diff options
Diffstat (limited to 'docs/conf/opers.conf.example')
-rw-r--r-- | docs/conf/opers.conf.example | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example new file mode 100644 index 000000000..d76496e66 --- /dev/null +++ b/docs/conf/opers.conf.example @@ -0,0 +1,162 @@ +#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# Classes are a group of commands which are grouped together and # +# given a unique name. They're used to define which commands # +# are available to certain types of Operators. # +# # +# # +# Note: It is possible to make a class which covers all available # +# commands. To do this, specify commands="*". This is not really # +# recommended, as it negates the whole purpose of the class system, # +# however it is provided for fast configuration (e.g. in test nets) # +# # + +<class + name="Shutdown" + + # commands: oper commands that users of this class can run. + commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD GUNLOADMODULE GRELOADMODULE SAJOIN SAPART SANICK SAQUIT SATOPIC" + + # privs: special privileges that users with this class may utilise. + # VIEWING: + # - channels/auspex: allows opers with this priv to see more detail about channels than normal users. + # - users/auspex: allows opers with this priv to view more details about users than normal users. + # - servers/auspex: allows opers with this priv to see more detail about server information than normal users. + # ACTIONS: + # - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*) + # - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels. + # - channels/set-permanent: allows opers with this priv to set +P on channels with m_permchannels. + # PERMISSIONS: + # - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE) + # - users/flood/increased-buffers: allows opers with this priv to send and recieve data without worrying about being disconnected for exceeding limits (*NOTE) + # + # *NOTE: These privs are potantially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially. + privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit channels/set-permanent users/flood/no-throttle users/flood/increased-buffers" + + # usermodes: Oper-only usermodes that opers with this class can use. + usermodes="*" + + # chanmodes: Oper-only channel modes that opers with this class can use. + chanmodes="*"> + +<class name="ServerLink" commands="CONNECT SQUIT CONNECT MKPASSWD ALLTIME SWHOIS CLOSE JUMPSERVER LOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex"> +<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*"> +<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*" chanmodes="*" privs="users/mass-message"> +<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT TAXONOMY" usermodes="*" chanmodes="*" privs="users/auspex"> + + +#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# +# # +# This is where you specify which types of operators you have on # +# your server, as well as the commands they are allowed to use. # +# This works alongside with the classes specified above. # +# # + +<type + # name: Name of type. Used in actual olines below. + # Cannot contain spaces. If you would like a space, use + # the _ character instead and it will translate to a space on whois. + name="NetAdmin" + + # classes: classes (above blocks) that this type belongs to. + classes="OperChat BanControl HostCloak Shutdown ServerLink" + + # vhost: host oper gets on oper-up. This is optional. + vhost="netadmin.omega.org.za" + + # modes: usermodes besides +o that are set on a oper of this type + # when they oper up. Used for snomasks and other things. + # Requires that m_opermodes.so be loaded. + modes="+s +cCqQ"> + +<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.org.za"> +<type name="Helper" classes="HostCloak" vhost="helper.omega.org.za"> + + +#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# # +# Opers are defined here. This is a very important section. # +# Remember to only make operators out of trust worthy people. # +# # + +# oline with plain-text password +<oper + # name: oper login that is used to oper up (/oper name password). + # Remember: This is case sensitive + name="Brain" + + # password: case-sensitive, unhashed...yea...self-explanatory. + password="s3cret" + + # host: What hostnames/IP's are allowed to oper up with this oline. + # Multiple options can be separated by spaces and CIDR's are allowed. + # You CAN use just * or *@* for this section, but it is not recommended + # for security reasons. + host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" + + # ** ADVANCED ** This option is disabled by default. + # fingerprint: When using the m_sslinfo module, you may specify + # a key fingerprint here. This can be obtained by using the /sslinfo + # command while the module is loaded, and is also noticed on connect. + # This enhances security by verifying that the person opering up has + # a matching SSL client certificate, which is very difficult to + # forge (impossible unless preimage attacks on the hash exist). + # If m_sslinfo isn't loaded, this option will be ignored. + #fingerprint="67cb9dc013248a829bb2171ed11becd4" + + # autologin: if an SSL fingerprint for this oper is specified, you can + # have the oper block automatically log in. This moves all security of the + # oper block to the protection of the client certificate, so be sure that + # the private key is well-protected! Requires m_sslinfo. + #autologin="on" + + # sslonly: This oper can only oper up if they're using a SSL connection. + # Setting this option adds a decent bit of security. Highly recommended + # if the oper is on wifi, or specifically, unsecured wifi. Note that it + # is redundant to specify this option if you specify a fingerprint. + # This setting only takes effect if m_sslinfo is loaded. + #sslonly="yes" + + # vhost: overrides the vhost in the type block. Class and modes may also + # be overridden + vhost="brain.netadmin.omega" + + # type: What oper type this oline is. See the block above for list + # of types. NOTE: This is case-sensitive as well. + type="NetAdmin"> + +# oline with plain-text password and no comments..for all who like copy & paste +<oper + name="Brain" + password="s3cret" + host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" + #fingerprint="67cb9dc013248a829bb2171ed11becd4" + type="NetAdmin"> + +# oline with hashed password. It is highly recommended to use hashed passwords. +<oper + # name: oper login that is used to oper up (/oper name password). + # Remember: This is case sensitive + name="Brain" + + # hash: what hash this password is hashed with. requires the module + # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be + # loaded and the password hashing module (m_password_hash.so) + # loaded. Options here are: "md5", "sha256" and "ripemd160". + # Create hashed password with: /mkpasswd <hash> <password> + hash="sha256" + + # password: a hash of your password (see above option) hashed + # with /mkpasswd <hash> <password> . See m_password_hash in modules.conf + # for more information about password hashing. + password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0" + + # host: What hostnames/IP's are allowed to oper up with this oline. + # Multiple options can be separated by spaces and CIDR's are allowed. + # You CAN use just * or *@* for this section, but it is not recommended + # for security reasons. + host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" + + # type: What oper type this oline is. See the block above for list + # of types. NOTE: This is case-sensitive as well. + type="NetAdmin"> |