/[svn]/hopm/trunk/doc/reference.conf
ViewVC logotype

Diff of /hopm/trunk/doc/reference.conf

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 5055 by michael, Mon Dec 22 12:15:55 2014 UTC revision 5056 by michael, Mon Dec 22 13:29:14 2014 UTC
# Line 1  Line 1 
1  /*  /*
2    
3  BOPM sample configuration  HOPM sample configuration
4    
5  */  */
6    
7  options {  options {
8          /*          /*
9           * Full path and filename for storing the process ID of the running           * Full path and filename for storing the process ID of the running
10           * BOPM.           * HOPM.
11           */           */
12          pidfile = "/some/path/bopm.pid";          pidfile = "/some/path/hopm.pid";
13    
14          /*          /*
15           * How many seconds to store the IP address of hosts which are           * How many seconds to store the IP address of hosts which are
# Line 22  options { Line 22  options {
22           * of running a proxy can get abusers onto your network - all they           * of running a proxy can get abusers onto your network - all they
23           * need do is shut the proxy down, connect themselves, restart the           * need do is shut the proxy down, connect themselves, restart the
24           * proxy, and tell their friends to come flood.           * proxy, and tell their friends to come flood.
25           *               *
26           * Keep this directive commented out to disable negative caching.           * Keep this directive commented out to disable negative caching.
27           */           */
28  #       negcache = 3600;  #       negcache = 3600;
29    
30          /*          /*
31           * Amount of file descriptors to allocate to asynchronous DNS.  64           * Amount of file descriptors to allocate to asynchronous DNS.  64
32           * should be plenty for almost anyone - previous versions of BOPM only           * should be plenty for almost anyone.
          * did one at a time!  
33           */           */
34          dns_fdlimit = 64;          dns_fdlimit = 64;
35    
36          /*          /*
37           * Put the full path and filename of a logfile here if you wish to log           * Put the full path and filename of a logfile here if you wish to log
38           * every scan done.  Normally BOPM only logs successfully detected           * every scan done.  Normally HOPM only logs successfully detected
39           * proxies in the bopm.log, but you may get abuse reports to your ISP           * proxies in the hopm.log, but you may get abuse reports to your ISP
40           * about portscanning.  Being able to show that it was BOPM that did           * about portscanning.  Being able to show that it was HOPM that did
41           * the scan in question can be useful.  Leave commented for no           * the scan in question can be useful.  Leave commented for no
42           * logging.           * logging.
43           */           */
# Line 49  options { Line 48  options {
48  IRC {  IRC {
49          /*          /*
50           * IP to bind to for the IRC connection.  You only need to use this if           * IP to bind to for the IRC connection.  You only need to use this if
51           * you wish BOPM to use a particular interface (virtual host, IP           * you wish HOPM to use a particular interface (virtual host, IP
52           * alias, ...) when connecting to the IRC server.  There is another           * alias, ...) when connecting to the IRC server.  There is another
53           * "vhost" setting in the scan {} block below for the actual           * "vhost" setting in the scan {} block below for the actual
54           * portscans.  Note that this directive expects an IP address, not a           * portscans.  Note that this directive expects an IP address, not a
# Line 59  IRC { Line 58  IRC {
58  #       vhost = "0.0.0.0";  #       vhost = "0.0.0.0";
59    
60          /*          /*
61           * Nickname for BOPM to use.           * Nickname for HOPM to use.
62           */           */
63          nick = "MyBopm";          nick = "MyHopm";
64    
65          /*          /*
66           * Text to appear in the "realname" field of BOPM's /whois output.           * Text to appear in the "realname" field of HOPM's /whois output.
67           */           */
68          realname = "Blitzed Open Proxy Monitor";          realname = "Hybrid Open Proxy Monitor";
69    
70          /*          /*
71           * If you don't have an identd running, what username to use.           * If you don't have an identd running, what username to use.
72           */           */
73          username = "bopm";          username = "hopm";
74    
75          /*          /*
76           * Hostname (or IP) of the IRC server which BOPM will monitor           * Hostname (or IP) of the IRC server which HOPM will monitor
77           * connections on.           * connections on.
78           */           */
79          server = "myserver.somenetwork.org";          server = "myserver.somenetwork.org";
80    
   
81          /*          /*
82           * Password used to connect to the IRC server (PASS)           * Password used to connect to the IRC server (PASS)
83           */           */
           
