This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
irc:openbsd:oidentd [2019/11/08 19:29] jrmu created |
irc:openbsd:oidentd [2019/11/08 19:47] jrmu |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | First, install oidentd: | ||
+ | |||
<code> | <code> | ||
$ doas pkg_add oidentd | $ doas pkg_add oidentd | ||
+ | </code> | ||
+ | |||
+ | Put this inside /etc/rc.local: | ||
+ | |||
+ | <code> | ||
+ | if [ -x /usr/local/sbin/oidentd ]; then | ||
+ | echo -n ' oidentd'; /usr/local/sbin/oidentd -u _identd -g _identd | ||
+ | fi | ||
+ | </code> | ||
+ | |||
+ | This will run each time upon bootup. The first time, though, you will want to start it manually: | ||
+ | |||
+ | <code> | ||
+ | $ doas sh /etc/rc.local | ||
+ | </code> | ||
+ | |||
+ | Inside your /home/znc/home/znc/.znc/configs/znc.conf file, you will want to include the identfile module: | ||
+ | |||
+ | <code> | ||
+ | AnonIPLimit = 1000 | ||
+ | AuthOnlyViaModule = false | ||
+ | ConfigWriteDelay = 0 | ||
+ | ConnectDelay = 5 | ||
+ | HideVersion = false | ||
+ | LoadModule = chansaver | ||
+ | LoadModule = lastseen | ||
+ | LoadModule = adminlog | ||
+ | LoadModule = identfile | ||
+ | LoadModule = webadmin | ||
+ | LoadModule = certauth | ||
+ | MaxBufferSize = 10000 | ||
+ | ProtectWebSessions = true | ||
+ | SSLCertFile = /home/znc/.znc/bnc3.ircnow.org.fullchain.pem | ||
+ | SSLKeyFile = /home/znc/.znc/bnc3.ircnow.org.key | ||
+ | SSLDHParamFile = /home/znc/.znc/dhparam.pem | ||
+ | ServerThrottle = 30 | ||
+ | Version = 1.7.4 | ||
+ | |||
+ | <Listener listener0> | ||
+ | AllowIRC = true | ||
+ | AllowWeb = false | ||
+ | Host = 209.141.39.184 | ||
+ | IPv4 = true | ||
+ | IPv6 = false | ||
+ | Port = 6697 | ||
+ | SSL = true | ||
+ | URIPrefix = / | ||
+ | </Listener> | ||
+ | |||
+ | <Listener listener1> | ||
+ | AllowIRC = true | ||
+ | AllowWeb = false | ||
+ | Host = 2605:6400:0020:0434:: | ||
+ | IPv4 = false | ||
+ | IPv6 = true | ||
+ | Port = 6697 | ||
+ | SSL = true | ||
+ | URIPrefix = / | ||
+ | </Listener> | ||
+ | </code> | ||
+ | |||
+ | Put this inside /etc/oidentd.conf: | ||
+ | |||
+ | <code> | ||
+ | user "znc" { | ||
+ | default { | ||
+ | allow spoof | ||
+ | allow spoof_all | ||
+ | } | ||
+ | } | ||
+ | </code> | ||
+ | |||
+ | If this file doesn't already exist: | ||
+ | |||
+ | <code> | ||
+ | # touch /home/znc/home/znc/.oidentd.conf | ||
+ | # ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf | ||
+ | # chown znc:znc /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf | ||
+ | </code> | ||
+ | |||
+ | Add this to /etc/pf.conf: | ||
+ | |||
+ | <code> | ||
+ | pass in proto tcp to port {auth} #ident | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | $ doas pfctl -f /etc/pf.conf | ||
+ | </code> | ||
+ | |||
+ | You want to connect to znc and set the ident to match the account's username (to prevent users from being able to change their ident response). This allows channel ops to ban individual users without banning the entire znc's IP address: | ||
+ | |||
+ | <code> | ||
+ | /msg *identfile setformat global { reply "%user%" } | ||
</code> | </code> |