From 50801f50680b74b8f0762c948b7c276c8d9da876 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Sat, 13 May 2017 12:24:55 +0200 Subject: [PATCH] Add conf/modules.optional.conf. This loads all additional modules that are not in modules.default.conf. --- Makefile.in | 1 + doc/conf/modules.optional.conf | 129 +++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 doc/conf/modules.optional.conf diff --git a/Makefile.in b/Makefile.in index 58b9d2518..70da855b4 100644 --- a/Makefile.in +++ b/Makefile.in @@ -183,6 +183,7 @@ install: all $(INSTALL) -m 0600 doc/Authors doc/coding-guidelines doc/tao.of.irc @DOCDIR@ $(INSTALL) -m 0700 -d @CONFDIR@ $(INSTALL) -m 0600 doc/conf/*.default.conf @CONFDIR@ + $(INSTALL) -m 0600 doc/conf/*.optional.conf @CONFDIR@ -@if [ ! -f "@CONFDIR@/spamfilter.conf" ] ; then \ $(INSTALL) -m 0600 doc/conf/spamfilter.conf @CONFDIR@ ; \ fi diff --git a/doc/conf/modules.optional.conf b/doc/conf/modules.optional.conf new file mode 100644 index 000000000..344f78f33 --- /dev/null +++ b/doc/conf/modules.optional.conf @@ -0,0 +1,129 @@ +/* This file will load all optional modules. These are features that + * not everyone will use or are considered experimental. + * You can include this file from your unrealircd.conf like this: + * include "modules.optional.conf"; + * OR... and this is probably a better idea... you can copy-paste it + * to another file where you do your own customizations. + * + * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!! + * If you want to customize, make a copy of this file (for example + * name it modules.custom.conf) and edit it. + * Then include that file from your unrealircd.conf instead of this one. + */ + +/*** Extended Bans ***/ +loadmodule "extbans/textban"; /* +b ~T (censor or block text) */ + +/*** Other ***/ + +// The hideserver module will hide /MAP and /LINKS to regular users. +// It does not truly enhance security as server names can still be +// seen at other places. +loadmodule "hideserver"; + +// The antirandom module will kill or *line users that have a nick, +// ident and/or realname that is considered "random". +// This helps to combat simple botnets/drones. +// Note that failure to set the right settings may ban innocent users. +// This is especially true if you are on a non-English network where +// the module may consider a sequence of characters "random" even though +// it is a perfectly pronounceable word in your language. +loadmodule "antirandom"; +set { + antirandom { + /* THRESHOLD: + * This is pretty much the most important setting of all. + * For every randomly looking ident the user gets a certain amount of + * 'points', if this value reaches 'threshold' then the appropriate + * action is taken (killed, *lined, see later on). + * lower = more randomly looking users will be catched (but also more + * innocent users) + * higher = less chance of innocent users getting killed, but also less + * chance on bots getting catched. + * <2: DON'T!! + * 4: Works good, probably a few more innocent kills but if you got + * quite a bot problem then this might be a useful setting. + * 5: Works well with few innocent kills, probably good to begin with. + * 6: If you want to be a tad more careful + * >6: For the paranoid. Module can still be quite effective, though :) + */ + threshold 7; + + /* BAN-ACTION: + * Action to take whenever the user is catched as random, options: + * warn, kill, gline, gzline, kline, zline, shun, tempshun + */ + ban-action kill; + + /* BAN-TIME: + * Time to ban the user (irrelevant for tempshun/kill). + * Something between 1 hour and 2 days is recommended. + * If you set it higher than 3 or 4 days then you get quite a risk + * of catching innocent users due to dynamic IP, not to mention + * your *line list gets filled up... so choose it wisely. + */ + ban-time 4h; + + /* BAN-REASON: + * The ban (or kill) reason to use. + * You might want to put in an entry to a FAQ or an email address + * where users can mail if they have been catched and don't know what to do. + * NOTE: One of the various reasons that ""innocent users"" are catched is + * if they just randomly type in info for their nick, ident, or realname. + */ + ban-reason "You look like a bot. Be sure to fill in your nick/ident/realname properly."; + + /* CONVERT-TO-LOWERCASE: + * Convert nicks, idents, and realnames to lowercase before doing random checks? + * This has not been tested extensively for false positives, but might be (very) + * helpful to catch GnStA5FYhiTH51TUkf style random nicks as random. + * Enabled by default. + */ + convert-to-lowercase yes; + + /* FULLSTATUS-ON-LOAD: + * If enabled, then upon loading it will check all users that are currently + * connected and give a status report about who it would have killed. + * Note that it doesn't actually kill any currently connected users, it is for + * informative purposes only. + * This can be (very) useful if you use the module for the first time. + * But you probably want to disable it after a while, since once the module + * is actively dealing with randomly looking persons, it shouldn't report any + * users anymore on load and then this check only eats useless CPU on /REHASH. + * Enabled by default. + */ + fullstatus-on-load yes; + + /* SHOW-FAILEDCONNECTS: + * This will send out a notice whenever a randomly looking user has been catched + * during connecting. Obviously this can be pretty noisy. + * Especially recommended to enable during the first few days you use this module. + */ + show-failedconnects yes; + + /* EXCEPT-HOSTS: + * Hostmasks on this list are matched against the IP and hostname of the connecting + * user. If it matches then we do not check if the nick/ident/realname is random. + * If you are using CGI:IRC on your network, then you probably want to put that + * IP/host here. + * NOTE: Use the REAL host or IP here, not any cloaked hosts! + */ + except-hosts { + "192.168.*"; + "127.*"; + }; + }; +}; + +// This add the /IRCOPS command: A more visual way for users +// to see which IRCOps are online. +loadmodule "m_ircops"; + +// This adds the /STAFF command: This command simply displays +// a text file that you can configure here: +loadmodule "m_staff"; +set { staff-file "network.staff"; }; + +// This adds websocket support. For more information, see: +// https://www.unrealircd.org/docs/WebSocket_support +loadmodule "websocket";