UnrealIRCd 基础5
UnrealIRCd 基础5
franket
发布于 2021-11-29 17:57:13
发布于 2021-11-29 17:57:13
代码可运行
运行总次数:0
代码可运行
再次运行
[root@h104 unrealircd-4.0.2]# ./Config
_ _ _ ___________ _____ _
| | | | | |_ _| ___ \/ __ \ | |
| | | |_ __ _ __ ___ __ _| | | | | |_/ /| / \/ __| |
| | | | '_ \| '__/ _ \/ _ | | | | | / | | / _ |
| |_| | | | | | | __/ (_| | |_| |_| |\ \ | \__/\ (_| |
\___/|_| |_|_| \___|\__,_|_|\___/\_| \_| \____/\__,_|
Configuration Program
for UnrealIRCd 4.0.2
This program will help you to compile your IRC server, and ask you
questions regarding the compile-time settings of it during the process.
regarding the setup of it, during the process.
A short installation guide is available online at:
https://www.unrealircd.org/docs/Installing_from_source
Full documentation is available at:
https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
[Enter to continue]
UnrealIRCd 4.0.2 Release Notes
===============================
UnrealIRCd 4 is here!
We have been working hard over the past few years to replace the successful
3.2.x series with a more modern code base. At the same time we have been
incorporating requests from our bug tracker, ideas from ourselves and
many suggestions that came up during the UnrealIRCd survey from Q4 2013.
After 4 alpha versions, 4 beta's and 6 release candidates we are proud to
finally present you the first stable release of UnrealIRCd 4.
UnrealIRCd is far more modular and configurable than before. For a brief
overview of what's new in UnrealIRCd 4 have a look at:
https://www.unrealircd.org/docs/What's_new_in_UnrealIRCd_4
==[ DOCUMENTATION ]==
All documentation has been moved to our wiki:
* Documentation: https://www.unrealircd.org/docs/
* FAQ: https://www.unrealircd.org/docs/FAQ
Be sure not to use any other (older) documentation as it isn't fully
compatible with UnrealIRCd 4. In particular, do NOT use unreal32docs*html.
==[ UPGRADING FROM 3.2.x ]==
If you are upgrading from 3.2.x then there are three important things to know:
1) NEW FILE LOCATIONS
In UnrealIRCd 4 the location of the configuration files and other files have
been changed. On *NIX the directory where you compile the IRCd from
(previously 'Unreal3.2.X', now 'unrealircd-4.0.X') is no longer the same as
the directory where the IRCd will be running from.
By default the IRCd is installed to /home/yourusername/unrealircd on *NIX
On Windows UnrealIRCd will install to C:\Program Files (x86\UnrealIRCd 4
The new directory structure is as follows (both on Windows and *NIX):
conf/ contains all configuration files
logs/ for log files
modules/ all modules (.so files on *NIX, .dll files on Windows)
2) CONFIGURATION FILE CHANGES
There have also been changes in various configuration blocks and settings.
Don't worry, UnrealIRCd can convert your existing 3.2.x configuration files
to UnrealIRCd 4 format. There's no need to start from scratch.
Please read https://www.unrealircd.org/docs/Upgrading_from_3.2.x !!
3) THIRD PARTY MODULES
If you are using 3rd party modules then they will need an update to run on
UnrealIRCd 4. Due to the many core changes in UnrealIRCd 4 it was simply
impossible to make 3.2.x modules work out-of-the-box on 4.x.
Contact your developer for a new version or ask on our Modules forum where
someone may be kind enough to convert the module for you if you ask nicely:
https://forums.unrealircd.org/viewforum.php?f=52
==[ RUNNING A MIXED 3.2.X / 4.X NETWORK ]==
You can run a mixed 3.2.x <-> 4.x network if you a follow a few simple rules:
https://www.unrealircd.org/docs/Running_a_mixed_UnrealIRCd_3.2_and_UnrealIRCd_4_network
==[ END OF THE 3.2.X SERIES ]==
With the release of UnrealIRCd 4 we are deprecating the previous series.
