/[svn]/hopm/branches/1.0.x/doc/reference.conf

Diff of /hopm/branches/1.0.x/doc/reference.conf

Parent Directory | Revision Log | View Patch Patch

-revision 5146 by michael,
Fri Dec 26 14:02:15 2014 UTC
+revision 5147 by michael,
Fri Dec 26 14:33:45 2014 UTC
 Line 28 
 options {
          /*
           * How long to store the IP address of hosts which are confirmed
-          * (by previous scans) to be secure.  New users from these
+          * (by previous scans) to be secure. New users from these
           * IP addresses will not be scanned again until this amount of time
           * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS
           * DIRECTIVE, but it is provided due to demand.
 Line 43 
 options {
  #       negcache = 1 hour;
          /*
-          * Amount of file descriptors to allocate to asynchronous DNS.  64
+          * Amount of file descriptors to allocate to asynchronous DNS. 64
           * should be plenty for almost anyone.
           */
          dns_fdlimit = 64;
          /*
           * Put the full path and filename of a logfile here if you wish to log
-          * every scan done.  Normally HOPM only logs successfully detected
+          * every scan done. Normally HOPM only logs successfully detected
           * proxies in the hopm.log, but you may get abuse reports to your ISP
-          * about portscanning.  Being able to show that it was HOPM that did
+          * about portscanning. Being able to show that it was HOPM that did
-          * the scan in question can be useful.  Leave commented for no
+          * the scan in question can be useful. Leave commented for no
           * logging.
           */
  #       scanlog = "/some/path/var/scan.log";
 Line 62 
 options {
  irc {
          /*
-          * IP to bind to for the IRC connection.  You only need to use this if
+          * IP to bind to for the IRC connection. You only need to use this if
           * you wish HOPM to use a particular interface (virtual host, IP
-          * alias, ...) when connecting to the IRC server.  There is another
+          * alias, ...) when connecting to the IRC server. There is another
           * "vhost" setting in the scan {} block below for the actual
-          * portscans.  Note that this directive expects an IP address, not a
+          * portscans. Note that this directive expects an IP address, not a
-          * hostname.  Please leave this commented out if you do not
+          * hostname. Please leave this commented out if you do not
           * understand what it does, as most people don't need it.
           */
  #       vhost = "0.0.0.0";
 Line 99 
 irc {
  #       password = "secret";
          /*
-          * Port of the above server to connect to.  This is what HOPM uses to
+          * Port of the above server to connect to. This is what HOPM uses to
           * get onto IRC itself, it is nothing to do with what ports/protocols
           * are scanned, nor do you need to list every port your ircd listens
           * on.
 Line 108 
 irc {
          /*
           * Command to execute to identify to NickServ (if your network uses
-          * it).  This is the raw IRC command text, and the below example
+          * it). This is the raw IRC command text, and the below example
-          * corresponds to "/msg nickserv identify password" in a client.  If
+          * corresponds to "/msg nickserv identify password" in a client. If
           * you don't understand, just edit "password" in the line below to be
-          * your HOPM's nick password.  Leave commented out if you don't need
+          * your HOPM's nick password. Leave commented out if you don't need
           * to identify to NickServ.
           */
  #       nickserv = "NS IDENTIFY password";
 Line 123 
 irc {
          /*
           * Mode string that HOPM needs to set on itself as soon as it opers
-          * up.  This needs to include the mode for seeing connection notices,
+          * up. This needs to include the mode for seeing connection notices,
           * otherwise HOPM won't scan anyone (that's usually umode +c).
           */
          mode = "+c";
 Line 136 
 irc {
          /*
           * Info about channels you wish HOPM to join in order to accept
-          * commands.  HOPM will also print messages in these channels every
+          * commands. HOPM will also print messages in these channels every
-          * time it detects a proxy.  Only IRC operators can command HOPM to do
+          * time it detects a proxy. Only IRC operators can command HOPM to do
           * anything, but some of the things HOPM reports to these channels
           * could be considered sensitive, so it's best not to put HOPM into
           * public channels.
           */
          channel {
                  /*
-                  * Channel name.  Local ("&") channels are supported if your ircd
+                  * Channel name. Local ("&") channels are supported if your ircd
                   * supports them.
                   */
                  name = "#hopm";
 Line 158 
 irc {
                  /*
                   * If you use ChanServ then maybe you want to set the channel
                   * invite-only and have each HOPM do "/msg ChanServ invite" to get
-                  * itself in.  Leave commented if you don't, or if this makes no
+                  * itself in. Leave commented if you don't, or if this makes no
                   * sense to you.
