X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Fmodules.conf.example;h=3c3978c28018bccb173bade53cbe706341747c00;hb=906260c24f7818fb7cf15a0371d760acb1254113;hp=b0f9e8d4b377539f4a6e59387b75e79cf81c008e;hpb=b9e11915a976daaf790ebc763aff56e19fd49e0f;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index b0f9e8d4b..3c3978c28 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -135,18 +135,6 @@ # If a non-oper attempts to use the alias, it will # # appear to not exist. # # # -# -# -# -# -# -# -# -# -# -# -# -# # # An example of using the format value to create an alias with two # different behaviours depending on the format of the parameters. @@ -159,8 +147,7 @@ # # This alias fixes a glitch in xchat 2.6.x and above and the way it # assumes IDENTIFY must be prefixed by a colon (:) character. It should -# be placed ABOVE the default NICKSERV alias (the first example) listed -# above. +# be placed ABOVE the default NICKSERV alias. # # @@ -244,8 +231,8 @@ # If you have the blockamsg module loaded, you can configure it with # # the tag: # # # -# delay - How many seconds between two messages to force # -# them to be recognised as unrelated. # +# delay - How much time between two messages to force them # +# to be recognised as unrelated. # # action - Any of 'notice', 'noticeopers', 'silent', 'kill' # # or 'killopers'. Define how to take action when # # a user uses /amsg or /ame. # @@ -294,13 +281,13 @@ # tracknick - Preserve /accept entries when a user changes nick? # # If no (the default), the user is removed from # # everyone's accept list if he changes nickname. # -# cooldown - Amount of time (in seconds) that must pass since # -# the last notification sent to a user before he can # -# be sent another. Default is 60 (1 minute). # +# cooldown - Amount of time that must pass since the last # +# notification sent to a user before he can be sent # +# another. Default is 1 minute. # # +# cooldown="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CAP module: Provides the CAP negotiation mechanism required by the @@ -327,42 +314,58 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# CGI:IRC module: Adds support for automatic host changing in CGI:IRC -# (http://cgiirc.sourceforge.net). -# Adds snomask +w for monitoring CGI:IRC connections. +# CGI:IRC module: Enables forwarding the real IP address of a user from +# a gateway to the IRC server. # # #-#-#-#-#-#-#-#-#-#-#-# CGIIRC CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# # -# Optional - If you specify to use cgiirc, then you must specify one -# or more cgihost tags which indicate authorised CGI:IRC servers which -# will be connecting to your network, and an optional cgiirc tag. -# For more information see: http://wiki.inspircd.org/Modules/cgiirc -# -# Set to yes if you want to notice opers when CGI:IRC clients connect. +# If you use the cgiirc module then you must specify the gateways which +# are authorised to forward IP/host information to your server. There +# are currently two ways to do this: +# +# The webirc method is the recommended way to allow gateways to forward +# IP/host information. When using this method the gateway sends a WEBIRC +# message to the server on connection. For more details please read the +# IRCv3 WebIRC specification at http://ircv3.net/specs/extensions/webirc.html. +# +# When using this method you must specify a wildcard mask or CIDR range +# to allow gateway connections from and at least one of either a SSL +# client certificate fingerprint for the gateway or a password to be +# sent in the WEBIRC command. +# +# +# +# +# Alternatively if your gateway does not support sending the WEBIRC +# message then you can configure InspIRCd to look for the client IP +# address in the ident sent by the user. This is not recommended as it +# only works with IPv4 connections. +# +# When using this method you must specify a wildcard mask or CIDR range to +# allow gateway connections from. +# +# +# +# +# By default gateway connections are logged to the +w snomask. If you +# do not want this to happen then you can uncomment this to disable it. # -# -# The type field indicates where the module should get the real -# client's IP address from, for further information, please see the -# CGI:IRC documentation. -# -# Old style: -# # Get IP from PASS -# # Get IP from ident -# # See the docs -# New style: -# # Get IP from WEBIRC -# + # IMPORTANT NOTE: # --------------- # -# When you connect CGI:IRC clients, there are two connect classes which +# When you connect gateway clients, there are two connect classes which # apply to these clients. When the client initially connects, the connect -# class which matches the CGI:IRC site's host is checked. Therefore you -# must raise the maximum local/global clients for this ip as high as you -# want to allow cgi clients. After the client has connected and is -# determined to be a cgi:irc client, the class which matches the client's +# class which matches the gateway site's host is checked. Therefore you +# must raise the maximum local/global clients for this IP as high as you +# want to allow gateway clients. After the client has connected and is +# determined to be a gateway client, the class which matches the client's # real IP is then checked. You may set this class to a lower value, so that # the real IP of the client can still be restricted to, for example, 3 # sessions maximum. @@ -496,9 +499,12 @@ # # # There are two methods of cloaking: # # # -# half Cloak only the "unique" portion of a host; show # -# the last 2 parts of the domain, /16 subnet of IPv4 # -# or /48 subnet of the IPv6 address. # +# half Cloak only the "unique" portion of a host; by # +# default show the last 2 parts of the domain, # +# /16 subnet of IPv4 or /48 subnet of the IPv6 # +# address. # +# To change the number of shown parts, modify the # +# domainparts option. # # # # full Cloak the users completely, using three slices for # # common CIDR bans (IPv4: /16, /24; IPv6: /48, /64). # @@ -509,6 +515,7 @@ # # #-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -601,7 +608,7 @@ # # #-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-# -# seconds, maxconns - Amount of connections per . +# period, maxconns - Amount of connections per . # # timeout - Time to wait after the throttle was activated # before deactivating it. Be aware that the time @@ -653,7 +660,7 @@ # # #<title name="bar" password="foo" host="ident@test.org" title="Official Chat Helper" vhost="helper.test.org"> -#<title name="foo" password="fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" hash="sha256" title="Official Chat Helper"> +#<title name="foo" password="$2a$10$UYZ4OcO8NNTCCGyCdY9SK.2GHiqGgxZfHFPOPmWuxEVWVQTtoDC7C" hash="bcrypt" title="Official Chat Helper"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # DCCALLOW module: Adds the /DCCALLOW command. @@ -905,7 +912,7 @@ # httpd_* modules to provide pages to display. # # You can adjust the timeout for HTTP connections below. All HTTP -# connections will be closed after (roughly) this many seconds. +# connections will be closed after (roughly) this time period. #<httpd timeout="20"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1007,8 +1014,11 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Join flood module: Adds support for join flood protection +j X:Y. -# Closes the channel for 60 seconds if X users join in Y seconds. +# Closes the channel for N seconds if X users join in Y seconds. #<module name="joinflood"> +# +# The number of seconds to close the channel for: +#<joinflood duration="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Jump server module: Adds support for the RPL_REDIR numeric. @@ -1069,7 +1079,8 @@ # allowpattern="Guest* Bot*" # # killreason="Access denied" # # verbose="yes" # -# host="$uid.$ou.inspircd.org"> # +# host="$uid.$ou.inspircd.org" # +# useusername="no"> # # # # <ldapwhitelist cidr="10.42.0.0/16"> # # # @@ -1086,6 +1097,10 @@ # regardless of if they have an account, for example guest and bot # # users. # # # +# The useusername setting chooses whether the user's username or # +# nickname is used when locating a user account, if a username isn't # +# provided in PASS. # +# # # Killreason indicates the QUIT reason to give to users if they fail # # to authenticate. # # # @@ -1168,21 +1183,6 @@ # Set the maximum number of entries on a user's monitor list below. #<monitor maxentries="30"> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# MsSQL module: Allows other SQL modules to access MS SQL Server -# through a unified API. -# This module is in extras. Re-run configure with: -# ./configure --enable-extras=m_mssql.cpp -# and run make install, then uncomment this module to enable it. -#<module name="mssql"> -# -#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# mssql is more complex than described here, see the wiki for more # -# info http://wiki.inspircd.org/Modules/mssql # -# -#<database module="mssql" name="db" user="user" pass="pass" host="localhost" id="db1"> - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MySQL module: Allows other SQL modules to access MySQL databases # through a unified API. @@ -1230,6 +1230,9 @@ # Nickchange flood protection module: Provides channel mode +F X:Y # which allows up to X nick changes in Y seconds. #<module name="nickflood"> +# +# The number of seconds to prevent nick changes for: +#<nickflood duration="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nicklock module: Let opers change a user's nick and then stop that @@ -1400,7 +1403,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Password hash module: Allows hashed passwords to be used. -# To be useful, a hashing module like sha256 also needs to be loaded. +# To be useful, a hashing module like bcrypt also needs to be loaded. #<module name="password_hash"> # #-#-#-#-#-#-#-#-#-# PASSWORD HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# @@ -1410,12 +1413,14 @@ # # <oper