FreeBSD inspircd irc-server install
site: http://www.inspircd.org/
root@bsd11:~ # cd /usr/ports/irc/inspircd/ && make config
GEOIP , GUNTLS , LDAPAUTH , LDAPOPER 를 선택 합니다.
inspircd 를 설치 합니다.
root@bsd11:/usr/ports/irc/inspircd # make config install ~중략 Installing inspircd-2.0.26... ===> Creating groups. Creating group 'ircd' with gid '72'. ===> Creating users Creating user 'ircd' with uid '72'. ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/inspircd This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/inspircd If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.inspircd.org/ root@bsd11:/usr/ports/irc/inspircd # rehash root@bsd11:~ # sysrc inspircd_enable="YES" inspircd_enable: -> YES root@bsd11:~ # config 없이 테스트 삼아 실행을 해 봅니다. :) root@bsd11:~ # service inspircd start Starting inspircd. root@bsd11:~ # root@bsd11:~ # sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS test sshd 1815 3 tcp4 192.168.0.100:22 192.168.0.10:7839 root sshd 1812 3 tcp4 192.168.0.100:22 192.168.0.10:7839 test sshd 729 3 tcp4 192.168.0.100:22 192.168.0.10:7727 root sshd 726 3 tcp4 192.168.0.100:22 192.168.0.10:7727 root sendmail 662 3 tcp4 127.0.0.1:25 *:* root sshd 659 4 tcp4 *:22 *:* root syslogd 530 7 udp4 *:514 *:* root@bsd11:~ #
생각했던것 처럼 정상적으로 실행되지 않아 보입니다. 🙂
root@bsd11:~ # service inspircd stop inspircd not running? (check /var/run/inspircd/inspircd.pid). root@bsd11:~ # root@bsd11:/var/log/inspircd # cat inspircd.log Thu Aug 30 23:20:03 2018: ANNOUNCEMENT: Your configuration contains a deprecated value: <die:value> - you need to reread your config (at /usr/local/etc/inspircd/inspircd.conf:528) Thu Aug 30 23:20:03 2018: ANNOUNCEMENT: Your configuration contains a deprecated value: <die:value> - you need to reread your config (at /usr/local/etc/inspircd/inspircd.conf:981) root@bsd11:/var/log/inspircd #
inspircd.conf 수정
root@bsd11:/usr/local/etc/inspircd # vi inspircd.conf 528 #<die value="You should probably edit your config *PROPERLY* and try again."> 981 #<die value="User error. You didn't edit your config properly. Go back and try again.">
528/981 라인 부분을 주석 처리 합니다.
inspircd 데몬을 실행 합니다.
정상적으로 데몬이 실행 된것을 확인 할수 있습니다.
root@bsd11:~ # service inspircd start Starting inspircd. root@bsd11:~ # sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS ircd inspircd 2982 6 udp4 *:43757 *:* ircd inspircd 2982 7 tcp46 *:6697 *:* ircd inspircd 2982 8 tcp46 *:6660 *:* ircd inspircd 2982 9 tcp46 *:6661 *:* ircd inspircd 2982 10 tcp46 *:6662 *:* ircd inspircd 2982 11 tcp46 *:6663 *:* ircd inspircd 2982 12 tcp46 *:6664 *:* ircd inspircd 2982 13 tcp46 *:6665 *:* ircd inspircd 2982 14 tcp46 *:6666 *:* ircd inspircd 2982 15 tcp46 *:6667 *:* ircd inspircd 2982 16 tcp46 *:6668 *:* ircd inspircd 2982 17 tcp46 *:6669 *:* ircd inspircd 2982 18 tcp46 *:7000 *:* ircd inspircd 2982 19 tcp46 *:7001 *:*
추가 설치 ssl 및 ldap 설정… (차후작성)
기본설치 만으로 irc 서버의 운영을 권장 하지 않으며 LDAP 및 SSL 인증과 묶어서 사용을 권장 합니다.
Default 설치후 보안 설정 없이 irc server 의 운영은 보안에 안좋습니다.
감사합니다. 🙂
irc client weechat 설치 의 경우 아래 링크를 참고해 주세요.
gnutls ssl 인증서 를 사용하여 inspircd 설정
인증서 생성 openssl 이용한 방법
root@bsd11:~ # cd /usr/local/etc/inspircd/ root@bsd11:/usr/local/etc/inspircd # mkdir sslcert/ root@bsd11:/usr/local/etc/inspircd/sslcert # openssl req -x509 -nodes -newkey rsa:1024 -keyout key.pem -out cert.pem Generating a 1024 bit RSA private key ....++++++ ....++++++ writing new private key to 'key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:KO State or Province Name (full name) [Some-State]:seoul Locality Name (eg, city) []:city Organization Name (eg, company) [Internet Widgits Pty Ltd]:testirc Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:testirc Email Address []:test@test.com
certtool 이용한 방법
# certtool --generate-privkey --outfile key.pem # certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem
inspircd.conf 파일을 설정 합니다.
root@bsd11:~ # cd /usr/local/etc/inspircd/ root@bsd11:/usr/local/etc/inspircd # vi inspircd.conf <include file="examples/modules.conf"> <bind address="" port="6667" type="clients" ssl="gnutls"> <bind address="" port="6666" type="servers" ssl="gnutls"> #<gnutls cafile="" crlfile="" certfile="/usr/local/etc/inspircd/sslcert/cert.pem" keyfile="/usr/local/etc/inspircd/sslcert/key.pem" priority="NORMAL:-MD5" hash="sha1"> <gnutls cafile="" crlfile="" certfile="/usr/local/etc/inspircd/sslcert/cert.pem" keyfile="/usr/local/etc/inspircd/sslcert/key.pem" dh_bits="1024"> <include file="examples/opers.conf.example"> <files motd="examples/motd.txt.example" rules="examples/rules.txt.example"> root@bsd11:/usr/local/etc/inspircd # cd examples/ root@bsd11:/usr/local/etc/inspircd/examples # cp modules.conf.example modules.conf root@bsd11:/usr/local/etc/inspircd/examples # vi modules.conf <module name="m_md5.so"> <module name="m_ssl_gnutls.so"> <module name="m_spanningtree.so">
weechat 설정
irc.conf 파일에서 아래와 같이 설정을 변경 합니다.
$ cd .weechat/ $ vi irc.conf ssl = on ssl_cert = "" ssl_dhkey_size = 1024 ssl_verify = off
접속후 화면
irc server 의 ssl ports 가 정상적으로 open 안된 경우 아래와 같은 메시지가 출력됩니다.
x11:17:13 testirc =!= | irc: TLS handshake failed x11:17:13 testirc =!= | irc: error: An unexpected TLS packet was received. x11:17:13 testirc -- | irc: reconnecting to server in 10 seconds