All support for the 3.2.x series will stop after December 31, 2016.
See https://www.unrealircd.org/docs/UnrealIRCd_3.2.x_deprecated
==[ SUPPORT ]==
Before you seek support, please check our Frequently Asked Questions:
https://www.unrealircd.org/docs/FAQ
For support you have two choices:
* Forums: https://forums.unrealircd.org/
* IRC: irc.unrealircd.org / #unreal-support
==[ CHANGES BETWEEN 4.0.1 AND 4.0.2 ]==
The 4.0.2 release comes with the following new features:
* Ability to hide quit messages from *LINEd users (set::hide-ban-reason)
* Blacklist hits are now sent to new snomask +b rather than all ircops
Major issues fixed:
* None
Minor issues fixed:
* prefix-quit was not working
* FreeBSD: fix kevent bug flood in error log
* Incorrect server description in /LINKS
* Logging to syslog was broken
* OS X: Update ./Config to use Homebrew OpenSSL by default
* Don't show UID to client in case of a SVSMODE
==[ CHANGES BETWEEN 4.0.0 AND 4.0.1 ]==
The 4.0.1 release comes with the following minor improvements:
* The blacklist module now supports %ip (=banned IP) in blacklist::reason.
* *NIX: You can use cron again, see https://www.unrealircd.org/docs/Cron_job
* /MODULE now lists only 3rd party modules by default so you don't get flooded.
* *NIX: Added './unrealircd reloadtls' to reload TLS certificate and keys.
Major issue fixed:
* Crash if you removed a listen { } block with active clients on that port
* MODEs set by a server (not by a user) were not always propagated
correctly accross the network. In practice this only affected /SAMODE
and possibly some services that don't send MODEs from ChanServ/BotServ.
Minor issues fixed:
* When doing /LIST under mIRC it would hide empty +P channels.
* Servers wouldn't link if link::outgoing::hostname was a CNAME.
* SSL Certificate fingerprint not communicated properly to servers/services.
* *NIX: ./unrealircd [stop|rehash] failed if not installed to ~/unrealircd.
* Windows: IRCd could crash after showing the config error screen on startup.
==[ CHANGES BETWEEN 3.2.X AND 4.X ]==
Below is a summary of the changes between UnrealIRCd 3.2.x and UnrealIRCd 4.
For a complete list of all 1100+ changes you can use 'git log' or have a
look at: https://github.com/unrealircd/unrealircd/commits/unreal40
==[ NEW ]==
* We moved a lot of functionality, including most channel modes, user
modes and all extended bans into 138 separate modules.
This makes it...
A) possible to fully customize what exact functionality you want to load.
You could even strip down UnrealIRCd to get something close to the
basic RFC1459 features from the 1990s. (No idea why you would want
that, but it's possible)
B) easier for coders to see all source code related to a specific feature
C) possible to fix bugs and just reload rather than restart the IRCd.
Have a look at modules.default.conf which contains the "default" set of
modules that you can load if you just want to load all functionality.
If you want to customize the list of modules to load then simply make
a copy of that file, give it a different name, and include that one
instead. Since the file is fully documented, you can just comment out
or delete the loadmodule lines of things you don't want to load.
* Oper permissions have changed completely: [A4+]
* All previous oper levels/ranks no longer exist (Netadmin, Admin, ..)
* oper::flags has been removed. Instead you must specify an operclass
in oper::operclass (for example, 'operclass netadmin').
* In operclass block(s) you define the privileges. You can now control
exactly what an IRCOp can and cannot do.
Have a look at operclass.default.conf which ships with UnrealIRCd,
it contains a number of default operclass blocks suitable for the
most common situations. See also the operclass block documentation:
https://www.unrealircd.org/docs/Operclass_block
* If you ask UnrealIRCd to convert your 3.2.x configuration file then
it will try to select a suitable operclass for the oper. This will
not always 100% match your current oper block rights, though.