84  #       password = "secret";  #       password = "secret";
85    
   
86          /*          /*
87           * Port of the above server to connect to.  This is what BOPM uses to           * Port of the above server to connect to.  This is what HOPM uses to
88           * get onto IRC itself, it is nothing to do with what ports/protocols           * get onto IRC itself, it is nothing to do with what ports/protocols
89           * are scanned, nor do you need to list every port your ircd listens           * are scanned, nor do you need to list every port your ircd listens
90           * on.           * on.
# Line 100  IRC { Line 96  IRC {
96           * it).  This is the raw IRC command text, and the below example           * it).  This is the raw IRC command text, and the below example
97           * corresponds to "/msg nickserv identify password" in a client.  If           * corresponds to "/msg nickserv identify password" in a client.  If
98           * you don't understand, just edit "password" in the line below to be           * you don't understand, just edit "password" in the line below to be
99           * your BOPM's nick password.  Leave commented out if you don't need           * your HOPM's nick password.  Leave commented out if you don't need
100           * to identify to NickServ.           * to identify to NickServ.
101           */           */
102  #       nickserv = "privmsg nickserv :identify password";  #       nickserv = "NS IDENTIFY password";
103    
104          /*          /*
105           * The username and password needed for BOPM to oper up.           * The username and password needed for HOPM to oper up.
106           */           */
107          oper = "bopm operpass";          oper = "hopm operpass";
108    
109          /*          /*
110           * Mode string that BOPM needs to set on itself as soon as it opers           * Mode string that HOPM needs to set on itself as soon as it opers
111           * up.  This needs to include the mode for seeing connection notices,           * up.  This needs to include the mode for seeing connection notices,
112           * otherwise BOPM won't scan anyone (that's usually umode +c).  It's           * otherwise HOPM won't scan anyone (that's usually umode +c).
          * often also a good idea to remove any helper modes so that users  
          * don't try to talk to the BOPM.  
          *  
          * REMEMBER THAT IRCU AND LATER VERSIONS OF UNREAL DO NOT USE A SIMPLE  
          * +c !!  
113           */           */
114          mode = "+c-h";          mode = "+c";
   
         /* Example for Bahamut; +F gives BOPM relaxed flood limits */  
 #       mode = "+Fc-h";  
115    
116          /*          /*
117           * If this is set then BOPM will use it as an /away message as soon as           * If this is set then HOPM will use it as an /away message as soon as
118           * it connects.           * it connects.
119           */           */
120          away = "I'm a bot.  Your messages will be ignored.";          away = "I'm a bot.  Your messages will be ignored.";
121    
122          /*          /*
123           * Info about channels you wish BOPM to join in order to accept           * Info about channels you wish HOPM to join in order to accept
124           * commands.  BOPM will also print messages in these channels every           * commands.  HOPM will also print messages in these channels every
125           * time it detects a proxy.  Only IRC operators can command BOPM to do           * time it detects a proxy.  Only IRC operators can command HOPM to do
126           * anything, but some of the things BOPM reports to these channels           * anything, but some of the things HOPM reports to these channels
127           * could be soncidered sensitive, so it's best not to put BOPM into           * could be soncidered sensitive, so it's best not to put HOPM into
128           * public channels.           * public channels.
129           */           */
130          channel {          channel {
131             /*                  /*
132              * Channel name.  Local ("&") channels are supported if your ircd                   * Channel name.  Local ("&") channels are supported if your ircd
133              * supports them.                   * supports them.
134              */                   */
135             name = "#bopm";                  name = "#hopm";
136    
137             /*                  /*
138              * If BOPM will need to use a key to enter this channel, this is                   * If HOPM will need to use a key to enter this channel, this is
139              * where you specify it.                   * where you specify it.
140              */                   */
141  #          key = "somekey";  #               key = "somekey";
142    
143             /*                  /*
144              * If you use ChanServ then maybe you want to set the channel                   * If you use ChanServ then maybe you want to set the channel
145              * invite-only and have each BOPM do "/msg ChanServ invite" to get                   * invite-only and have each HOPM do "/msg ChanServ invite" to get
146              * itself in.  Leave commented if you don't, or if this makes no                   * itself in.  Leave commented if you don't, or if this makes no
147              * sense to you.                   * sense to you.
148              */                   */
149  #          invite = "privmsg chanserv :invite #bopm";  #               invite = "CS INVITE #hopm";
150          };          };
151    
152          /*          /*
# Line 166  IRC { Line 154  IRC {
154           *           *
155           * channel { name = "#other"; }; channel { name="#channel"; }           * channel { name = "#other"; }; channel { name="#channel"; }
156           */           */
157          
158          /*          /*
159           * connregex is a POSIX regular expression used to parse connection           * connregex is a POSIX regular expression used to parse connection
160           * (+c) notices from the ircd. The complexity of the expression should           * (+c) notices from the ircd. The complexity of the expression should
161           * be kept to a minimum.           * be kept to a minimum.
162           *             *
163           * Items in order MUST be: nick user host IP           * Items in order MUST be: nick user host IP
164           *           *
165           * BOPM will not work with ircds which do not send an IP in the           * HOPM will not work with ircds which do not send an IP in the
166           * connection notice.           * connection notice.
167           *           *
168           * This is fairly complicated stuff, and the consequences of getting           * This is fairly complicated stuff, and the consequences of getting
169           * it wrong are the BOPM does not scan anyone.  Unless you know           * it wrong are the HOPM does not scan anyone.  Unless you know
170           * absolutely what you are doing, please just uncomment the example           * absolutely what you are doing, please just uncomment the example
171           * below that best matches the type of ircd you use.           * below that best matches the type of ircd you use.
          *  
          * !!! NOTE !!! If a connregex for your ircd does not appear here and the  
          * hybrid connregex does not appear to work, check the BOPM FAQ at  
          * http://wiki.blitzed.org/BOPM before contacting our lists for help.  
          *  
172           */           */
   
