Hi all!
Today I released ngIRCd 21.1, a bug-fix only release for ngIRCd 21.
This release doesn't contain new features, but fixes a few "glitches" in
ngIRCd 21 that have been reported over the past few months. The NEWS file
lists the following:
• Don't ignore but use the server password when PAM is compiled in but
disabled. Thanks to Roy Sindre Norangshol <roy.sindre(a)norangshol.no>!
• doc/Platforms.txt: Update from master branch.
• doc/Services.txt: Update information for Anope 2.x.
• configure: add support for the LDFLAGS_END and LIBS_END variables to
add linker flags and libraries at the end of the configure run
(CFLAGS_END has been implemented already).
• Update Copyright notices for 2014 :-)
There are no security fixes included, nevertheless all installations
should update: ngIRCd 21.1 is fully backwards compatible and the update
should be straight forward, no configuration changes are required.
You can find the NEWS file (listing all new and changed features) and the
ChangeLog file (listing all changes in greater detail) in the distribution
archives as well as online:
• <http://ngircd.barton.de/doc/NEWS>
• <http://ngircd.barton.de/doc/ChangeLog>
And even more information can be found here:
• Homepage: <http://ngircd.barton.de/> (<http://ngircd.mirror.3rz.org>)
• Bug tracker: <http://ngircd.barton.de/bugzilla/>
• Downloads:
• HTTP 1: <http://ngircd.barton.de/pub/ngircd/>
• HTTP 2: <http://ngircd.mirror.3rz.org/pub/ngircd/>
Please note:
The BerliOS platform is shutting down, so our BerliOS mirror site will
become unavailable and all old links to BerliOS will become unreachable!
(see <http://developer.berlios.de/forum/forum.php?forum_id=39220>)
But don't worry too much, ngIRCd already gained a new mirror site, located
at <http://ngircd.mirror.3rz.org>, provided by Götz Hoffart. Thanks a lot!
And as usual, a big thanks to all users, bug reporters, contributors,
packagers, and supporters!
Regards
Alex
Hello,
I am running Ngircd 21 on CentOS 6.5 64 bit.
I compiled Ngircd from source with OpenSSL and PAM to provide the CIA
triad (Confidentiality, Integrity and Authentication).
I store my passwords with htpassword with crypt and a salt (crypt()
alone is not safe enough).
I have noticed that my Ngircd daemon shuts down whenever a client or an
ip makes a connection to my port and sends a bogus SSL handshake:
Mar 29 03:42:06 mail ngircd[29098]: Accepted connection 8 from
"222.151.83.101:6728" on socket 7.
Mar 29 03:42:06 mail ngircd[29098]: SSL protocol error: SSL_accept
(error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol)
Mar 29 03:42:06 mail ngircd[29098]: Shutting down connection 8 (SSL
accept error, closing socket) with "222.151.83.101:6728" ...
Mar 29 03:42:06 mail ngircd[29098]: Client unregistered (connection 8):
SSL accept error, closing socket.
Mar 29 03:42:06 mail ngircd[29098]: Connection 8 with
"222.151.83.101:6728" closed (in: 0.0k, out: 0.0k).
Mar 29 03:43:06 mail ngircd[29098]: Server going down NOW!
Mar 29 03:43:06 mail ngircd[29098]: Shutting down all listening sockets
(1 total) ...
Mar 29 03:43:06 mail ngircd[29098]: ngIRCd done, served 1 connection.
I automatically restart the Ngircd daemon with a check script but
directly after it gets hit again:
Mar 29 03:44:01 mail ngircd[29168]: ngIRCd
21-IRCPLUS+PAM+SSL+SYSLOG+ZLIB-x86_64/unknown/linux-gnu started.
Mar 29 03:44:01 mail ngircd[29168]: Using configuration file
"/usr/local/etc/ngircd.conf" ...
Mar 29 03:44:01 mail ngircd[29168]: Configuration option "DHFile" not set!
Mar 29 03:44:01 mail ngircd[29168]: OpenSSL 1.0.1e-fips 11 Feb 2013
initialized.
