moved hopm to general, fixed, oper / classes some
This commit is contained in:
parent
a2a1b7823c
commit
aed668bb82
|
@ -1 +1,2 @@
|
|||
*#*~
|
||||
*.pem
|
||||
|
|
|
@ -5,7 +5,7 @@ CWD=$(pwd)
|
|||
|
||||
set -e
|
||||
|
||||
names = "
|
||||
names="
|
||||
3dg3
|
||||
g3n3r4l
|
||||
hub
|
||||
|
@ -19,14 +19,54 @@ mysql
|
|||
"
|
||||
|
||||
for x in $(echo $names | tr ' ' '\n' | grep "."); do
|
||||
openssl genpkey \
|
||||
-algorithm ED25519 \
|
||||
openssl genpkey \
|
||||
-algorithm ED25519 \
|
||||
-out "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.ed25519.key"
|
||||
|
||||
openssl genpkey \
|
||||
-algorithm ED448 \
|
||||
openssl genpkey \
|
||||
-algorithm ED448 \
|
||||
-out "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.ed448.key"
|
||||
|
||||
openssl genrsa -out "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.key" 4096
|
||||
|
||||
done
|
||||
openssl req \
|
||||
-new \
|
||||
-key "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.ed448.key" \
|
||||
-out "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.ed448.csr" \
|
||||
-config "${CWD}/config/ssl/intermediate/ext/${x}.${COMMON_NAME}.ed448.ext"
|
||||
|
||||
openssl req \
|
||||
-new \
|
||||
-key "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.ed25519.key" \
|
||||
-out "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.ed25519.csr" \
|
||||
-config "${CWD}/config/ssl/intermediate/ext/${x}.${COMMON_NAME}.ed25519.ext"
|
||||
|
||||
openssl req \
|
||||
-new \
|
||||
-key "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.key" \
|
||||
-out "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.csr" \
|
||||
-config "${CWD}/config/ssl/intermediate/ext/${x}.${COMMON_NAME}.ext"
|
||||
|
||||
openssl ca \
|
||||
-batch \
|
||||
-extensions v3_intermediate_ca \
|
||||
-in "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.ed448.csr" \
|
||||
-out "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.ed448.crt" \
|
||||
-config "${CWD}/config/ssl/ca/ext/${x}.${COMMON_NAME}.ed448.ext"
|
||||
|
||||
openssl ca \
|
||||
-batch \
|
||||
-extensions v3_intermediate_ca \
|
||||
-in "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.ed25519.csr" \
|
||||
-out "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.ed25519.crt" \
|
||||
-config "${CWD}/config/ssl/ca/ext/${x}.${COMMON_NAME}.ed25519.ext"
|
||||
|
||||
openssl ca \
|
||||
-batch \
|
||||
-extensions v3_intermediate_ca \
|
||||
-in "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.csr" \
|
||||
-out "${CWD}/config/ssl/intermediate/certs/${x}.${COMMON_NAME}.crt" \
|
||||
-config "${CWD}/config/ssl/ca/ext/${x}.${COMMON_NAME}.ext"
|
||||
|
||||
|
||||
done
|
||||
|
|
|
@ -17,13 +17,13 @@ irc {
|
|||
realname = "n3tw3rk 1ns3cur1ty c0rp pr0xy sc4nn3r";
|
||||
username = "sc4nn3r";
|
||||
server = "100.64.64.66";
|
||||
port = 6667;
|
||||
port = 6868;
|
||||
tls = no;
|
||||
tls_hostname_verification = yes;
|
||||
readtimeout = 15 minutes;
|
||||
reconnectinterval = 30 seconds;
|
||||
nickserv = "NS IDENTIFY password";
|
||||
oper = "hopm password";
|
||||
oper = "SCANNER password";
|
||||
mode = "+c";
|
||||
away = "go privmsg someone else";
|
||||
channel {
|
||||
|
@ -32,8 +32,8 @@ irc {
|
|||
};
|
||||
|
||||
connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-f\\.:]+)\\].*";
|
||||
kline = "OS AKILL ADD +3h *@%i Open proxy found on your host.";
|
||||
notice = "You are now being scanned for open proxies, please connect using the proxy or Tor DMZ links if you are unable to access the network";
|
||||
kline = "OS AKILL ADD +3h *@%i Open proxy found on your host. Try connecting through proxy-dmz or Tor instead.";
|
||||
notice = "You are now being scanned for open proxies";
|
||||
};
|
||||
|
||||
opm {
|
||||
|
@ -109,9 +109,9 @@ scanner {
|
|||
fd = 102400;
|
||||
max_read = 4 kbytes;
|
||||
timeout = 30 seconds;
|
||||
target_ip = "efnet.port80.se";
|
||||
target_ip = "irc.clandestine.network";
|
||||
target_port = 6667;
|
||||
target_string = ":irc.example.org NOTICE * :*** Looking up your hostname";
|
||||
target_string = ":irc.clandestine.network NOTICE * :*** Looking up your hostname";
|
||||
target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
|
||||
};
|
||||
|
||||
|
@ -198,7 +198,6 @@ user {
|
|||
|
||||
exempt {
|
||||
mask = "*!*@127.0.0.1";
|
||||
mask = "*!*@100.64.0.0/17";
|
||||
mask = "*!*@*.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
|
||||
};
|
||||
>
|
|
@ -5,6 +5,14 @@
|
|||
.include <hb_conf/include/auth.conf>
|
||||
|
||||
auth {
|
||||
user = "*@*";
|
||||
spoof = "h0pm.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
user = "*@100.64.64.67";
|
||||
class = "hopm_oper";
|
||||
flags = need_password, exceed_limit, kline_exempt, xline_exempt, resv_exempt, can_flood, no_tilde;
|
||||
};
|
||||
|
||||
auth {
|
||||
user = "*@*";
|
||||
class = "general_users";
|
||||
};
|
||||
|
||||
|
|
|
@ -4,6 +4,16 @@
|
|||
|
||||
.include <hb_conf/include/user.classes.conf>
|
||||
|
||||
class {
|
||||
name = "typical_oper";
|
||||
ping_time = 2 seconds;
|
||||
number_per_ip_local = 5;
|
||||
max_number = 5;
|
||||
sendq = 1 megabyte;
|
||||
max_channels = 60;
|
||||
max_idle = 30 minutes;
|
||||
};
|
||||
|
||||
class {
|
||||
name = "console_admin";
|
||||
ping_time = 2 seconds;
|
||||
|
@ -20,4 +30,14 @@ class {
|
|||
connectfreq = 2 seconds;
|
||||
max_number = 1;
|
||||
sendq = 32 megabytes;
|
||||
};
|
||||
};
|
||||
|
||||
class {
|
||||
name = "hopm_oper";
|
||||
ping_time = 2 seconds;
|
||||
number_per_ip_local = 1;
|
||||
max_number = 10240;
|
||||
sendq = 1 megabyte;
|
||||
max_channels = 60;
|
||||
max_idle = 1000 years;
|
||||
};
|
||||
|
|
|
@ -23,15 +23,21 @@
|
|||
.include <hb_conf/general.serverhide.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "irc.clandestine.network";
|
||||
sid = "11X";
|
||||
description = "n3tw3rk 1ns3cur1ty c0rp0r4t10n";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_description = "General-purpose internet relay chat network";
|
||||
hub = no;
|
||||
default_max_clients = 65465;
|
||||
max_nick_length = 30;
|
||||
max_topic_length = 192;
|
||||
name = "irc.clandestine.network";
|
||||
sid = "11X";
|
||||
description = "n3tw3rk 1ns3cur1ty c0rp0r4t10n";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_description = "General-purpose internet relay chat network";
|
||||
hub = no;
|
||||
default_max_clients = 65465;
|
||||
max_nick_length = 30;
|
||||
max_topic_length = 192;
|
||||
rsa_private_key_file = "/key.pem";
|
||||
tls_certificate_file = "/cert.pem";
|
||||
tls_supported_groups = "X25519:P-256";
|
||||
tls_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA";
|
||||
tls_cipher_suites = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256";
|
||||
tls_message_digest_algorithm = "sha256";
|
||||
};
|
||||
|
||||
connect {
|
||||
|
@ -49,6 +55,8 @@ connect {
|
|||
};
|
||||
|
||||
listen {
|
||||
host = "100.64.64.66"; # HOPM
|
||||
port = 6868;
|
||||
host = "100.64.65.162"; # Console
|
||||
port = 6665;
|
||||
|
||||
|
|
|
@ -6,4 +6,5 @@
|
|||
|
||||
exempt {
|
||||
ip = "100.64.64.0/29";
|
||||
ip = "100.64.64.64/29";
|
||||
};
|
|
@ -2,4 +2,37 @@
|
|||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <hb_conf/include/oper.conf>
|
||||
.include <hb_conf/include/oper.conf>
|
||||
|
||||
operator {
|
||||
name = "kayos";
|
||||
user = "*kayos@209.141.38.221";
|
||||
password = "<- 0ps";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "typical_oper";
|
||||
encrypted = no;
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden, invisible, external, rej, skill, hideidle, wallop, expiration;
|
||||
flags = admin, globops, kill, kill:remote, kline, set, unkline, unxline, xline;
|
||||
};
|
||||
|
||||
operator {
|
||||
name = "octopus";
|
||||
user = "sid11594@brockwell.irccloud.com";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "typical_oper";
|
||||
encrypted = no;
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden, invisible, external, rej, skill, hideidle, wallop, expiration;
|
||||
flags = admin, globops, kill, kill:remote, kline, set, unkline, unxline, xline;
|
||||
};
|
||||
|
||||
operator {
|
||||
name = "SCANNER";
|
||||
user = "*@h0pm.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "hopm_oper";
|
||||
encrypted = no;
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote, kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden, invisible, external, rej, skill, hideidle, wallop, expiration, cconn;
|
||||
};
|
|
@ -12,14 +12,6 @@ auth {
|
|||
xline_exempt, resv_exempt, can_flood, no_tilde;
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "h0pm.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
user = "*@100.64.64.67";
|
||||
class = "hopm_scanner";
|
||||
flags = need_password, exceed_limit, kline_exempt,
|
||||
xline_exempt, resv_exempt, can_flood, no_tilde;
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
user = "*@*";
|
||||
|
|
|
@ -24,17 +24,6 @@ class {
|
|||
max_idle = 1000 years;
|
||||
};
|
||||
|
||||
class {
|
||||
name = "hopm_scanner";
|
||||
ping_time = 2 seconds;
|
||||
number_per_ip_local = 1;
|
||||
max_number = 10240;
|
||||
sendq = 1 megabyte;
|
||||
max_channels = 60;
|
||||
max_idle = 1000 years;
|
||||
};
|
||||
|
||||
|
||||
class {
|
||||
name = "tor_edge_hub";
|
||||
ping_time = 2 seconds;
|
||||
|
|
|
@ -107,8 +107,6 @@ connect {
|
|||
};
|
||||
|
||||
listen {
|
||||
host = "100.64.64.66"; # HOPM
|
||||
port = 6667;
|
||||
host = "100.64.64.42"; # Oper bouncer
|
||||
port = 6666;
|
||||
host = "100.64.64.50"; # Console
|
||||
|
|
|
@ -13,5 +13,4 @@ exempt {
|
|||
ip = "100.64.64.40/29";
|
||||
ip = "100.64.64.48/29";
|
||||
ip = "100.64.64.56/29";
|
||||
ip = "100.64.64.64/29";
|
||||
};
|
|
@ -16,21 +16,6 @@ operator {
|
|||
kline, module, rehash, rehash:remote, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
|
||||
operator {
|
||||
name = "SCANNER";
|
||||
user = "*@h0pm.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "hopm_scanner";
|
||||
encrypted = no;
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
|
||||
|
||||
operator {
|
||||
name = "external_hub_operator";
|
||||
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
/* Configuration example located at
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
|
|
|
@ -26,6 +26,12 @@ resv {
|
|||
exempt = "SVC@n3tw3rk.1ns3cur1ty.c0rp";
|
||||
};
|
||||
|
||||
# resv {
|
||||
# mask = "SCANNER";
|
||||
# reason = "Reserved for HOPM";
|
||||
# exempt = "*@h0pm.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
# exempt = "*@100.64.64.67";
|
||||
# };
|
||||
|
||||
resv {
|
||||
mask = "GLOBAL";
|
||||
|
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = irc.clandestine.network
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = g3n3r4l
|
||||
IP.1 =
|
||||
|
|
@ -21,6 +21,13 @@ networks:
|
|||
hub:
|
||||
external:
|
||||
name: hb_hub_general_leaf
|
||||
hopm:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.64.64/29
|
||||
internal: true
|
||||
|
||||
|
||||
services:
|
||||
general:
|
||||
|
@ -47,6 +54,8 @@ services:
|
|||
ipv4_address: 100.64.65.162
|
||||
hub:
|
||||
ipv4_address: 100.64.64.3
|
||||
hopm:
|
||||
ipv4_address: 100.64.64.66
|
||||
volumes:
|
||||
- type: volume
|
||||
source: ephemeral
|
||||
|
@ -54,6 +63,8 @@ services:
|
|||
volume:
|
||||
nocopy: false
|
||||
- ../config/hybrid:/usr/local/ircd/etc/hb_conf:ro
|
||||
- ./cert.pem:/cert.pem:ro
|
||||
- ./key.pem:/key.pem:ro
|
||||
|
||||
volumes:
|
||||
ephemeral:
|
||||
|
|
|
@ -8,9 +8,9 @@ networks:
|
|||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.48.24/30
|
||||
hub:
|
||||
general:
|
||||
external:
|
||||
name: hb_hub_hopm
|
||||
name: hb_general_hopm
|
||||
|
||||
services:
|
||||
hopm:
|
||||
|
@ -32,7 +32,7 @@ services:
|
|||
networks:
|
||||
default:
|
||||
ipv4_address: 100.64.48.26
|
||||
hub:
|
||||
general:
|
||||
ipv4_address: 100.64.64.67
|
||||
volumes:
|
||||
- type: volume
|
||||
|
|
|
@ -58,12 +58,6 @@ networks:
|
|||
config:
|
||||
- subnet: 100.64.64.56/29
|
||||
internal: true
|
||||
hopm:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.64.64/29
|
||||
internal: true
|
||||
|
||||
services:
|
||||
hub:
|
||||
|
@ -101,8 +95,6 @@ services:
|
|||
ipv4_address: 100.64.64.50
|
||||
tor_edge_hub:
|
||||
ipv4_address: 100.64.64.58
|
||||
hopm:
|
||||
ipv4_address: 100.64.64.66
|
||||
volumes:
|
||||
- type: volume
|
||||
source: ephemeral
|
||||
|
|
Loading…
Reference in New Issue