FromName „Futzelnet IRC Services“
RelayHost localhost
SMTPName services.futzelnet.de
ServicesRoot ircservices
NSRegEmailMax 20
NSRequireEmail
NSDefKill
NSDefPrivate
NSExpire 90d
NSNoAuthExpire 24h
CSExpire 30d

(Nur geänderte Zeilen angegeben.)

services/lib/services $ cd ~/etc/
etc $ vi ircd.conf

# Fuer die services hinzugefuegt
connect {
name = "services.futzelnet.de";
class = "server";
host = "127.0.0.1";
send_password = "password";
accept_password = "password";
encrypted = no;
autoconn = yes;
};


Die (pseudo) Passwörter sind in klartext da ircservice keine gecrypteten kann.
Man sollte andere, cryptischerere, wählen und in ircservices.conf und ircd.conf
verwenden.

Starten:
$ /usr/local/ircd/services/sbin/ircservices

Sehen ob dies (alles) erfolgreich war:
$ ps -ax | grep ircd

19447 ?        S      0:00 /usr/local/ircd/bin/ircd
19451 pts/3    S      0:00 /usr/local/ircd/services/sbin/ircservices

$
$ tail /usr/local/ircd/services/lib/services/ircservices.log
[Apr 30 21:53:21 2005] IRC Services 5.0.51 starting up
$
$ tail /usr/local/ircd/logs/ircd.log
[…]
[2005/4/30 21.53] Server Ready
[2005/4/30 21.53] Link with services.futzelnet.de[unknown@127.0.0.1] established: (TS EX IE KLN HUB TBURST) link
$
$ netstat -an | grep 666

tcp        0      0 0.0.0.0:6665            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6666            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6667            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6668            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6669            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:6665          127.0.0.1:35074         VERBUNDEN
tcp        0      0 127.0.0.1:35074         127.0.0.1:6665          VERBUNDEN

Ja, ist schön so.

Crontabeintrag für den wraper:
$ crontab -e

*/4 * * * * /usr/local/ircd/services/sbin/ircservices-chk

(Endlich 😉 ) Fertig!