mirror of
https://github.com/anope/anope.git
synced 2026-06-12 18:54:47 +02:00
Robby-
aea86906f4
Merged operserv/modlist permission into operserv/modinfo. Fixed ChanServ INFO privilege to actually work for /BotServ INFO too for those users who have it, instead of only for founders. Fixed some typos aswell as removed whitespaces along the way.
604 lines
16 KiB
Plaintext
604 lines
16 KiB
Plaintext
/*
|
|
* [OPTIONAL] Non-Core Modules
|
|
*
|
|
* The following blocks are used to load all non-core modules, including 3rd-party modules.
|
|
* Modules can be prevented from loading by commenting out the line, other modules can be added by
|
|
* adding a module block. These modules will be loaded prior to Services connecting to your network.
|
|
*/
|
|
|
|
/*
|
|
* help
|
|
*
|
|
* Provides commands generic/help
|
|
*
|
|
* This is a generic help command that can be used with any client.
|
|
*/
|
|
module { name = "help" }
|
|
|
|
/*
|
|
* m_dns
|
|
*
|
|
* Adds support for the DNS protocol. By itself this module does nothing useful,
|
|
* but other modules such as m_dnsbl and os_dns require this.
|
|
*/
|
|
#module { name = "m_dns" }
|
|
dns
|
|
{
|
|
/*
|
|
* The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file.
|
|
* The below should work fine on all unix like systems. Windows users will have to find their nameservers
|
|
* from ipconfig /all and put the IP here.
|
|
*/
|
|
nameserver = "/etc/resolv.conf"
|
|
#nameserver = "127.0.0.1"
|
|
|
|
/*
|
|
* How long to wait in seconds before a DNS query has timed out.
|
|
*/
|
|
timeout = 5
|
|
|
|
|
|
/* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */
|
|
|
|
/*
|
|
* The IP and port services use to listen for DNS queries.
|
|
* Note that ports less than 1024 are privileged on UNIX/Linux systems, and
|
|
* require Anope to be started as root. If you do this, it is recommended you
|
|
* set options:user and options:group so Anope can change users after binding
|
|
* to this port.
|
|
*/
|
|
ip = "0.0.0.0"
|
|
port = 53
|
|
|
|
|
|
/*
|
|
* SOA record information.
|
|
*/
|
|
|
|
/* E-mail address of the DNS administrator. */
|
|
admin = "admin@example.com"
|
|
|
|
/* This should be the names of the public facing nameservers serving the records. */
|
|
nameservers = "ns1.example.com ns2.example.com"
|
|
|
|
/* The time slave servers are allowed to cache. This should be reasonably low
|
|
* if you want your records to be updated without much delay.
|
|
*/
|
|
refresh = 3600
|
|
}
|
|
|
|
/*
|
|
* m_dnsbl
|
|
*
|
|
* Allows configurable DNS blacklists to check connecting users against. If a user
|
|
* is found on the blacklist they will be immediately banned. This is a crucial module
|
|
* to prevent bot attacks.
|
|
*/
|
|
#module { name = "m_dnsbl" }
|
|
m_dnsbl
|
|
{
|
|
/*
|
|
* If set, Services will check clients against the DNSBLs when services connect to its uplink.
|
|
* This is not recommended, and on large networks will open a very large amount of DNS queries.
|
|
* Whilst services are not drastically affected by this, your nameserver/DNSBL might care.
|
|
*/
|
|
check_on_connect = no
|
|
|
|
/*
|
|
* If set, Services will check clients when coming back from a netsplit. This can cause a large number
|
|
* of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL
|
|
* might care.
|
|
*/
|
|
check_on_netburst = no
|
|
|
|
/*
|
|
* If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends
|
|
* a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
|
|
*/
|
|
add_to_akill = yes
|
|
}
|
|
blacklist
|
|
{
|
|
/* Name of the blacklist. */
|
|
name = "rbl.efnetrbl.org"
|
|
|
|
/* How long to set the ban for. */
|
|
time = 4h
|
|
|
|
/* Reason for akill.