         /* Hybrid / Bahamut / Unreal (in HCN mode) */  
173          connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";          connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
174    
175          /*          /*
          * Ultimate ircd  - note the control-B characters around Connect/Exit,  
          * that is because that text appears in bold in the actual connect  
          * notice.  Be very careful when editing this, do it as you would put  
          * bold characters into IRC MOTDs.  
          */  
 #       connregex = "\\*\\*\\* \
Connect/Exit\
-- from [^:]+: Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
 
   
         /*  
          * SorIRCd 1.3.4+ / StarIRCd 5.26+.  
          */  
 #       connregex = "\\*\\*\\* Notice -- Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";  
   
   
         /*  
176           * "kline" controls the command used when an open proxy is confirmed.           * "kline" controls the command used when an open proxy is confirmed.
177           * We suggest applying a temporary (no more than a few hours) KLINE on the host.           * We suggest applying a temporary (no more than a few hours) KLINE on the host.
178           *           *
179           * <WARNING>           * <WARNING>
180           * Make sure if you need to change this string you also change the           * Make sure if you need to change this string you also change the
181           * kline command for every DNSBL you enable below.           * kline command for every DNSBL you enable below.
182           *           *
183           * Also note that some servers do not allow you to include ':' characters           * Also note that some servers do not allow you to include ':' characters
184           * inside the KLINE message (e.g. for a http:// address).           * inside the KLINE message (e.g. for a http:// address).
185           *           *
186           * Users rewriting this message into something that isn't even a valid           * Users rewriting this message into something that isn't even a valid
187           * IRC command is the single most common cause of support requests and           * IRC command is the single most common cause of support requests and
# Line 231  IRC { Line 198  IRC {
198           *  %i     User's IP address           *  %i     User's IP address
199           *           *
200           */           */
201          kline = "KLINE *@%h :Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";          kline = "KLINE *@%h :Open Proxy found on your host.";
202    
         /* A GLINE example for IRCu: */  
 #       kline = "GLINE +*@%i 1800 :Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";  
   
         /* An AKILL example for services with OperServ  
          * Your BOPM must have permission to AKILL for this to work! */  
   
