This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
help:technical:znc [2017/05/25 00:17] rubin |
help:technical:znc [2017/05/26 15:55] rubin |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== ZNC install for network Administrators ====== | ====== ZNC install for network Administrators ====== | ||
- | This guide tells how we install ZNC for our whole network, with integrated login to our X3 services. | + | |
+ | This is a guide for IRC Network Administrators. If you just want to connect to AfterNET' | ||
+ | |||
+ | If you use X3 with ldap support (Or any services | ||
===== Install saslauthd ===== | ===== Install saslauthd ===== | ||
Line 22: | Line 25: | ||
* Stop saslauthd and run it in debug mode: ''/ | * Stop saslauthd and run it in debug mode: ''/ | ||
* check ''/ | * check ''/ | ||
- | * try ldapsearch and see if that works: | + | * try ldapsearch and see if that works: |
+ | |||
+ | | ||
===== Install ZNC ===== | ===== Install ZNC ===== | ||
Line 28: | Line 33: | ||
Assuming a debian 8 (jessie) base system: | Assuming a debian 8 (jessie) base system: | ||
+ | * Add the znc user account to the sasl group: '' | ||
* Install debian backports: add '' | * Install debian backports: add '' | ||
* Install build dependencies by cheating a bit using the debian dependency list: '' | * Install build dependencies by cheating a bit using the debian dependency list: '' | ||
Line 40: | Line 46: | ||
* compile: '' | * compile: '' | ||
* install: '' | * install: '' | ||
+ | * Remove plugins (See list below) that you don't want around for security or irrelevance | ||
* Run for the first time, from the install directory: '' | * Run for the first time, from the install directory: '' | ||
* Username: admin | * Username: admin | ||
Line 48: | Line 55: | ||
* Bind host: empty | * Bind host: empty | ||
* Connect to the ZNC using an irc client as the above user | * Connect to the ZNC using an irc client as the above user | ||
- | * Load the cyrusauth module: ''/ | + | * Load the cyrusauth module |
- | * Create a dummy user in znc to use as a skel/clone identity | + | * Create a dummy user in znc to use as a skel/clone identity: ''/ |
- | * Set cyrusauth module | + | * Configure this user how you want them. Mainly use your above zncadmin account to disable their flag access to bind. |
- | * Let it create users: '' | + | * Configure |
+ | * Set cyrusauth module to use it the cloneuser: '' | ||
+ | * Let it create users: '' | ||
+ | * Your services/ | ||
+ | * A network to configure for cloned users: '' | ||
+ | * A server to configure for them: '' | ||
+ | * Salt is used to unpredictibly hash usernames: '' | ||
+ | * A WebIRC Block in nefarious lets us setup our hostname: '' | ||
+ | * What hostname to use: '' | ||
* Load the sasl module: ''/ | * Load the sasl module: ''/ | ||
- | | + | |
- | * | + | * Require authentication: |
- | * Configure | + | * SASL Mechanism to support: '' |
+ | * Set < | ||
+ | |||
+ | ===== Setup IRCD ===== | ||
+ | * Add a webIRC line: | ||
+ | |||
+ | WebIRC { | ||
+ | | ||
+ | host = "*@zncip"; | ||
+ | pass = " | ||
+ | }; | ||
+ | |||
+ | * Except block to protect znc from flood limits: | ||
+ | |||
+ | Except { | ||
+ | host = " | ||
+ | gline = yes; | ||
+ | rdns = yes; | ||
+ | ipcheck = yes; | ||
+ | targetlimit = yes; | ||
+ | }; | ||
+ | |||
+ | ===== Security ===== | ||
+ | I run this script after '' | ||
+ | |||
+ | < | ||
+ | # | ||
+ | |||
+ | RM='/ | ||
+ | echo "Lets delete | ||
+ | |||
+ | #Lets remove unsafe modules! | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | $RM lib/ | ||
+ | # | ||
+ | # | ||
+ | $RM lib/ | ||
+ | # | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | # ADD? # | ||
+ | # | ||
+ | # | ||
+ | # ADD? # | ||
+ | # ADD? # | ||
+ | # | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | # | ||
+ | # | ||
+ | $RM lib/ | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | $RM lib/ | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | $RM lib/ | ||
+ | # | ||
+ | $RM lib/ | ||
+ | #$RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | #$RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | # | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | # | ||
+ | # ADD? # | ||
+ | # | ||
+ | # | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | # ADD? # | ||
+ | # ADD? # | ||
+ | # | ||
+ | $RM lib/ | ||
+ | # | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | $RM lib/ | ||
+ | # | ||
+ | # | ||
+ | # ADD? # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | </ |