UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

securing leafs...

https://forums.unrealircd.org/viewtopic.php?t=3365

Page 1 of 1

securing leafs...

Posted: Wed May 31, 2006 8:55 pm
by seceru
how to do this. hub is very secure. but leafs are not so secured so if one of leafs is being "hacked" what i have to do in hub unrealircd.conf that he wont be able op him self on chanels from leaf, and gline, kline... etc... that he will have limit access.

Posted: Wed May 31, 2006 9:01 pm
by Syzop
That's not possible, due to the way ircd is designed other servers need to be able to op/deop clients (theirs and others), for example when netsynching, plus they need to be able to do a lot of other stuff as wel, but in any case.. because of that, it's not possible to secure that down.

So basically: you are screwed if one of your servers is hacked. Just try to detect it in time...

Posted: Wed May 31, 2006 9:09 pm
by seceru
hmm that sux :P. what about if i install services only to hub... that they secure chanels that the someone from leaf if he is oper cant op there? that services kill him if he opes ore someting like that? i dont know about services but if is posible to do someting with services to secure more things.. its a start... :P

Posted: Thu Jun 01, 2006 12:32 pm
by Jobe
If you were to install Anope there is a very nice feature available for disabling all opers on any server on your network. The operserv NOOP command which diables all O:lines on the givern server. Which would then prevent any hacker from gaining IRCop priviledges. The only ways to reverse the effect is to rehash the server or use the noop revoke command.
-OperServ- Syntax: NOOP SET server
-OperServ- NOOP REVOKE server
-OperServ- NOOP SET remove all O:lines of the given
-OperServ- server and kill all IRCops currently on it to
-OperServ- prevent them from rehashing the server (because this
-OperServ- would just cancel the effect).
-OperServ- NOOP REVOKE makes all removed O:lines available again
-OperServ- on the given server.
-OperServ- Note: The server is not checked at all by the
-OperServ- Services.
-OperServ-
-OperServ- Limited to Services admins.

Posted: Thu Jun 01, 2006 4:30 pm
by JanisB
<19:27:33> -ircxxxxxx- *** Notice -- This server has been placed in NOOP mode
<19:27:33> * JanisB sets mode: -ogaANWqH
GentooBox unreal # ./unreal rehash
Rehashing UnrealIRCd
GentooBox unreal #
<19:28:07> -ircxxxxxx- *** Notice -- Got signal SIGHUP, reloading unrealircd.conf file
<19:28:16> -irc.xxxxxx- *** This server is in NOOP mode, you cannot /oper

So, you CANNOT remove NOOP with REHASHing.

Posted: Thu Jun 01, 2006 6:59 pm
by Jobe
I was made to believe that rehashing cancels the effect perhaps they meant shutting down and restarting ther server as a rehash doesnt clear things like bans either so may just be that.

Posted: Thu Jun 01, 2006 9:05 pm
by Jason
Rehashing, does however, fix this.

When the conf reloads, the opers are reloaded.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited