FreeBSD inspircd irc-server install

FreeBSD inspircd irc-server install

site: http://www.inspircd.org/

root@bsd11:~ # cd /usr/ports/irc/inspircd/ && make config

GEOIP , GUNTLS , LDAPAUTH , LDAPOPER 를 선택 합니다.

 

inspircd 를 설치 합니다.

root@bsd11:/usr/ports/irc/inspircd # make config install



~중략

Installing inspircd-2.0.26...
===> Creating groups.
Creating group 'ircd' with gid '72'.
===> Creating users
Creating user 'ircd' with uid '72'.
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/bin/inspircd

This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/inspircd

If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.

For more information, and contact details about the security
status of this software, see the following webpage:
http://www.inspircd.org/

root@bsd11:/usr/ports/irc/inspircd # rehash

root@bsd11:~ # sysrc inspircd_enable="YES"
inspircd_enable: -> YES
root@bsd11:~ #

config 없이 테스트 삼아 실행을 해 봅니다. :)
root@bsd11:~ # service inspircd start
Starting inspircd.
root@bsd11:~ #

root@bsd11:~ # sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
test sshd 1815 3 tcp4 192.168.0.100:22 192.168.0.10:7839
root sshd 1812 3 tcp4 192.168.0.100:22 192.168.0.10:7839
test sshd 729 3 tcp4 192.168.0.100:22 192.168.0.10:7727
root sshd 726 3 tcp4 192.168.0.100:22 192.168.0.10:7727
root sendmail 662 3 tcp4 127.0.0.1:25 *:*
root sshd 659 4 tcp4 *:22 *:*
root syslogd 530 7 udp4 *:514 *:*
root@bsd11:~ #

생각했던것 처럼 정상적으로 실행되지 않아 보입니다. 🙂

root@bsd11:~ # service inspircd stop
inspircd not running? (check /var/run/inspircd/inspircd.pid).
root@bsd11:~ #

root@bsd11:/var/log/inspircd # cat inspircd.log
Thu Aug 30 23:20:03 2018: ANNOUNCEMENT: Your configuration contains a deprecated value: <die:value> - you need to reread your config (at /usr/local/etc/inspircd/inspircd.conf:528)
Thu Aug 30 23:20:03 2018: ANNOUNCEMENT: Your configuration contains a deprecated value: <die:value> - you need to reread your config (at /usr/local/etc/inspircd/inspircd.conf:981)
root@bsd11:/var/log/inspircd #

 

inspircd.conf 수정

root@bsd11:/usr/local/etc/inspircd # vi inspircd.conf
528 #<die value="You should probably edit your config *PROPERLY* and try again.">
981 #<die value="User error. You didn't edit your config properly. Go back and try again.">

528/981 라인 부분을 주석 처리 합니다.

 

inspircd 데몬을 실행 합니다.

정상적으로 데몬이 실행 된것을 확인 할수 있습니다.

root@bsd11:~ # service inspircd start
Starting inspircd.
root@bsd11:~ # sockstat  -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
ircd     inspircd   2982  6  udp4   *:43757               *:*
ircd     inspircd   2982  7  tcp46  *:6697                *:*
ircd     inspircd   2982  8  tcp46  *:6660                *:*
ircd     inspircd   2982  9  tcp46  *:6661                *:*
ircd     inspircd   2982  10 tcp46  *:6662                *:*
ircd     inspircd   2982  11 tcp46  *:6663                *:*
ircd     inspircd   2982  12 tcp46  *:6664                *:*
ircd     inspircd   2982  13 tcp46  *:6665                *:*
ircd     inspircd   2982  14 tcp46  *:6666                *:*
ircd     inspircd   2982  15 tcp46  *:6667                *:*
ircd     inspircd   2982  16 tcp46  *:6668                *:*
ircd     inspircd   2982  17 tcp46  *:6669                *:*
ircd     inspircd   2982  18 tcp46  *:7000                *:*
ircd     inspircd   2982  19 tcp46  *:7001                *:*

 

추가 설치 ssl 및 ldap 설정… (차후작성)

기본설치 만으로 irc  서버의 운영을 권장 하지 않으며 LDAP 및 SSL 인증과 묶어서 사용을 권장 합니다.

Default 설치후 보안 설정 없이 irc server 의 운영은 보안에 안좋습니다.

감사합니다. 🙂

irc client weechat 설치 의 경우 아래 링크를 참고해 주세요.

FreeBSD weechat irc Client install

 

 

gnutls ssl 인증서 를 사용하여 inspircd 설정

인증서 생성 openssl 이용한 방법

root@bsd11:~ # cd /usr/local/etc/inspircd/
root@bsd11:/usr/local/etc/inspircd # mkdir sslcert/
root@bsd11:/usr/local/etc/inspircd/sslcert # openssl req -x509 -nodes -newkey rsa:1024 -keyout key.pem -out cert.pem
Generating a 1024 bit RSA private key
....++++++
....++++++
writing new private key to 'key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:seoul
Locality Name (eg, city) []:city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:testirc
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:testirc
Email Address []:test@test.com

 

certtool 이용한 방법

# certtool --generate-privkey --outfile key.pem
# certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem

 

 

inspircd.conf 파일을 설정 합니다.

root@bsd11:~ # cd /usr/local/etc/inspircd/
root@bsd11:/usr/local/etc/inspircd # vi inspircd.conf

<include file="examples/modules.conf">


<bind address="" port="6667" type="clients" ssl="gnutls">
<bind address="" port="6666" type="servers" ssl="gnutls">
#<gnutls cafile="" crlfile="" certfile="/usr/local/etc/inspircd/sslcert/cert.pem" keyfile="/usr/local/etc/inspircd/sslcert/key.pem" priority="NORMAL:-MD5" hash="sha1">
<gnutls cafile="" crlfile="" certfile="/usr/local/etc/inspircd/sslcert/cert.pem" keyfile="/usr/local/etc/inspircd/sslcert/key.pem" dh_bits="1024">


<include file="examples/opers.conf.example">
<files motd="examples/motd.txt.example" rules="examples/rules.txt.example">

root@bsd11:/usr/local/etc/inspircd # cd examples/
root@bsd11:/usr/local/etc/inspircd/examples # cp modules.conf.example modules.conf

root@bsd11:/usr/local/etc/inspircd/examples # vi modules.conf

<module name="m_md5.so">
<module name="m_ssl_gnutls.so">
<module name="m_spanningtree.so">

 

weechat 설정

irc.conf 파일에서 아래와 같이 설정을 변경 합니다.

$ cd .weechat/
$ vi irc.conf
ssl = on
ssl_cert = ""
ssl_dhkey_size = 1024
ssl_verify = off

 

 

접속후 화면

irc server 의 ssl ports 가 정상적으로 open 안된 경우 아래와 같은 메시지가 출력됩니다.

x11:17:13 testirc =!= | irc: TLS handshake failed
x11:17:13 testirc =!= | irc: error: An unexpected TLS packet was received.
x11:17:13 testirc -- | irc: reconnecting to server in 10 seconds

 

 

댓글 남기기