I'm a firm believer in jailing services for some added security. I did this on FreeBSD 5.0-RELEASE.
This setup is well suited for a VPS provider, such as DigitalOcean.
First, setup the jail. I use a small shell script for the task.
Next, add a user for the psyBNC daemon and setup networking in the jailcell.
Next, jail yourself to the newly created jail and download and install psyBNC. Include oidentd support in psyBNC.
psyBNC is now compiled and installed. Let's modify the jailcell's /etc/inetd.conf, so that identd can be run. Add a line such as this:
auth stream tcp nowait root internal auth -r -F -n -o UNIX -t 30
Note that some IRC daemons require a valid operating system string from the ident daemon, and that's exactly why I'm using "UNIX" here (i.e. "UNKNOWN" won't work in some cases). Identd is pretty useless really, but some IRC daemons require a valid ident response when connecting. If you have a tilde (~) in front of your username, the IRC daemon did NOT recieve a valid ident response.
As psyBNC always runs as the user it's started with (i.e. "psybnc" in this case), we need to setup ident spoofing. The identd that ships with FreeBSD supports ~/.fakeid files, but psyBNC wants a ~/.ispoof file. Luckily, the format of the files is the same, and thus the easiest solution is to create a symlink such as this:
Start psyBNC and inetd in the jailcell with the commands:
You can check that the psyBNC and inet daemons are actually running in the jailcell, by first exiting the jailcell, and the running:
You know that the daemons are jailed when you see a see a "J" in the STAT column for the processes.
The jail created by the jailsetup.sh script is a bit too large for a simple setup such as this. Once you get everything working, you can go on a deleting spree. I usually do something like this inside the jailcell:
About the author
I'm a millennial digital nomad and a seasoned IT professional with over 20 years of cross-industry experience, ready to help you with supercharging your business. Drop me a note or read more about what I can do for you!