Differences

This shows you the differences between two versions of the page.

--- installing_irc_at_home [2020/07/03 18:14] – [modules.conf] Added password hash modules waxphilosophic
+++ installing_irc_at_home [2020/07/13 01:01] (current) – waxphilosophic
@@ Line 7: / Line 7: @@
 This how-to covers installing and IRC server and clients for a typical home LAN. The hardware and OS used is a Raspberry Pi 2 with FreeBSD 12.1, but any system with a recent BSD variant should work with little need or no modification.
-At the time of writing, the SDF servers run InspIRCd for the server side and ircII for the default client. The same software is used in this document. In addition, this how-to covers Pidgin, a Windows/Mac GUI client that can be used for IRC as well as other instant messaging protocols.
+At the time of writing, the SDF servers run InspIRCd for the server side and ircII for the default client. The same software is used in this document. In addition, this how-to covers Pidgin, a Windows/Mac GUI client that can be used for IRC as well as other instant messaging protocols. Mozilla Thunderbird has IRC capabilities and is covered as well.
 ===== Installing Server-Side Software =====
@@ Line 57: / Line 57: @@
 Again, this is all just a made-up tribute to the FreeBSD mascot. You can enter whatever you like for your set-up.
+=== PORT CONFIGURATION ===
+Most of the PORT CONFIGURATION section can be left as it is. However, the last two lines are used to open ports allowing other IRC servers to connect to ours. In a home LAN environment, with a single server, this will never happen.
+So, find these lines:
+<code>
+<bind address="" port="7000,7001" type="servers">
+<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+</code>
+Comment them by adding a hash as the first character so they look like this:
+<code>
+#<bind address="" port="7000,7001" type="servers">
+#<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+</code>
 === CONNECTIONS CONFIGURATION ===
-No changes are needed for the PORT CONFIGURATION, so we can move on to CONNECTIONS CONFIGURATION. The changes here involve changing resolvehostnames="yes" to resolvehostnames="no".
+After commenting out the last two lines of PORT CONFIGURATION, so we can move on to CONNECTIONS CONFIGURATION. The changes here involve changing resolvehostnames="yes" to resolvehostnames="no" and changing the IP address range in an example section.
-The reason for this is entirely because of DNS. Unless you are running a robust DNS infrastructure on your LAN, chances are good that your ISP's router (the typical home LAN DNS server) will not do reverse look-ups. Setting resolvehostnames="no" will instruct InspIRCd to not even try, sparing you countless warning messages.
+The reason for changing resolvehostnames is entirely because of DNS as you might have guessed. Unless you are running a robust DNS infrastructure on your LAN, chances are good that your ISP's router (the typical home LAN DNS server) will not do reverse look-ups. Setting resolvehostnames="no" will instruct InspIRCd to not even try, sparing you countless warning messages.
 If you have a more robust DNS server on your network, you can certainly leave this as-is. If you see errors like "Could not resolve your hostname: Malformed answer" when logging in, it means the reverse lookups are not working.
@@ Line 72: / Line 90: @@
 Do not give into the temptation to comment the lines out. This is not the same as setting it to no.
+As for the IP address range that needs changing, this is in the example <connect:allow> class. There is a sample IP range of 203.0.113.* being allowed. This section should be deleted or at least have the IP range changed to your home LAN's range of addresses. Typical home setups use 192.168.0.* and that is what is shown here.
+<code>
+allow="192.168.0.*"
+</code>
+=== Enabling Server Operators ===
+Slipped in between the headings of CIDR CONFIGURATION and MISCELLANEOUS CONFIGURATION is a little, unassuming line that looks like this:
+<code>
+#<include file="opers.conf">
+</code>
+It needs to be uncommented if you want to enable users to gain administrative privileges. If you don't remove the leading hash, any attempt to use the /OPER command will result in the message "Invalid oper credentials".
+It should look like this when you're done:
+<code>
+<include file="opers.conf">
+</code>
 === Sections left as default ===
 These are the sections that do not need changes and can be skipped over:
-  * CIDR CONFIGURATION
   * MISCELLANEOUS CONFIGURATION
   * DNS SERVER
@@ Line 142: / Line 181: @@
 There is no more configuration needed for the modules.conf file.
+==== opers.conf ====
+Opers, or server operators, are the administrators of the IRC server and can invoke special privileges using the /OPER command. You might be able to run IRC on a home LAN and never need any of the administrative privileges, so if you wish to skip this file, you can. It's simply included for the sake of being complete.
+For InspIRCd, the opers.conf is where everything concerning this special ability is configured.
+Open up opers.conf in a text editor.
+What you see under the headings of CLASS CONFIGURATION and OPERATOR COMPOSITION can be left as default. It's the OPERATOR CONFIGURATION section we're interested in.
+There are a couple examples given using the names Attila and Brain. Look them over to read the comments and then delete them. Yes, delete. Delete everything after the section heading.
+When you're done, the opers.conf file should end here:
+<code>
+#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+#   Opers are defined here. This is a very important section.         #
+#   Remember to only make operators out of trustworthy people.        #
+#                                                                     #
+</code>
+We'll insert our operator after this. In keeping with the rest of the how-to, the operator will be named "beastie" and beastie will have full network admin privileges.
