Jump to content
Not connected, Your IP: 3.235.101.141

cm0s

Members2
  • Content Count

    303
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    9

Posts posted by cm0s


  1. couldn't login few days ago but thought maybe i entered my pass wrong

    logged in ok on second attempt

     

    i don't use the chat much for several reasons

     

    one, the scroll back, not needed and should be removed

     

    two, otr is out dated big time and not easy for most folks to use

     

    nor handled well by a lot of apps, even on linux

     

    three, xmpp itself, nuff said

     

    four, whether any customers use the 'free chat service' by airvpn or not

     

    whether or not they 'login' is not the flaw here, the flaw is that every customer's account, billing login account information

     

    is linked up to an xmpp chat server, that's the problem and you should maybe disconnect that is my suggestion

     

    you have threads on your forum that whether legit or not 'other vpn companies review' basically

     

    you already know how that can be a problem magnet

     

    so a vpn competitor might open an account here, use it for x amount of days then decide to hammer on the xmpp server

     

    maybe go after all the billing login information

     

    the other thing is this, as you stated down below, none of us have to use our login information right?

     

    so then by that principle alone, why even connect our financial primary billing account login information up to the xmpp server

     

    it also tells me something else: that xmpp is not the only thing goin on on that server then right?

     

    if you got account billing customer database connected to that xmpp server you probably got other stuff on that platter

     

    that might be of interest

     

    either way, no matter what, shit is an easy fix, disconnect the database and don't require any login at all

     

    if needed, move the xmpp chat far away from any business accounts / boxes /network


  2. check with others on how to do this with your operating system whatever it may be

    but set your local to static basically hard set your local dns

    to airvpns, set your router dns to 0.0.0.0 then each box set your

    dns config to static, assign your local ip addresses for each device

    this is a real world kill switch meaning you get no net/WAN

    without being encrypted, shut off dhcp on the router

    your ISP side will be dhcp auto config but your side on the router

    will be static

     

    this is not perfect, might brick some stuff you are doing or

    be a pain in the butt

     

    but the idea is this: keep the isp as far as you can out of your local

     

    
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    #
    iptables -X
    iptables -t nat -X
    iptables -t mangle -X
    # 
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    #
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
    iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT 
    #
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access
    #
    iptables -A OUTPUT -d 255.255.255.0 -j ACCEPT 
    iptables -A INPUT -s 255.255.255.0 -j ACCEPT 
    iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT 
    iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
    iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT 
    iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 
    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE 
    iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP 
    
    ###############################
    
    example netctl:
    
    Description='eth0 net'
    Interface=eth0
    Connection=ethernet
    IP=static
    Address=('192.168.0.5/24')
    Gateway='192.168.0.1'
    DNS=('10.5.0.1')
    
    ################################
    
    say for ddwrt in your services tab assign the ip addresses there
    set your lease time
    
    this means you don't have to worry about resolv.conf dns problems
    
    coz your local network is now airvpn dns only
    
    i'm human, make mistakes, forget stuff, brain fart etc so this protects me from
    
    myself, helps keep my ISP on the cable modem only, my router does nothing more than route
    
    nothing fancy, i got a beefy router, does more stupid shit than i know what to do
    
    i run it totally vanilla, a generic turd tbh, i don't even use wifi on it
    
    that isn't ideal or even practical for most, i get that, so mod for what works for you
    
    and your family config, set your boxes for when they boot up, they don't connect to anything
    
    run your iptables, start netctl and you are good
    
    so when my box as example boots up i run iptables sript
    
    .xinitrc has everything set to down 
    
    then i run 
    
    netctl start eth0
    
    cd to my airvpn configs folder
    
    stunnel "airvpnserver.ssl" --auth-nocache
    
    then in other termina window:
    
    openvpn --config "airvpnserver.ovpn" --auth-nocache
    
    no network manager etc i get lost in that stuff anyway
    
    but nothing wrong with using a gui or using network manager or 
    
    modding it so more 'user friendly' etc 
    
    hope this helps
    

  3. i'll play along...

    the thread is called:

    SERIOUS TIPS FOR SECURING MY COMPUTING DOMAIN AND ACTIVITIES

    the web browser is the one piece of

    software on all operating systems that is the most targeted

    quite often legally, it's simple, follow the money

    so to tell someone on a thread that it is 'overkill' when they can simply

    take a few minutes of their time, go to firefox's about:config page

    and manually tweak a few settings, which may in effect protect their

    privacy, family, loved ones, help secure their home network etc.

    and probably even in some cases, their safety, might be a decision they

    can choose to make for themselves and decide what is or is not overkill

    the logic presented that it is not overkill to install 8 additional

    firefox extensions, which in effect is 8 additional companys, 3rd partys etc.

    on a stock firefox config but again overkill to edit a few settings...

    btw, for anyone interested download the xpi file of any addon extension you

    are installing use this command to extract it:

    unzip yourxpifilename.xpi * -r

    that extracts all the files used to make your extension

    you can search for 'url' 'http' 'https' '.com' '.org' 'update' etc. and find out

    what it is doing if it calls out, some updates you want, some urls are safe

    say you find a url that you want to change, but often if you change it in one location

    only it can brick your extension, so you can bypass that say for example i wanted to block

    any callbacks to 'userstyles.org':

    grep -rl 'userstyles.org' ./ | xargs sed -i 's|userstyles.org|dummy_url.org|g'

    then to put all the files back into a xpi archive give it a different name

    so you know it's the one you edited:

    7z a /path/to/directory/yourxpifilename.xpi * -r


  4. i'm not a fanboy of routers running any vpn or iptables stuff

     

    my router can do that it has more capability than i'll ever use

     

    all i want from my router is for it to take the cat5 cable from my ISP

     

    and then stop my ISP's dns and other stuff at the plugin point

     

    then on my router i set my local to static airvpn config

     

    this is a real world killswitch, coz i'm human, forget stuff

     

    make mistakes, this protects my local network from me

     

    and it keeps my ISP off my local

     

    the best thing you can do with any router is leverage their

     

    vanilla config


  5. one of the main resources i use is eli the computer guy on youtube

     

    and watch a lot of defcon / tech vids

     

    after a while everyone finds out what they need and like for their own situation

     

    how i run arch is probably not good for most, flawed and completely different than

     

    the way someone else might run arch, i loaded up manjaro the other day for a looksy

     

    and got lost in it, straight up, got lost, way too much for me

     

    but to answer your question, i think the first thing to be identified is the actual concern,

     

    the term 'threat model' is often used but not too often given to real world terms,

     

    meaning 'conditions on the ground' application

     

    for most folks in my area, norhteast united states it's the ISP, Verizon, the major players

     

    that are the real threat, and that is generic, legal datamining

     

    this has nothing to do with ethics, morales etc. this is about money, big money

     

    these companies have 24 PHDs and a floor full of extremely talented programmers

     

    all backed up by big lobby and another room full of lawyers,

     

    for a real world grasp, shut off cookies and javascript, go to facebook's home page,

     

    right click on it, view page source, and what you will be looking at is code that is worth

     

    billions of dollars

     

    company i used to work for, i used to sell microsoft networks back in the day

     

    we were a certified dealer, had microsoft staff in the shop once in a while,

     

    we had some state contracts here in PA and lots of minor day to day floor traffic

     

    fixing Dell boxes etc.

     

    back then, before the merge between the cellular industry and internet,

     

    just like anyone else, if you would have said 'meta data' was going to be a game changer,

     

    well that would have not been too high on the list to say the least

     

    you got to remember, nobody had a phone in their hand that could chat, make a call, run a webcam,

     

    trade stocks in Europe and order donuts for the techs, the infrastructure wasn't there yet

     

    and that is to my poin: the operating systems back then were on the right track,

     

    they were lean, Windows 2000 was on the right track, i literally at that time built custom DAW

     

    workstations on that operating system, on those drivers, they were stable, solid, did nothing fancy

     

    so software in general, was not built with 3rd party involvement, no outgoing connections,

     

    all anyone had to do in microsoft land was take the best of Windows 2000, the best of Windows 7,

     

    lean it up a bit, get rid of any and all bloat, harden it and you would have had a super bad ass

     

    kill linux box operating system, and the gamers themselves would have taken it over

     

    at that point, software was still written with the business model that sales and license fees

     

    make the buck, income stream, once the cell industry and the ISPs merged, the dynamic,

     

    the motive really to how and why software gets coded, the purpose of design, changed dramatically

     

    linux is no better, it just got lucky because it held very little interest in the desktop market

     

    if linux would have traded spots with microsoft or apple, same problems, and you can actually see it starting

     

    already today, the pre rolled distros, first thing they want to do, connect, call out, even Kali,

     

    connect, call out and all the other pentest distros, if you have a live distro for pentesting well don't ya think

     

    thte first thing ya want shut off and down at boot is connecting to anything?

     

    see my point?