* Channel Mode +A (Admin Only) has been removed. You can use the new
extended ban ~O:<operclass>. This allows you to, for example, create
an operclass 'netadmin' only channel: /MODE #chan +iI ~O:netadmin*
* set::hosts has been removed, use oper::vhost instead.
* Since oper levels have been removed you no longer see things like
"OperX is a Network Administrator" in /WHOIS by default.
If you want that, then you can set oper::swhois to
"is a Network Administrator" (or any other text).
* Entirely rewritten I/O and event loop. This allows the IRCd to scale
more easily to tens of thousands of clients by using kernel-evented I/O
mechanisms such as epoll and kqueue.
* Memory pooling has been added to improve memory allocation efficiency
and performance.
* On-connect DNSBL/RBL checking via the new blacklist block. [B1]
* The Windows version now has IPv6 support too. [B3]
* On all OS's we compile with IPv6 support enabled. You can still
disable IPv6 at runtime by setting set::options::disable-ipv6. [B3]
* The local nickname length can be modified without recompiling the IRCd
* Channel Mode +d: This will hide joins/parts for users who don't say
anything in a channel. Whenever a user speaks for the first time they
will appear to join. Chanops will still see everyone joining normally
as if there was no +d set.
* If you connect with SSL/TLS with a client certificate then your SSL
Fingerprint (SHA256 hash) can be seen by yourself and others through
/WHOIS. The fingerprint is also shared with all servers on the network.
* ExtBan ~S:<certificate fingerprint> for ban exceptions / invex. This
can be used like +iI ~S:000000000etc.
* bcrypt has been added as a password hashing algorithm and is now the
preferred algorithm [A3]
* './unreal mkpasswd' will now prompt you for the password to hash [A3]
* Protection against SSL renegotiation attacks [A3]
* When you link two servers the current timestamp is exchanged. If the
time differs more than 60 seconds then servers won't link and it will
show a message that you should fix your clock(s). This requires
version alpha3 (or later) on both ends of the link [A3]
* Configuration file converter that will upgrade your 3.2.x conf to 4.x.
On *NIX run './unreal upgrade-conf'. On Windows simply try to boot and
after the config errors screen UnrealIRCd offers the conversion. [A3]
* The IRCd can now better handle unknown channel modes which expect a
parameter. This can be useful in a scenario where you are slowly
upgrading all your servers.
* If you want to unset a vhost but keep cloaked then use /MODE yournick -t
* A "crash reporter" was added. When UnrealIRCd is started it will check
if a previous UnrealIRCd instance crashed and (after booting a new
instance) it will spit out a report and ask if you want to submit it
to the UnrealIRCd developers. Doing so will help us a lot as many bugs
are often not reported. Note that UnrealIRCd will always ask before
sending any information and never do so automatically. [B3]
* SSL: Support for ECDHE has been added to provide "forward secrecy". [B4]
==[ CHANGED ]==
* Numerics have been removed. Instead we now use SIDs (Server ID's) and
UIDs (User ID's). SIDs work very similar to server numerics and UIDs
help us to fix a number of lag-related race conditions / bugs.
* The module commands.so / commands.dll has been removed. All commands
(those that are modular) are now in their own module.
* Self-signed certificates are now generated using 4096 bits, a SHA256
hash and validity of 10 years. [A2]
* Building with SSL (OpenSSL) is now mandatory [A2]
* The link { } block has been restructured, see
https://www.unrealircd.org/docs/Upgrading_from_3.2.x#Link_block [A3]
* Better yet, check out our secure server linking tutorial:
https://www.unrealircd.org/docs/Tutorial:_Linking_servers
* If you have no set::throttle block you now get a default of 3:60 [A3]
* password entries in the conf no longer require specifying an auth-type
like password "..." { md5; };. UnrealIRCd will now auto-detect. [A3]
* You will now see a warning when you link to a non-SSL server. [A3]
* Previously we used POSIX Regular expressions in spamfilters and at
some other places. We have now moved to PCRE Regular expressions.
They look very similar, but PCRE is a lot faster.
For backwards-compatibility we still compile with both regex engines. [A3]
* Spamfilter command syntax has been changed, it now has an extra option
to indicate the matching method:
/SPAMFILTER [add|del|remove|+|-] [method] [type] ....
Where 'method' can be one of:
* -regex: this is the new fast PCRE2 regex engine
* -simple: supports just strings and ? and * wildcards (super fast)
* -posix: the old regex engine for compatibility with 3.2.x. [A3]
* If you have both 3.2.x and 4.x servers on your network then the
4.x server will only send spamfilters of type 'posix' to the 3.2.x
servers because 3.2.x servers don't support the other two types.
So in a mixed network you probably want to keep using 'posix' for
a while until all your servers are running UnrealIRCd 4. [A3]
* set::oper-only-stats now defaults to "*"
* oper::from::userhost and vhost::from::userhost are now called
oper::mask and vhost::mask. The usermask@ part is now optional and
it supports two syntaxes. For one entry you can use: mask 1.2.3.*;
For multiple entries the syntax is: mask { 192.168.*; 10.*; };
* Because having both allow::ip and allow::hostname in the same allow
block was highly confusing (it was an OR-match) you must now choose
between either allow::ip OR allow::hostname. [A3]
* cgiirc block is renamed to webirc and the syntax has changed [A4]
* set::pingpong-warning is removed, warning always off now [A4]
* More helpful configuration file parse error messages [A4]
* You can use '/OPER username' without password if you use SSL
certificate (fingerprint) authentication. The same is true for
'/VHOST username'. [A4]
* You must now always use 'make install' on *NIX [A4]
* Changed (default) directory structure entirely, see the section
titled 'CONFIGURATION CHANGES' about 100 lines up. [A4]
* badword quit { } is removed, we use badword channel for it. [A4]
* badwords.*.conf is now just one badwords.conf
* To load all default modules you now include modules.default.conf.
This file was called modules.conf in earlier alpha's.
The file has been split up in sections and a lot of comments have
been added to aid the user in deciding whether to load or not to
load each module. [A4]
* Snomask +s is now (always) IRCOp-only. [A4]
* Previously there was little logic behind what modes halfops could
set. Now the idea is as follows: halfops should be able to help out
in case of a flood but not be able to change any 'policy decission
modes' such as +G, +S, +c, +s. Due to this change halfops can now
set modes +beiklmntIMKNCR (was: +beikmntI). [A4]
* If no link::hub or link::leaf is specified then assume hub "*". [B1]
* SWHOIS (Special whois title) has been extended in a number of ways:
* We now "track" who or what set an swhois. This allows us to
remove the swhois received via oper/vhost on de-oper/de-vhost.
* You can now have multiple swhois lines
* Multiple oper::swhois and vhost::swhois items are supported. [B1]
* When trying to link two servers without link::outgoing::options::ssl
(which is not recommended) we try to use STARTTLS in order to
'upgrade' the connection to use SSL/TLS anyway. This can be disabled
via link::outgoing::options::insecure. [B2]
* SSLv3 has now been disabled for security. This also means you can only
link UnrealIRCd 4 with 3.2.10.3 and later because earlier versions
used SSLv3 instead of TLS due to an OpenSSL API mistake. [B4]
==[ MODULE CODERS / DEVELOPERS ]==
* A lot of technical documentation for module coders has been added
at https://www.unrealircd.org/docs/ describing things like how to
write a module from scratch, the User & Channel Mode System, Commands,
Command Overrides, Hooks, attaching custom-data to users/channels,
and more. [A2+]
* For commands: do not read from parv[0] anymore, doing so will lead
to a crash. Use sptr->name instead. This change is necessary as
the "name" in parv[0] could possibly point to a UID/SID rather than
a nick name. Thus, if you would send parv[0] to a non-UID or non-SID
capable server this would lead to serious issues (not found errors).
