Differences

This shows you the differences between two versions of the page.

--- installing_irc_at_home [2020/07/03 18:12] – [modules.conf] included password hashing waxphilosophic
+++ installing_irc_at_home [2024/09/05 00:05] (current) – ie” hc9
@@ Line 7: / Line 7: @@
 This how-to covers installing and IRC server and clients for a typical home LAN. The hardware and OS used is a Raspberry Pi 2 with FreeBSD 12.1, but any system with a recent BSD variant should work with little need or no modification.
-At the time of writing, the SDF servers run InspIRCd for the server side and ircII for the default client. The same software is used in this document. In addition, this how-to covers Pidgin, a Windows/Mac GUI client that can be used for IRC as well as other instant messaging protocols.
+At the time of writing, the SDF servers run InspIRCd for the server side and ircII for the default client. The same software is used in this document. In addition, this how-to covers Pidgin, a Windows/Mac GUI client that can be used for IRC as well as other instant messaging protocols. Mozilla Thunderbird has IRC capabilities and is covered as well.
 ===== Installing Server-Side Software =====
@@ Line 34: / Line 34: @@
 === SERVER DESCRIPTION ===
-Start with the section entitled SERVER DESCRIPTION. Here you will find the server configuration spread out over several lines and interspersed with comments. For the examples in this document, I am naming the server "beastie" after the FreeBSD mascot. My server section (without the comments) looks like this:
+Start with the section entitled SERVER DESCRIPTION. Here you will find the server configuration spread out over several lines and interspersed with comments. For the examples in this document, I am naming the server “beastie” after the FreeBSD mascot. My server section (without the comments) looks like this:
 <code>
@@ Line 57: / Line 57: @@
 Again, this is all just a made-up tribute to the FreeBSD mascot. You can enter whatever you like for your set-up.
+=== PORT CONFIGURATION ===
+Most of the PORT CONFIGURATION section can be left as it is. However, the last two lines are used to open ports allowing other IRC servers to connect to ours. In a home LAN environment, with a single server, this will never happen.
+So, find these lines:
+<code>
+<bind address="" port="7000,7001" type="servers">
+<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+</code>
+Comment them by adding a hash as the first character so they look like this:
+<code>
+#<bind address="" port="7000,7001" type="servers">
+#<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+</code>
 === CONNECTIONS CONFIGURATION ===
-No changes are needed for the PORT CONFIGURATION, so we can move on to CONNECTIONS CONFIGURATION. The changes here involve changing resolvehostnames="yes" to resolvehostnames="no".
+After commenting out the last two lines of PORT CONFIGURATION, so we can move on to CONNECTIONS CONFIGURATION. The changes here involve changing ''resolvehostnames="yes"'' to ''resolvehostnames="no"'' and changing the IP address range in an example section.
-The reason for this is entirely because of DNS. Unless you are running a robust DNS infrastructure on your LAN, chances are good that your ISP's router (the typical home LAN DNS server) will not do reverse look-ups. Setting resolvehostnames="no" will instruct InspIRCd to not even try, sparing you countless warning messages.
+The reason for changing resolvehostnames is entirely because of DNS as you might have guessed. Unless you are running a robust DNS infrastructure on your LAN, chances are good that your ISP's router (the typical home LAN DNS server) will not do reverse look-ups. Setting ''resolvehostnames="no"'' will instruct InspIRCd to not even try, sparing you countless warning messages.
-If you have a more robust DNS server on your network, you can certainly leave this as-is. If you see errors like "Could not resolve your hostname: Malformed answer" when logging in, it means the reverse lookups are not working.
+If you have a more robust DNS server on your network, you can certainly leave this as-is. If you see errors like “''Could not resolve your hostname: Malformed answer''” when logging in, it means the reverse lookups are not working.
-There are two resolvehostnames="yes" entries that must be changed. They should look like this when you're done:
+There are two ''resolvehostnames="yes"'' entries that must be changed. They should look like this when you're done:
 <code>
@@ Line 72: / Line 90: @@
 Do not give into the temptation to comment the lines out. This is not the same as setting it to no.
+As for the IP address range that needs changing, this is in the example <connect:allow> class. There is a sample IP range of 203.0.113.* being allowed. This section should be deleted or at least have the IP range changed to your home LAN's range of addresses. Typical home setups use 192.168.0.* and that is what is shown here.
+<code>
+allow="192.168.0.*"
+</code>
+=== Enabling Server Operators ===
+Slipped in between the headings of CIDR CONFIGURATION and MISCELLANEOUS CONFIGURATION is a little, unassuming line that looks like this:
+<code>
+#<include file="opers.conf">
+</code>
+It needs to be uncommented if you want to enable users to gain administrative privileges. If you don't remove the leading hash, any attempt to use the /OPER command will result in the message “''Invalid oper credentials''”.