+Here's what it will look like:
+<code>
+#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+#   Opers are defined here. This is a very important section.         #
+#   Remember to only make operators out of trustworthy people.        #
+#                                                                     #
+<oper
+    name="beastie"
+    hash="sha256"
+    password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"
+    host="*@*"
+    type="NetAdmin">
+</code>
+The above should be pretty self-explanatory based on the key=value pairs you see. The two things that require a little clarification are probably password and host. Specifically, where did the password value come from and what does "*@*" mean?
+The value for the password is a sha256 hash of the word s3cret. You may remember that was the plain-text password used for Attila in the opers.conf example that we deleted. You can create a new password hash using the sha256 command-line utility included with FreeBSD.
+Here's the command to encode the s3cret password and the resulting hash.
+<code>
+# sha256 -s s3cret
+SHA256 ("s3cret") = 1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0
+</code>
+The answer to the question of host="*@*" comes down to wildcards. * is treated as a wildcard matching any possible value. In this case, any user from any host is allowed to use /oper mode and become admin provided they know the password. This is not secure, but for purposes of a home LAN, where you trust your users, it's fine.
+It would also be difficult to enforce in an environment were there are no reverse DNS lookups and IPs are handed out from a DHCP server. In other words, neither user@hostname nor user@192.168.x.x would work reliably. "user@*" could be used to give only one account the admin ability. On a home LAN, this is the best we can do.
+Other than changing the lame password, there's one more step for opers.conf, and that is to change the vhost under the OPERATOR COMPOSITION section. This is purely cosmetic, but it helps show that we pay attention to details.
+Right around line 75 of opers.conf, you'll see:
+<code>
+vhost="netadmin.omega.example.org"
+</code>
+Following the naming used in the example, change this to:
+<code>
+vhost="netadmin.beastie.home.lan"
+</code>
+If you have customized the domain names to something else, by all means use that.
 ==== motd.txt ====
@@ Line 276: / Line 386: @@
 ---
 >        email="beastie@beastie.home.lan">
+,226c225,226
+< <bind address="" port="7000,7001" type="servers">
+< <bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+---
+> #<bind address="" port="7000,7001" type="servers">
+> #<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+c278
+<          allow="203.0.113.*"
+---
+>          allow="192.168.0.*"
 c313
 <          resolvehostnames="yes"
@@ Line 284: / Line 404: @@
 ---
 >          resolvehostnames="no"
+c497
+< #<include file="opers.conf">
+---
+> <include file="opers.conf">
 c1044
 < #<include file="modules.conf">
@@ Line 307: / Line 431: @@
 a1701
 > <permchannels channel="#home" topic="Is where the <3 is.">
+</code>
+==== opers.conf ====
+This is an abreviated diff of opers.conf since most of the changes involved deleting the bottom third of the file.
+<code>
+c75
+<     vhost="netadmin.omega.example.org"
+---
+>     vhost="netadmin.beastie2.home.lan"
+,95d93
+<
+< # Operator account with a plaintext password.
+,99c95,99
+<       # name: Oper login that is used to oper up (/OPER <username> <password>).
+<       # Remember: This is case sensitive.
+<       name="Attila"
+---
+>     name="beastie"
+>     hash="sha256"
+>     password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"
+>     host="*@*"
+>     type="NetAdmin">
+,181d100
+[Not shown for brevity.]
 </code>
@@ Line 322: / Line 472: @@
   * Choose a protocol of IRC.
-  * Fill in the login, server, and password with the information you use to log into the FreeBSD server.
+  * Fill in the login and server that you use on your LAN.
-  * Check the remember password if you like, but be aware that it is saved in clear text in the %APPDATA% directory.
+  * Password is not required for IRC, and be aware that it is saved in clear text in the %APPDATA% directory if you use it.
   * The remaining tabs may be left with default settings.
@@ Line 331: / Line 481: @@
   * Choose the Buddies menu item and select Add Chat from the drop-down.
   * Make sure your IRC Account is shown at the top.
-  * Fill in the channel name.
+  * Fill in the channel name. (In the example, the permanent channel name was #home)
   * Check the box for Automatically join...
@@ Line 337: / Line 487: @@
 See this WikiHow article for a guided step-by-step with pictures: [[ https://www.wikihow.com/Automatically-Join-an-IRC-Channel-in-Pidgin ]]
+===== Thunderbird for GUI clients =====
+In addition to email, Thunderbird also has IRC capabilities. To access, find Chat on the toolbar. It's after Get Messages and Write. Click Chat.
+Unless you've set up Thunderbird as a chat client previously, you'll be looking at a message that say you haven't set up any chat accounts, and a button labeled Get Started. Click on Get Started.
+Follow the set-up wizard.
+  * Select IRC as the network.
+  * Enter your nickname and IRC server hostname (beastie.home.lan if you're following the example.)
+  * You can leave the password blank.
+  * Change the port to 6667 in the Advanced Options.
+  * Remove the check for Use SSL in the Advanced Options.
+Leave the box checked for connect Connect to This Account Now to test.
 ====== Go Forth and Conquer ======