* Added MOD_OPT_PERM_RELOADABLE which permits reloading (eg: upgrades)
but disallows unloading of a module [A3]
* There have been *a lot* of source code cleanups (ALL)
* We now use the information from PROTOCTL CHANMODES= for parameter
skipping if the channel mode is unknown. Also, when channel modes
are loaded or unloaded we re-broadcast PROTOCTL CHANMODES=. [B1]
* The server protocol docs have been removed. The protocol is now
documented at https://www.unrealircd.org/docs/Server_protocol
See also https://www.unrealircd.org/docs/Server_protocol:Changes
for a list of changes between the 3.2 and 4.0 server protocol.
* GCC typechecking has been added to make sure your HookAdd... calls
are adding hook functions with the correct parameter (types).
==[ REMOVED / DROPPED ]==
* Numeric server IDs, see above. [A1]
* PROTOCTL TOKEN and SJB64 are no longer implemented. [A1]
* Ziplinks have been removed. [A1]
* WebTV support. [A3]
* Channel Mode +j was removed and replaced by the configuration setting
set::anti-flood::join-flood (default: 3 per 90 seconds). [B1]
* /CHATOPS: use /GLOBOPS instead which does the same
/ADCHAT & /NACHAT: gone as we don't have such oper levels anymore
Your opers should actually be in an #opers channel. If you also want
special classes of oper channels like #admins then use +iI ~O:*admin*
* User modes:
* +N (Network Administrator): see 'Oper permissions' under NEW as for why
* +a (Services Administrator): same
* +A (Server Administrator: same
* +C (Co Administrator): same
* +O (Local IRC Operator): same
* +h (HelpOp): all this did was add a line "is available for help" in
WHOIS. You can use a vhost block with vhost::swhois as a replacement
or for opers just add an oper::swhois item.
* +g (failops): we already have snomasks and the +o usermode for this
* +v (receive infected DCC SEND rejection notices): moved to snomask +D
[Enter to continue]
We will now ask you a number of questions.
You can just press ENTER to accept the defaults!
In what directory do you want to install UnrealIRCd?
(Note: UnrealIRCd 4 will need to be installed somewhere.
If this directory does not exist it will be created.)
[/root/unrealircd] ->
What should the default permissions for your configuration files be? (Set this to 0 to disable)
It is strongly recommended that you use 0600 to prevent unwanted reading of the file
[0600] ->
If you know the path to OpenSSL on your system, enter it here. If not
leave this blank (in most cases it will be detected automatically).
[] ->
Do you want to enable remote includes?
This allows stuff like this in your configuration file:
include "http://www.somesite.org/files/opers.conf";
[No] ->
Do you want to enable prefixes for chanadmin and chanowner?
This will give +a the & prefix and ~ for +q (just like +o is @)
Supported by the major clients (mIRC, xchat, epic, eggdrop, Klient,
PJIRC, irssi, CGI:IRC, etc.)
This feature should be enabled/disabled network-wide.
[Yes] ->
How far back do you want to keep the nickname history?
[2000] ->
What is the maximum sendq length you wish to have?
[3000000] ->
How many file descriptors (or sockets) can the IRCd use?
[1024] ->
Would you like to pass any custom parameters to configure?