+It should look like this when you're done:
+<code>
+<include file="opers.conf">
+</code>
 === Sections left as default ===
 These are the sections that do not need changes and can be skipped over:
-  * CIDR CONFIGURATION
   * MISCELLANEOUS CONFIGURATION
   * DNS SERVER
@@ Line 94: / Line 133: @@
 The next section to need editing is MODULES. You will have scrolled by quite a few sections to get there.
-There is only one change to be made in the MODULES section and that is to uncomment the line that reads: #<include file="modules.conf">, by removing the leading hash character.
+There is only one change to be made in the MODULES section and that is to uncomment the line that reads: ''#<include file="modules.conf">'', by removing the leading hash character.
 It should look like this when you're done:
@@ Line 110: / Line 149: @@
 After including modules.conf inside of inspircd.conf, the next step is to edit modules.conf. The main reason for using modules.conf in this how-to document is to use the permanent channel feature. This involves uncommenting a line and adding another to define the permanent channel.
-But, while we're editing, there are two more handy modules to enable. Those are "sha256" and "password_hash" and are used for avoiding plain-text passwords. All of this gives us three uncomments and one new line for modules.conf.
+But, while we're editing, there are two more handy modules to enable. Those are “sha256” and “password_hash” and are used for avoiding plain-text passwords. All of this gives us three uncomments and one new line for modules.conf.
   * <module name="sha256">
@@ Line 131: / Line 170: @@
 Make sure to uncomment all three modules.
-A little less than 20 lines after uncommenting the permchannels module, you will see a permanent channel definition that's commented out. It looks like this: #<permchannels channel="#opers" modes="isP" topic="Opers only.">
+A little less than 20 lines after uncommenting the permchannels module, you will see a permanent channel definition that's commented out. It looks like this: ''#<permchannels channel="#opers" modes="isP" topic="Opers only.">''
 It's just an example line showing how to configure a permanent channel. On the line after that, you can add your own to set up your permanent channel. Mine looks like this:
@@ Line 142: / Line 181: @@
 There is no more configuration needed for the modules.conf file.
+==== opers.conf ====
+Opers, or server operators, are the administrators of the IRC server and can invoke special privileges using the /OPER command. You might be able to run IRC on a home LAN and never need any of the administrative privileges, so if you wish to skip this file, you can. It's simply included for the sake of being complete.
+For InspIRCd, the opers.conf is where everything concerning this special ability is configured.
+Open up opers.conf in a text editor.
+What you see under the headings of CLASS CONFIGURATION and OPERATOR COMPOSITION can be left as default. It's the OPERATOR CONFIGURATION section we're interested in.
+There are a couple examples given using the names Attila and Brain. Look them over to read the comments and then delete them. Yes, delete. Delete everything after the section heading.
+When you're done, the opers.conf file should end here:
+<code>
+#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+#   Opers are defined here. This is a very important section.         #
+#   Remember to only make operators out of trustworthy people.        #
+#                                                                     #
+</code>
+We'll insert our operator after this. In keeping with the rest of the how-to, the operator will be named “beastie” and beastie will have full network admin privileges.
+Here's what it will look like:
+<code>
+#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+#   Opers are defined here. This is a very important section.         #
+#   Remember to only make operators out of trustworthy people.        #
+#                                                                     #
+<oper
+    name="beastie"
+    hash="sha256"
+    password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"
+    host="*@*"
+    type="NetAdmin">
+</code>
+The above should be pretty self-explanatory based on the key=value pairs you see. The two things that require a little clarification are probably password and host. Specifically, where did the password value come from and what does “''*@*''” mean?
+The value for the password is a sha256 hash of the word s3cret. You may remember that was the plain-text password used for Attila in the opers.conf example that we deleted. You can create a new password hash using the sha256 command-line utility included with FreeBSD.
+Here's the command to encode the s3cret password and the resulting hash.
+<code>
+# sha256 -s s3cret
+SHA256 ("s3cret") = 1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0
+</code>
+The answer to the question of ''host="*@*"'' comes down to wildcards. ''*'' is treated as a wildcard matching any possible value. In this case, any user from any host is allowed to use /oper mode and become admin provided they know the password. This is not secure, but for purposes of a home LAN, where you trust your users, it's fine.
+It would also be difficult to enforce in an environment were there are no reverse DNS lookups and IPs are handed out from a DHCP server. In other words, neither user@hostname nor user@192.168.x.x would work reliably. ''"user@*"'' could be used to give only one account the admin ability. On a home LAN, this is the best we can do.