     

    meta data is the game changer, that simply translates, once scaled, into raw political force in any country

     

    and it goes all the way back to what a PHD dude from Cambridge Analytica stated, and the bruh was spot on:

     

    'the problem with facebook aka social media, operating systems phones apps etc is the business model'

     

    ask yourself, why hasn't anyone taken the best of tor, maybe made it more wide, why is http even allowed still,

     

    and so on, coz of money, so what we see and view is almost 100%  'human hacking'

     

    what does this got to do with your orginal post? everything, coz now you know what is the primary target,

     

    where the payload goes to: me and you

     

    and we are the problem, the real world problem

     

    i'll back that up: you look at facebook, we literally give them all of our data, access to everything, for nothing

     

    we pay our ISP's bill to then give our friends, family, coworkers and on an on to a corporation built on a business model

     

    of this: the more they collect, the more they sell, the more they make

     

    ya got to remember the one advantage i may have, with anyone my age is perspective, i knew the net before the cell biz ISP merge

     

    i knew Microsoft and worked indirectly for them before the merge

     

    if you sugar coat the poison is the human hack here

     

    i'm not different, if iwas a programmer and the boss walked up to me and said 'build this OS or app and if we make xyz deadline or meet

     

    xyz approval you will make xyz amount of additional income, i'm in'

     

    same deal with a website database, if i build a shithole that does xyz but also gets really popular and i collect the right data that is sought after by

     

    the ad industry, you walk up to me and go 'i'll give you x amount of dollars'

     

    i'm probably gonna sell

     

    hit the about:config url in mozilla and search 'url' search 'social' search 'wifi' search 'remote' search 'update' then extract all your plugins and extensions

     

    etc you will see how much of what you do is collected and piped to 3rd partys

     

    just look at google ssafe search as example, can you really get any more full of shit

     

    so going back the purpose of design, the motive, that's the threat, that's the flaw, that's what needs to be hardened

     

    linux in genearl isn't popular, malware authors code exploits to make money, bot authors want their networks running smooth

     

    so most of that 'financial targeted' exploits is aimed at the popular stuff

     

    gentoo and arch is even less popular, and the thing is if you have your own repo, roll your own kernel, just by modding your stuff

     

    'your way' coz i say 'fuck the arch way', your on linux to do it the way you want, you just left shit operating system closed source

     

    where someone else told you how to roll'

     

    case in point in legal datamining, almost all of the linux community is on that shit data mined irc server freenode

     

    even the tor developers don't run an onion server well at least listed anyway

     

    harden the browser, harden your linux, best ya can, biggest threat to my local to my box is me, the monkey at the keyboard

     

    and i'll say this in Mark Zucerberg's favor and any social media business with any kind of voting system, coz that is and has been

     

    the multibillion dollar click, just beautiful all the way to the bank:

     

    those companies saw and applied a value metric to our data, to our click, they applied a value to what we think and do and who with

     

    and that right there is a very serious tough pill to swallow

     

    Mark Zuckerberg has a jet in his driveway not because he even exploited my data, or was unethical with it

     

    but mainly because he offered me a like button that i could click on to give a voice on his platform

     

    so the real problem that Cambridge Analytica was talking about, coz for them that was business as usual

     

    is until the internet as a whole gets together and decides that their network traffic is theirs, should be protected

     

    like a utility world wide, such as water, gas, electric, coz today it is exactly that, my ISP Comcast is a utility without the

     

    correct use of government regulation, at the federal level, why shit gets wild west treatment still,

     

    same flaw as when Enron went in to California and manipulated the power grid

     

    i'm no diff, you put me as a day trader behind a business model i can exploit to make x million in 3 hours

     

    i'm in, i'll smash that like button all the way to the bank


  6. this is my opinion only but i stay away from ipv6

    i shut it down at the kernel via grub edit:

     

    GRUB_DEFAULT=0
    GRUB_TIMEOUT=5
    GRUB_DISTRIBUTOR="Arch"
    GRUB_CMDLINE_LINUX_DEFAULT="quiet loglevel=3 pnpbios=off acpi=off"
    GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:cryptroot ipv6.disable=1 bluetooth.blacklist=yes"
    

  7. what i like about ricochet is the fact it can use tor alpha 3 torrc on arch. meaning you can set your torrc say you want to chroot it also, to strictmode,

    avoid any servers that have been known to inject anything, i chatted with a couple of folks on ricochet on hope they move it forward with

    next gen onion, so for example right now i have it running, i got tor alpha from the AUR, got ricochet, themed it, tor runs in chroot via arch linux

    wiki instructions, again, this is all layers, the local repo chat laptop is basically stand alone, meaning it's not doin anything else

    and behind airvpn stunnel openvpn, that's basically just my tor box, it hosts my tokzco onion site version 3 and my local arch repo

     

    i don't browse tor sites on that box or much of anything else, it's a lazy way of compartmentalization also

     

    qubes and whonix etc are all cool and all but yeah i'm not into the work load of switching everything over

    and straight up, i don't trust the tor browser version at all

    reason is you look through it it is serious bloat shit and call out to google etc and mozilla big time

     

    the browser is the most targeted app and why i don't like to load anything up to chat through it either online

     

    irc in general has become shit, almost every chat url you can find online via clearnet search engines is all shit links

     

    to sicko shit, imho a deliberate campaign, there is more sick shit on facebook just by sheer volume

     

    there are family friendly spots on the onion and decent places to chat

     

    clearnet and often tor 'search engines' don't do much to help

     

    reason is this, it's about ad revenue, about money, google and everyone else wants us to think that if we

     

    all of a sudden get 'anon' that we lose our minds and load up negative content or get into bad stuff

     

    it's psychological warfare 101 and they do it well

     

    i'm more or less 'squeamish' there is a lot of stuff on youtube i can't handle today

     

    anyway my point is, ricochet is a solid so far to me because it does nothing else

     

    you check it on github you will see a lot of folks involved with it in the issues tab

     

    that's a good sign

     

    i sent staff an apology, goin back through fixing some posts

     

    long story short, my family got involved in hijacking my inheritance

     

    and the banks knew, law enforcement has also been involved in covering

     

    some things up, mail intercepts and forging courthouse legal docs

     

    i'm not making this shit up, wish i were, i'm sick to my gut

     

    me, i just wrapped up a decade of probation for getting stupid, shitfaced,

     

    went for a joy ride in a truck and yeah, so not cool there

     

    so last thing i want is any correspondence or attention from law enforcement

     

    or any courthouse, goin on 50, i just want left alone

     

    more than that, my 'family' absolutely had no reason to go behind my back

     

    plan anything out ahead to get money, if they had wanted it all or just had

     

    talked straight up to me, i'd most likely have agreed to whatever they want

     

    simply to just be left alone, coz my dad was not a good man, at all

     

    so yeah, i have been under some mental strain, real world heavy surveillance

     

    i'm naive in a lot of ways, i believe in the good of people

     

    tor, privacy, openvpn, i'm just like anyone else,

     

    i don't think about it much till i don't have it

     

    airvpn has been good to me, better than i deserve, i can't buy that or even earn that


  8. that's a box i'd like to build myself and test on for a while

     

    need to put a pfsense box on the local maybe go from the

     

    cable modem to the ddwrt then to the pfsense box

     

    add some nics or extend with another router

     

    in switch mode basically see what i can come up with


  9. consider what purpose of config is gonna be towards

     

    meaning if you are building ecom site or proxy server

     

    or need offshore or aiming towards onion/tor vps ability

     

    the other thing to look at is who owns who

     

    coz a lof of 'standard' web hosting companies out there

     

    share databases, even email traffic

     

    i know, i've 'tested' this for real

     

    it does come down to what you really need, your threath model

     

    and what you can afford to pay for

     

    other factors are domain naming laws and where you are from

     

    where your business might be incorporated in and so forth

     

    so if i invest in a vps provider 'off shore' or in a country with far

     

    better privacy laws but name my site xyz that might null the money

     

    i invested in a better location etc.


  10. cool but yeah if you can do that

     

    take that skill set you got and roll over to

     

    gentoo or arch, plop out a distro of your flavor

     

    and then pipe it back to here with some screenshots

     

    but a sincere congrats on what you did that is cool

     

    roll up an opensource dooby....


  11. serverbox is 192.168.1.103
    clientbox is 192.168.1.100
    
    if you have a current ssh install
    back files up and do a new install:
    
    # systemctl stop sshd
    # mv /etc/ssh ~/sshbkup
    # mv ~/.ssh ~/.sshbkup
    # pacman -S --noconfirm openssh nmap
    
    check the files in /etc/ssh:
    # ls /etc/ssh
    moduli  ssh_config  sshd_config
    
    # cp /etc/ssh/sshd_config ~/sshd_configbkup
    # cp /etc/ssh/ssh_config ~/ssh_configbkup
    
    on the serverbox create user servz:
    # useradd -m -g users -G wheel -s /bin/bash servz
    # passwd servz
    enter new password twice
    
    on the clientbox create user clyz:
    # useradd -m -g users -G wheel -s /bin/bash clyz
    # passwd clyz
    enter new password twice
    
    on the serverbox create ssh directory:
    # mkdir /home/servz/.ssh
    # touch /home/servz/.ssh/authorized_keys
    # chown -R servz:wheel authorized_keys
    # ls -l /home/servz/.ssh/authorized_keys
    -rw-r--r-- 1 servz wheel 735 Jul 30 15:10 authorized_keys
    # mkdir /home/servz/sshfilez
    # chown -R servz:wheel /home/servz/sshfilez
    
    
    on the clientbox create ssh directory:
    # mkdir /home/clyz/.ssh
    # touch /home/clyz/.ssh/authorized_keys
    # chown -R clyz:wheel authorized_keys
    # ls -l /home/clyz/.ssh/authorized_keys
    -rw-r--r-- 1 clyz wheel 735 Jul 30 15:10 authorized_keys
    # mkdir /home/clyz/sshfilez
    # chown -R clyz:wheel /home/clyz/sshfilez
    
    check yer local and destination...
    # nmap -sS -O -p22 IPHERE
    # iptables -nL | grep 22
    
    nmap should show this on both boxes:
    PORT   STATE SERVICE
    22/tcp open  ssh
    
    since the serverbox is 192.168.1.103
    and the clientbox is 192.168.1.100
    set iptables for each box accordingly
    this allows only xyz ip to port 22
    
