From f36d862cfdb4ad252a692386111d9dbd45282d21 Mon Sep 17 00:00:00 2001 From: acidvegas Date: Wed, 21 Jun 2023 01:52:50 -0400 Subject: [PATCH] Non-standard ports opened, re-enabled modules that were disabled, remote conf revamped --- doc/conf/modules.conf | 33 +++++---- doc/conf/opers.conf | 42 ++++++------ doc/conf/unrealircd.hub.conf | 5 -- doc/conf/unrealircd.link.conf | 8 +-- doc/conf/unrealircd.remote.conf | 117 +++++++++++++++----------------- 5 files changed, 96 insertions(+), 109 deletions(-) diff --git a/doc/conf/modules.conf b/doc/conf/modules.conf index 6bc6af9..d04a88b 100644 --- a/doc/conf/modules.conf +++ b/doc/conf/modules.conf @@ -22,7 +22,7 @@ loadmodule "pass"; loadmodule "pingpong"; loadmodule "protoctl"; loadmodule "quit"; -#loadmodule "rules"; +loadmodule "rules"; loadmodule "topic"; loadmodule "user"; loadmodule "userhost"; @@ -84,7 +84,6 @@ loadmodule "creationtime"; loadmodule "eos"; loadmodule "md"; loadmodule "netinfo"; -#loadmodule "require-module"; loadmodule "server"; loadmodule "sinfo"; loadmodule "sjoin"; @@ -99,7 +98,7 @@ loadmodule "sendsno"; loadmodule "sendumode"; loadmodule "svsjoin"; loadmodule "svskill"; -#loadmodule "svslogin"; +loadmodule "svslogin"; loadmodule "svslusers"; loadmodule "svsmode"; loadmodule "svsmotd"; @@ -149,7 +148,7 @@ loadmodule "chanmodes/topiclimit"; /* +t */ // User Modes loadmodule "usermodes/bot"; /* +B */ -#loadmodule "usermodes/censor"; /* +G */ +loadmodule "usermodes/censor"; /* +G */ loadmodule "usermodes/noctcp"; /* +T */ loadmodule "usermodes/nokick"; /* +q */ loadmodule "usermodes/privacy"; /* +p */ @@ -168,11 +167,11 @@ loadmodule "extbans/flood"; /* +e ~flood */ loadmodule "extbans/inchannel"; /* +b ~channel */ loadmodule "extbans/join"; /* +b ~join */ loadmodule "extbans/msgbypass"; /* +e ~msgbypass */ -#loadmodule "extbans/nickchange"; /* +b ~nickchange */ +loadmodule "extbans/nickchange"; /* +b ~nickchange */ #loadmodule "extbans/operclass"; /* +b ~operclass */ #loadmodule "extbans/partmsg"; /* +b ~partmsg */ loadmodule "extbans/quiet"; /* +b ~quiet */ -#loadmodule "extbans/realname"; /* +b ~realname */ +loadmodule "extbans/realname"; /* +b ~realname */ loadmodule "extbans/textban"; /* +b ~text */ loadmodule "extbans/timedban"; /* +b ~time */ loadmodule "extbans/securitygroup"; /* +b ~security-group */ @@ -200,17 +199,17 @@ loadmodule "sts"; loadmodule "typing-indicator"; // RPC -loadmodule "rpc/rpc"; -loadmodule "rpc/stats"; -loadmodule "rpc/user"; -loadmodule "rpc/server"; -loadmodule "rpc/channel"; -loadmodule "rpc/server_ban"; -loadmodule "rpc/server_ban_exception"; -loadmodule "rpc/name_ban"; -loadmodule "rpc/spamfilter"; -loadmodule "rpc/log"; -loadmodule "rpc/whowas"; +#loadmodule "rpc/rpc"; +#loadmodule "rpc/stats"; +#loadmodule "rpc/user"; +#loadmodule "rpc/server"; +#loadmodule "rpc/channel"; +#loadmodule "rpc/server_ban"; +#loadmodule "rpc/server_ban_exception"; +#loadmodule "rpc/name_ban"; +#loadmodule "rpc/spamfilter"; +#loadmodule "rpc/log"; +#loadmodule "rpc/whowas"; // Other loadmodule "antimixedutf8"; diff --git a/doc/conf/opers.conf b/doc/conf/opers.conf index 2f0ce0b..d0c5346 100644 --- a/doc/conf/opers.conf +++ b/doc/conf/opers.conf @@ -1,11 +1,10 @@ oper acidvegas { auto-login yes; - mask { certfp "REDACTED"; }; - class clients; + class local; + mask { certfp "REDACTED"; } + maxlogins 1; operclass netadmin; require-modes z; - maxlogins 1; - vhost most.dangerous.motherfuck; swhois "1,1 1,5 1,1 "; swhois "1,1 1,5 1,7 1,5 1,7 1,5 1,1 "; swhois "1,1 1,5 1,7 1,5 1,7 1,5 1,7 1,5 1,1 0 1 "; @@ -65,44 +64,49 @@ oper acidvegas { swhois "1,1 1,5 1,7 1,5 1,1 "; swhois "1,1 1,5 1,7 1,5 1,1 "; swhois "1,1 1,5 1,1 "; + vhost most.dangerous.motherfuck; } #oper mate { -# class clients; -# mask localhost; -# password "REDACTED" { sslclientcertfp; } +# auto-login yes; +# class local; +# mask { certfp "REDACTED"; } +# maxlogins 1; # operclass mate; # require-modes z; -# maxlogins 1; # vhost super.nets.link; #} oper 5000 { - class clients; - mask localhost; - password "REDACTED"; + auto-login yes; + class local; + mask { account FUCKYOU; } + maxlogins 1; + modes BdD; operclass