 #       kline = "PRIVMSG OpenServ :AKILL +3h *@%h Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";  
         
203          /*          /*
204           * Text to send on connection, these can be stacked and will be sent in this order           * An AKILL example for services with OperServ. Your HOPM must have permission to
205           *           * AKILL for this to work!
          * !!! UNREAL USERS PLEASE NOTE !!!  
          * Unreal users will need PROTOCTL HCN to force hybrid connect  
          * notices.  
          *  
          * Yes Unreal users!  That means you!  That means you need the line  
          * below!  See that thing at the start of the line?  That's what we  
          * call a comment!  Remove it to UNcomment the line.  
206           */           */
207  #       perform = "PROTOCTL HCN";  #       kline = "OS AKILL +3h *@%h Open proxy found on your host.";
208    
209            /*
210             * Text to send on connection, these can be stacked and will be sent in this order.
211             */
212    #       perform = "TIME";
213  };  };
214    
215    
# Line 262  IRC { Line 218  IRC {
218   * to a dns blacklist.  DNS-based blacklists store IP addresses in a DNS zone   * to a dns blacklist.  DNS-based blacklists store IP addresses in a DNS zone
219   * file. There are several blacklist that list IP addresses known to be open   * file. There are several blacklist that list IP addresses known to be open
220   * proxies or other forms of IRC abuse. By checking against these blacklists,   * proxies or other forms of IRC abuse. By checking against these blacklists,
221   * BOPMs are able to ban known sources of abuse without completely scanning them.   * HOPMs are able to ban known sources of abuse without completely scanning them.
222   */   */
223    
224  OPM {  OPM {
# Line 271  OPM { Line 227  OPM {
227           * trust a remotely managed blacklist, you could set up your own, or           * trust a remotely managed blacklist, you could set up your own, or
228           * leave these commented out in which case every user will be           * leave these commented out in which case every user will be
229           * scanned. The use of at least one open proxy DNSBL is recommended           * scanned. The use of at least one open proxy DNSBL is recommended
230           * however.           * however.
231           *           *
232           * Blitzed is not associated with any of these DNSBLs, please check          * Please check the policies of each blacklist you use to check you
233           * the policies of each blacklist you use to check you are comfortable           * are comfortable with using them to block access to your server
234           * with using them to block access to your server (and that you are           * (and that you are allowed to use them).
          * allowed to use them).  
235           */           */
236    
237          /* DroneBL - http://dronebl.org */          /* DroneBL - http://dronebl.org */
# Line 393  OPM { Line 348  OPM {
348    
349          /*          /*
350           * Email address to send reports TO.           * Email address to send reports TO.
351           * For example DroneBL:           * For example DroneBL:
352           */           */
353  #       dnsbl_to = "bopm-report@dronebl.org";  #       dnsbl_to = "bopm-report@dronebl.org";
354    
# Line 480  scanner { Line 435  scanner {
435           * Note that if your ircd has "ping cookies" then clients from HTTP           * Note that if your ircd has "ping cookies" then clients from HTTP
436           * POST proxies cannot actually ever get onto your network anyway.  If           * POST proxies cannot actually ever get onto your network anyway.  If
437           * you leave the checks in then you'll still find some (because some           * you leave the checks in then you'll still find some (because some
438           * people IRC from boxes that run them), but if you use BOPM purely as           * people IRC from boxes that run them), but if you use HOPM purely as
439           * a protective measure and you have ping cookies, you need not scan           * a protective measure and you have ping cookies, you need not scan
440           * for HTTP POST.           * for HTTP POST.
441           */           */
# Line 488  scanner { Line 443  scanner {
443    
444          /*          /*
445           * IP this scanner will bind to.  Use this if you need your scans to           * IP this scanner will bind to.  Use this if you need your scans to
446           * come FROM a particular interface on the machine you run BOPM from.           * come FROM a particular interface on the machine you run HOPM from.
447           * If you don't understand what this means, please leave this           * If you don't understand what this means, please leave this
448           * commented out, as this is a major source of support queries!           * commented out, as this is a major source of support queries!
449           */           */
# Line 528  scanner { Line 483  scanner {
483           *           *
484           * Please use an IP that is publically reachable from anywhere on the           * Please use an IP that is publically reachable from anywhere on the
485           * Internet, because you have no way of knowing where the insecure           * Internet, because you have no way of knowing where the insecure
486           * proxies will be located.  Just because you and your BOPM can           * proxies will be located.  Just because you and your HOPM can
487           * connect to your ircd on some private IP like 192.168.0.1, does not           * connect to your ircd on some private IP like 192.168.0.1, does not
488           * mean that the insecure proxies out there on the Internet will be           * mean that the insecure proxies out there on the Internet will be
489           * able to.  And if they never connect, you will never detect them.           * able to.  And if they never connect, you will never detect them.
490           *           *
491           * Remember to change this setting for every scanner you configure.           * Remember to change this setting for every scanner you configure.
          *  
492           */           */
493          target_ip     = "127.0.0.1";          target_ip = "127.0.0.1";
494    
495          /*          /*
496           * Target port to tell the proxy to connect to.  This is usually           * Target port to tell the proxy to connect to.  This is usually
497           * something like 6667.  Basically any client-usable port.           * something like 6667.  Basically any client-usable port.
498           */           */
499          target_port   = 6667;          target_port = 6667;
500    
501          /*          /*
502           * Target string we check for in the data read back by the scanner.           * Target string we check for in the data read back by the scanner.
# Line 555  scanner { Line 509  scanner {
509           *       connections. Comment out any others for efficiency.           *       connections. Comment out any others for efficiency.
510           */           */
511    
512          /* Usually first line sent to client on connection to ircd.          /*
513             * Usually first line sent to client on connection to ircd.
514           * If your ircd supports a more specific line (see below),           * If your ircd supports a more specific line (see below),
515           * using it will reduce false positives.           * using it will reduce false positives.
516           */           */
517          target_string = "*** Looking up your hostname...";          target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname";
518    
519          /* Some ircds give a source for the NOTICE AUTH (bahamut for example).          /*
520           * It is recommended you use the following instead of the generic           * If you try to connect too fast, you'll be throttled by your own
          * "*** Looking up your hostname..." if your ircd supports it.  
          * This will reduce the chances of false positives.  
          */  
 #       target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname...";  
   
