I'm a firm believer in chrooting services for some added security. I did this on FreeBSD 4.7-RELEASE, but this will probably also work on Linux, with some modifications. First, download and compile psyBNC as usual:
This setup is well suited for a VPS provider, such as DigitalOcean.
Next, create the chrooted area. I'm using /chroot for this example:
Copy over psyBNC's translations:
Copy over psyBNC's SSL certificates, if you compiled with SSL support:
Copy over the config files. I got these by running psyBNC with strace:
Copy over the libraries. I got these by runnning "ldd /chroot/psybnc/psybnc":
If you wish to use psyBNC's SSL encryption to connect to a IRC server, you'll need to create a device nodes for random and urandom inside the chroot. This can be accomplished in FreeBSD 5.x in the following way:
Note that if you simply wish to use SSL for the connection from your IRC client to the BNC, no device nodes are needed. You are now ready to start psyBNC with the command:
PsyBNC will give you it's PID (process ID) when it starts. You can check that the chroot is working by doing "ls -al /proc/<psybnc's PID>/file". If the output is similar to this:
lr-xr-xr-x 1 psybnc psybnc 7 Feb 27 21:57 /proc/<psybnc's PID>/file -> /psybnc
then the chroot is working, congratulations!
On Linux, the same can be accomplished by doing "ls -la /proc/<psybnc's PID>/root", and it's output should be similar to:
lrwxrwxrwx 1 psybnc psybnc 0 Feb 27 21:57 /proc/<psybnc's PID>/root -> /chroot/psybnc
About the author
I'm a millennial digital nomad and a seasoned IT professional with over 20 years of cross-industry experience, ready to help you with supercharging your business.
Drop me a note or read more about what I can do for you!