|
|
* %n is the nick of the user
|
|
* %u is the ident/username of the user
|
|
* %g is the realname of the user
|
|
* %h is the hostname of the user
|
|
* %i is the IP of the user
|
|
* %r is the reason (configured below). Will be nothing if not configured.
|
|
* %N is the network name set in networkinfo:networkname
|
|
*/
|
|
reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
|
|
|
|
/* Replies to ban and their reason. If this is totally ommited all replies get banned. */
|
|
1 = "Open Proxy"
|
|
/* Don't ban for result 2 or 3 */
|
|
#2 = "spamtrap666"
|
|
#3 = "spamtrap50"
|
|
4 = "TOR"
|
|
5 = "Drones / Flooding"
|
|
}
|
|
blacklist
|
|
{
|
|
name = "dnsbl.dronebl.org"
|
|
time = 4h
|
|
reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=%N"
|
|
}
|
|
|
|
/*
|
|
* m_helpchan
|
|
*
|
|
* Gives users who are op in the specified help channel usermode +h (helpop).
|
|
*/
|
|
#module { name = "m_helpchan" }
|
|
m_helpchan
|
|
{
|
|
helpchannel = "#help"
|
|
}
|
|
|
|
/*
|
|
* m_httpd
|
|
*
|
|
* Allows services to serve web pages. By itself, this module does nothing useful.
|
|
*
|
|
* Note that using this will allow users to get the IP of your services.
|
|
* To prevent this we recommend using a reverse proxy or a tunnel.
|
|
*/
|
|
#module { name = "m_httpd" }
|
|
httpd
|
|
{
|
|
/* Name of this service */
|
|
name = "httpd/main"
|
|
|
|
/* IP to listen on */
|
|
ip = "0.0.0.0"
|
|
|
|
/* Port to listen on */
|
|
port = 8080
|
|
|
|
/* Time before connections to this server are timed out */
|
|
timeout = 30
|
|
|
|
/* Listen using SSL. Requires m_ssl. */
|
|
#ssl = yes
|
|
|
|
/* If you are using a reverse proxy that sends one of the
|
|
* extforward_headers set below, set this to its IP.
|
|
* This allows services to obtain the real IP of users by
|
|
* reading the forwarded-for HTTP header.
|
|
*/
|
|
#extforward_ip = "192.168.0.255"
|
|
|
|
/* The header to look for. These probably work as is. */
|
|
extforward_header = "X-Forwarded-For Forwarded-For"
|
|
}
|
|
|
|
/*
|
|
* m_ldap
|
|
*
|
|
* This module allows other modules to use LDAP. By itself, this module does nothing useful.
|
|
*/
|
|
#module { name = "m_ldap" }
|
|
ldap
|
|
{
|
|
server = "ldap://127.0.0.1"
|
|
port = 389
|
|
|
|
/*
|
|
* Admin credentials used for performing searches and adding users.
|
|
*/
|
|
admin_binddn = "cn=Manager,dc=anope,dc=org"
|
|
admin_password = "secret"
|
|
}
|
|
|
|
/*
|
|
* m_ldap_authentication
|
|
*
|
|
* This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
|
|
* LDAP to authenticate users. Requires m_ldap.
|
|
*/
|
|
#module { name = "m_ldap_authentication" }
|
|
m_ldap_authentication
|
|
{
|
|
/*
|
|
* The distinguished name used for searching for users's accounts.
|
|
*/
|
|
basedn = "ou=users,dc=anope,dc=org"
|
|
|
|
/*
|
|
* The search filter used to look up users's accounts.
|
|
* %account is replaced with the user's account.
|
|
* %object_class is replaced with the object_class configured below.
|
|
*/
|
|
search_filter = "(&(uid=%account)(objectClass=%object_class))"
|
|
|
|
/*
|
|
* The object class used by LDAP to store user account information.
|
|
* Used for adding new users to LDAP if disable_ns_register is false.
|
|
*/
|
|
object_class = "anopeUser"
|
|
|
|
/*
|
|
* The attribute value used for account names.