+Other than changing the lame password, there's one more step for opers.conf, and that is to change the vhost under the OPERATOR COMPOSITION section. This is purely cosmetic, but it helps show that we pay attention to details.
+Right around line 75 of opers.conf, you'll see:
+<code>
+vhost="netadmin.omega.example.org"
+</code>
+Following the naming used in the example, change this to:
+<code>
+vhost="netadmin.beastie.home.lan"
+</code>
+If you have customized the domain names to something else, by all means use that.
 ==== motd.txt ====
@@ Line 158: / Line 268: @@
 The following two commands will enable and start inspircd:
-  * sysrc inspircd_enable="YES"
+  * ''sysrc inspircd_enable="YES"''
-  * service inspircd start
+  * ''service inspircd start''
 To verify it's up and running, use:
-  * service inspircd status
+  * ''service inspircd status''
-  * sockstat | grep 6667
+  * ''sockstat | grep 6667''
 If all is well, you should see something like this:
@@ Line 276: / Line 386: @@
 ---
 >        email="beastie@beastie.home.lan">
+,226c225,226
+< <bind address="" port="7000,7001" type="servers">
+< <bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+---
+> #<bind address="" port="7000,7001" type="servers">
+> #<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+c278
+<          allow="203.0.113.*"
+---
+>          allow="192.168.0.*"
 c313
 <          resolvehostnames="yes"
@@ Line 284: / Line 404: @@
 ---
 >          resolvehostnames="no"
+c497
+< #<include file="opers.conf">
+---
+> <include file="opers.conf">
 c1044
 < #<include file="modules.conf">
@@ Line 293: / Line 417: @@
 <code>
+c49
+< #<module name="sha256">
+---
+> <module name="sha256">
+c1640
+< #<module name="password_hash">
+---
+> <module name="password_hash">
 c1683
 < #<module name="permchannels">
@@ Line 299: / Line 431: @@
 a1701
 > <permchannels channel="#home" topic="Is where the <3 is.">
+</code>
+==== opers.conf ====
+This is an abreviated diff of opers.conf since most of the changes involved deleting the bottom third of the file.
+<code>
+c75
+<     vhost="netadmin.omega.example.org"
+---
+>     vhost="netadmin.beastie2.home.lan"
+,95d93
+<
+< # Operator account with a plaintext password.
+,99c95,99
+<       # name: Oper login that is used to oper up (/OPER <username> <password>).
+<       # Remember: This is case sensitive.
+<       name="Attila"
+---
+>     name="beastie"
+>     hash="sha256"
+>     password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"
+>     host="*@*"
+>     type="NetAdmin">
+,181d100
+[Not shown for brevity.]
 </code>
@@ Line 314: / Line 472: @@
   * Choose a protocol of IRC.
-  * Fill in the login, server, and password with the information you use to log into the FreeBSD server.
+  * Fill in the login and server that you use on your LAN.
-  * Check the remember password if you like, but be aware that it is saved in clear text in the %APPDATA% directory.
+  * Password is not required for IRC, and be aware that it is saved in clear text in the %APPDATA% directory if you use it.
   * The remaining tabs may be left with default settings.
@@ Line 323: / Line 481: @@
   * Choose the Buddies menu item and select Add Chat from the drop-down.
   * Make sure your IRC Account is shown at the top.
-  * Fill in the channel name.
+  * Fill in the channel name. (In the example, the permanent channel name was #home)
   * Check the box for Automatically join...
@@ Line 329: / Line 487: @@
 See this WikiHow article for a guided step-by-step with pictures: [[ https://www.wikihow.com/Automatically-Join-an-IRC-Channel-in-Pidgin ]]
+===== Thunderbird for GUI clients =====
+In addition to email, Thunderbird also has IRC capabilities. To access, find Chat on the toolbar. It's after Get Messages and Write. Click Chat.
+Unless you've set up Thunderbird as a chat client previously, you'll be looking at a message that say you haven't set up any chat accounts, and a button labeled Get Started. Click on Get Started.
+Follow the set-up wizard.
+  * Select IRC as the network.
+  * Enter your nickname and IRC server hostname (beastie.home.lan if you're following the example.)
+  * You can leave the password blank.
+  * Change the port to 6667 in the Advanced Options.
+  * Remove the check for Use SSL in the Advanced Options.
+Leave the box checked for connect Connect to This Account Now to test.
 ====== Go Forth and Conquer ======
 Now that you're running IRC at home, remember to get everyone else in your household using ircII or Pidgin so you can pester them with messages with just the stroke of a keyboard.