name="Brain" # host="ident@dialup15.isp.test.com" -# hash="sha256" -# password="01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b" +# hash="bcrypt" +# password="$2a$10$Mss9AtHHslZTLBrXqM0FB.JBwD.UTSu8A48SfrY9exrpxbsRiRTbO" # type="NetAdmin"> # -# Starting from 2.0, you can use a more secure salted hash that prevents simply -# looking up the hash's value in a rainbow table built for the hash. +# If you are using a hash algorithm which does not perform salting you can use +# HMAC to salt your passwords in order to prevent them from being looked up in +# a rainbow table. +# # hash="hmac-sha256" password="lkS1Nbtp$CyLd/WPQXizsbxFUTqFRoMvaC+zhOULEeZaQkUJj+Gg" # # Generate hashes using the /MKPASSWD command on the server. @@ -1454,7 +1459,6 @@ #<include file="permchannels.conf"> # # You may also create channels on startup by using the <permchannels> block. -# Don't forget to set them +P in the modes, or they won't stay permanent. #<permchannels channel="#opers" modes="isP" topic="Opers only."> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1586,11 +1590,11 @@ # maxbacklog - Maximum size that can be specified for backlog. 0 disables multiline matching. # maxdistance - Max percentage of difference between two lines we'll allow to match. Set to 0 to disable edit-distance matching. # maxlines - Max lines of backlog to match against. -# maxsecs - Maximum value of seconds a user can set. 0 to allow any. +# maxtime - Maximum period of time a user can set. 0 to allow any. # size - Maximum number of characters to check for, can be used to truncate messages # before they are checked, resulting in less CPU usage. Increasing this beyond 512 # doesn't have any effect, as the maximum length of a message on IRC cannot exceed that. -#<repeat maxbacklog="20" maxlines="20" maxdistance="50" maxsecs="0" size="512"> +#<repeat maxbacklog="20" maxlines="20" maxdistance="50" maxtime="0" size="512"> #<module name="repeat"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1703,18 +1707,17 @@ # #-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Securelist can be harmful to some IRC search engines such as # -# netsplit.de and searchirc.com. To prevent securelist blocking these # -# sites from listing, define exception tags as shown below: # -#<securehost exception="*@*.searchirc.org"> +# Securelist can be harmful to some IRC search engines. To prevent # +# securelist blocking these sites from listing, define exception tags # +# as shown below: # #<securehost exception="*@*.netsplit.de"> -#<securehost exception="*@echo940.server4you.de"> #<securehost exception="*@*.ircdriven.com"> +#<securehost exception="*@*.ircs.me"> # # # Define the following variable to change how long a user must wait # # before issuing a LIST. If not defined, defaults to 60 seconds. # # # -#<securelist waittime="60"> # +#<securelist waittime="1m"> # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Servprotect module: Provides support for Austhex style +k / @@ -1841,13 +1844,14 @@ # You can optionally let the user know that their command was blocked. # # You may also let SHUN affect opers (defaults to no). -#<shun enabledcommands="PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no"> +#<shun enabledcommands="ADMIN PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SSL channel mode module: Adds support for SSL-only channels via # channel mode +z and the 'z' extban which matches SSL client # certificate fingerprints. -# Does not do anything useful without a working SSL module (see below). +# Does not do anything useful without a working SSL module and the +# sslinfo module (see below). #<module name="sslmodes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1913,7 +1917,7 @@ # SQLite3 module: Allows other SQL modules to access SQLite3 # # databases through a unified API. # # This module is in extras. Re-run configure with: # -# ./configure --enable-extras=m_sqlite.cpp +# ./configure --enable-extras=m_sqlite3.cpp # and run make install, then uncomment this module to enable it. # # #<module name="sqlite3"> @@ -1954,7 +1958,7 @@ # # # See also: http://wiki.inspircd.org/Modules/sqloper # # # -#<sqloper dbid="1" hash="md5"> +#<sqloper dbid="1" hash="bcrypt"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # StartTLS module: Implements STARTTLS, which allows clients # @@ -2029,7 +2033,7 @@ # host - Vhost to set. # # #<vhost user="some_username" pass="some_password" host="some.host.test.cc"> -#<vhost user="foo" password="fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" hash="sha256" host="some.other.host.example.com"> +#<vhost user="foo" password="$2a$10$iTuYLT6BRhRlOgzfsW9oPe62etW.oXwSpyKw5rJit64SGZanLXghO" hash="bcrypt" host="some.other.host.example.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Watch module: Adds the WATCH command, which is used by clients to @@ -2055,7 +2059,7 @@ #<module name="xline_db"> # Specify the filename for the xline database here. -#<xlinedb filename="data/xline.db"> +#<xlinedb filename="xline.db"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # ____ _ _____ _ _ ____ _ _ _ #