See `./configure --help' and write them here:
[] ->
./configure --with-showlistmodes --enable-ssl --with-bindir=/root/unrealircd/bin --with-datadir=/root/unrealircd/data --with-pidfile=/root/unrealircd/data/unrealircd.pid --with-confdir=/root/unrealircd/conf --with-modulesdir=/root/unrealircd/modules --with-logdir=/root/unrealircd/logs --with-cachedir=/root/unrealircd/cache --with-docdir=/root/unrealircd/doc --with-tmpdir=/root/unrealircd/tmp --with-scriptdir=/root/unrealircd --with-nick-history=2000 --with-sendq=3000000 --with-permissions=0600 --with-fd-setsize=1024 --enable-dynamic-linking
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking if gcc has a working -pipe... yes
checking for rm... /usr/bin/rm
checking for cp... /usr/bin/cp
checking for touch... /usr/bin/touch
checking for openssl... /usr/bin/openssl
checking for install... /usr/bin/install
checking for gmake... gmake
...
...
Configuration summary
=====================
TRE is now configured as follows:
* Compilation environment
CC = gcc
CFLAGS = -g -O2 -Wall
CPP = gcc -E
CPPFLAGS =
LD = /usr/bin/ld -m elf_x86_64
LDFLAGS =
LIBS =
Use alloca(): yes
* TRE options
Development-time debugging: no
System regex ABI compatibility: no
Wide character (wchar_t) support: no (disabled with --disable-wchar)
Multibyte character set support: no (disabled with --disable-multibyte)
Approximate matching support: yes
Build and install agrep: no
...
...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/modules/Makefile
config.status: creating src/modules/chanmodes/Makefile
config.status: creating src/modules/usermodes/Makefile
config.status: creating src/modules/snomasks/Makefile
config.status: creating src/modules/extbans/Makefile
config.status: creating src/modules/third/Makefile
config.status: creating unrealircd
config.status: creating include/setup.h
Do you want to generate an SSL certificate for the IRCd?
Only answer No if you already have one.
[Yes] -> Yes
Generating certificate request ..
/usr/bin/openssl req -new \
-config src/ssl.cnf -sha256 -out server.req.pem \
-keyout server.key.pem -nodes
Generating a 4096 bit RSA private key
...........................++
............++
writing new private key to 'server.key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name [US]:CN
State/Province [New York]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [IRC geeks]:havefun
Organizational Unit Name (eg, section) [IRCd]:IRCd
Common Name (Full domain of your server) []:h104.example.com
Generating self-signed certificate ..
/usr/bin/openssl req -x509 -days 3650 -sha256 -in server.req.pem \
-key server.key.pem -out server.cert.pem
Generating fingerprint ..
/usr/bin/openssl x509 -subject -dates -sha256 -fingerprint -noout \
-in server.cert.pem
subject= /C=CN/ST=Shanghai/L=Shanghai/O=havefun/OU=IRCd/CN=h104.example.com
notBefore=Mar 21 14:20:53 2016 GMT
notAfter=Mar 19 14:20:53 2026 GMT
SHA256 Fingerprint=05:CD:52:91:5B:22:67:D4:65:8A:06:1A:87:EF:D1:6B:9A:08:9E:FA:F4:B7:C4:43:04:C3:2D:C2:98:37:B6:31
Setting o-rwx & g-rwx for files...
chmod o-rwx server.req.pem server.key.pem server.cert.pem
chmod g-rwx server.req.pem server.key.pem server.cert.pem
Done!. If you want to encrypt the private key, run
make encpem
Certificate created successfully.
_______________________________________________________________________
| |
| UnrealIRCd Compile-Time Config |
|_______________________________________________________________________|
|_______________________________________________________________________|
| |
| Now all you have to do is type 'make' and let it compile. When that's |
| done, you will receive other instructions on what to do next. |
| |
|_______________________________________________________________________|
|_______________________________________________________________________|
| - The UnrealIRCd Team - |
| |
| * Bram Matthys (Syzop) syzop@unrealircd.org |
| * Travis McArthur (Heero) heero@unrealircd.org |
|_______________________________________________________________________|
[root@h104 unrealircd-4.0.2]# echo $?
0
[root@h104 unrealircd-4.0.2]# 本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
腾讯云开发者