         /* If you try to connect too fast, you'll be throttled by your own  
521           * ircd.  Here's what a hybrid throttle message looks like:           * ircd.  Here's what a hybrid throttle message looks like:
522           */           */
         target_string = "ERROR :Trying to reconnect too fast.";  
   
         /* And the same for bahamut (comment this out if you're not using bahamut): */  
523          target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";          target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
524  };  };
525    
526    
527  scanner {  scanner {
528          name = "extended";          name = "extended";
529    
# Line 643  scanner { Line 590  scanner {
590  };  };
591    
592    
   
593  /*  /*
594   * User blocks define what scanners will be used to scan which hostmasks. When   * User blocks define what scanners will be used to scan which hostmasks. When
595   * a user connects they will be scanned on every scanner {} (above) that   * a user connects they will be scanned on every scanner {} (above) that
596   * matches their host.   * matches their host.
597   */   */
   
598  user {  user {
599          /*          /*
600           * Users matching this host mask will be scanned with all the           * Users matching this host mask will be scanned with all the
# Line 660  user { Line 605  user {
605  };  };
606    
607  user {  user {
608          /* Connections without ident will match on a vast number of connections          /*
609           * very few proxies run ident though */           * Connections without ident will match on a vast number of connections
610             * very few proxies run ident though
611             */
612  #       mask = "*!~*@*";  #       mask = "*!~*@*";
613          mask = "*!squid@*";          mask = "*!squid@*";
614          mask = "*!nobody@*";          mask = "*!nobody@*";
# Line 678  user { Line 625  user {
625    
626  /*  /*
627   * Exempt hosts matching certain strings from any form of scanning or dnsbl.   * Exempt hosts matching certain strings from any form of scanning or dnsbl.
628   * BOPM will check each string against both the hostname and the IP address of   * HOPM will check each string against both the hostname and the IP address of
629   * the user.   * the user.
630   *   *
631   * There are very few valid reasons to actually use "exempt".  BOPM should   * There are very few valid reasons to actually use "exempt".  HOPM should
632   * never get false positives, and we would like to know very much if it does.   * never get false positives, and we would like to know very much if it does.
633   * One possible scenario is that the machine BOPM runs from is specifically   * One possible scenario is that the machine HOPM runs from is specifically
634   * authorized to use certain hosts as proxies, and users from those hosts use   * authorized to use certain hosts as proxies, and users from those hosts use
635   * your network.  In this case, without exempt, BOPM will scan these hosts,   * your network.  In this case, without exempt, HOPM will scan these hosts,
636   * find itself able to use them as proxies, and ban them.   * find itself able to use them as proxies, and ban them.
637   */   */
638  exempt {  exempt {

Legend:
Removed from v.5055  
changed lines
  Added in v.5056

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.28