    # iptables -I INPUT -p tcp --dport 22 -s IPHERE -j ACCEPT 
    # iptables -A INPUT -p tcp --dport 22 -j REJECT
    
    verify:
    #  iptables -nL | grep 22
    ACCEPT tcp -- 192.168.1.103 0.0.0.0/0 tcp dpt:22
    REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 
    reject-with icmp-port-unreachable
    
    start ssh on both boxes:
    # systemctl start sshd
    verify:
    # systemctl status sshd 
    Active: active (running)
    
    do a login from the clientbox:
    # ssh -p 22 servz@192.168.1.103
    type yes and enter the password
    root > ssh -p 22 servz@192.168.1.103
    The authenticity of host '192.168.1.103 (192.168.1.103)' can't be established.
    ECDSA key fingerprint is SHA256:nTXLL8Z/i7sumshitcodekeystuffherebruhright.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.1.103' (ECDSA) to the list of known hosts.
    servz@192.168.1.103's password: 
    [servz@h0stm0st ~]$ exit
    logout
    Connection to 192.168.1.103 closed.
    
    repeat for the serverbox:
    # ssh -p 22 clyz@192.168.1.100
    
    the previous was a basic login password only
    without key authentication/non-root using a 
    stock ssh config if you need root type su
    or use sudo after login for wan/vps access
    
    if needed to remove a user account:
    # userdel username
    # rm -r /home/username
    
    for key authentication only
    login from the clientbox:
    # ssh -p 22 servz@192.168.1.103
    enter the password for the user servz
    [servz@h0stm0st ~]$
    
    gen the key with sudo and no password:
    # sudo ssh-keygen -t rsa -b 4096 -P ''
    again enter the password for the user servz
    hit enter for default location
    [servz@h0stm0st ~]$ sudo ssh-keygen -t rsa -b 4096 -P ''
    
    We trust you have received the usual lecture from the local System
    Administrator. It usually boils down to these three things:
    
        #1) Respect the privacy of others.
        #2) Think before you type.
        #3) With great power comes great responsibility.
    
    [sudo] password for servz: 
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:sumkeystuffshowzherebruhFmdYX2XpGpD8lsVRIfs root@h0stm0st
    The key's randomart image is:
    +---[RSA 4096]----+
    |          =BX..o@|
    |         ..@.=o* |
    |    .     o O.*  |
    |   o .     . O.. |
    |  nofuxway. . oE |
    | . = =   +   .   |
    |  + . + +        |
    |   . . + o       |
    |    .   o        |
    +----[SHA256]-----+
    [servz@h0stm0st ~]$ exit
    
    banner for serverbox:
    # cat <<-EOF > /home/servz/.ssh/servz.motd
         Welcome 2 serverbox
         we all float down here
    EOF
    
    banner for clientbox:
    # cat <<-EOF > /home/clyz/.ssh/clyz.motd
         Welcome 2 clientbox
         we all float down here
    EOF
    
    from serverbox:
    # cat ~/.ssh/id_rsa.pub | ssh clyz@192.168.1.100 'cat >> /home/clyz/.ssh/authorized_keys && echo "key copied to clientbox"'
    root > cat ~/.ssh/id_rsa.pub | ssh clyz@192.168.1.100 'cat >> /home/clyz/.ssh/authorized_keys && echo "key copied to clientbox"'
    servz@192.168.1.100's password: 
    key copied to clientbox
    root > 
    
    from clientbox:
    # cat ~/.ssh/id_rsa.pub | ssh servz@192.168.1.103 'cat >> /home/servz/.ssh/authorized_keys && echo "key copied to serverbox"'
    root > cat ~/.ssh/id_rsa.pub | ssh servz@192.168.1.103 'cat >> /home/servz/.ssh/authorized_keys && echo "key copied to serverbox"'
    servz@192.168.1.103's password: 
    key copied to serverbox
    root > 
    
    stop sshd on both boxes:
    # systemctl stop sshd
    
    set banner on serverbox:
    # grep --null -lr "#Banner none" /etc/ssh/sshd_config | xargs --null sed -i 's|#Banner none|Banner /home/servz/.ssh/servz.motd|g' /etc/ssh/sshd_config
    
    set banner on clientbox:
    # grep --null -lr "#Banner none" /etc/ssh/sshd_config | xargs --null sed -i 's|#Banner none|Banner /home/clyz/.ssh/clyz.motd|g' /etc/ssh/sshd_config
    
    set key only each box:
    # grep --null -lr "#PubkeyAuthentication yes" /etc/ssh/sshd_config | xargs --null sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
    
    on each box disable passwords for the ssh client:
    # grep --null -lr "#   PasswordAuthentication yes" /etc/ssh/ssh_config | xargs --null sed -i 's/#   PasswordAuthentication yes/#   PasswordAuthentication no/g' /etc/ssh/ssh_config
    
    on serverbox:
    # chown -R servz:wheel /home/servz/.ssh/servz.motd
    
    on clientbox:
    # chown -R clyz:wheel /home/clyz/.ssh/clyz.motd
    
    start sshd on both boxes:
    # systemctl start sshd
    
    verify:
    # systemctl status sshd 
    Active: active (running)
    
    login key only custom banner from clientbox
    with example gaining root with root password:
    root > ssh -p 22 servz@192.168.1.103
         Welcome 2 serverbox
         we all float down here
    Last login: Sun Jul 30 15:47:26 2017 from 192.168.1.100
    [servz@h0stm0st ~]$ su
    Password: 
    root > pwd
    /home/servz
    root > exit
    exit
    [servz@h0stm0st ~]$ exit
    logout
    Connection to 192.168.1.103 closed.
    
    create a test file on the clientbox:
    # cat <<-EOF > /home/clyz/sshfilez/file2server.md
         this is a text document to 
         transfer to the server
    EOF
    
    transfer the file to the serverbox: 
    # scp /home/clyz/sshfilez/file2server.md servz@192.168.1.103:/home/servz/sshfilez
    
    from the clientbox you should see this:
    root > pwd
    /home/clyz/sshfilez
    root > cat <<-EOF > /home/clyz/sshfilez/file2server.md
    >      this is a text document to 
    >      transfer to the server
    > EOF
    root > scp /home/clyz/sshfilez/file2server.md servz@192.168.1.103:/home/servz/sshfilez
         Welcome 2 serverbox
         we all float down here
    file2server.md                           100%   61    79.7KB/s   00:00    
    root > 
    
    to send a directory located on the clientbox to the serverbox:
    # scp -r /home/clyz/sshfilez/files4server servz@192.168.1.103:/home/servz/sshfilez
    output:
    root > pwd
    /home/clyz/sshfilez
    root > ls
    files4server
    root > scp -r /home/clyz/sshfilez/files4server servz@192.168.1.103:/home/servz/sshfilez
         Welcome 2 serverbox
         we all float down here
    file2server.md                           100%   61    75.6KB/s   00:00    
    root >  
    
    delete the files4server directory from the clientbox:
    # rm -r files4server
    
    to send a directory located on the serverbox back to the clientbox:
    # scp -r servz@192.168.1.103:/home/servz/sshfilez/files4server /home/clyz/sshfilez
    output:
    root > pwd
    /home/clyz/sshfilez
    root > ls
    root > scp -r servz@192.168.1.103:/home/servz/sshfilez/files4server /home/clyz/sshfilez
         Welcome 2 serverbox
         we all float down here
    file2server.md                           100%   61    73.3KB/s   00:00    
    root > ls
    files4server
    root >  
    
    

     



  12. make a directory...

    # mkdir ~/emailstuff
    # cd emailstuff

    make a file...

    # touch email2bob.md
    # nano email2bob.md

    write your email to bob then...

    # ctrl+o, ctrl+x, enter

    backup out of the directory
    then compress it...

    # cd ..
    # tar -zcvf emailstuff.tar.gz emailstuff

    gen yer sha...

    # sha256sum emailstuff.tar.gz

    copy sha numbers then sign the email...

    # gpg --armor --detach-sign emailstuff.tar.gz

    now to encrypt the email then
    give that password and sha numbers to bob...

    # gpg -o emailstuff.tar.gz.gpg --symmetric --cipher-algo aes256 emailstuff.tar.gz

    bob now decrypts your email and enters the password...

    # gpg -o emailstuff.tar.gz -d emailstuff.tar.gz.gpg

    bob imports your public key...

    # gpg --import yourkey.asc

    then checks if signature good...

    # gpg --verify emailstuff.tar.gz.asc emailstuff.tar.gz

    bob might get a 'warning not verified'
    important part is 'good signature'

    bob verifies the sha
    make sure the numbers match...

    # sha256sum emailstuff.tar.gz

    bob then uncompresses the email...

    # tar -zxvf emailstuff.tar.gz


  13. # airvpn irc hidden service stealth mode ssl

    # mkdir hidircz
    # cd d0wnz
    # touch cool.motd
    # vim cool.motd
    hit 'i' copy paste
    text below or your own
    custom motd
    hit 'esc' key then type ':wq'
    ____ _ ____ _  _ ___  _  _
    |__| | |__/ |  | |__] |\ |
    |  | | |  \  \/  |    | \|
    ===========================                          
    https://airvpn.org

    add this to your torrc file
    mod for your own config if needed...