fuckyou; require-modes z; - maxlogins 1; vhost 5000; } oper cancer { - class clients; - mask localhost; - password "REDACTED"; + auto-login yes; + class local; + mask { account CANCER; } + maxlogins 1; + modes BdD; operclass cancer; require-modes z; - maxlogins 1; vhost RETTE; } oper phalanx { - class clients; + auto-login yes; + class local; mask localhost; - password 'REDACTED'; - operclass phalanx; maxlogins 5000; + modes BdD; + operclass phalanx; + password 'REDACTED'; vhost R; } diff --git a/doc/conf/unrealircd.hub.conf b/doc/conf/unrealircd.hub.conf index 95b54b2..d08245c 100644 --- a/doc/conf/unrealircd.hub.conf +++ b/doc/conf/unrealircd.hub.conf @@ -22,11 +22,6 @@ log { destination { file "ircd.log" { maxsize 1M; } } } -log { - source { antimixedutf8; antirandom; flood; oper; } - destination { channel "#services"; } -} - ulines { services.supernets.org; } set { diff --git a/doc/conf/unrealircd.link.conf b/doc/conf/unrealircd.link.conf index 8df63db..5226bba 100644 --- a/doc/conf/unrealircd.link.conf +++ b/doc/conf/unrealircd.link.conf @@ -11,8 +11,8 @@ listen { port 6697; options { clientsonly; tls; } tls-options { - certificate "/etc/letsencrypt/live/irc.supernets.org/fullchain.pem"; - key "/etc/letsencrypt/live/irc.supernets.org/privkey.pem"; + certificate "tls/irc.crt"; + key "tls/irc.key"; } } listen { @@ -20,7 +20,7 @@ listen { port 9000; options { clientsonly; tls; } tls-options { - certificate "/etc/letsencrypt/live/irc.supernets.org/fullchain.pem"; - key "/etc/letsencrypt/live/irc.supernets.org/privkey.pem"; + certificate "tls/irc.crt"; + key "tls/irc.key"; } } \ No newline at end of file diff --git a/doc/conf/unrealircd.remote.conf b/doc/conf/unrealircd.remote.conf index 88b5626..331021c 100644 --- a/doc/conf/unrealircd.remote.conf +++ b/doc/conf/unrealircd.remote.conf @@ -19,17 +19,24 @@ alias ns { target nickserv; type services; } alias operserv { type services; } alias os { target operserv; type services; } -class clients { pingfreq 120; maxclients 100; sendq 1M; options { nofakelag; } } -class local { pingfreq 300; maxclients 1000; sendq 5M; options { nofakelag; } } -class servers { pingfreq 120; maxclients 10; sendq 1M; connfreq 30; } +class clients { pingfreq 120; maxclients 100; sendq 1M; options { nofakelag; } } +class known { pingfreq 120; maxclients 250; sendq 5M; options { nofakelag; } } +class local { pingfreq 300; maxclients 1000; sendq 10M; options { nofakelag; } } +class servers { pingfreq 120; maxclients 10; sendq 50M; connfreq 15; } -allow { mask *; class clients; maxperip 2; global-maxperip 2; } -allow { mask 127.0.0.1; class local; maxperip 1000; global-maxperip 1000; } +allow { mask *; class clients; maxperip 2; global-maxperip 2; } +allow { mask { security-group known-users; } class known; maxperip 3; global-maxperip 3; } +allow { mask { 127.0.0.1; ::1; } class local; maxperip 1000; global-maxperip 1000; password "simpsonsfan"; } listen { ip *; port 6660–6669; options { clientsonly; } } listen { ip *; port 7000; options { clientsonly; } } listen { ip *; port REDACTED; options { serversonly; tls; } } +#require authentication { +# mask { ip *; } +# reason "$VOID"; +#} + deny channel { channel "#help"; reason "This channel has moved to #superbowl"; redirect "#superbowl"; } deny channel { channel "#mensa"; reason "This channel has been closed"; redirect "#superbowl"; } deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange"; redirect "#exchange"; } @@ -52,8 +59,8 @@ log { } log { - source { antimixedutf8; antirandom; flood; oper; } - destination { channel "#services"; } + source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; } + destination { channel "#syslog"; } } tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } } @@ -105,22 +112,20 @@ set { restrict-channelmodes "nLpPs"; restrict-commands { channel-message { except { connect-time 5; identified yes; reputation-score 100; } } - channel-notice { except { connect-time 30; identified yes; reputation-score 100; } } + channel-notice { except { connect-time 15; identified yes; reputation-score 100; } } invite { except { connect-time 300; identified yes; reputation-score 100; } } join { except { connect-time 5; identified yes; reputation-score 100; } } list { except { connect-time 5; identified yes; reputation-score 100; } } private-message { except { connect-time 300; identified yes; reputation-score 100; } } private-notice { except { connect-time 300; identified yes; reputation-score 100; } } } - auto-join "#superbowl"; - oper-auto-join "#services"; - static-quit "EMO-QUIT"; - static-part "EMO-PART"; + oper-auto-join "#syslog"; + who-limit 0; nick-length 20; maxchannelsperuser 10; channel-command-prefix "`!