Never Ending Security

It starts all here

Set up a secure IRC with SSL, PAM auth and crypted salted passwords

ngircd with pam and ssl (strong ciphers)

– ngircd source – v21 minimal
– install libpam-passwd , libpam-dev and apache-utils (for htpasswd)

./configure –with=pam –with-openssl;make;make install
– create /etc/pam.d/ngircd:

auth required pam_pwdfile.so pwdfile=/usr/local/etc/ngircd.passwd
– create password file with crypt function and salt (!) as discussed here http://viki.brainsware.org/?en/Virtual_Users_simple – NOTICE!! crypt() alone is insecure – you need to use that perl function to create crypt() passwords with a salt, I have not found a stronger hash function that works with Ngircd
– fix ngircd.conf with

PAM = yes
PAMIsOptional = no
– enable SSL and allow default strong ciphers (CipherList = HIGH:!aNULL:@STRENGTH)
– start ngircd and check /var/log/syslog and /var/log/auth.log
Sample config:

[Global]
Name = hodor.pragmasec.nl
AdminInfo1 = Description
AdminInfo2 = Location
AdminEMail = admin@irc.server
;HelpFile = /usr/local/share/doc/ngircd/Commands.txt
Info = PragmaSEC IRC
Listen = 0.0.0.0
MotdPhrase = “Welcome to the PragmaSEC IRC server”
# Global password for all users needed to connect to the server.
# (Default: not set)
;Password = abc
PidFile = /var/run/ngircd/ngircd.pid
ServerGID = irc
ServerUID = irc
[Limits]
ConnectRetry = 60
IdleTimeout = 60
MaxConnections = 500
MaxConnectionsIP = 10
MaxJoins = 10
MaxNickLength = 9
MaxListSize = 10
PingTimeout = 120
PongTimeout = 20
[Options]
AllowedChannelTypes = #&+
AllowRemoteOper = no
;ChrootDir = /var/empty
;CloakHost = cloaked.host
;CloakHostModeX = cloaked.user
;CloakHostSalt = abcdefghijklmnopqrstuvwxyz
;CloakUserToNick = yes
;ConnectIPv6 = yes
;ConnectIPv4 = yes
;DefaultUserModes = i
DNS = no
Ident = no
;IncludeDir = /usr/local/etc/conf.d
MorePrivacy = yes
;NoticeAuth = no
OperCanUseMode = no
;OperChanPAutoOp = yes
OperServerMode = no
PAM = yes
PAMIsOptional = no
RequireAuthPing = yes
;ScrubCTCP = no
;SyslogFacility = local1
;WebircPassword = xyz
[SSL]
CertFile = /etc/ssl/certs/hodor-bundle.crt
CipherList = HIGH:!aNULL:@STRENGTH
;CipherList = SECURE128
;DHFile = /usr/local/etc/ssl/dhparams.pem
KeyFile = /etc/ssl/private/hodor.key
;KeyFilePassword = secret
Ports = 6667
[Operator]
;Name = TheOper
;Password = ThePwd
;Mask = *!ident@somewhere.example.com

[Channel]
Name = #pragmasec
Topic = pragmasec
Modes = tnk
;Key = Secret
;KeyFile = /usr/local/etc/#chan.key
MaxUsers = 20
# -eof-

Advertisements

One response to “Set up a secure IRC with SSL, PAM auth and crypted salted passwords

  1. viagra 30 May 2015 at 19:31

    An impressive share! I’ve just forwarded this onto a coworker who has been doing a little research on this. And he in fact ordered me breakfast simply because I discovered it for him… lol. So let me reword this…. Thank YOU for the meal!! But yeah, thanx for spending time to discuss this topic here on your internet site.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s