Blame
Date:
Mon Jan 23 05:00:25 2023 UTC
Message:
Daily backup
01
2023-01-22
jrmu
version=pmwiki-2.2.130 ordered=1 urlencoded=1
02
2023-01-22
jrmu
agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:82.0) Gecko/20100101 Firefox/82.0
03
2023-01-22
jrmu
author=jrmu
04
2023-01-22
jrmu
charset=UTF-8
05
2023-01-22
jrmu
csum=
06
2023-01-22
jrmu
ctime=1597742541
07
2023-01-22
jrmu
host=198.251.81.119
08
2023-01-22
jrmu
name=Openbsd.Oidentd
09
2023-01-22
jrmu
rev=7
10
2023-01-22
jrmu
targets=Openbsd.Znc
11
2023-01-22
jrmu
text=Installing oidentd is necessary if you're providing a public bouncer. Ident helps ensure that a user of your bouncer can always be uniquely identified, making it easier to ban that user and prevent abuse.%0a%0aYou may want to consult [[https://wiki.znc.in/Identfile|znc's wiki]] as a reference.%0a%0aFirst, we install oidentd:%0a%0a[@%0a$ doas pkg_add oidentd%0a@]%0a%0aAfterwards, inside /etc/rc.local, we put the following:%0a%0a[@%0aif [ -x /usr/local/sbin/oidentd ]; then%0a echo -n ' oidentd'; /usr/local/sbin/oidentd -u _identd -g _identd%0afi%0a@]%0a%0a'''Warning''': Do not use -a :: as suggested in znc's wiki or ident will not work for IPv4.%0a%0aThis ensures that oident starts at bootup and runs as the user and group _identd.%0a%0aPut this inside /etc/oidentd.conf to spoof ident replies:%0a%0a[@%0auser "znc" {%0a default {%0a allow spoof%0a allow spoof_all%0a }%0a}%0a@]%0a%0aMake sure [[openbsd/znc|the identfile module]] is loaded on znc. %0a%0aWe need to create ~/.oidentd.conf inside the home folder for znc that oidentd will read from to spoof ident replies. This is made more tricky by the fact that znc runs inside a chroot:%0a%0a[@%0a$ doas touch /home/znc/home/znc/.oidentd.conf%0a$ doas ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf%0a$ doas chmod 664 /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf%0a$ doas chmod 755 /home/znc/ /home/znc/home /home/znc/home/znc%0a$ doas chown znc:znc /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf%0a@]%0a%0aZNC's identfile module will help write to /home/znc/home/znc/.oidentd.conf, which in turn is symlinked to /home/znc/.oidentd.conf . This latter file is what oidentd reads from. We must make sure oidentd can read the .oidentd.conf file by ensuring the permissions on each of the directories leading up the file are at least rwx--x--x.%0a%0aWhile connected to znc using an account with admin rights, send this through your IRC client:%0a%0a[@%0a/msg *status loadmod identfile%0a/msg *identfile setfile ~/.oidentd.conf%0a/msg *identfile setformat global { reply "%25user%25" }%0a@]%0a%0aThis sets the ident reply to be the username (which the user can't change), ensuring that ident replies can't be spoofed by the user.%0a%0a'''Ident Changes by Admins:'''%0a%0aAs we can see, the above command:%0a[@%0a/msg *identfile setformat global { reply "%25user%25" }%0a@]%0awon't allow user to change their ident, and there has been some recent requests on change of ident we admins are required to change it as per the user wants.%0a%0aBut, with the settings above, which reads the znc username as ident reply we can't easily change ident, and hence we used to clone the user account and change the username as their desired ident name, as a result it enforces the user to use new znc username.%0a%0aThere's an alternate way where we can fix this without tampering the username, so upon any ident change requests, we have to run the following in our irc client:%0a%0a[@%0a/msg *identfile setformat global { reply "%25ident%25" }%0a@]%0a%0aWe can then goto the requested users znc settings and change ident box contents to their desired ident for all of their networks, disconnect the user and reconnect the user. %0a%0aVoila, it reads the ident box as "ident", but, this setting alone would also allows the user to change the ident by themself (which we don't want). So, after we successfully confirmed the user's ident reply changed as their desired one. We now have to run the following command on irc-client:%0a%0a[@%0a/msg *identfile setformat global { reply "%25user%25" }%0a@]%0a%0aAfter this, '''Do Not''' restart the user. Hence the ident displays the changed one (untill there's a disconnection and reconnection), but also disallows the user to make any changes with it.%0a%0aBut, this is a temporary solution. Everytime the user gets disconnected, upon re-connection, the ident will be changed to their "username".%0a%0aNow, if a single user gets disconnected, we can use the above method to set the new ident and move on.%0aIn the case of server down or other issues, where all znc users get disconnected. We have to do the following in irc-client:%0a%0a[@%0a/msg *identfile setformat global { reply "%25ident%25" }%0a@]%0a%0aAnd '''restart znc''', make sure the idents of the users changed by checking any random user you know whom uses different username and ident,%0a%0aThis way, whatever the user placed on "ident" box would read as ident and gets displayed. %0a%0aAfterwards, the following command should be run via irc-client%0a %0a[@%0a/msg *identfile setformat global { reply "%25user%25" }%0a@]%0a%0aThis ensures the user can't change it afterwards. %0a%0a'''Note: The user must have their desired ident on their znc's identbox'''%0a%0aAs you can see, the process is pretty much manual, everytime we have a znc shutdown by any cause, we have to run the above said commands to make sure the user gets their desired ident as well as we have control over the ident.%0a%0a'''Note : If your server has very less users whom use a different ident from their username, It is advised to do manually fix theirs (individually) and restart their znc's, rather than restarting the whole znc.'''%0a%0aIf you have alternative solutions or a way to automate the process, kindly do suggest them.