|
|
*/
|
|
username_attribute = "uid"
|
|
|
|
/*
|
|
* The attribute value used for email addresses.
|
|
* This directive is optional.
|
|
*/
|
|
email_attribute = "email"
|
|
|
|
/*
|
|
* The attribute value used for passwords.
|
|
* Used when registering new accounts in LDAP.
|
|
*/
|
|
password_attribute = "userPassword"
|
|
|
|
/*
|
|
* Enable to have this module disable /nickserv register.
|
|
*/
|
|
disable_ns_register = false
|
|
|
|
/*
|
|
* The reason to give the users who try to /ns register if
|
|
* disable_ns_register is enabled.
|
|
*/
|
|
#disable_reason = "To register on this network, visit http://some.misconfigured.site/register"
|
|
}
|
|
|
|
/*
|
|
* m_ldap_oper
|
|
*
|
|
* This module dynamically ties users to Anope opertypes when they identify
|
|
* via LDAP group membership. Requires m_ldap.
|
|
*
|
|
* Note that this doesn't give the user privileges on the IRCd, only in Services.
|
|
*/
|
|
#module { name = "m_ldap_oper" }
|
|
m_ldap_oper
|
|
{
|
|
/*
|
|
* An optional binddn to use when searching for groups.
|
|
* %a is replaced with the account name of the user.
|
|
*/
|
|
#binddn = "cn=Manager,dc=anope,dc=org"
|
|
|
|
/*
|
|
* An optional password to bind with.
|
|
*/
|
|
#password = "secret"
|
|
|
|
/*
|
|
* The base DN where the groups are.
|
|
*/
|
|
basedn = "ou=groups,dc=anope,dc=org"
|
|
|
|
/*
|
|
* The filter to use when searching for users.
|
|
* %a is replaced with the account name of the user.
|
|
*/
|
|
filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
|
|
|
|
/*
|
|
* The attribute of the group that is the name of the opertype.
|
|
* The cn attribute should match a known opertype in the config.
|
|
*/
|
|
opertype_attribute = "cn"
|
|
}
|
|
|
|
/*
|
|
* m_mysql
|
|
*
|
|
* This module allows other modules to use MySQL.
|
|
*/
|
|
#module { name = "m_mysql" }
|
|
mysql
|
|
{
|
|
/* The name of this service */
|
|
name = "mysql/main"
|
|
database = "anope"
|
|
server = "127.0.0.1"
|
|
username = "anope"
|
|
password = "mypassword"
|
|
port = 3306
|
|
}
|
|
|
|
/*
|
|
* m_proxyscan
|
|
*
|
|
* This module allows you to scan connecting clients for open proxies.
|
|
* Note that using this will allow users to get the IP of your services.
|
|
*
|
|
* Currently the two supported proxy types are HTTP and SOCKS5.
|
|
*
|
|
* The proxy scanner works by attempting to connect to clients when they
|
|
* connect to the network, and if they have a proxy running instruct it to connect
|
|
* back to services. If services are able to connect through the proxy to itself
|
|
* then it knows it is an insecure proxy, and will ban it.
|
|
*/
|
|
#module { name = "m_proxyscan" }
|
|
m_proxyscan
|
|
{
|
|
/*
|
|
* The target IP services tells the proxy to connect back to. This must be a publicly
|
|
* avaiable IP that remote proxies can connect to.
|
|
*/
|
|
#target_ip = "127.0.0.1"
|
|
|
|
/*
|
|
* The port services tells the proxy to connect to.
|
|
*/
|
|
target_port = 7226
|
|
|
|
/*
|
|
* The listen IP services listen on for incoming connections from suspected proxies.
|
|
* This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT).
|
|
*/
|
|
#listen_ip = "127.0.0.1"
|
|
|
|
/*
|
|
* The port services should listen on for incoming connections from suspected proxies.
|
|
* This most likely will be the same as target_port.
|
|
*/
|
|
listen_port = 7226
|
|
|
|
/*
|
|
* An optional notice sent to clients upon connect.