                   */
  #               invite = "CS INVITE #hopm";
 Line 181 
 irc {
           * connection notice.
           *
           * This is fairly complicated stuff, and the consequences of getting
-          * it wrong are the HOPM does not scan anyone.  Unless you know
+          * it wrong are the HOPM does not scan anyone. Unless you know
           * absolutely what you are doing, please just uncomment the example
           * below that best matches the type of ircd you use.
           */
 Line 230 
 irc {
  /*
   * OPM Block defines blacklists and information required to report new proxies
-  * to a dns blacklist.  DNS-based blacklists store IP addresses in a DNS zone
+  * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone
   * file. There are several blacklist that list IP addresses known to be open
   * proxies or other forms of IRC abuse. By checking against these blacklists,
   * HOPMs are able to ban known sources of abuse without completely scanning them.
   */
  opm {
          /*
-          * Blacklist zones to check IPs against.  If you would rather not
+          * Blacklist zones to check IPs against. If you would rather not
           * trust a remotely managed blacklist, you could set up your own, or
           * leave these commented out in which case every user will be
           * scanned. The use of at least one open proxy DNSBL is recommended
 Line 350 
 opm {
          /*
           * You can report the insecure proxies you find to a DNSBL also!
           * The remaining directives in this section are only needed if you
-          * intend to do this.  Reports are sent by email, one email per IP
+          * intend to do this. Reports are sent by email, one email per IP
-          * address.  The format does support multiple addresses in one email,
+          * address. The format does support multiple addresses in one email,
           * but we don't know of any servers that are detecting enough insecure
           * proxies for this to be really necessary.
           */
          /*
-          * Email address to send reports FROM.  If you intend to send reports,
+          * Email address to send reports FROM. If you intend to send reports,
           * please pick an email address that we can actually send mail to
           * should we ever need to contact you.
           */
 Line 370 
 opm {
  #       dnsbl_to = "bopm-report@dronebl.org";
          /*
-          * Full path to your sendmail binary.  Even if your system does not
+          * Full path to your sendmail binary. Even if your system does not
           * use sendmail, it probably does have a binary called "sendmail"
-          * present in /usr/sbin or /usr/lib.  If you don't set this, no
+          * present in /usr/sbin or /usr/lib. If you don't set this, no
           * proxies will be reported.
           */
  #       sendmail = "/usr/sbin/sendmail";
 Line 382 
 opm {
  /*
   * The short explanation:
   *
-  * This is where you define what ports/protocols to check for.  You can have
+  * This is where you define what ports/protocols to check for. You can have
   * multiple scanner blocks and then choose which users will get scanned by
   * which scanners further down.
   *
   * The long explanation:
   *
-  * Scanner defines a virtual scanner.  For each user being scanned, a scanner
+  * Scanner defines a virtual scanner. For each user being scanned, a scanner
   * will use a file descriptor (and subsequent connection) for each protocol.
   * Once connecting it will negotiate the proxy to connect to
   * target_ip:target_port (target_ip MUST be an IP).
   *
   * Once connected, any data passed through the proxy will be checked to see if
-  * target_string is contained within that data.  If it is the proxy is
+  * target_string is contained within that data. If it is the proxy is
   * considered open. If the connection is closed at any point before
   * target_string is matched, or if at least max_read bytes are read from the
   * connection, the negotiation is considered failed.
 Line 402 
 opm {
  scanner {
          /*
-          * Unique name of this scanner.  This is used further down in the
+          * Unique name of this scanner. This is used further down in the
           * user {} blocks to decide which users get affected by which
           * scanners.
           */
 Line 410 
 scanner {
          /*
           * HTTP CONNECT - very common proxy protocol supported by widely known
-          * software such as Squid and Apache.  The most common sort of
+          * software such as Squid and Apache. The most common sort of
-          * insecure proxy and found on a multitude of weird ports too.  Offers
+          * insecure proxy and found on a multitude of weird ports too. Offers
           * transparent two way TCP connections.
           */
          protocol = HTTP:80;
 Line 422 
 scanner {
          /*
           * SOCKS4/5 - well known proxy protocols, probably the second most
           * common for insecure proxies, also offers transparent two way TCP
-          * connections.  Fortunately largely confined to port 1080.
+          * connections. Fortunately largely confined to port 1080.
           */
          protocol = SOCKS4:1080;
          protocol = SOCKS5:1080;
 Line 430 
 scanner {
          /*
           * Cisco routers with a default password (yes, it really does happen).
           * Also pretty much anything else that will let you telnet to anywhere
-          * else on the internet.  Fortunately these are always on port 23.
+          * else on the internet. Fortunately these are always on port 23.
           */
          protocol = ROUTER:23;
 Line 449 
 scanner {
           * Found on the same ports that HTTP CONNECT proxies inhabit.
           *
           * Note that if your ircd has "ping cookies" then clients from HTTP
-          * POST proxies cannot actually ever get onto your network anyway.  If
+          * POST proxies cannot actually ever get onto your network anyway. If
           * you leave the checks in then you'll still find some (because some
           * people IRC from boxes that run them), but if you use HOPM purely as
           * a protective measure and you have ping cookies, you need not scan
 Line 458 
 scanner {
          protocol = HTTPPOST:80;
          /*
-          * IP this scanner will bind to.  Use this if you need your scans to
+          * IP this scanner will bind to. Use this if you need your scans to
           * come FROM a particular interface on the machine you run HOPM from.
           * If you don't understand what this means, please leave this
           * commented out, as this is a major source of support queries!
           */
  #       vhost = "127.0.0.1";
-         /* Maximum file descriptors this scanner can use.  Remember that there
+         /* Maximum file descriptors this scanner can use. Remember that there
-          * will be one FD for each protocol listed above.  As this example
+          * will be one FD for each protocol listed above. As this example
-          * scanner has 8 protocols, it requires 8 FDs per user.  With a 512 FD
+          * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD
           * limit, this scanner can be used on 64 users _at the same time_.
           * That should be adequate for most servers.
           */
          fd = 512;
          /*
-          * Maximum data read from a proxy before considering it closed.  Don't
+          * Maximum data read from a proxy before considering it closed. Don't
           * set this too high, some people have fun setting up lots of ports
-          * that send endless data to tie up your scanner.  4KB is plenty for
+          * that send endless data to tie up your scanner. 4KB is plenty for
           * any known proxy.
           */
          max_read = 4kb;
 Line 499 
 scanner {
           *
           * Please use an IP that is publically reachable from anywhere on the
           * Internet, because you have no way of knowing where the insecure
-          * proxies will be located.  Just because you and your HOPM can
+          * proxies will be located. Just because you and your HOPM can
           * connect to your ircd on some private IP like 192.168.0.1, does not
           * mean that the insecure proxies out there on the Internet will be
-          * able to.  And if they never connect, you will never detect them.
+          * able to. And if they never connect, you will never detect them.
           *
           * Remember to change this setting for every scanner you configure.
           */
          target_ip = "127.0.0.1";
          /*
-          * Target port to tell the proxy to connect to.  This is usually
+          * Target port to tell the proxy to connect to. This is usually
-          * something like 6667.  Basically any client-usable port.
+          * something like 6667. Basically any client-usable port.
           */
          target_port = 6667;
          /*
           * Target string we check for in the data read back by the scanner.
           * This should be some string out of the data that your ircd usually
-          * sends on connect.  The example below will work on most
+          * sends on connect. The example below will work on most
-          * hybrid/bahamut ircds.  Multiple target strings are allowed.
+          * hybrid/bahamut ircds. Multiple target strings are allowed.
           *
           * NOTE: Try to keep the number of target strings to a minimum. Two
           *       should be fine. One for normal connections and one for throttled
 Line 534 
 scanner {
          /*
           * If you try to connect too fast, you'll be throttled by your own
-          * ircd.  Here's what a hybrid throttle message looks like:
+          * ircd. Here's what a hybrid throttle message looks like:
           */
          target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
  };
 Line 644 
 user {
   * HOPM will check each string against both the hostname and the IP address of
   * the user.
   *
-  * There are very few valid reasons to actually use "exempt".  HOPM should
+  * There are very few valid reasons to actually use "exempt". HOPM should
   * never get false positives, and we would like to know very much if it does.
   * One possible scenario is that the machine HOPM runs from is specifically
   * authorized to use certain hosts as proxies, and users from those hosts use
-  * your network.  In this case, without exempt, HOPM will scan these hosts,
+  * your network. In this case, without exempt, HOPM will scan these hosts,
   * find itself able to use them as proxies, and ban them.
   */
  exempt {

 Legend:



Removed from v.5146
 


changed lines


 
Added in v.5147
 Legend:



Removed from v.5146
 


changed lines


 
Added in v.5147
-Removed from v.5146
+Added in v.5147

svnadmin@ircd-hybrid.org	ViewVC Help
Powered by ViewVC 1.1.28