Chrooting psyBNC on FreeBSD

Updated: December 12th, 2011 Published: April 25th, 2004
Time to read: 2 min

I'm a firm believer in chrooting services for some added security. I did this on FreeBSD 4.7-RELEASE, but this will probably also work on Linux, with some modifications. First, download and compile psyBNC as usual:

This setup is well suited for a VPS provider, such as DigitalOcean.

$ fetch
$ tar xfvz psyBNC2.3.2-4.tar.gz
$ cd psybnc
$ make menuconfig
$ make

Next, create the chrooted area. I'm using /chroot for this example:

$ mkdir /chroot/psybnc
$ cp psybnc /chroot/psybnc/
$ cp psybnc.conf /chroot/psybnc/

Copy over psyBNC's translations:

$ mkdir /chroot/psybnc/lang
$ cp lang/* /chroot/psybnc/lang

Copy over psyBNC's SSL certificates, if you compiled with SSL support:

$ mkdir /chroot/psybnc/key
$ cp key/* /chroot/psybnc/key

Copy over the config files. I got these by running psyBNC with strace:

$ mkdir /chroot/psybnc/etc
$ cp /etc/localtime /chroot/psybnc/etc
$ cp /etc/resolv.conf /chroot/psybnc/etc
$ mkdir -p /chroot/psybnc/usr/share/zoneinfo
$ cp /usr/share/zoneinfo/GMT /chroot/psybnc/usr/share/zoneinfo
$ cp /usr/share/zoneinfo/posixrules /chroot/psybnc/usr/share/zoneinfo

Copy over the libraries. I got these by runnning "ldd /chroot/psybnc/psybnc":

$ mkdir -p /chroot/psybnc/usr/lib
$ mkdir /chroot/psybnc/usr/libexec
$ cp /usr/lib/ /chroot/psybnc/usr/lib
$ cp /usr/lib/ /chroot/psybnc/usr/lib
$ cp /usr/lib/ /chroot/psybnc/usr/lib
$ cp /usr/lib/ /chroot/psybnc/usr/lib
$ cp /usr/libexec/ /chroot/psybnc/usr/libexec

If you wish to use psyBNC's SSL encryption to connect to a IRC server, you'll need to create a device nodes for random and urandom inside the chroot. This can be accomplished in FreeBSD 5.x in the following way:

# mknod /chroot/psybnc/dev/random c 249 0
$ ln -s /chroot/psybnc/dev/random /chroot/psybnc/dev/urandom

Note that if you simply wish to use SSL for the connection from your IRC client to the BNC, no device nodes are needed. You are now ready to start psyBNC with the command:

$ chroot /chroot/psybnc ./psybnc

PsyBNC will give you it's PID (process ID) when it starts. You can check that the chroot is working by doing "ls -al /proc/<psybnc's PID>/file". If the output is similar to this:

lr-xr-xr-x  1 psybnc  psybnc  7 Feb 27 21:57 /proc/<psybnc's PID>/file -> /psybnc

then the chroot is working, congratulations!

On Linux, the same can be accomplished by doing "ls -la /proc/<psybnc's PID>/root", and it's output should be similar to:

lrwxrwxrwx  1 psybnc  psybnc   0 Feb 27 21:57 /proc/<psybnc's PID>/root -> /chroot/psybnc

About the author
I'm a millennial digital nomad and a seasoned IT professional with over 20 years of cross-industry experience, ready to help you with supercharging your business. Drop me a note or read more about what I can do for you!

This blog contains affiliate links to third parties. By using this site you agree to the Terms.