summaryrefslogtreecommitdiff
path: root/docs/conf/opers.conf.example
blob: b42f3129a6193b4d7aa62c431db2891c89732e1d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#-#-#-#-#-#-#-#-#-#-#-#-  CLASS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
#                                                                     #
#   Classes are a group of commands which are grouped together and    #
#   given a unique name. They're used to define which commands        #
#   are available to certain types of Operators.                      #
#                                                                     #
#                                                                     #
#  Note: It is possible to make a class which covers all available    #
#  commands. To do this, specify commands="*". This is not really     #
#  recommended, as it negates the whole purpose of the class system,  #
#  however it is provided for fast configuration (e.g. in test nets)  #
#                                                                     #

<class
     name="Shutdown"

     # commands: oper commands that users of this class can run.
     commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD GUNLOADMODULE GRELOADMODULE SAJOIN SAPART SANICK SAQUIT SATOPIC"

     # privs: special privileges that users with this class may utilise.
     #  VIEWING:
     #   - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
     #   - users/auspex: allows opers with this priv to view more details about users than normal users.
     #   - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
     # ACTIONS:
     #   - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
     #   - users/samode-usermodes: allows opers with this priv to change the user modes of any other user using /SAMODE
     #   - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
     # PERMISSIONS:
     #   - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
     #   - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
     #
     # *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
     privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit users/flood/no-throttle users/flood/increased-buffers"

     # usermodes: Oper-only usermodes that opers with this class can use.
     usermodes="*"

     # chanmodes: Oper-only channel modes that opers with this class can use.
     chanmodes="*">

<class name="ServerLink" commands="CONNECT SQUIT CONNECT MKPASSWD ALLTIME SWHOIS CLOSE JUMPSERVER LOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK SHUN CLONES CBAN CLEARCHAN" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*" chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">


#-#-#-#-#-#-#-#-#-#-#-#-  OPERATOR COMPOSITION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#   This is where you specify which types of operators you have on    #
#   your server, as well as the commands they are allowed to use.     #
#   This works alongside with the classes specified above.            #
#                                                                     #

<type
    # name: Name of type. Used in actual olines below.
    name="NetAdmin"

    # classes: classes (above blocks) that this type belongs to.
    classes="OperChat BanControl HostCloak Shutdown ServerLink"

    # vhost: host oper gets on oper-up. This is optional.
    vhost="netadmin.omega.org.za"

    # modes: usermodes besides +o that are set on a oper of this type
    # when they oper up. Used for snomasks and other things.
    # Requires that m_opermodes.so be loaded.
    modes="+s +cCqQ">

<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.org.za">
<type name="Helper" classes="HostCloak" vhost="helper.omega.org.za">


#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#   Opers are defined here. This is a very important section.         #
#   Remember to only make operators out of trust worthy people.       #
#                                                                     #

# oline with plain-text password
<oper
      # name: oper login that is used to oper up (/oper name password).
      # Remember: This is case sensitive
      name="Brain"

      # password: case-sensitive, unhashed...yea...self-explanatory.
      password="s3cret"

      # host: What hostnames/IP's are allowed to oper up with this oline.
      # Multiple options can be separated by spaces and CIDR's are allowed.
      # You CAN use just * or *@* for this section, but it is not recommended
      # for security reasons.
      host="yourident@dialup15.isp.com *@localhost *@example.com *@2001:db8::/32"

      # ** ADVANCED ** This option is disabled by default.
      # fingerprint: When using the m_sslinfo module, you may specify
      # a key fingerprint here. This can be obtained by using the /sslinfo
      # command while the module is loaded, and is also noticed on connect.
      # This enhances security by verifying that the person opering up has
      # a matching SSL client certificate, which is very difficult to
      # forge (impossible unless preimage attacks on the hash exist).
      # If m_sslinfo isn't loaded, this option will be ignored.
      #fingerprint="67cb9dc013248a829bb2171ed11becd4"

      # autologin: if an SSL fingerprint for this oper is specified, you can
      # have the oper block automatically log in. This moves all security of the
      # oper block to the protection of the client certificate, so be sure that
      # the private key is well-protected! Requires m_sslinfo.
      #autologin="on"

      # sslonly: This oper can only oper up if they're using a SSL connection.
      # Setting this option adds a decent bit of security. Highly recommended
      # if the oper is on wifi, or specifically, unsecured wifi. Note that it
      # is redundant to specify this option if you specify a fingerprint.
      # This setting only takes effect if m_sslinfo is loaded.
      #sslonly="yes"

      # vhost: overrides the vhost in the type block. Class and modes may also
      # be overridden
      vhost="brain.netadmin.omega"

      # type: What oper type this oline is. See the block above for list
      # of types. NOTE: This is case-sensitive as well.
      type="NetAdmin">

# oline with plain-text password and no comments..for all who like copy & paste
<oper
      name="Brain"
      password="s3cret"
      host="yourident@dialup15.isp.com *@localhost *@example.com *@2001:db8::/32"
      #fingerprint="67cb9dc013248a829bb2171ed11becd4"
      type="NetAdmin">

# oline with hashed password. It is highly recommended to use hashed passwords.
<oper
      # name: oper login that is used to oper up (/oper name password).
      # Remember: This is case sensitive
      name="Brain"

      # hash: what hash this password is hashed with.
      # Requires the module for selected hash (m_md5.so, m_sha256.so
      # or m_ripemd160.so) be loaded and the password hashing module
      # (m_password_hash.so) loaded.
      # Options here are: "md5", "sha256" and "ripemd160", or one of
      # these prefixed with "hmac-", e.g.: "hmac-sha256".
      # Create hashed password with: /mkpasswd <hash> <password>
      hash="sha256"

      # password: a hash of your password (see above option) hashed
      # with /mkpasswd <hash> <password> . See m_password_hash in modules.conf
      # for more information about password hashing.
      password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"

      # host: What hostnames/IP's are allowed to oper up with this oline.
      # Multiple options can be separated by spaces and CIDR's are allowed.
      # You CAN use just * or *@* for this section, but it is not recommended
      # for security reasons.
      host="yourident@dialup15.isp.com *@localhost *@example.com *@2001:db8::/32"

      # type: What oper type this oline is. See the block above for list
      # of types. NOTE: This is case-sensitive as well.
      type="NetAdmin">