This is a two-part article, link to second page is at the end of this page.
IRC is a fantastic way to get in touch with other peers. Even though this text-based communication medium was created in 1988 by a young student, it has been around for decades and is still being widely used on Internet.What most of us regard as an IRC server can be split into two parts. On one hand, the IRC daemon (or IRCd) is the actual software the server is running on. On the other hand, the services provider completes the basic functions of the IRCd. It somewhat caters to users while they are chatting. You may be familiar with these services – they include NickServ, MemoServ, and so forth.This first article will help you set up a simple yet extremely complete IRC daemon, Charybdis. Charybdis is a project from the folks at Atheme. Besides being a major group that is working on the newest IRC specifications (IRCv3), Atheme is in the first place a services provider, which regroups all of the services we’re going to implement later in the second part of this guide.Please note that this guide has been written with Debian in mind, as I initially set up my IRC server on Debian Wheezy. If you use another Linux distribution, installation instructions shouldn’t differ much, but you might have to tweak some commands to have them working.
First of all, we’ll begin by choosing a suitable Charybdis release, which we will then install and configure.
I – Picking a Charybdis release
Charybdis is hosted on a GitHub repository. You can clone the repository to get the latest development source code.
However, for environments that need to rely on absolutely stable software, you may download a release tarball. However, the latest one for Charybdis is fairly outdated (charybdis-3.4.2 is more than a year old at the time of this article), and development versions of Charybdis are virtually as stable as tarball versions.
Keep in mind that you’ll have to upgrade to newer versions of Charybdis in the future, would it only be for security updates.
II. Installing and configuring Charybdis
1 – Downloading Charybdis
You’ll need to install the following dependencies at first:
1 |
$ sudo apt-get update && sudo apt-get install build-essential bison flex zlib1g-dev openssl libssl-dev git |
For security purposes, I can only recommend creating an ircd
user that will run both Charybdis and Atheme.
1 |
$ sudo adduser ircd |
Configure the user as you wish, but make sure that the home directory for ircd
remains /home/ircd/
. Then log into the newly-created ircd
user:
1 |
$ su - ircd |
Once that is done, we can finally fetch the source code from GitHub:
1 |
$ git clone <a href="https://github.com/atheme/charybdis.git" rel="noreferrer">https://github.com/atheme/charybdis.git</a> |
Or, if you would prefer to download a release tarball, check the latest release version and replace version
with the actual one below, then extract it. Using v3.4.2 as an example:
1 2 3 4 5 6 7 |
$ wget https://github.com/atheme/charybdis/archive/charybdis-version.zip $ wget https://github.com/atheme/charybdis/archive/charybdis-3.4.2.zip $ sudo apt-get update && sudo apt-get install unzip $ unzip charybdis-3.4.2.zip |
2 – Installing Charybdis
The next step will be choosing which options Charybdis will ship with. SSL/TLS is a must, so we’ll enable it; other nice options include IPv6 support and picking custom channel topic/nickname lengths (though the defaults should be sufficient). A full list of options can be obtained here.
Note that if you do not want Charybdis to be installed to /home/ircd/ircd
, you will have to specify a prefix using --prefix
.
Let’s run the configure script from the charybdis
folder:
1 |
$ cd charybdis && ./configure --enable-openssl --enable-ipv6 --with-nicklen=20 --with-topiclen=420 |
After checking for build-time dependencies, the configure script will give you a recap of the options provided with Charybdis. Make sure it fits what you selected, and run the script a second time if not. If it still doesn’t work out, you might be missing a non-essential dependency.
The last remaining steps to complete the installation of Charybdis are to compile install it. This could take a while, so grab a drink in the meantime.
1 2 3 4 5 6 7 |
$ make [...] $ make install [...] |
Congratulations! You’ve successfully installed Charybdis. We can now move onto its configuration.
3 – Configuring Charybdis
Charybdis has been installed to /home/ircd/ircd
. An example configuration file is located at /home/ircd/ircd/etc/ircd.conf.example
. It should be the same as the example that Charybdis developers have provided on GitHub. It is pretty well documented, so you should be able to work your way through it to set up Charybdis as you’d like. Move it to ircd.conf, then we’ll begin tweaking it:
1 |
$ cp /home/ircd/etc/ircd.conf.example /home/ircd/etc/ircd.conf |
One thing to note is that the configuration file works with blocks (e.g. auth{}
, admin{}
, log{}
). Each block is used to specify one or multiple settings. The main blocks you will have to change at first are:
serverinfo{}
– it contains the most essential information about your server; its name, its description, SSL certificates location, etc. Change those, and take a look at the maximum number of clients to be allowed.admin{}
– assuming you’ll be the network owner, update the settings accordingly. When an user will type/admin
, this is what will be returned.listen{}
– select the ports that will be used to connect to your server (usual defaults are 6667 for normal connections and 6697 for SSL/TLS connections). As a good habit, open another port that Atheme will use to connect to the server (e.g. 6665). We’ll use this port later in the tutorial.auth{}
– the first auth block given in the example shows a specific configuration for one user, and adds them to the opers class. This is useful if you want to grant some special privileges to an user, without necessarily adding them to a certain privileged class. The second block authentifies all connections (*@*) as normal users.privset{}
– privsets will determine privileges for the different user classes, and you can add custom ones.operator{}
– multiple operator{} block(s) can be added to add IRC operators to the server. A single block can include multiple users. The/oper
command relies onoperator{}
.blacklist{}
– by default, Charybdis blocks connections matching EFnet’s RBL entries. Those often contain often open proxies, so using this blacklist setting can be pretty restrictive. On my IRC server, I simply decided to blacklist Tor users, and have them redirected to the dedicated onion address I’ve set up.Snomasks
withinoperator{}
– snomasks will determine what server notices an operator will receive. I’d recommend adding a good bunch of them to keep yourself informed, such as+ZWbfkrsuy
. Further details can be found here.User modes
(umodes) withingeneral{}
–+iw
, a common set for umodes, will set users invisible and will enable them to receive wallops.- Do not modify
alias{}
andmodules{}
– they are correctly set up, respectively for Atheme and Charybdis modules.
Once you’ve set up the different blocks, you should also consider choosing what modules you would like to load. If you’ve enabled the +W
snomask, you’ll have to uncomment the following line:
1 2 |
loadmodule "extensions/sno_whois.so"; |
A nice module to partially protect your users’ IP addresses/hostnames is the built-in IP cloaking module. The resulting hash uses relatively weak encryption, but it is better than nothing for users who decide not to register with NickServ and therefore won’t have a virtual host. Enable it:
1 2 |
loadmodule "extensions/ip_cloaking_4.0.so"; |
This requires adding the +x umode by default:
1 2 3 4 5 6 |
general { [...] default_umodes = "+iwx"; [...] } |
Charybdis’ configuration file is now properly set up. You will most likely want to change the Message of the Day by editing /home/ircd/etc/ircd.motd
. If you want to write the name of your IRC network with a fancy effect in your MOTD, try out a text-to-ASCII generator.
Charybdis is now installed and configured.
This ends the first of two parts about setting up an IRCd.
1 comment for “Charybdis – complete IRC daemon”