12
2023-01-22
jrmu
time=1606779779
13
2023-01-22
jrmu
author:1606779779=jrmu
14
2023-01-22
jrmu
diff:1606779779:1606779395:=18,19d17%0a%3c %0a%3c '''Warning''': Do not use -a :: as suggested in znc's wiki or ident will not work for IPv4.%0a
15
2023-01-22
jrmu
host:1606779779=198.251.81.119
16
2023-01-22
jrmu
author:1606779395=jrmu
17
2023-01-22
jrmu
diff:1606779395:1602910375:=15c15%0a%3c echo -n ' oidentd'; /usr/local/sbin/oidentd -u _identd -g _identd%0a---%0a> echo -n ' oidentd'; /usr/local/sbin/oidentd -a :: -u _identd -g _identd%0a
18
2023-01-22
jrmu
host:1606779395=198.251.81.119
19
2023-01-22
jrmu
author:1602910375=siva
20
2023-01-22
jrmu
diff:1602910375:1602910131:minor=56c56%0a%3c '''Ident Changes by Admins:'''%0a---%0a> '''Ident Reply Spoof by Admins:'''%0a
21
2023-01-22
jrmu
host:1602910375=2409:4072:6e94:2ed6:2256:c056:51c1:e35b
22
2023-01-22
jrmu
author:1602910131=siva
23
2023-01-22
jrmu
csum:1602910131=Added Ident spoof by admins
24
2023-01-22
jrmu
diff:1602910131:1602910069:=
25
2023-01-22
jrmu
host:1602910131=2409:4072:6e94:2ed6:2256:c056:51c1:e35b
26
2023-01-22
jrmu
author:1602910069=siva
27
2023-01-22
jrmu
diff:1602910069:1597742593:=54,109c54%0a%3c This sets the ident reply to be the username (which the user can't change), ensuring that ident replies can't be spoofed by the user.%0a%3c %0a%3c '''Ident Reply Spoof by Admins:'''%0a%3c %0a%3c As we can see, the above command:%0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25user%25" }%0a%3c @]%0a%3c won't allow user to change their ident, and there has been some recent requests on change of ident we admins are required to change it as per the user wants.%0a%3c %0a%3c But, with the settings above, which reads the znc username as ident reply we can't easily change ident, and hence we used to clone the user account and change the username as their desired ident name, as a result it enforces the user to use new znc username.%0a%3c %0a%3c There's an alternate way where we can fix this without tampering the username, so upon any ident change requests, we have to run the following in our irc client:%0a%3c %0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25ident%25" }%0a%3c @]%0a%3c %0a%3c We can then goto the requested users znc settings and change ident box contents to their desired ident for all of their networks, disconnect the user and reconnect the user. %0a%3c %0a%3c Voila, it reads the ident box as "ident", but, this setting alone would also allows the user to change the ident by themself (which we don't want). So, after we successfully confirmed the user's ident reply changed as their desired one. We now have to run the following command on irc-client:%0a%3c %0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25user%25" }%0a%3c @]%0a%3c %0a%3c After this, '''Do Not''' restart the user. Hence the ident displays the changed one (untill there's a disconnection and reconnection), but also disallows the user to make any changes with it.%0a%3c %0a%3c But, this is a temporary solution. Everytime the user gets disconnected, upon re-connection, the ident will be changed to their "username".%0a%3c %0a%3c Now, if a single user gets disconnected, we can use the above method to set the new ident and move on.%0a%3c In the case of server down or other issues, where all znc users get disconnected. We have to do the following in irc-client:%0a%3c %0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25ident%25" }%0a%3c @]%0a%3c %0a%3c And '''restart znc''', make sure the idents of the users changed by checking any random user you know whom uses different username and ident,%0a%3c %0a%3c This way, whatever the user placed on "ident" box would read as ident and gets displayed. %0a%3c %0a%3c Afterwards, the following command should be run via irc-client%0a%3c %0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25user%25" }%0a%3c @]%0a%3c %0a%3c This ensures the user can't change it afterwards. %0a%3c %0a%3c '''Note: The user must have their desired ident on their znc's identbox'''%0a%3c %0a%3c As you can see, the process is pretty much manual, everytime we have a znc shutdown by any cause, we have to run the above said commands to make sure the user gets their desired ident as well as we have control over the ident.%0a%3c %0a%3c '''Note : If your server has very less users whom use a different ident from their username, It is advised to do manually fix theirs (individually) and restart their znc's, rather than restarting the whole znc.'''%0a%3c %0a%3c If you have alternative solutions or a way to automate the process, kindly do suggest them. %0a\ No newline at end of file%0a---%0a> This sets the ident reply to be the username (which the user can't change), ensuring that ident replies can't be spoofed by the user.%0a\ No newline at end of file%0a
28
2023-01-22
jrmu
host:1602910069=2409:4072:6e94:2ed6:2256:c056:51c1:e35b
29
2023-01-22
jrmu
author:1597742593=jrmu
30
2023-01-22
jrmu
diff:1597742593:1597742541:=7c7%0a%3c [@%0a---%0a> %3ccode>%0a9,10c9,10%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a13c13%0a%3c [@%0a---%0a> %3ccode>%0a17,18c17,18%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a23c23%0a%3c [@%0a---%0a> %3ccode>%0a30,33c30,33%0a%3c @]%0a%3c %0a%3c Make sure [[openbsd/znc|the identfile module]] is loaded on znc. %0a%3c %0a---%0a> %3c/code>%0a> %0a> Make sure [[openbsd:irc:znc|the identfile module]] is loaded on znc. %0a> %0a36c36%0a%3c [@%0a---%0a> %3ccode>%0a42,43c42,43%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a48c48%0a%3c [@%0a---%0a> %3ccode>%0a52c52%0a%3c @]%0a---%0a> %3c/code>%0a
31
2023-01-22
jrmu
host:1597742593=38.81.163.143
32
2023-01-22
jrmu
author:1597742541=jrmu
33
2023-01-22
jrmu
diff:1597742541:1597742541:=1,54d0%0a%3c Installing oidentd is necessary if you're providing a public bouncer. Ident helps ensure that a user of your bouncer can always be uniquely identified, making it easier to ban that user and prevent abuse.%0a%3c %0a%3c You may want to consult [[https://wiki.znc.in/Identfile|znc's wiki]] as a reference.%0a%3c %0a%3c First, we install oidentd:%0a%3c %0a%3c %3ccode>%0a%3c $ doas pkg_add oidentd%0a%3c %3c/code>%0a%3c %0a%3c Afterwards, inside /etc/rc.local, we put the following:%0a%3c %0a%3c %3ccode>%0a%3c if [ -x /usr/local/sbin/oidentd ]; then%0a%3c echo -n ' oidentd'; /usr/local/sbin/oidentd -a :: -u _identd -g _identd%0a%3c fi%0a%3c %3c/code>%0a%3c %0a%3c This ensures that oident starts at bootup and runs as the user and group _identd.%0a%3c %0a%3c Put this inside /etc/oidentd.conf to spoof ident replies:%0a%3c %0a%3c %3ccode>%0a%3c user "znc" {%0a%3c default {%0a%3c allow spoof%0a%3c allow spoof_all%0a%3c }%0a%3c }%0a%3c %3c/code>%0a%3c %0a%3c Make sure [[openbsd:irc:znc|the identfile module]] is loaded on znc. %0a%3c %0a%3c We need to create ~/.oidentd.conf inside the home folder for znc that oidentd will read from to spoof ident replies. This is made more tricky by the fact that znc runs inside a chroot:%0a%3c %0a%3c %3ccode>%0a%3c $ doas touch /home/znc/home/znc/.oidentd.conf%0a%3c $ doas ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf%0a%3c $ doas chmod 664 /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf%0a%3c $ doas chmod 755 /home/znc/ /home/znc/home /home/znc/home/znc%0a%3c $ doas chown znc:znc /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf%0a%3c %3c/code>%0a%3c %0a%3c ZNC's identfile module will help write to /home/znc/home/znc/.oidentd.conf, which in turn is symlinked to /home/znc/.oidentd.conf . This latter file is what oidentd reads from. We must make sure oidentd can read the .oidentd.conf file by ensuring the permissions on each of the directories leading up the file are at least rwx--x--x.%0a%3c %0a%3c While connected to znc using an account with admin rights, send this through your IRC client:%0a%3c %0a%3c %3ccode>%0a%3c /msg *status loadmod identfile%0a%3c /msg *identfile setfile ~/.oidentd.conf%0a%3c /msg *identfile setformat global { reply "%25user%25" }%0a%3c %3c/code>%0a%3c %0a%3c This sets the ident reply to be the username (which the user can't change), ensuring that ident replies can't be spoofed by the user.%0a\ No newline at end of file%0a
34
2023-01-22
jrmu
host:1597742541=38.81.163.143
IRCNow