securing leafs...

These are old archives. They are kept for historic purposes only.
Post Reply
seceru
Posts: 2
Joined: Wed May 31, 2006 8:50 pm

securing leafs...

Post by seceru »

how to do this. hub is very secure. but leafs are not so secured so if one of leafs is being "hacked" what i have to do in hub unrealircd.conf that he wont be able op him self on chanels from leaf, and gline, kline... etc... that he will have limit access.
Top
Syzop
UnrealIRCd head coder
Posts: 2179
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:
Contact Syzop

Post by Syzop »

That's not possible, due to the way ircd is designed other servers need to be able to op/deop clients (theirs and others), for example when netsynching, plus they need to be able to do a lot of other stuff as wel, but in any case.. because of that, it's not possible to secure that down.

So basically: you are screwed if one of your servers is hacked. Just try to detect it in time...
Top
seceru
Posts: 2
Joined: Wed May 31, 2006 8:50 pm

Post by seceru »

hmm that sux :P. what about if i install services only to hub... that they secure chanels that the someone from leaf if he is oper cant op there? that services kill him if he opes ore someting like that? i dont know about services but if is posible to do someting with services to secure more things.. its a start... :P
Top
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe »

If you were to install Anope there is a very nice feature available for disabling all opers on any server on your network. The operserv NOOP command which diables all O:lines on the givern server. Which would then prevent any hacker from gaining IRCop priviledges. The only ways to reverse the effect is to rehash the server or use the noop revoke command.
-OperServ- Syntax: NOOP SET server
-OperServ- NOOP REVOKE server
-OperServ- NOOP SET remove all O:lines of the given
-OperServ- server and kill all IRCops currently on it to
-OperServ- prevent them from rehashing the server (because this
-OperServ- would just cancel the effect).
-OperServ- NOOP REVOKE makes all removed O:lines available again
-OperServ- on the given server.
-OperServ- Note: The server is not checked at all by the
-OperServ- Services.
-OperServ-
-OperServ- Limited to Services admins.
Top
JanisB
Posts: 128
Joined: Fri Apr 22, 2005 9:05 am
Location: LV
Contact:
Contact JanisB

Post by JanisB »

<19:27:33> -ircxxxxxx- *** Notice -- This server has been placed in NOOP mode
<19:27:33> * JanisB sets mode: -ogaANWqH
GentooBox unreal # ./unreal rehash
Rehashing UnrealIRCd
GentooBox unreal #
<19:28:07> -ircxxxxxx- *** Notice -- Got signal SIGHUP, reloading unrealircd.conf file
<19:28:16> -irc.xxxxxx- *** This server is in NOOP mode, you cannot /oper

So, you CANNOT remove NOOP with REHASHing.
Top
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe »

I was made to believe that rehashing cancels the effect perhaps they meant shutting down and restarting ther server as a rehash doesnt clear things like bans either so may just be that.
Top
Jason
Posts: 570
Joined: Mon Jun 14, 2004 5:09 pm

Post by Jason »

Rehashing, does however, fix this.

When the conf reloads, the opers are reloaded.
Why the hell can't my signature be empty?
"Your message contains too few characters."
Top
Post Reply

Return to “Unreal 3.2 Support”