|
|
*/
|
|
#connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately."
|
|
|
|
/*
|
|
* Who the notice should be sent from.
|
|
*/
|
|
#connect_source = "OperServ"
|
|
|
|
/*
|
|
* If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends
|
|
* a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots.
|
|
*/
|
|
add_to_akill = yes
|
|
|
|
/*
|
|
* How long before connections should be timed out.
|
|
*/
|
|
timeout = 5
|
|
}
|
|
|
|
/*
|
|
* A proxyscan block (must have m_proxyscan loaded).
|
|
* You may have multiple proxyscan blocks.
|
|
*/
|
|
proxyscan
|
|
{
|
|
/* The type of proxy to check for. A comma separated list is allowed */
|
|
type = "HTTP"
|
|
|
|
/* The ports to check */
|
|
port = "80,8080"
|
|
|
|
/* How long to set the ban for */
|
|
time = 4h
|
|
|
|
/*
|
|
* The reason to ban the user for.
|
|
* %h is replaced with the type of proxy found.
|
|
* %i is replaced with the IP of proxy found.
|
|
* %p is replaced with the port.
|
|
*/
|
|
reason = "You have an open proxy running on your host (%t:%i:%p)"
|
|
}
|
|
|
|
/*
|
|
* m_sql_authentication
|
|
*
|
|
* This module allows authenticating users against an external SQL database using a custom
|
|
* query.
|
|
*/
|
|
#module { name = "m_sql_authentication" }
|
|
m_sql_authentication
|
|
{
|
|
/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
|
|
engine = "mysql/main"
|
|
|
|
/* Query to execute to authenticate. A non empty result from this query is considered a success,
|
|
* and the user will be authenticated.
|
|
*
|
|
* @a@ is replaced with the user's account name
|
|
* @p@ is replaced with the user's password
|
|
* @n@ is replaced with the user's nickname
|
|
* @i@ is replaced with the user's IP
|
|
*
|
|
* Note that @n@ and @i@ may not always exist in the case of a user identifying outside of the normal
|
|
* nickserv/identify command, such as through the web panel.
|
|
*
|
|
* Furthermore, if a field named email is returned from this query the user's email is
|
|
* set to its value.
|
|
*
|
|
*
|
|
* We've included some example queries for some popular website/forum systems.
|
|
*
|
|
* Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1"
|
|
* e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)"
|
|
* SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))"
|
|
* vBulletin: "SELECT `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))"
|
|
* IP.Board: "SELECT `email` FROM `ibf_members` WHERE `name` = @a@ AND `members_pass_hash` = MD5(CONCAT(MD5(`members_pass_salt`), MD5(@p@)))"
|
|
*/
|
|
query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))"
|
|
|
|
/*
|
|
* Enable to have this module disable /nickserv register.
|
|
*/
|
|
disable_ns_register = false
|
|
|
|
/*
|
|
* The reason to give the users who try to /ns register if
|
|
* disable_ns_register is enabled.
|
|
*/
|
|
#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
|
|
}
|
|
|
|
/*
|
|
* m_sql_oper
|
|
*
|
|
* This module allows granting users services operator privileges and possibly IRC Operator
|
|
* privileges based on an external SQL database using a custom query.
|
|
*/
|
|
#module { name = "m_sql_oper" }
|
|
m_sql_oper
|
|
{
|
|
/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
|
|
engine = "mysql/main"
|
|
|
|
/* Query to execute to determine if a user should have operator privileges.
|
|
* A field named opertype must be returned in order to link the user to their oper type.
|
|
* The oper types must be configured earlier in services.conf.
|
|
*
|
|
* If a field named modes is returned from this query then those modes are set on the user.
|
|
* Without this, only a simple +o is sent.
|
|
*
|
|
* @a@ is replaced with the user's account name
|
|
* @i@ is replaced with the user's IP
|
|
*/
|
|
query = "SELECT `opertype` FROM `my_users` WHERE `user_name` = @a@"
|
|
}
|
|
|
|
/*
|
|
* m_sqlite
|
|
*
|
|
* This module allows other modules to use SQLite.
