一半君的总结纸

听话只听一半君

tomato shibby v132 中古路由器上(asus rt-n16)装ZNC挂IRC试用

因为经常要问大神问题,所以常用irc,但是如果直接装个客户端连freenode,用是可以用,但是不能一直开着,这个又不是qq,只要你不在线,是收不到离线消息的,必须得有个东西一直挂着

上网搜索后得知,有多种方法可以保持”一直”在线,lz先试了下cross compile quassel core,但是失败了,后来突然发现entware的repo里已经有ZNC了,大意就是znc帮我挂着,然后我用其他客户端连znc即可

ssh到路由器后

opkg install znc

# 配置
znc --makeconf

照着提示一步一步选完以后,lz选的端口是1025,然后要在路由器1上作端口映射,把外部对1025端口的访问映射到路由器2 rt-n16上,当然也要注册个ddns,填到路由器1里,这样不在家里的wifi范围里的时候,也能在外面访问家里的ZNC

znc

有不少插件可以装

root@unknown:/tmp/home/root# opkg list | grep znc
znc - 1.6.1-1 - ZNC is an IRC bouncer with many advanced features like detaching, multiple users, per channel playback buffer, SSL, IPv6, transparent DCC bouncing, and c++ module support to name a few.
znc-mod-adminlog - 1.6.1-1 - Log user connects and disconnects and failed logins to file or syslog.
znc-mod-alias - 1.6.1-1 - Provides bouncer-side command alias support.
znc-mod-autoattach - 1.6.1-1 - Reattaches you to channels on activity.
znc-mod-autocycle - 1.6.1-1 - Cycles a channel when you are the only one in there and you don't have op.
znc-mod-autoop - 1.6.1-1 - Auto op the good guys.
znc-mod-autoreply - 1.6.1-1 - Gives a automatic reply if someone messages you if you are away.
znc-mod-autovoice - 1.6.1-1 - Autovoices everyone who joins some channel.
znc-mod-awaynick - 1.6.1-1 - Change your nick while you are away.
znc-mod-awaystore - 1.6.1-1 - Stores messages while away, also auto away.
znc-mod-block-motd - 1.6.1-1 - This module blocks the server's Message of the Day.
znc-mod-blockuser - 1.6.1-1 - Blocks certain users from using ZNC saying their account was disabled.
znc-mod-bouncedcc - 1.6.1-1 - Bounces dcc transfers through the znc server instead of sending them directly to the user.
znc-mod-buffextras - 1.6.1-1 - Add nick changes, joins, parts, topic changes etc. to your playback buffer.
znc-mod-cert - 1.6.1-1 - Use a SSL certificate for connecting to a server.
znc-mod-certauth - 1.6.1-1 - This module allows users to log in to ZNC via SSL client keys.
znc-mod-chansaver - 1.6.1-1 - Keeping config up to date when user joins and parts.
znc-mod-clearbufferonmsg - 1.6.1-1 - This module keeps the buffer until the next message from the client.
znc-mod-clientnotify - 1.6.1-1 - Notify about new incoming connections to your user.
znc-mod-controlpanel - 1.6.1-1 - Allows you to add/remove/edit users and settings on the fly via IRC messages.
znc-mod-crypt - 1.6.1-1 - Encryption for channel/private messages.
znc-mod-ctcpflood - 1.6.1-1 - This module tries to block ctcp floods.
znc-mod-dcc - 1.6.1-1 - Allows you to transfer files to and from ZNC.
znc-mod-disconkick - 1.6.1-1 - This module will kick your client from all channels where you are, in case if ZNC disconnects from server.
znc-mod-fail2ban - 1.6.1-1 - Block IPs for some time after a failed login.
znc-mod-flooddetach - 1.6.1-1 - This module detaches you from channels which are flooded.
znc-mod-identfile - 1.6.1-1 - Places the ident of a user to a file when they are trying to connect.
znc-mod-imapauth - 1.6.1-1 - Allow users to authenticate via IMAP.
znc-mod-keepnick - 1.6.1-1 - Tries to get you your primary nick.
znc-mod-kickrejoin - 1.6.1-1 - Implements auto-rejoin-on-kick.
znc-mod-lastseen - 1.6.1-1 - Logs when a user last logged in to ZNC.
znc-mod-listsockets - 1.6.1-1 - This module displays a list of all open sockets in ZNC.
znc-mod-log - 1.6.1-1 - Log conversations to file.
znc-mod-missingmotd - 1.6.1-1 - Sends 422 to clients when they login.
znc-mod-modules_online - 1.6.1-1 - This module fakes the online status of ZNC-*users.
znc-mod-nickserv - 1.6.1-1 - Auths you with NickServ.
znc-mod-notes - 1.6.1-1 - This modules stores and displays short notes using a key/note pairs and shows them to you on connect.
znc-mod-notify-connect - 1.6.1-1 - Sends a notice to all admins when a user logs in or out.
znc-mod-partyline - 1.6.1-1 - Allows ZNC users to join internal channels and query other ZNC users on the same ZNC.
znc-mod-perform - 1.6.1-1 - Performs commands on connect.
znc-mod-q - 1.6.1-1 - Auths you with Q (and a little more).
znc-mod-raw - 1.6.1-1 - View all of the raw traffic.
znc-mod-route-replies - 1.6.1-1 - Routes back answers to the right client when connected with multiple clients.
znc-mod-sasl - 1.6.1-1 - The SASL module allows you to authenticate to an IRC network via SASL.
znc-mod-savebuff - 1.6.1-1 - Saves your channel buffers into an encrypted file so they can survive restarts and reboots.
znc-mod-schat - 1.6.1-1 - SSL (encrypted) DCC chats.
znc-mod-send-raw - 1.6.1-1 - Allows you to send raw traffic to IRC from other users.
znc-mod-shell - 1.6.1-1 - Have your unix shell in a query window right inside of your IRC client.
znc-mod-simple-away - 1.6.1-1 - This module will automatically set you away on IRC while you are disconnected from the bouncer.
znc-mod-stickychan - 1.6.1-1 - Keeps you sticked to specific channels.
znc-mod-watch - 1.6.1-1 - Monitor activity for specific text patterns from specific users and have the text sent to a special query window.
znc-mod-webadmin - 1.6.1-1 - Allows you to add/remove/edit users and settings on the fly via a web browser.
znc-webskin-dark-clouds - 1.6.1-1 - dark-clouds webskin for webadmin
znc-webskin-forest - 1.6.1-1 - forest webskin for webadmin
znc-webskin-ice - 1.6.1-1 - ice webskin for webadmin

