What IRCD is preferred among true security minded folk?
Dear Misc, This is somewhat off topic, but it's been on my mind for quite some time, and someone just brought up irc, so I thought I'd ask. I've been looking to set up an irc server for some time now. It would be mostly for personal use and I don't plan on having more than a handful of concurrent users nor connecting said server to any IRC network. My primary criteria are: - Good security track record - Runs on OpenBSD (port or package) - Clean code (Preferably C) - Supports encrypted connections I've read some atrocious IRCd source, I believe I even read one (an old version of hybrid?) where all configuration had to be done at compile time with #define statements instead of using a configuration file. I would prefer C over C++ (hence I'm not too fond of inspIRCd (also because they recently had an exploit in one of their default modules)). As I cannot trust the integrity of others' connections, I wish for connections to be encrypted in some form or another. Multiple irc servers support encryption via SSL, such a feature would be desirable. I would like to have channels guaranteed to be private, where private is defined by exclusively comprised of explicitly allowed users, (allowed by me, in some configuration file,) who must have authenticated via PASS or something to ensure that they are not impostors, and either be using *encrypted* connections from *unspecified*, changing, origins (as in the case of my phone, laptop, and friends' computers) or *unencrypted* connections from *known*, fixed, origins (as in the case of my bots). *IF THE ABOVE IS NOT POSSIBLE*, I want to prevent anyone from connecting to my server except for myself, my friends, and my bots. Normally I would accomplish this via PF, however in this case I cannot because I don't have a list of IPs to allow. I frequently use IRC via my phone whose IP very often changes and is in a range much bigger than I'd like to allow. The problem of my phone could be solved by using a bouncer, however such a service would also need to be locked down, thus bringing me back to block 0. My friends also use varying (unpredictable) locations, and whitelisting each one on an as-needed basis would be infeasible. One potential solution I have sought is preventing users from doing anything until a proper NICK/USER/PASS has been provided, with all accounts created by myself and told to the intended user in a secure/prearranged manner, and patching my bots to authenticate as such would be rather trivial. Features of the IRCd are not as important to me as its security. Sure, nickserv chanserv friends would be nice, but I'm more concerned about keeping outsiders/snoopers out of private channels and keeping my/friends connections secure, and less concerned about preventing chat flooding, opless channels, etc. So far I have looked into: * ngIRCd - so far my favorite * UnrealIRCd } * IRCD-Hybrid } - all forks from the same giant nightmare * Ratbox IRCd } * inspIRCd - written in C++, and doesn't have a great track-record but I am completely open to anything. Many thanks, Jean-Philippe
Re: What IRCD is preferred among true security minded folk?
On Thu, Apr 28, 2011 at 08:07:01PM -0400, Jean-Philippe Ouellet wrote: Dear Misc, This is somewhat off topic, but it's been on my mind for quite some time, and someone just brought up irc, so I thought I'd ask. I've been looking to set up an irc server for some time now. It would be mostly for personal use and I don't plan on having more than a handful of concurrent users nor connecting said server to any IRC network. My primary criteria are: - Good security track record - Runs on OpenBSD (port or package) - Clean code (Preferably C) - Supports encrypted connections I have a somewhat relevant private IRC server configuration. This is for a community of friends. All users have devices that have terminal emulation support and key based ssh authentication support. They ssh in and get dropped into an IRC session immediately. The big assumption is that they don't mind using a terminal based IRC client :) Use a locked down and immutable ~/.ssh/authorized_keys file with command='/usr/bin/someIRCclient', which allows only running the terminal based IRC client which has a per-user configuration file. Set other options in the authorized_keys file to limit agent forwarding and port forwarding as necessary. See the AUTHORIZED_KEYS FILE FORMAT of 'man sshd'. The 'Match' and 'ForceCommand' directives in sshd_config may be more suitable. Modify configuration directives in sshd_config as needed for your environment. Configure appropriate limits in login.conf (or limits.conf in Linux) to allow only necessary resource consumption and number of concurrent logins. Modify the source of chosen IRC client to prevent built-in command execution functionality. Configure appropriate filtering with PF, not only inbound but also outbound. Use per-user outbound block rules to easily determine which user attempts to make outbound connections. Follow other common server security practices. Set immutable flags on files as warranted. Which ever IRC daemon you choose, make an attempt to understand as much as you can about it's configuration. John I've read some atrocious IRCd source, I believe I even read one (an old version of hybrid?) where all configuration had to be done at compile time with #define statements instead of using a configuration file. I would prefer C over C++ (hence I'm not too fond of inspIRCd (also because they recently had an exploit