#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # # Classes are a group of commands which are grouped together and # # given a unique name. They're used to define which commands # # are available to certain types of Operators. # # # # # # Note: It is possible to make a class which covers all available # # commands. To do this, specify commands="*". This is not really # # recommended, as it negates the whole purpose of the class system, # # however it is provided for fast configuration (e.g. in test nets) # # # <class name="Shutdown" # commands: oper commands that users of this class can run. commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD GUNLOADMODULE GRELOADMODULE SAJOIN SAPART SANICK SAQUIT SATOPIC" # privs: special privileges that users with this class may utilise. # VIEWING: # - channels/auspex: allows opers with this priv to see more detail about channels than normal users. # - users/auspex: allows opers with this priv to view more details about users than normal users. # - servers/auspex: allows opers with this priv to see more detail about server information than normal users. # ACTIONS: # - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*) # - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels. # - channels/set-permanent: allows opers with this priv to set +P on channels with m_permchannels. # PERMISSIONS: # - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE) # - users/flood/increased-buffers: allows opers with this priv to send and recieve data without worrying about being disconnected for exceeding limits (*NOTE) # # *NOTE: These privs are potantially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially. privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit channels/set-permanent users/flood/no-throttle users/flood/increased-buffers" # usermodes: Oper-only usermodes that opers with this class can use. usermodes="*" # chanmodes: Oper-only channel modes that opers with this class can use. chanmodes="*"> <class name="ServerLink" commands="CONNECT SQUIT CONNECT MKPASSWD ALLTIME SWHOIS CLOSE JUMPSERVER LOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex"> <class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*"> <class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*" chanmodes="*" privs="users/mass-message"> <class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT TAXONOMY" usermodes="*" chanmodes="*" privs="users/auspex"> #-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# # # # This is where you specify which types of operators you have on # # your server, as well as the commands they are allowed to use. # # This works alongside with the classes specified above. # # # <type # name: Name of type. Used in actual olines below. # Cannot contain spaces. If you would like a space, use # the _ character instead and it will translate to a space on whois. name="NetAdmin" # classes: classes (above blocks) that this type belongs to. classes="OperChat BanControl HostCloak Shutdown ServerLink" # host: host oper gets on oper-up. This is optional. host="netadmin.omega.org.za" # modes: usermodes besides +o that are set on a oper of this type # when they oper up. Used for snomasks and other things. # Requires that m_opermodes.so be loaded. modes="+s +cCqQ"> <type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" host="ircop.omega.org.za"> <type name="Helper" classes="HostCloak" host="helper.omega.org.za"> #-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # Opers are defined here. This is a very important section. # # Remember to only make operators out of trust worthy people. # # # # oline with plain-text password <oper # name: oper login that is used to oper up (/oper name password). # Remember: This is case sensitive name="Brain" # password: case-sensitive, unhashed...yea...self-explanatory. password="s3cret" # host: What hostnames/IP's are allowed to oper up with this oline. # Multiple options can be separated by spaces and CIDR's are allowed. # You CAN use just * or *@* for this section, but it is not recommended # for security reasons. host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" # ** ADVANCED ** This option is disabled by default. # fingerprint: When using the m_sslinfo module, you may specify # a key fingerprint here. This can be obtained by using the # /fingerprint command while the module is loaded. This enhances # security by verifying that the person opering up has the matching # key/certificate combination. This enhances security a great deal. # If m_sslinfo and m_ssl_gnutls/m_ssl_openssl aren't loaded, # this option will be ignored. #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4" # sslonly: This oper can only oper up if they're using a SSL connection. # Setting this option adds a decent bit of security. Highly recommended if # the oper is on wifi or specifically, unsecured wifi. # This setting only takes effect if m_sslinfo and m_ssl_gnutls or m_ssl_openssl # are loaded. #sslonly="yes" # type: What oper type this oline is. See the block above for list # of types. NOTE: This is case-sensitive as well. type="NetAdmin"> # oline with plain-text password and no comments..for all who like copy & paste <oper name="Brain" password="s3cret" host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4" type="NetAdmin"> # oline with hashed password. It is highly recommended to use hashed passwords. <oper # name: oper login that is used to oper up (/oper name password). # Remember: This is case sensitive name="Brain" # hash: what hash this password is hashed with. requires the module # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be # loaded and the password hashing module (m_password_hash.so) # loaded. Options here are: "md5", "sha256" and "ripemd160". # Create hashed password with: /mkpasswd <hash> <password> hash="sha256" # password: a hash of your password (see above option) hashed # with /mkpasswd <hash> <password> . See m_password_hash in modules.conf # for more information about password hashing. password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0" # host: What hostnames/IP's are allowed to oper up with this oline. # Multiple options can be separated by spaces and CIDR's are allowed. # You CAN use just * or *@* for this section, but it is not recommended # for security reasons. host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" # type: What oper type this oline is. See the block above for list # of types. NOTE: This is case-sensitive as well. type="NetAdmin">