    VirtualAddrNetwork 10.192.0.0/10
    TransPort 9040
    DNSPort 53
    AutomapHostsOnResolve 1

    ##hidden service
    HiddenServiceDir /var/lib/tor/
    HiddenServicePort 6697 127.0.0.1:6697
    HiddenServiceAuthorizeClient stealth IRCvisitor
    HidServAuth newtorsitenamehere.onion stealthpasshere

    you'll start tor and then stop tor to get your hidden service
    hostname and authorization cookie, this 'cookie' is in the hostname
    /var/lib/tor
    looks like this:
    newtorsitenamehere.onion yourauthcookieherebruh # client: IRCvisitor

    now remember in the torrc file below the port you created the 'IRCvisitor'
    without this information from /var/lib/tor added to the torrc file in the example
    above you cannot access the irc server or if it were http you can not access it
    even from the box hosting the irc/http server
    the advantage to stealth mode is this: it is NOT listed in the tor directory
    and if anything goes wrong with your irc server or you just want to create another openssl req -x509 -sha256 -newkey rsa:2048 -keyout ~/d0wnz/ircpriv.pem -out ~/d0wnz/ircert.pem -days 1024 -nodes -subj '/CN=irc.z4ojdtiaqvdfi4ys.onion'
    'domain' no problem, you are not tied to anything, and anyone accessing your site/chat
    has to have contacted you to get the authorization cookie

    from hidircz directory...
    # openssl req -x509 -sha256 -newkey rsa:2048 -keyout /root/hidrircz/ircpriv.pem -out /root/hidircz/ircert.pem -days 1024 -nodes -subj '/CN=irc.newtorsitenamehere.onion'
    # cat /root/hidircz/ircpriv.pem > hidz.pem
    # cat /root/hidircz/ircert.pem >> hidz.pem

    here's the python script....
    #################################

    #! /usr/bin/env python
    # https://github.com/jrosdahl/miniircd
    # Joel Rosdahl <joel@rosdahl.net>
    # pacman -S python-pyopenssl if needed

    import logging
    import os
    import re
    import select
    import socket
    import string
    import sys
    import tempfile
    import time
    from datetime import datetime
    from logging.handlers import RotatingFileHandler
    from optparse import OptionParser

    VERSION = "1.2.1"


    PY3 = sys.version_info[0] >= 3

    if PY3:
        def buffer_to_socket(msg):
            return msg.encode()

        def socket_to_buffer(buf):
            return buf.decode()
    else:
        def buffer_to_socket(msg):
            return msg

        def socket_to_buffer(buf):
            return buf


    def create_directory(path):
        if not os.path.isdir(path):
            os.makedirs(path)


    class Channel(object):
        def __init__(self, server, name):
            self.server = server
            self.name = name
            self.members = set()
            self._topic = ""
            self._key = None
            if self.server.state_dir:
                self._state_path = "%s/%s" % (
                    self.server.state_dir,
                    name.replace("_", "__").replace("/", "_"))
                self._read_state()
            else:
                self._state_path = None

        def add_member(self, client):
            self.members.add(client)

        def get_topic(self):
            return self._topic

        def set_topic(self, value):
            self._topic = value
            self._write_state()

        topic = property(get_topic, set_topic)

        def get_key(self):
            return self._key

        def set_key(self, value):
            self._key = value
            self._write_state()

        key = property(get_key, set_key)

        def remove_client(self, client):
            self.members.discard(client)
            if not self.members:
                self.server.remove_channel(self)

        def _read_state(self):
            if not (self._state_path and os.path.exists(self._state_path)):
                return
            data = {}

            with open(self._state_path, "rb") as state_file:
                exec(state_file.read(), {}, data)

            self._topic = data.get("topic", "")
            self._key = data.get("key")

        def _write_state(self):
            if not self._state_path:
                return
            (fd, path) = tempfile.mkstemp(dir=os.path.dirname(self._state_path))
            fp = os.fdopen(fd, "w")
            fp.write("topic = %r\n" % self.topic)
            fp.write("key = %r\n" % self.key)
            fp.close()
            os.rename(path, self._state_path)


    class Client(object):
        __linesep_regexp = re.compile(r"\r?\n")
        # The RFC limit for nicknames is 9 characters, but what the heck.
        __valid_nickname_regexp = re.compile(
            r"^[][\`_^{|}A-Za-z][][\`_^{|}A-Za-z0-9-]{0,50}$")
        __valid_channelname_regexp = re.compile(
            r"^[+!][^\x00\x07\x0a\x0d ,:]{0,50}$")

        def __init__(self, server, socket):
            self.server = server
            self.socket = socket
            self.channels = {}  # irc_lower(Channel name) --> Channel
            self.nickname = None
            self.user = None
            self.realname = None
            (self.host, self.port) = socket.getpeername()
            self.__timestamp = time.time()
            self.__readbuffer = ""
            self.__writebuffer = ""
            self.__sent_ping = False
            if self.server.password:
                self.__handle_command = self.__pass_handler
            else:
                self.__handle_command = self.__registration_handler

        def get_prefix(self):
            return "%s!%s@%s" % (self.nickname, self.user, self.host)
        prefix = property(get_prefix)

        def check_aliveness(self):
            now = time.time()
            if self.__timestamp + 180 < now:
                self.disconnect("ping timeout")
                return
            if not self.__sent_ping and self.__timestamp + 90 < now:
                if self.__handle_command == self.__command_handler:
                    # Registered.
                    self.message("PING :%s" % self.server.name)
                    self.__sent_ping = True
                else:
                    # Not registered.
                    self.disconnect("ping timeout")

        def write_queue_size(self):
            return len(self.__writebuffer)

        def __parse_read_buffer(self):
            lines = self.__linesep_regexp.split(self.__readbuffer)
            self.__readbuffer = lines[-1]
            lines = lines[:-1]
            for line in lines:
                if not line:
                    # Empty line. Ignore.
                    continue
                x = line.split(" ", 1)
                command = x[0].upper()
                if len(x) == 1:
                    arguments = []
                else:
                    if len(x[1]) > 0 and x[1][0] == ":":
                        arguments = [x[1][1:]]
                    else:
                        y = x[1].split(" :", 1)
                        arguments = y[0].split()
                        if len(y) == 2:
                            arguments.append(y[1])
                self.__handle_command(command, arguments)

        def __pass_handler(self, command, arguments):
            server = self.server
            if command == "PASS":
                if len(arguments) == 0:
                    self.reply_461("PASS")
                else:
                    if arguments[0].lower() == server.password:
                        self.__handle_command = self.__registration_handler
                    else:
                        self.reply("464 :Password incorrect")
            elif command == "QUIT":
                self.disconnect("Client quit")
                return

        def __registration_handler(self, command, arguments):
            server = self.server
            if command == "NICK":
                if len(arguments) < 1:
                    self.reply("431 :No nickname given")
                    return
                nick = arguments[0]
                if server.get_client(nick):
                    self.reply("433 * %s :Nickname is already in use" % nick)
                elif not self.__valid_nickname_regexp.match(nick):
                    self.reply("432 * %s :Erroneous nickname" % nick)
                else:
                    self.nickname = nick
                    server.client_changed_nickname(self, None)
            elif command == "USER":
                if len(arguments) < 4:
                    self.reply_461("USER")
                    return
                self.user = arguments[0]
                self.realname = arguments[3]
            elif command == "QUIT":
                self.disconnect("Client quit")
                return
            if self.nickname and self.user:
                self.reply("001 %s :Hi, welcome to IRC" % self.nickname)
                self.reply("002 %s :Your host is %s, running version miniircd-%s"
                           % (self.nickname, server.name, VERSION))
                self.reply("003 %s :This server was created sometime"
                           % self.nickname)
                self.reply("004 %s %s miniircd-%s o o"
                           % (self.nickname, server.name, VERSION))
                self.send_lusers()
                self.send_motd()
                self.__handle_command = self.__command_handler

        def __send_names(self, arguments, for_join=False):
            server = self.server
            valid_channel_re = self.__valid_channelname_regexp
            if len(arguments) > 0:
                channelnames = arguments[0].split(",")
            else:
                channelnames = sorted(self.channels.keys())
            if len(arguments) > 1:
                keys = arguments[1].split(",")
            else:
                keys = []
            keys.extend((len(channelnames) - len(keys)) * [None])
            for (i, channelname) in enumerate(channelnames):
                if for_join and irc_lower(channelname) in self.channels:
                    continue
                if not valid_channel_re.match(channelname):
                    self.reply_403(channelname)
                    continue
                channel = server.get_channel(channelname)
                if channel.key is not None and channel.key != keys[i]:
                    self.reply(
                        "475 %s %s :Cannot join channel (+k) - bad key"
                        % (self.nickname, channelname))
                    continue

                if for_join:
                    channel.add_member(self)
                    self.channels[irc_lower(channelname)] = channel
                    self.message_channel(channel, "JOIN", channelname, True)
                    self.channel_log(channel, "joined", meta=True)
                    if channel.topic:
                        self.reply("332 %s %s :%s"
                                   % (self.nickname, channel.name, channel.topic))
                    else:
                        self.reply("331 %s %s :No topic is set"
                                   % (self.nickname, channel.name))
                names_prefix = "353 %s = %s :" % (self.nickname, channelname)
                names = ""
                # Max length: reply prefix ":server_name(space)" plus CRLF in
                # the end.
                names_max_len = 512 - (len(server.name) + 2 + 2)
                for name in sorted(x.nickname for x in channel.members):
                    if not names:
                        names = names_prefix + name
                    # Using >= to include the space between "names" and "name".
                    elif len(names) + len(name) >= names_max_len:
                        self.reply(names)
                        names = names_prefix + name
                    else:
                        names += " " + name
                if names:
                    self.reply(names)
                self.reply("366 %s %s :End of NAMES list"
                           % (self.nickname, channelname))

        def __command_handler(self, command, arguments):
            def away_handler():
                pass