由于tomato很难添加用户,znc运行的时候提示不建议用root身份运行,如果你非要用root运行也可以

root@unknown:/tmp/home/root# znc -h
[ ** ] USAGE: znc [options]
[ ** ] Options are:
[ ** ]  -h, --help         List available command line options (this page)
[ ** ]  -v, --version      Output version information and exit
[ ** ]  -f, --foreground   Don't fork into the background
[ ** ]  -D, --debug        Output debugging information (Implies -f)
[ ** ]  -n, --no-color     Don't use escape sequences in the output
[ ** ]  -r, --allow-root   Don't complain if ZNC is run as root
[ ** ]  -c, --makeconf     Interactively create a new config
[ ** ]  -s, --makepass     Generates a password for use in config
[ ** ]  -p, --makepem      Generates a pemfile for use with SSL
[ ** ]  -d, --datadir      Set a different ZNC repository (default is ~/.znc)

加上-r就行,但还是最好不要这样,还有就是因为默认配置文件存在/root/.znc/configs/znc.conf,这里当然你重启路由器他就没了,所以还是换个地方放吧. 趁着没重启,把配置文件挪到不会没了的地方

mkdir /jffs/znc
cp /root/.znc/configs/znc.conf /jffs/znc

此外根据tomato官网说明,添加用户的方法如下:(不过好像官网关于密码设置的地方有点不对?,下面的script是lz改过的)

UNAM=flint
RNAM="Flint Lockwood"
UNUM=200
UGRP=$UNUM
#UGRP=0
echo "$UNAM:x:$UNUM:$UGRP:$RNAM:/tmp:/bin/sh" >> /etc/passwd
echo "$UNAM:x:$UNUM:$UGRP:$RNAM:/home/$UNAM:/bin/sh" >> /etc/passwd.custom
[[ $UGRP -ne 0 ]] && echo "$UNAM:x:$UGRP:" >>/etc/group
[[ $UGRP -ne 0 ]] && echo "$UNAM:x:$UGRP:" >>/etc/group.custom
# set password for flint the same as root password
sed -n -e "s,^root:,$UNAM:,p" < /etc/shadow >> /etc/shadow.custom

chmod 777 /tmp/home
ssh $UNAM@localhost "mkdir /home/$UNAM;touch /home/$UNAM/.profile && echo success"
# press return for the password prompt, you should see the word "success" reported

chmod 755 /tmp/home

nvram setfile2nvram /etc/passwd.custom
nvram setfile2nvram /etc/group.custom
nvram setfile2nvram /etc/shadow.custom
nvram setfile2nvram /home/$UNAM/.profile
nvram commit

# The following can also be accomplished by a reboot, or toggling on and off authenticated file sharing in the UI.

sed -i "/^$UNAM:/d" /etc/passwd
grep "^${UNAM}:" < /etc/shadow.custom >> /etc/shadow
grep "^${UNAM}:" < /etc/passwd.custom >> /etc/passwd

上面这堆命令创建的用户名是 “flint” usernumber 是 200. 密码和root的一样, 创建更多user的时候每个 usernumber必须不同.

