Mr. Reinikainen

Chrooting psyBNC on FreeBSD

Updated: December 12th, 2011Published: April 25th, 2004
Time to read: 3 min

Article tags:

I'm a firm believer in chrooting services for some added security. I did this on FreeBSD 4.7-RELEASE, but this will probably also work on Linux, with some modifications. First, download and compile psyBNC as usual:

This setup is well suited for a VPS provider, such as DigitalOcean.

$ fetch http://www.psychoid.lam3rz.de/psyBNC2.3.2-4.tar.gz
$ tar xfvz psyBNC2.3.2-4.tar.gz
$ cd psybnc
$ make menuconfig
$ make

Next, create the chrooted area. I'm using /chroot for this example:

$ mkdir /chroot/psybnc
$ cp psybnc /chroot/psybnc/
$ cp psybnc.conf /chroot/psybnc/

Copy over psyBNC's translations:

$ mkdir /chroot/psybnc/lang
$ cp lang/* /chroot/psybnc/lang

Copy over psyBNC's SSL certificates, if you compiled with SSL support:

```shell
$ mkdir /chroot/psybnc/key
$ cp key/* /chroot/psybnc/key

Copy over the config files. I got these by running psyBNC with strace:

$ mkdir /chroot/psybnc/etc
$ cp /etc/localtime /chroot/psybnc/etc
$ cp /etc/resolv.conf /chroot/psybnc/etc
$ mkdir -p /chroot/psybnc/usr/share/zoneinfo
$ cp /usr/share/zoneinfo/GMT /chroot/psybnc/usr/share/zoneinfo
$ cp /usr/share/zoneinfo/posixrules /chroot/psybnc/usr/share/zoneinfo

Copy over the libraries. I got these by runnning ldd /chroot/psybnc/psybnc:

$ mkdir -p /chroot/psybnc/usr/lib
$ mkdir /chroot/psybnc/usr/libexec
$ cp /usr/lib/libm.so.2 /chroot/psybnc/usr/lib
$ cp /usr/lib/libssl.so.2 /chroot/psybnc/usr/lib
$ cp /usr/lib/libcrypto.so.2 /chroot/psybnc/usr/lib
$ cp /usr/lib/libc.so.4 /chroot/psybnc/usr/lib
$ cp /usr/libexec/ld-elf.so.1 /chroot/psybnc/usr/libexec

If you wish to use psyBNC's SSL encryption to connect to a IRC server, you'll need to create a device nodes for random and urandom inside the chroot. This can be accomplished in FreeBSD 5.x in the following way:

# mknod /chroot/psybnc/dev/random c 249 0
$ ln -s /chroot/psybnc/dev/random /chroot/psybnc/dev/urandom

Note that if you simply wish to use SSL for the connection from your IRC client to the BNC, no device nodes are needed. You are now ready to start psyBNC with the command:

$ chroot /chroot/psybnc ./psybnc

PsyBNC will give you it's PID (process ID) when it starts. You can check that the chroot is working by doing ls -al /proc/<psybnc's PID>/file. If the output is similar to this:

lr-xr-xr-x  1 psybnc  psybnc  7 Feb 27 21:57 /proc/<psybnc's PID>/file -> /psybnc

then the chroot is working, congratulations!

On Linux, the same can be accomplished by doing ls -la /proc/<psybnc's PID>/root, and it's output should be similar to:

lrwxrwxrwx  1 psybnc  psybnc   0 Feb 27 21:57 /proc/<psybnc's PID>/root -> /chroot/psybnc

About the author
I'm a millennial digital nomad and a seasoned IT professional with over 20 years of cross-industry experience, ready to help you with supercharging your business. Drop me a note or read more about what I can do for you!

MY FULL CV

This website is only intended to provide a quick overview of what I do. Please drop me a line if you'd like me to send you my full CV, references, certifications or any additional information.

NEWSLETTER

Subscribe now to get notified of blog updates (no more than one email/month). No spam, promise!

Unsubscribe at any time. Signing up implies that you agree to the Terms.
NAVIGATION

Copyright © 2024 Mr. Reinikainen. Technology provided by DigitalOcean and Noviaria Ltd.

This blog contains affiliate links to third parties. By using this site you agree to the Terms.