            def ison_handler():
                if len(arguments) < 1:
                    self.reply_461("ISON")
                    return
                nicks = arguments
                online = [n for n in nicks if server.get_client(n)]
                self.reply("303 %s :%s" % (self.nickname, " ".join(online)))

            def join_handler():
                if len(arguments) < 1:
                    self.reply_461("JOIN")
                    return
                if arguments[0] == "0":
                    for (channelname, channel) in self.channels.items():
                        self.message_channel(channel, "PART", channelname, True)
                        self.channel_log(channel, "left", meta=True)
                        server.remove_member_from_channel(self, channelname)
                    self.channels = {}
                    return
                self.__send_names(arguments, for_join=True)

            def list_handler():
                if len(arguments) < 1:
                    channels = server.channels.values()
                else:
                    channels = []
                    for channelname in arguments[0].split(","):
                        if server.has_channel(channelname):
                            channels.append(server.get_channel(channelname))

                sorted_channels = sorted(channels, key=lambda x: x.name)
                for channel in sorted_channels:
                    self.reply("322 %s %s %d :%s"
                               % (self.nickname, channel.name,
                                  len(channel.members), channel.topic))
                self.reply("323 %s :End of LIST" % self.nickname)

            def lusers_handler():
                self.send_lusers()

            def mode_handler():
                if len(arguments) < 1:
                    self.reply_461("MODE")
                    return
                targetname = arguments[0]
                if server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    if len(arguments) < 2:
                        if channel.key:
                            modes = "+k"
                            if irc_lower(channel.name) in self.channels:
                                modes += " %s" % channel.key
                        else:
                            modes = "+"
                        self.reply("324 %s %s %s"
                                   % (self.nickname, targetname, modes))
                        return
                    flag = arguments[1]
                    if flag == "+k":
                        if len(arguments) < 3:
                            self.reply_461("MODE")
                            return
                        key = arguments[2]
                        if irc_lower(channel.name) in self.channels:
                            channel.key = key
                            self.message_channel(
                                channel, "MODE", "%s +k %s" % (channel.name, key),
                                True)
                            self.channel_log(
                                channel, "set channel key to %s" % key, meta=True)
                        else:
                            self.reply("442 %s :You're not on that channel"
                                       % targetname)
                    elif flag == "-k":
                        if irc_lower(channel.name) in self.channels:
                            channel.key = None
                            self.message_channel(
                                channel, "MODE", "%s -k" % channel.name,
                                True)
                            self.channel_log(
                                channel, "removed channel key", meta=True)
                        else:
                            self.reply("442 %s :You're not on that channel"
                                       % targetname)
                    else:
                        self.reply("472 %s %s :Unknown MODE flag"
                                   % (self.nickname, flag))
                elif targetname == self.nickname:
                    if len(arguments) == 1:
                        self.reply("221 %s +" % self.nickname)
                    else:
                        self.reply("501 %s :Unknown MODE flag" % self.nickname)
                else:
                    self.reply_403(targetname)

            def motd_handler():
                self.send_motd()

            def names_handler():
                self.__send_names(arguments)

            def nick_handler():
                if len(arguments) < 1:
                    self.reply("431 :No nickname given")
                    return
                newnick = arguments[0]
                client = server.get_client(newnick)
                if newnick == self.nickname:
                    pass
                elif client and client is not self:
                    self.reply("433 %s %s :Nickname is already in use"
                               % (self.nickname, newnick))
                elif not self.__valid_nickname_regexp.match(newnick):
                    self.reply("432 %s %s :Erroneous Nickname"
                               % (self.nickname, newnick))
                else:
                    for x in self.channels.values():
                        self.channel_log(
                            x, "changed nickname to %s" % newnick, meta=True)
                    oldnickname = self.nickname
                    self.nickname = newnick
                    server.client_changed_nickname(self, oldnickname)
                    self.message_related(
                        ":%s!%s@%s NICK %s"
                        % (oldnickname, self.user, self.host, self.nickname),
                        True)

            def notice_and_privmsg_handler():
                if len(arguments) == 0:
                    self.reply("411 %s :No recipient given (%s)"
                               % (self.nickname, command))
                    return
                if len(arguments) == 1:
                    self.reply("412 %s :No text to send" % self.nickname)
                    return
                targetname = arguments[0]
                message = arguments[1]
                client = server.get_client(targetname)
                if client:
                    client.message(":%s %s %s :%s"
                                   % (self.prefix, command, targetname, message))
                elif server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    self.message_channel(
                        channel, command, "%s :%s" % (channel.name, message))
                    self.channel_log(channel, message)
                else:
                    self.reply("401 %s %s :No such nick/channel"
                               % (self.nickname, targetname))

            def part_handler():
                if len(arguments) < 1:
                    self.reply_461("PART")
                    return
                if len(arguments) > 1:
                    partmsg = arguments[1]
                else:
                    partmsg = self.nickname
                for channelname in arguments[0].split(","):
                    if not valid_channel_re.match(channelname):
                        self.reply_403(channelname)
                    elif not irc_lower(channelname) in self.channels:
                        self.reply("442 %s %s :You're not on that channel"
                                   % (self.nickname, channelname))
                    else:
                        channel = self.channels[irc_lower(channelname)]
                        self.message_channel(
                            channel, "PART", "%s :%s" % (channelname, partmsg),
                            True)
                        self.channel_log(channel, "left (%s)" % partmsg, meta=True)
                        del self.channels[irc_lower(channelname)]
                        server.remove_member_from_channel(self, channelname)

            def ping_handler():
                if len(arguments) < 1:
                    self.reply("409 %s :No origin specified" % self.nickname)
                    return
                self.reply("PONG %s :%s" % (server.name, arguments[0]))

            def pong_handler():
                pass

            def quit_handler():
                if len(arguments) < 1:
                    quitmsg = self.nickname
                else:
                    quitmsg = arguments[0]
                self.disconnect(quitmsg)

            def topic_handler():
                if len(arguments) < 1:
                    self.reply_461("TOPIC")
                    return
                channelname = arguments[0]
                channel = self.channels.get(irc_lower(channelname))
                if channel:
                    if len(arguments) > 1:
                        newtopic = arguments[1]
                        channel.topic = newtopic
                        self.message_channel(
                            channel, "TOPIC", "%s :%s" % (channelname, newtopic),
                            True)
                        self.channel_log(
                            channel, "set topic to %r" % newtopic, meta=True)
                    else:
                        if channel.topic:
                            self.reply("332 %s %s :%s"
                                       % (self.nickname, channel.name,
                                          channel.topic))
                        else:
                            self.reply("331 %s %s :No topic is set"
                                       % (self.nickname, channel.name))
                else:
                    self.reply("442 %s :You're not on that channel" % channelname)

            def wallops_handler():
                if len(arguments) < 1:
                    self.reply_461("WALLOPS")
                    return
                message = arguments[0]
                for client in server.clients.values():
                    client.message(":%s NOTICE %s :Global notice: %s"
                                   % (self.prefix, client.nickname, message))

            def who_handler():
                if len(arguments) < 1:
                    return
                targetname = arguments[0]
                if server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    for member in channel.members:
                        self.reply("352 %s %s %s %s %s %s H :0 %s"
                                   % (self.nickname, targetname, member.user,
                                      member.host, server.name, member.nickname,
                                      member.realname))
                    self.reply("315 %s %s :End of WHO list"
                               % (self.nickname, targetname))

            def whois_handler():
                if len(arguments) < 1:
                    return
                username = arguments[0]
                user = server.get_client(username)
                if user:
                    self.reply("311 %s %s %s %s * :%s"
                               % (self.nickname, user.nickname, user.user,
                                  user.host, user.realname))
                    self.reply("312 %s %s %s :%s"
                               % (self.nickname, user.nickname, server.name,
                                  server.name))
                    self.reply("319 %s %s :%s"
                               % (self.nickname, user.nickname,
                                  " ".join(user.channels)))
                    self.reply("318 %s %s :End of WHOIS list"
                               % (self.nickname, user.nickname))
                else:
                    self.reply("401 %s %s :No such nick"
                               % (self.nickname, username))

            handler_table = {
                "AWAY": away_handler,
                "ISON": ison_handler,
                "JOIN": join_handler,
                "LIST": list_handler,
                "LUSERS": lusers_handler,
                "MODE": mode_handler,
                "MOTD": motd_handler,
                "NAMES": names_handler,
                "NICK": nick_handler,
                "NOTICE": notice_and_privmsg_handler,
                "PART": part_handler,
                "PING": ping_handler,
                "PONG": pong_handler,
                "PRIVMSG": notice_and_privmsg_handler,
                "QUIT": quit_handler,
                "TOPIC": topic_handler,
                "WALLOPS": wallops_handler,
                "WHO": who_handler,
                "WHOIS": whois_handler,
            }
            server = self.server
            valid_channel_re = self.__valid_channelname_regexp
            try:
                handler_table[command]()
            except KeyError:
                self.reply("421 %s %s :Unknown command" % (self.nickname, command))

        def socket_readable_notification(self):
            try:
                data = self.socket.recv(2 ** 10)
                self.server.print_debug(
                    "[%s:%d] -> %r" % (self.host, self.port, data))
                quitmsg = "EOT"
            except socket.error as x:
                data = ""
                quitmsg = x
            if data:
                self.__readbuffer += socket_to_buffer(data)
                self.__parse_read_buffer()
                self.__timestamp = time.time()
                self.__sent_ping = False
            else:
                self.disconnect(quitmsg)

        def socket_writable_notification(self):
            try:
                sent = self.socket.send(buffer_to_socket(self.__writebuffer))
                self.server.print_debug(
                    "[%s:%d] <- %r" % (
                        self.host, self.port, self.__writebuffer[:sent]))
                self.__writebuffer = self.__writebuffer[sent:]
            except socket.error as x:
                self.disconnect(x)

        def disconnect(self, quitmsg):
            self.message("ERROR :%s" % quitmsg)
            self.server.print_info(
                "Disconnected connection from %s:%s (%s)." % (
                    self.host, self.port, quitmsg))
            self.socket.close()
            self.server.remove_client(self, quitmsg)

        def message(self, msg):
            self.__writebuffer += msg + "\r\n"

        def reply(self, msg):
            self.message(":%s %s" % (self.server.name, msg))

        def reply_403(self, channel):
            self.reply("403 %s %s :No such channel" % (self.nickname, channel))

        def reply_461(self, command):
            nickname = self.nickname or "*"
            self.reply("461 %s %s :Not enough parameters" % (nickname, command))

        def message_channel(self, channel, command, message, include_self=False):
            line = ":%s %s %s" % (self.prefix, command, message)
            for client in channel.members:
                if client != self or include_self:
                    client.message(line)

        def channel_log(self, channel, message, meta=False):
            if not self.server.channel_log_dir:
                return
            if meta:
                format = "[%s] * %s %s\n"
            else:
                format = "[%s] <%s> %s\n"
            timestamp = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S UTC")
            logname = channel.name.replace("_", "__").replace("/", "_")
            fp = open("%s/%s.log" % (self.server.channel_log_dir, logname), "a")
            fp.write(format % (timestamp, self.nickname, message))
            fp.close()

        def message_related(self, msg, include_self=False):
            clients = set()
            if include_self:
                clients.add(self)
            for channel in self.channels.values():
                clients |= channel.members
            if not include_self:
                clients.discard(self)
            for client in clients:
                client.message(msg)

        def send_lusers(self):
            self.reply("251 %s :There are %d users and 0 services on 1 server"
                       % (self.nickname, len(self.server.clients)))

        def send_motd(self):
            server = self.server
            motdlines = server.get_motd_lines()
            if motdlines:
                self.reply("375 %s :- %s Message of the day -"
                           % (self.nickname, server.name))
                for line in motdlines:
                    self.reply("372 %s :- %s" % (self.nickname, line.rstrip()))
                self.reply("376 %s :End of /MOTD command" % self.nickname)
            else:
                self.reply("422 %s :MOTD File is missing" % self.nickname)


    class Server(object):
        def __init__(self, options):
            self.ports = options.ports
            self.password = options.password
            self.ssl_pem_file = options.ssl_pem_file
            self.motdfile = options.motd
            self.verbose = options.verbose
            self.debug = options.debug
            self.channel_log_dir = options.channel_log_dir
            self.chroot = options.chroot
            self.setuid = options.setuid
            self.state_dir = options.state_dir
            self.log_file = options.log_file
            self.log_max_bytes = options.log_max_size * 1024 * 1024
            self.log_count = options.log_count
            self.logger = None

            if options.password_file:
                with open(options.password_file, "r") as fp:
                    self.password = fp.read().strip("\n")

            if self.ssl_pem_file:
                self.ssl = __import__("ssl")

            # Find certificate after daemonization if path is relative:
            if self.ssl_pem_file and os.path.exists(self.ssl_pem_file):
                self.ssl_pem_file = os.path.abspath(self.ssl_pem_file)
            # else: might exist in the chroot jail, so just continue

            if options.listen:
                self.address = socket.gethostbyname(options.listen)
            else:
                self.address = ""
            server_name_limit = 63  # From the RFC.
            self.name = socket.getfqdn(self.address)[:server_name_limit]

            self.channels = {}  # irc_lower(Channel name) --> Channel instance.
            self.clients = {}  # Socket --> Client instance.
            self.nicknames = {}  # irc_lower(Nickname) --> Client instance.
            if self.channel_log_dir:
                create_directory(self.channel_log_dir)
            if self.state_dir:
                create_directory(self.state_dir)

        def make_pid_file(self, filename):
            try:
                fd = os.open(filename, os.O_RDWR | os.O_CREAT | os.O_EXCL, 0o644)
                os.write(fd, "%i\n" % os.getpid())
                os.close(fd)
            except:
                self.print_error("Could not create PID file %r" % filename)
                sys.exit(1)

        def daemonize(self):
            try:
                pid = os.fork()
                if pid > 0:
                    sys.exit(0)
            except OSError:
                sys.exit(1)
            os.setsid()
            try:
                pid = os.fork()
                if pid > 0:
                    self.print_info("PID: %d" % pid)
                    sys.exit(0)
            except OSError:
                sys.exit(1)
            os.chdir("/")
            os.umask(0)
            dev_null = open("/dev/null", "r+")
            os.dup2(dev_null.fileno(), sys.stdout.fileno())
            os.dup2(dev_null.fileno(), sys.stderr.fileno())
            os.dup2(dev_null.fileno(), sys.stdin.fileno())

        def get_client(self, nickname):
            return self.nicknames.get(irc_lower(nickname))

        def has_channel(self, name):
            return irc_lower(name) in self.channels

        def get_channel(self, channelname):
            if irc_lower(channelname) in self.channels:
                channel = self.channels[irc_lower(channelname)]
            else:
                channel = Channel(self, channelname)
                self.channels[irc_lower(channelname)] = channel
            return channel

        def get_motd_lines(self):
            if self.motdfile:
                try:
                    return open(self.motdfile).readlines()
                except IOError:
                    return ["Could not read MOTD file %r." % self.motdfile]
            else:
                return []

        def print_info(self, msg):
            if self.verbose:
                print(msg)
                sys.stdout.flush()
            if self.logger:
                self.logger.info(msg)

        def print_debug(self, msg):
            if self.debug:
                print(msg)
                sys.stdout.flush()
            if self.logger:
                self.logger.debug(msg)

        def print_error(self, msg):
            sys.stderr.write("%s\n" % msg)
            if self.logger:
                self.logger.error(msg)

        def client_changed_nickname(self, client, oldnickname):
            if oldnickname:
                del self.nicknames[irc_lower(oldnickname)]
            self.nicknames[irc_lower(client.nickname)] = client

        def remove_member_from_channel(self, client, channelname):
            if irc_lower(channelname) in self.channels:
                channel = self.channels[irc_lower(channelname)]
                channel.remove_client(client)

        def remove_client(self, client, quitmsg):
            client.message_related(":%s QUIT :%s" % (client.prefix, quitmsg))
            for x in client.channels.values():
                client.channel_log(x, "quit (%s)" % quitmsg, meta=True)
                x.remove_client(client)
            if client.nickname \
                    and irc_lower(client.nickname) in self.nicknames:
                del self.nicknames[irc_lower(client.nickname)]
            del self.clients[client.socket]

        def remove_channel(self, channel):
            del self.channels[irc_lower(channel.name)]

        def start(self):
            serversockets = []
            for port in self.ports:
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
                try:
                    s.bind((self.address, port))
                except socket.error as e:
                    self.print_error("Could not bind port %s: %s." % (port, e))
                    sys.exit(1)
                s.listen(5)
                serversockets.append(s)
                del s
                self.print_info("Listening on port %d." % port)
            if self.chroot:
                os.chdir(self.chroot)
                os.chroot(self.chroot)
                self.print_info("Changed root directory to %s" % self.chroot)
            if self.setuid:
                os.setgid(self.setuid[1])
                os.setuid(self.setuid[0])
                self.print_info("Setting uid:gid to %s:%s"
                                % (self.setuid[0], self.setuid[1]))

            self.init_logging()
            try:
                self.run(serversockets)
            except:
                if self.logger:
                    self.logger.exception("Fatal exception")
                raise

        def init_logging(self):
            if not self.log_file:
                return

            log_level = logging.INFO
            if self.debug:
                log_level = logging.DEBUG
            self.logger = logging.getLogger("miniircd")
            formatter = logging.Formatter(
                ("%(asctime)s - %(name)s[%(process)d] - "
                 "%(levelname)s - %(message)s"))
            fh = RotatingFileHandler(
                self.log_file,
                maxBytes=self.log_max_bytes,
                backupCount=self.log_count)
            fh.setLevel(log_level)
            fh.setFormatter(formatter)
            self.logger.setLevel(log_level)
            self.logger.addHandler(fh)

        def run(self, serversockets):
            last_aliveness_check = time.time()
            while True:
                (iwtd, owtd, ewtd) = select.select(
                    serversockets + [x.socket for x in self.clients.values()],
                    [x.socket for x in self.clients.values()
                     if x.write_queue_size() > 0],
                    [],
                    10)
                for x in iwtd:
                    if x in self.clients:
                        self.clients[x].socket_readable_notification()
                    else:
                        (conn, addr) = x.accept()
                        if self.ssl_pem_file:
                            try:
                                conn = self.ssl.wrap_socket(
                                    conn,
                                    server_side=True,
                                    certfile=self.ssl_pem_file,
                                    keyfile=self.ssl_pem_file)
                            except Exception as e:
                                self.print_error(
                                    "SSL error for connection from %s:%s: %s" % (
                                        addr[0], addr[1], e))
                                continue
                        try:
                            self.clients[conn] = Client(self, conn)
                            self.print_info("Accepted connection from %s:%s." % (
                                addr[0], addr[1]))
                        except socket.error as e:
                            try:
                                conn.close()
                            except:
                                pass
                for x in owtd:
                    if x in self.clients:  # client may have been disconnected
                        self.clients[x].socket_writable_notification()
                now = time.time()
                if last_aliveness_check + 10 < now:
                    for client in list(self.clients.values()):
                        client.check_aliveness()
                    last_aliveness_check = now


    _maketrans = str.maketrans if PY3 else string.maketrans
    _ircstring_translation = _maketrans(
        string.ascii_lowercase.upper() + "[]\\^",
        string.ascii_lowercase + "{}|~")


    def irc_lower(s):
        return s.translate(_ircstring_translation)


    def main(argv):
        op = OptionParser(
            version=VERSION,
            description="miniircd is a small and limited IRC server.")
        op.add_option(
            "--channel-log-dir",
            metavar="X",
            help="store channel log in directory X")
        op.add_option(
            "-d", "--daemon",
            action="store_true",
            help="fork and become a daemon")
        op.add_option(
            "--debug",
            action="store_true",
            help="print debug messages to stdout")
        op.add_option(
            "--listen",
            metavar="X",
            help="listen on specific IP address X")
        op.add_option(
            "--log-count",
            metavar="X", default=10, type="int",
            help="keep X log files; default: %default")
        op.add_option(
            "--log-file",
            metavar="X",
            help="store log in file X")
        op.add_option(
            "--log-max-size",
            metavar="X", default=10, type="int",
            help="set maximum log file size to X MiB; default: %default MiB")
        op.add_option(
            "--motd",
            metavar="X",
            help="display file X as message of the day")
        op.add_option(
            "--pid-file",
            metavar="X",
            help="write PID to file X")
        op.add_option(
            "-p", "--password",
            metavar="X",
            help="require connection password X; default: no password")
        op.add_option(
            "--password-file",
            metavar="X",
            help=("require connection password stored in file X;"
                  " default: no password"))
        op.add_option(
            "--ports",
            metavar="X",
            help="listen to ports X (a list separated by comma or whitespace);"
                 " default: 6667 or 6697 if SSL is enabled")
        op.add_option(
            "-s", "--ssl-pem-file",
            metavar="FILE",
            help="enable SSL and use FILE as the .pem certificate+key")
        op.add_option(
            "--state-dir",
            metavar="X",
            help="save persistent channel state (topic, key) in directory X")
        op.add_option(
            "--verbose",
            action="store_true",
            help="be verbose (print some progress messages to stdout)")
        if os.name == "posix":
            op.add_option(
                "--chroot",
                metavar="X",
                help="change filesystem root to directory X after startup"
                     " (requires root)")
            op.add_option(
                "--setuid",
                metavar="U[:G]",
                help="change process user (and optionally group) after startup"
                     " (requires root)")
        else:
            op.chroot = False
            op.setuid = False

        (options, args) = op.parse_args(argv[1:])
        if options.debug:
            options.verbose = True
        if options.ports is None:
            if options.ssl_pem_file is None:
                options.ports = "6667"
            else:
                options.ports = "6697"
        if options.chroot:
            if os.getuid() != 0:
                op.error("Must be root to use --chroot")
        if options.setuid:
            from pwd import getpwnam
            from grp import getgrnam
            if os.getuid() != 0:
                op.error("Must be root to use --setuid")
            matches = options.setuid.split(":")
            if len(matches) == 2:
                options.setuid = (getpwnam(matches[0]).pw_uid,
                                  getgrnam(matches[1]).gr_gid)
            elif len(matches) == 1:
                options.setuid = (getpwnam(matches[0]).pw_uid,
                                  getpwnam(matches[0]).pw_gid)
            else:
                op.error("Specify a user, or user and group separated by a colon,"
                         " e.g. --setuid daemon, --setuid nobody:nobody")
        if (os.getuid() == 0 or os.getgid() == 0) and not options.setuid:
            op.error("Running this service as root is not recommended. Use the"
                     " --setuid option to switch to an unprivileged account after"
                     " startup. If you really intend to run as root, use"
                     " \"--setuid root\".")

        ports = []
        for port in re.split(r"[,\s]+", options.ports):
            try:
                ports.append(int(port))
            except ValueError:
                op.error("bad port: %r" % port)
        options.ports = ports
        server = Server(options)
        if options.daemon:
            server.daemonize()
        if options.pid_file:
            server.make_pid_file(options.pid_file)
        try:
            server.start()
        except KeyboardInterrupt:
            server.print_error("Interrupted.")


    main(sys.argv)

    #################################

    top of the script don't think needed just in case
    ya might add 'import ssl'
    on github the python file is named a bit different
    to start the script save it as example: minircd.py
    chmod +x the script

    as root from hidircz directory with your pem file and motd file:
    # python minircd.py --ssl-pem-file=/root/hidircz/hidz.pem --listen 127.0.0.1 --motd=huh.motd --setuid=root

    i didn't test this out but to run the script as non root ya might need change directory to say /home/nonrootuser
    move everything there, chown -R nonroot:nonroot all the files
    so ssl doesn't gripe about an error i might be wrong on this fyi

    to get help with the irc server:
    # python minircd.py -h

    i forgot to mention to start tor at least on arch:
    # /usr/bin/tor -f /etc/tor/torrc

    so now you have a irc tor chat server up in stealth mode
    plus an additional layer of ssl

    the clients say via irssi can connect as follows:
    # socat TCP4-LISTEN:8000,reuseaddr,fork SOCKS4a:127.0.0.1:newtorsitenamehere.onion:6697,socksport=9050

    you don't add the 'irc' in front of the 'domain' just the onion address without 'irc'

    then launch irssi and to connect
    /connect -ssl 127.0.0.1 8000

    you can create a room join chat typical irc stuff
    anything done as /whois will show localhost no ip info

    for pidgin users little different but not much...
    basic tab is irc protocol
    yer user name
    server is the tor address without 'irc'
    advanced tab
    port 6697
    proxy tab...
    proxy is http
    host 127.0.0.1 port 8118

    start privoxy before connecting:
    # /usr/bin/privoxy --no-daemon /etc/privoxy/config

    here is my privoxy config:
    #######################################

    # Generally, this file goes in /etc/privoxy/config
    # unfucked config by cm0s 010117
    # to start /usr/bin/privoxy --no-dameon /etc/privoxy/config
    # Tor listens as a SOCKS4a proxy here:
    forward-socks5 / 127.0.0.1:9050 .

    # confz
    confdir /etc/privoxy
    logdir /var/log/privoxy
    # actionsfile standard  # Internal purpose, recommended
    actionsfile default.action   # Main actions file
    actionsfile user.action      # User customizations
    filterfile default.filter

    # timeout shit
    keep-alive-timeout 600
    # mohr timeout shit
    default-server-timeout 600
    # yet mohhhrrr...
    socket-timeout 600

    # Don't log interesting things, only startup messages, warnings and errors
    logfile logfile
    #jarfile jarfile
    #debug   0    # show each GET/POST/CONNECT request
    debug   4096 # Startup banner and warnings
    debug   8192 # Errors - *we highly recommended enabling this*

    user-manual /usr/share/doc/privoxy/user-manual
    listen-address  localhost:8118
    toggle  1
    enable-remote-toggle 0
    enable-edit-actions 0
    enable-remote-http-toggle 0
    buffer-limit 4096
    #
    #
    ########################################

    a quick side note:
    make sure logging is off in pidgin and also the otr plugin

    so recap, ya just launched your very own irc chat server
    can make your own motd, publish your otr key add whatever custom
    stuff ya want and ya really made it private coz it's in stealth mode
    stealth mode tor is NOT listed in the tor directory and even if someone
    finds your onion address they can't do anything, won't even let them
    scan your address without the auth cookie, and you added another layer of ssl

    cheerz

    tokzco

  14. keep it simple

    here's a suggestion:

    first, get your local to static config

    set all your internet devices and phones/laptops/boxes

    to a static config, make sure your router is open source

    shut off the dhcp server on the router, set the dns to static

    in the router and set that address to airvpn dns via openvpn/ssl

     

    then manually set a static config for each device, get rid of all the

    dhcp servers etc on all your stuff, ya don't need it, this also will treat

    all your devices like a real 'kill switch' meaning you won't have the ability

    to connect to the net without openvpn/ssl

     

    say you got 5 devices and want each one to have their own server via airvpn,

    just buy another airvpn subscription

     

    since you are familiar with computers build a pfsense box as your new router

    the idea is to keep things as simple as possible so you got less goin on

    that means there is less to break, misconfig or update

     

    in the end when your iptables /pfsense or ddwrt is up to connect you should need only

    3 commands, basically one to up your eth0/enp2s1, next create your stunnel, next to

    start your openvpn

     

    if your local is configd correctly you should not be able to connect to the internet unless you

    are using encryption, meaning stunnel/openvpn, that is a real kill switch and you need your router/pfsense box set up to airvpn's dns

     

    for tor, i have my tor notes on my site with my configs, i'm not doin transparent routing, decided against it, so i go with stock tor basically, privoxy, use proxychains-ng, socat etc.

     

    this keeps everything inside stunnel

     

    splif


  15. same thing i just switch servers

     

     

    # airvpn irc hidden service stealth mode ssl
    
    # mkdir hidircz
    # cd d0wnz
    # touch cool.motd
    # vim cool.motd
    hit 'i' copy paste
    text below or your own
    custom motd
    hit 'esc' key then type ':wq'
    ____ _ ____ _  _ ___  _  _ 
    |__| | |__/ |  | |__] |\ | 
    |  | | |  \  \/  |    | \| 
    ===========================                           
    https://airvpn.org
    
    add this to your torrc file
    mod for your own config if needed...
    