in one of their default modules)). As I cannot trust the integrity of others' connections, I wish for connections to be encrypted in some form or another. Multiple irc servers support encryption via SSL, such a feature would be desirable. I would like to have channels guaranteed to be private, where private is defined by exclusively comprised of explicitly allowed users, (allowed by me, in some configuration file,) who must have authenticated via PASS or something to ensure that they are not impostors, and either be using *encrypted* connections from *unspecified*, changing, origins (as in the case of my phone, laptop, and friends' computers) or *unencrypted* connections from *known*, fixed, origins (as in the case of my bots). *IF THE ABOVE IS NOT POSSIBLE*, I want to prevent anyone from connecting to my server except for myself, my friends, and my bots. Normally I would accomplish this via PF, however in this case I cannot because I don't have a list of IPs to allow. I frequently use IRC via my phone whose IP very often changes and is in a range much bigger than I'd like to allow. The problem of my phone could be solved by using a bouncer, however such a service would also need to be locked down, thus bringing me back to block 0. My friends also use varying (unpredictable) locations, and whitelisting each one on an as-needed basis would be infeasible. One potential solution I have sought is preventing users from doing anything until a proper NICK/USER/PASS has been provided, with all accounts created by myself and told to the intended user in a secure/prearranged manner, and patching my bots to authenticate as such would be rather trivial. Features of the IRCd are not as important to me as its security. Sure, nickserv chanserv friends would be nice, but I'm more concerned about keeping outsiders/snoopers out of private channels and keeping my/friends connections secure, and less concerned about preventing chat flooding, opless channels, etc. So far I have looked into: * ngIRCd - so far my favorite * UnrealIRCd } * IRCD-Hybrid } - all forks from the same giant nightmare * Ratbox IRCd } * inspIRCd - written in C++, and doesn't have a great track-record but I am completely open to anything. Many thanks, Jean-Philippe
Re: What IRCD is preferred among true security minded folk?
On Thu, Apr 28, 2011 at 7:07 PM, Jean-Philippe Ouellet jean-phili...@ouellet.biz wrote: Dear Misc, This is somewhat off topic, but it's been on my mind for quite some time, and someone just brought up irc, so I thought I'd ask. I've been looking to set up an irc server for some time now. It would be mostly for personal use and I don't plan on having more than a handful of concurrent users nor connecting said server to any IRC network. My primary criteria are: B - Good security track record B - Runs on OpenBSD (port or package) B - Clean code (Preferably C) B - Supports encrypted connections I use SILC some times... I think OpenBSD devs also use it. I've read some atrocious IRCd source, I believe I even read one (an old version of hybrid?) where all configuration had to be done at compile time with #define statements instead of using a configuration file. I would prefer C over C++ (hence I'm not too fond of inspIRCd (also because they recently had an exploit in one of their default modules)). As I cannot trust the integrity of others' connections, I wish for connections to be encrypted in some form or another. Multiple irc servers support encryption via SSL, such a feature would be desirable. I would like to have channels guaranteed to be private, where private is defined by exclusively comprised of explicitly allowed users, (allowed by me, in some configuration file,) who must have authenticated via PASS or something to ensure that they are not impostors, and either be using *encrypted* connections from *unspecified*, changing, origins (as in the case of my phone, laptop, and friends' computers) or *unencrypted* connections from *known*, fixed, origins (as in the case of my bots). *IF THE ABOVE IS NOT POSSIBLE*, I want to prevent anyone from connecting to my server except for myself, my friends, and my bots. Normally I would accomplish this via PF, however in this case I cannot because I don't have a list of IPs to allow. I frequently use IRC via my phone whose IP very often changes and is in a range much bigger than I'd like to allow. The problem of my phone could be solved by using a bouncer, however such a service would also need to be locked down, thus bringing me back to block 0. My friends also use varying (unpredictable) locations, and whitelisting each one on an as-needed basis would be infeasible. One potential solution I have sought is preventing users from doing anything until a proper NICK/USER/PASS has been provided, with all accounts created by myself and told to the intended user in a secure/prearranged manner, and patching my bots to authenticate as such would be rather trivial. Features of the IRCd are not as important to me as its security. Sure, nickserv chanserv friends would be nice, but I'm more concerned about keeping outsiders/snoopers out of private channels and keeping my/friends connections secure, and less concerned about preventing chat flooding, opless channels, etc. So far I have looked into: B * ngIRCd - so far my favorite B * UnrealIRCd B } B * IRCD-Hybrid } - all forks from the same giant nightmare B * Ratbox IRCd } B * inspIRCd - written in C++, and doesn't have a great track-record but I am completely open to anything. Many thanks, Jean-Philippe