Mar 29 03:44:01 mail ngircd[29169]: Running as user ngircd(494), group
ngircd(495), with PID 29169.
Mar 29 03:44:01 mail ngircd[29169]: Not running with changed root directory.
Mar 29 03:44:01 mail ngircd[29169]: IO subsystem: epoll (hint size 100,
initial maxfd 100, masterfd 4).
Mar 29 03:44:01 mail ngircd[29169]: Created pre-defined channel
"#pragmasec".
Mar 29 03:44:01 mail ngircd[29169]: Created pre-defined channel "#prive".
Mar 29 03:44:01 mail ngircd[29169]: Now listening on [0.0.0.0]:6667
(socket 7).
Mar 29 03:44:23 mail ngircd[29169]: Accepted connection 8 from
"222.151.83.101:62835" on socket 7.
Mar 29 03:44:23 mail ngircd[29169]: SSL protocol error: SSL_accept
(error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol)
Mar 29 03:44:23 mail ngircd[29169]: Shutting down connection 8 (SSL
accept error, closing socket) with "222.151.83.101:62835" ...
Mar 29 03:44:23 mail ngircd[29169]: Client unregistered (connection 8):
SSL accept error, closing socket.
Mar 29 03:44:23 mail ngircd[29169]: Connection 8 with
"222.151.83.101:62835" closed (in: 0.0k, out: 0.0k).
Mar 29 03:45:23 mail ngircd[29169]: Server going down NOW!
Mar 29 03:45:23 mail ngircd[29169]: Shutting down all listening sockets
(1 total) ...
Mar 29 03:45:23 mail ngircd[29169]: ngIRCd done, served 1 connection.
This continues all during the night and I notice that the connection is
coming from Japan (if the IP is not spoofed or a Tor endpoint):
[user@mail ~]$ host 222.151.83.101
101.83.151.222.in-addr.arpa domain name pointer
222-151-083-101.jp.fiberbit.net.
I can offcourse block the ip but it seems Ngircd can not withstand the
strange SSL connection from the client and shuts itself down.
My config is here: http://www.pragmasec.nl/ngircd.txt (its also a manual
how to setup Ngircd + SSL + PAM with hashed+salted passwords - something
I think a lot of users are looking for who are wanting PAM auth)
How can I fix this?
Is it Ngircd related or related to my config?
THanks for any tips or help.
Regards,
Michiel
the executable works ("runs") as expected --+
tests run successfully ("make check") --+ |
ngIRCd compiles ("make") --+ | |
./configure works --+ | | |
| | | |
Platform Compiler ngIRCd Date Tester C M T R *
--------------------------- ------------ ---------- -------- -------- - - - - -
x86_64/apple/darwin13.1.0 A-clang 5.1 21.1 14-03-27 gh Y Y Y Y 3
G’Night,
Götz
the executable works ("runs") as expected --+
tests run successfully ("make check") --+ |
ngIRCd compiles ("make") --+ | |
./configure works --+ | | |
| | | |
Platform Compiler ngIRCd Date Tester C M T R *
--------------------------- ------------ ---------- -------- -------- - - - - -
x86_64/unknown/linux-gnu Open64 21.1 14-03-27 goetz Y Y Y Y 1
the executable works ("runs") as expected --+
tests run successfully ("make check") --+ |
ngIRCd compiles ("make") --+ | |
./configure works --+ | | |
| | | |
Platform Compiler ngIRCd Date Tester C M T R *
--------------------------- ------------ ---------- -------- -------- - - - - -
x86_64/unknown/linux-gnu unknown 21.1 14-03-27 goetz Y Y Y Y 1
(Solaris Studio 12.3, 'cc')
the executable works ("runs") as expected --+
tests run successfully ("make check") --+ |
ngIRCd compiles ("make") --+ | |
./configure works --+ | | |
| | | |
Platform Compiler ngIRCd Date Tester C M T R *
--------------------------- ------------ ---------- -------- -------- - - - - -
x86_64/unknown/linux-gnu tcc 0.9.25 21.1 14-03-27 goetz Y Y Y Y 1
Grüße
Götz