|
|
*/
|
|
#module { name = "m_sqlite" }
|
|
sqlite
|
|
{
|
|
/* The name of this service */
|
|
name = "sqlite/main"
|
|
|
|
/* The database name, it will be created if it does not exist. */
|
|
database = "anope.db"
|
|
}
|
|
|
|
/*
|
|
* m_regex_pcre
|
|
*
|
|
* Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library.
|
|
*/
|
|
module { name = "m_regex_pcre" }
|
|
|
|
/*
|
|
* m_regex_posix
|
|
*
|
|
* Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions.
|
|
* This is likely the only regex module you will not need extra libraries for.
|
|
*/
|
|
#module { name = "m_regex_posix" }
|
|
|
|
/*
|
|
* m_regex_tre
|
|
*
|
|
* Provides the regex engine regex/tre, which uses the TRE regex library.
|
|
*/
|
|
#module { name = "m_regex_tre" }
|
|
|
|
/*
|
|
* m_rewrite
|
|
*
|
|
* Allows rewriting commands sent to/from clients.
|
|
*/
|
|
module { name = "m_rewrite" }
|
|
#command
|
|
#{
|
|
# service = "ChanServ"; name = "CLEAR"; command = "rewrite"
|
|
#
|
|
# /* Enable m_rewrite */
|
|
# rewrite = true
|
|
#
|
|
# /* Source message to match. A $ can be used to match anything. */
|
|
# rewrite_source = "CLEAR $ USERS"
|
|
#
|
|
# /*
|
|
# * Message to rewrite the source message to. A $ followed by a number, eg $0, gets
|
|
# * replaced by the number-th word from the source_message, starting from 0.
|
|
# */
|
|
# rewrite_target = "KICK $1 *"
|
|
#
|
|
# /*
|
|
# * The command description. This only shows up in HELP's output.
|
|
# * Comment this option to prevent the command from showing in the
|
|
# * HELP command.
|
|
# */
|
|
# rewrite_description = "Clears all users from a channel"
|
|
#}
|
|
|
|
/*
|
|
* m_ssl
|
|
*
|
|
* This module uses SSL to connect to the uplink server(s).
|
|
*/
|
|
#module { name = "m_ssl" }
|
|
ssl
|
|
{
|
|
/*
|
|
* An optional certificate and key for m_ssl to give to the uplink.
|
|
*
|
|
* You can generate your own certificate and key pair by using:
|
|
*
|
|
* openssl genrsa -out anope.key 2048
|
|
* openssl req -new -x509 -key anope.key -out anope.crt -days 1095
|
|
*/
|
|
cert = "data/anope.crt"
|
|
key = "data/anope.key"
|
|
}
|
|
|
|
/*
|
|
* m_xmlrpc
|
|
*
|
|
* Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
|
|
* By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
|
|
*/
|
|
#module { name = "m_xmlrpc" }
|
|
m_xmlrpc
|
|
{
|
|
/* Web service to use. Requires m_httpd. */
|
|
server = "httpd/main"
|
|
}
|
|
|
|
/*
|
|
* m_xmlrpc_main
|
|
*
|
|
* Adds the main XMLRPC core functions.
|
|
* Requires m_xmlrpc.
|
|
*/
|
|
#module { name = "m_xmlrpc_main" }
|
|
|
|
/*
|
|
* webcpanel
|
|
*
|
|
* This module creates a web configuration panel that allows users and operators to perform any task
|
|
* as they could over IRC. If you are using the default configuration you should be able to access
|
|
* this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on.
|
|
*
|
|
* This module requires m_httpd.
|
|
*/
|
|
#module { name = "webcpanel" }
|
|
webcpanel
|
|
{
|
|
/* Web server to use */
|
|
server = "httpd/main";
|
|
|
|
/* Template to use */
|
|
template = "default";
|
|
|
|
/* Page title */
|
|
title = "Anope IRC Services";
|
|
|
|
/* Whether or not to use https on redirecting URLS */
|
|
ssl = no
|
|
}
|