如果想创建的新用户使用和root 不同的密码, sed那行运行完以后,用vi自己去编辑/etc/shadow.custom 把密码改成自己想要的(是”加过密”的,用下面的网页可以生成) .

如果想把新用户加入 “root” group, 从 “#UGRP=0” 这行去掉 “#” .

注意:
低于 V5x 的Tomato不带 chown , 必须把 UNUM 和 UNUM 都设成 0 .

想自己设密码有三种办法:

  • 如果想用Tomato web GUI设密码,得先去GUI把密码改成想要的,保存,然后运行上面这堆命令,再把密码改回原来的, 再次保存. 因为用户密码是在运行上面的”echo” 命令的时候保存的.
  • 还有个办法是从别的机器上把 passwd 和 shadow entries 拷过来.
  • 另外一个办法是用这个网页生成加密过的密码 http://www.4webhelp.net/us/password.php 这个好像试了不对阿,出来的密码都好短
  • lz用的是 openssl passwd -1 -salt xyz yourpass

假设我user是flint,密码是FLDSMDFR,”加密”过后密码是$1$xyz$cQ46nKb7UF0kjWt2Y4Mrm.,上面sed命令完后自己要用vi去/etc/shadow.custom把密码改成$1$xyz$cQ46nKb7UF0kjWt2Y4Mrm. 或者你用命令也行,但是$似乎要escape一下

# 比如把上面的sed命令换成
sed -n -e "s,^root:[^:]\+,$UNAM:\$1\$xyz\$cQ46nKb7UF0kjWt2Y4Mrm,p" < /etc/shadow >> /etc/shadow.custom

# 或者保留上面的sed命令,直接去新的/etc/shadow.custom里换,记得最后要存到nvram里
sed -i -e "s,$UNAM:[^:]\+,$UNAM:\$1\$xyz\$cQ46nKb7UF0kjWt2Y4Mrm," /etc/shadow.custom

此外因为entware没有runuser和su,但是有sudo,所以

opkg install sudo

# 这个config的权限是
-rwS------    1 root     root           739 Jan  9 01:35 znc.conf

# 得改改
 chown flint:200 /jffs/.znc/configs/znc.conf
 chmod u+rw,o-rwx /jffs/.znc/configs/znc.conf

# 然后试一下
sudo -u flint cat  /jffs/.znc/configs/znc.conf

# 很好似乎可以了
root@unknown:/tmp/home/root# sudo -u flint znc -f -d /jffs/.znc
[ .. ] Checking for list of available modules...
[ >> ] ok
[ .. ] Opening config [/jffs/.znc/configs/znc.conf]...
[ >> ] ok
[ .. ] Binding to port [1025]...
[ >> ] ok
[ ** ] Loading user [holycrab]
[ ** ] Loading network [freenode]
[ .. ] Adding server [chat.freenode.net +6697 ]...
[ >> ] ok
[ ** ] Staying open for debugging [pid: 1483]
[ ** ] ZNC 1.6.1 - http://znc.in

# 那么我可以这么启动znc了
sudo -u flint znc -d /jffs/.znc

如果想高级点可以加到perp里,保证他始终开着,和这篇同样的方法

我就放个自动启动先好了

vi /jffs/etc/config/znc.fire

# 其内容如下
#!/bin/sh
sudo -u flint znc -d /jffs/.znc 

# 记得改成能运行的
chmod +x /jffs/etc/config/znc.fire

最后别忘了,administration -> scripts -> firewall里要加上允许1025端口,这里加的要重启才生效,想立即生效的话要去ssh里运行一下

iptables -A INPUT -p tcp --dport 1025 -j ACCEPT

还有就是因为lz /jffs/etc/profile里有启动perp的设置,而flint不是root,所以把profile改了下,判断下是不是root,不然不要运行,这样你才能拿flint去login

if [ "$USER" == "root" ]; then
    if ! pidof perpd > /dev/null; then
       perpboot -d
    fi
fi

如果想把所有自己加的用户删了

nvram unset "FILE:/etc/passwd.custom"
nvram unset "FILE:/etc/group.custom"
nvram unset "FILE:/etc/shadow.custom"
nvram unset "FILE:/home/$UNAM/.profile"
nvram commit

然后重启

参考:
5 Amazing Linux IRC Clients to Keep You Chatting
TomatoUSB – Adding Your Own Users
Understanding /etc/passwd File Format
permissions: meaning of s vs. x?
Understanding /etc/group File
Manually generate password for /etc/shadow

Advertisements

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s

%d 博主赞过: