I used IRC sparcely when I was a kid and honestly thought it had died out or wasn't heavily used anymore. That is, until I started doing more with OpenStack and found out the community is alive and well. I know that there are websites out there on how to set up either an IRC client or a ZNC broker, but nothing that put it all together. So this post is for you as much as it is notes for me incase I need to redo my setup. So lets begin...
The easy way of connecting to an IRC server is directly, however, there is an issue with that. First, when you disconnect, you'll lose all chats that are happening, or maybe someone did a shoutout to you and it is now unheard. So that's why we add an IRC broker, ZNC, as shown below (Image from ZNC's website).
For my setup, I used:
In this process, I compiled the source for ZNC since there have been many security and stability updates not included in the apt-get install version.... $ apt-cache show znc | grep Version Version: 1.4-2
So first, I installed all of the dependancies necessary for ZNC:
sudo apt-get update && sudo apt-get install build-essential libssl-dev libperl-dev
Then I downloaded the source code, untarred it and went into that directory.
wget http://znc.in/releases/znc-latest.tar.gz sudo tar -xzvf znc-latest.tar.gz cd znc*
Next I configured the source, and compiled the source using the make command:
./configure make
The make command is going to take a bit of time, 20-30 minutes depending on which Pi you have and how it is configured. After that, we can install ZNC and do the setup, don't forget that you'll need to be sudo.
sudo make install znc --makeconf
Here are the setup questions/answers...
-- Global settings -- [ ** ] [ ?? ] Listen on port (1025 to 65534): 6667 [ ?? ] Listen using SSL (yes/no) [no]: yes [ ?? ] Listen using both IPv4 and IPv6 (yes/no) [yes]: no [ .. ] Verifying the listener... [ >> ] ok [ ** ] Enabled global modules [webadmin] [ ** ] [ ** ] -- Admin user settings -- [ ** ] [ ?? ] Username (alphanumeric): USERNAME [ ?? ] Enter password: [ ?? ] Confirm password: [ ?? ] Nick [USERNAME]: [ ?? ] Alternate nick [USERNAME_]: [ ?? ] Ident [USERNAME]: [ ?? ] Real name [Got ZNC?]: James [ ?? ] Bind host (optional): [ ** ] Enabled user modules [chansaver, controlpanel] [ ** ] [ ?? ] Set up a network? (yes/no) [yes]: no At this point, your ZNC broker is roughly set up on what ever port (Default is 6667) you specified above and your IP address. Be sure to choose your Username carefully, as that will become the default option for the next few questions. That IRC info you'll need to enter in the ZNC server as well. You'll want to add networks to your ZNC broker. The main one for me was the irc.freenode.net server, port 6697. You can install some additional features like Fail2Ban under the Global Modules, and setup IP limits, buffer sizes, connection delays, etc. For me under the webadmin Settings, I have SSL, IPv4, IRC and Web checked in my listening ports. And a maximum buffer size of 500, Connect Delay: 5, Server Throttle: 30, and Anon. IP Limit of 10. Also I have the 2 boxes checked: Disallow IP changing during each web session and Hide version number from non-ZNC users. Don't forget, if you lose power, your Raspberry pi will need to have these services started back up again. You can set them up as services later too so they autostart with the boot up. Setting up Colloquy...
Now, we need to set up Colloquy. The information here is the standard info you provided above: Chat Server should be your IP address of your home or of the ZNC broker depending on your setup, Port # should match the port you set above, and Username mentioned above.
There not a whole lot more to it than that. I hope this helps and if I forgot anything or you need help, let me know!
At work we have been using Raspberry Pi's a lot lately building up devices for the "Internet of Things" (IoT) along with many other purposes. However, finding a simple guide on securing the device along with useful code has been challenging. So here is a small guide from unboxing it to securing your raspberry pi. First lets look at the basics:
First lets create a new user, log into the RPi as pi and look at what groups you currently have: $ groups pi adm dialout cdrom sudo audio video plugdev games users netdev input And create a new user with all of the same groups. At the end of the line, make sure you enter your new username: $ sudo useradd -m -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,netdev,input USERNAME Change the password: $ sudo passwd USERNAME Shutdown the pi and $ sudo shutdown -h now Once you boot up, login as the new user you just created and delete pi.... bye-bye pi! $ sudo deluser --remove-all-files pi Update the system and set it to auto update Next, lets update the OS, software, and firmware manually, then set it to do it automatically everyday. To update the system: $ sudo apt-get update && sudo apt-get upgrade And then update the distribution: $ sudo apt-get dist-upgrade Now we can check what our firmware version is: $ uname -a and upgrade the firmware to the latest version: $ sudo rpi-update If you want to know more about the change log, you can find it here: https://github.com/Hexxeh/rpi-firmware/commits/master At this point you can verify the new version by running the same code again and compare: $ uname -a We can't easily do all of the updates everyday, but we can do security updates and some other software updates daily. First login as root, and install unattended-upgrades: $ sudo su $ apt-get install unattended-upgrades We are going to modify a file, again you need to be as root here: $ nano /etc/apt/apt.conf.d/10periodic Inside that file, make sure you have the following 4 lines of code and make sure they have the respective values: APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "0"; APT::Periodic::AutocleanInterval "1"; APT::Periodic::Unattended-Upgrade "1"; The AutocleanInterval in case you were wondering clears out the local repository of retrieved packages that can no longer be downloaded. Due to this fact, I believe, that they are largely useless, so we can clear them out, save cache and hopefully by doing so not have our device fill up and quickly run out of space. Next, because the RPi wont reboot automatically even if you ask it to, you can configure it as follows: $ dpkg-reconfigure -plow unattended-upgrades This will prompt you if you want to "Automatically download and install stable updates?" select yes. You will also need to modify one other file and again make sure it is not commented and the value set to true: $ nano /etc/apt/apt.conf.d/50unattended-upgrades Unattended-Upgrade::Automatic-Reboot "true"; And lastly, install update-notifier-common package to allow the system to reboot successfully. $ apt-get install update-notifier-common Set the Memory Split & Disable boot to desktop The next couple of items are really "free" optimization tricks and best practices. If you choose to only use terminal, as I do, you can go ahead and disable boot to desktop. This is found under the raspi-config. In this menu you'll see an option for "boot to desktop/scratch" and you can opt to only boot to console from this submenu. If you choose to go this route, I would then recommend freeing up some of the ram dedicated to the graphics card and instead reallocate it to the system. You can check what it is now from the raspi-config menu under the advanced setting or in terminal: $ vcgencmd get_mem arm && vcgencmd get_mem gpu and if you don't see: arm=992M gpu=16M we can optimize it more. Again, I only recommend this if you plan on using it solely as SSH and without any GUI. Go to your RPi config screen: $ sudo raspi-config Navigate to the "8 Advanced Options" screen and select "A3 Memory Split". How much memory should the GPU have? 16. This will give you a much large chunk of RAM for the system since the GPU wont be used heavily at all. I don't recommend overclocking but if you want you can overclock it in the advanced menu as well. Set the Hostname & Locale While you are at the configuration tool, I would recommend changing your Hostname under the advanced options along with the locale which is under the International Options. I didn't see many unnecessary services running, but if you want you can stop services by executing: $ sudo update-rc.d <service name> disable And if you are concerned about the RPi being too hot or want to see what the current temperature is, you can use: $ /opt/vc/bin/vcgencmd measure_temp Anything under 45'C I would say is perfectly fine. The Pi starts to throttle back at 85'C to help prevent lifespan degradation. Another potential performance increase would be by changing the SD card to a class 10 card. I would recommend the SanDisk Extreme 16GB UHS-I/U3 Micro SDHC. According to this link, they seem to have the best throughput and a good size. A more secure SSH client A more secure version of SSH and also more lightweight is a program called DropBear. DropBear does not support SSHv1, telnet, or rlogin which all have some serious security holes. To install you'll need to do the following commands: $ sudo apt-get install dropbear $ sudo nano /etc/default/dropbear edit the line called to reflect this: NO_START=0 Lets turn off our current SSH server. At this point you want to make sure you have a stable connection to the Pi. This command wont kill you current connect, but you want to be careful so you don't lose access. $ sudo /etc/init.d/ssh stop and start up our new dropbear $ sudo /etc/init.d/dropbear start Now open up a second SSH terminal and try to ssh into the pi to make sure you can reconnect without issues. Once you can, lets continue: $ sudo apt-get remove openssh-server |
AuthorJames Benson is an IT professional. Archives
August 2022
Categories
All
|