@$."; - ban-setter nick; topic-setter nick; + ban-setter nick; options { hide-ulines; flat-map; identd-check; } network-name "SuperNETs"; default-server "irc.supernets.org"; @@ -134,6 +139,9 @@ set { "REDACTED"; } cloak-prefix "SUPER"; + #tls { + # options { fail-if-no-clientcert; } + #} plaintext-policy { user warn; oper deny; @@ -150,49 +158,33 @@ set { } anti-flood { channel { - profile defcon { flood-mode "[10j#R5,200m#M5,10n#N5]:15"; } + profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; } boot-delay 75; split-delay 75; } everyone { - connect-flood 3:300; + away-flood 3:300; + invite-flood 3:300; + knock-flood 3:300; handshake-data-flood { amount 4k; ban-action gzline; ban-time 1h; } - target-flood { - channel-notice 15:5; - channel-privmsg 45:5; - channel-tagmsg 15:5; - private-notice 10:5; - private-privmsg 30:5; - private-tagmsg 10:5; - } } known-users { - away-flood 3:300; - invite-flood 3:300; - join-flood 3:300; - knock-flood 3:300; - nick-flood 3:300; - max-concurrent-conversations { - users 5; - new-user-every 60s; - } + connect-flood 10:300; + join-flood 10:300; + nick-flood 10:300; + max-concurrent-conversations { users 5; new-user-every 60s; } lag-penalty 10; # update? lag-penalty-bytes 0; } unknown-users { - away-flood 3:300; - invite-flood 3:300; - join-flood 3:300; - knock-flood 3:300; - nick-flood 3:300; - max-concurrent-conversations { - users 3; - new-user-every 60s; - } + connect-flood 3:300; + join-flood 3:300; + nick-flood 3:300; + max-concurrent-conversations { users 2; new-user-every 120s; } lag-penalty 1000; lag-penalty-bytes 90; } @@ -200,8 +192,9 @@ set { default-bantime 30d; modef-default-unsettime 5; spamfilter { - ban-time 1d; + ban-time 30d; ban-reason "$VOID"; + utf8 yes; except "#anythinggoes"; } max-targets-per-command { kick 1; part 1; privmsg 1; } @@ -220,9 +213,9 @@ set { ban-reason "$VOID"; } connthrottle { - except { reputation-score 100; identified yes; webirc yes; } - new-users { local-throttle 20:60; global-throttle 30:60; } - disabled-when { reputation-gathering 1w; start-delay 3m; } + except { reputation-score 100; identified yes; webirc yes; } + new-users { local-throttle 20:60; global-throttle 30:60; } + disabled-when { reputation-gathering 1w; start-delay 3m; } reason "$VOID"; } history { @@ -234,29 +227,25 @@ set { } } } + manual-ban-target ip; hide-idle-time { policy always; } whois-details { - account { everyone full; } - away { everyone full; } - basic { everyone full; } - bot { everyone full; } - certfp { everyone full; } - channels { everyone none; self full; oper full; } - geo { everyone none; } - idle { everyone none; } - modes { everyone none; self full; oper full; } - oper { everyone limited; self full; oper full; } - realhost { everyone none; self full; oper full; } - registered-nick { everyone full; } - reputation { everyone full; } - secure { everyone limited; self full; oper full; } - server { everyone full; } - services { everyone full; } - shunned { everyone none; self none; oper full; } - swhois { everyone full; } + channels { everyone none; self full; oper full; } + reputation { everyone full; } + server { everyone none; self full; oper full; } + swhois { everyone full; } } } +set known-users { + auto-join "#superbowl"; +} + +set unknown-users { + static-quit "EMO-QUIT"; + static-part "EMO-PART"; +} + hideserver { disable-map yes; disable-links yes; @@ -266,5 +255,5 @@ hideserver { security-group known-users { identified yes; - reputation-score 100; + reputation-score 10000; } \ No newline at end of file