    VirtualAddrNetwork 10.192.0.0/10
    TransPort 9040
    DNSPort 53
    AutomapHostsOnResolve 1
    
    ##hidden service 
    HiddenServiceDir /var/lib/tor/
    HiddenServicePort 6697 127.0.0.1:6697
    HiddenServiceAuthorizeClient stealth IRCvisitor
    HidServAuth newtorsitenamehere.onion stealthpasshere
    
    you'll start tor and then stop tor to get your hidden service
    hostname and authorization cookie, this 'cookie' is in the hostname
    /var/lib/tor
    looks like this:
    newtorsitenamehere.onion yourauthcookieherebruh # client: IRCvisitor
    
    now remember in the torrc file below the port you created the 'IRCvisitor'
    without this information from /var/lib/tor added to the torrc file in the example
    above you cannot access the irc server or if it were http you can not access it
    even from the box hosting the irc/http server
    the advantage to stealth mode is this: it is NOT listed in the tor directory
    and if anything goes wrong with your irc server or you just want to create another openssl req -x509 -sha256 -newkey rsa:2048 -keyout ~/d0wnz/ircpriv.pem -out ~/d0wnz/ircert.pem -days 1024 -nodes -subj '/CN=irc.z4ojdtiaqvdfi4ys.onion' 
    'domain' no problem, you are not tied to anything, and anyone accessing your site/chat
    has to have contacted you to get the authorization cookie
    
    from hidircz directory...
    # openssl req -x509 -sha256 -newkey rsa:2048 -keyout /root/hidrircz/ircpriv.pem -out /root/hidircz/ircert.pem -days 1024 -nodes -subj '/CN=irc.newtorsitenamehere.onion' 
    # cat /root/hidircz/ircpriv.pem > hidz.pem
    # cat /root/hidircz/ircert.pem >> hidz.pem
    
    here's the python script....
    #################################
    
    #! /usr/bin/env python
    # https://github.com/jrosdahl/miniircd
    # Joel Rosdahl <joel@rosdahl.net>
    # pacman -S python-pyopenssl if needed
    
    import logging
    import os
    import re
    import select
    import socket
    import string
    import sys
    import tempfile
    import time
    from datetime import datetime
    from logging.handlers import RotatingFileHandler
    from optparse import OptionParser
    
    VERSION = "1.2.1"
    
    
    PY3 = sys.version_info[0] >= 3
    
    if PY3:
        def buffer_to_socket(msg):
            return msg.encode()
    
        def socket_to_buffer(buf):
            return buf.decode()
    else:
        def buffer_to_socket(msg):
            return msg
    
        def socket_to_buffer(buf):
            return buf
    
    
    def create_directory(path):
        if not os.path.isdir(path):
            os.makedirs(path)
    
    
    class Channel(object):
        def __init__(self, server, name):
            self.server = server
            self.name = name
            self.members = set()
            self._topic = ""
            self._key = None
            if self.server.state_dir:
                self._state_path = "%s/%s" % (
                    self.server.state_dir,
                    name.replace("_", "__").replace("/", "_"))
                self._read_state()
            else:
                self._state_path = None
    
        def add_member(self, client):
            self.members.add(client)
    
        def get_topic(self):
            return self._topic
    
        def set_topic(self, value):
            self._topic = value
            self._write_state()
    
        topic = property(get_topic, set_topic)
    
        def get_key(self):
            return self._key
    
        def set_key(self, value):
            self._key = value
            self._write_state()
    
        key = property(get_key, set_key)
    
        def remove_client(self, client):
            self.members.discard(client)
            if not self.members:
                self.server.remove_channel(self)
    
        def _read_state(self):
            if not (self._state_path and os.path.exists(self._state_path)):
                return
            data = {}
    
            with open(self._state_path, "rb") as state_file:
                exec(state_file.read(), {}, data)
    
            self._topic = data.get("topic", "")
            self._key = data.get("key")
    
        def _write_state(self):
            if not self._state_path:
                return
            (fd, path) = tempfile.mkstemp(dir=os.path.dirname(self._state_path))
            fp = os.fdopen(fd, "w")
            fp.write("topic = %r\n" % self.topic)
            fp.write("key = %r\n" % self.key)
            fp.close()
            os.rename(path, self._state_path)
    
    
    class Client(object):
        __linesep_regexp = re.compile(r"\r?\n")
        # The RFC limit for nicknames is 9 characters, but what the heck.
        __valid_nickname_regexp = re.compile(
            r"^[][\`_^{|}A-Za-z][][\`_^{|}A-Za-z0-9-]{0,50}$")
        __valid_channelname_regexp = re.compile(
            r"^[+!][^\x00\x07\x0a\x0d ,:]{0,50}$")
    
        def __init__(self, server, socket):
            self.server = server
            self.socket = socket
            self.channels = {}  # irc_lower(Channel name) --> Channel
            self.nickname = None
            self.user = None
            self.realname = None
            (self.host, self.port) = socket.getpeername()
            self.__timestamp = time.time()
            self.__readbuffer = ""
            self.__writebuffer = ""
            self.__sent_ping = False
            if self.server.password:
                self.__handle_command = self.__pass_handler
            else:
                self.__handle_command = self.__registration_handler
    
        def get_prefix(self):
            return "%s!%s@%s" % (self.nickname, self.user, self.host)
        prefix = property(get_prefix)
    
        def check_aliveness(self):
            now = time.time()
            if self.__timestamp + 180 < now:
                self.disconnect("ping timeout")
                return
            if not self.__sent_ping and self.__timestamp + 90 < now:
                if self.__handle_command == self.__command_handler:
                    # Registered.
                    self.message("PING :%s" % self.server.name)
                    self.__sent_ping = True
                else:
                    # Not registered.
                    self.disconnect("ping timeout")
    
        def write_queue_size(self):
            return len(self.__writebuffer)
    
        def __parse_read_buffer(self):
            lines = self.__linesep_regexp.split(self.__readbuffer)
            self.__readbuffer = lines[-1]
            lines = lines[:-1]
            for line in lines:
                if not line:
                    # Empty line. Ignore.
                    continue
                x = line.split(" ", 1)
                command = x[0].upper()
                if len(x) == 1:
                    arguments = []
                else:
                    if len(x[1]) > 0 and x[1][0] == ":":
                        arguments = [x[1][1:]]
                    else:
                        y = x[1].split(" :", 1)
                        arguments = y[0].split()
                        if len(y) == 2:
                            arguments.append(y[1])
                self.__handle_command(command, arguments)
    
        def __pass_handler(self, command, arguments):
            server = self.server
            if command == "PASS":
                if len(arguments) == 0:
                    self.reply_461("PASS")
                else:
                    if arguments[0].lower() == server.password:
                        self.__handle_command = self.__registration_handler
                    else:
                        self.reply("464 :Password incorrect")
            elif command == "QUIT":
                self.disconnect("Client quit")
                return
    
        def __registration_handler(self, command, arguments):
            server = self.server
            if command == "NICK":
                if len(arguments) < 1:
                    self.reply("431 :No nickname given")
                    return
                nick = arguments[0]
                if server.get_client(nick):
                    self.reply("433 * %s :Nickname is already in use" % nick)
                elif not self.__valid_nickname_regexp.match(nick):
                    self.reply("432 * %s :Erroneous nickname" % nick)
                else:
                    self.nickname = nick
                    server.client_changed_nickname(self, None)
            elif command == "USER":
                if len(arguments) < 4:
                    self.reply_461("USER")
                    return
                self.user = arguments[0]
                self.realname = arguments[3]
            elif command == "QUIT":
                self.disconnect("Client quit")
                return
            if self.nickname and self.user:
                self.reply("001 %s :Hi, welcome to IRC" % self.nickname)
                self.reply("002 %s :Your host is %s, running version miniircd-%s"
                           % (self.nickname, server.name, VERSION))
                self.reply("003 %s :This server was created sometime"
                           % self.nickname)
                self.reply("004 %s %s miniircd-%s o o"
                           % (self.nickname, server.name, VERSION))
                self.send_lusers()
                self.send_motd()
                self.__handle_command = self.__command_handler
    
        def __send_names(self, arguments, for_join=False):
            server = self.server
            valid_channel_re = self.__valid_channelname_regexp
            if len(arguments) > 0:
                channelnames = arguments[0].split(",")
            else:
                channelnames = sorted(self.channels.keys())
            if len(arguments) > 1:
                keys = arguments[1].split(",")
            else:
                keys = []
            keys.extend((len(channelnames) - len(keys)) * [None])
            for (i, channelname) in enumerate(channelnames):
                if for_join and irc_lower(channelname) in self.channels:
                    continue
                if not valid_channel_re.match(channelname):
                    self.reply_403(channelname)
                    continue
                channel = server.get_channel(channelname)
                if channel.key is not None and channel.key != keys[i]:
                    self.reply(
                        "475 %s %s :Cannot join channel (+k) - bad key"
                        % (self.nickname, channelname))
                    continue
    
                if for_join:
                    channel.add_member(self)
                    self.channels[irc_lower(channelname)] = channel
                    self.message_channel(channel, "JOIN", channelname, True)
                    self.channel_log(channel, "joined", meta=True)
                    if channel.topic:
                        self.reply("332 %s %s :%s"
                                   % (self.nickname, channel.name, channel.topic))
                    else:
                        self.reply("331 %s %s :No topic is set"
                                   % (self.nickname, channel.name))
                names_prefix = "353 %s = %s :" % (self.nickname, channelname)
                names = ""
                # Max length: reply prefix ":server_name(space)" plus CRLF in
                # the end.
                names_max_len = 512 - (len(server.name) + 2 + 2)
                for name in sorted(x.nickname for x in channel.members):
                    if not names:
                        names = names_prefix + name
                    # Using >= to include the space between "names" and "name".
                    elif len(names) + len(name) >= names_max_len:
                        self.reply(names)
                        names = names_prefix + name
                    else:
                        names += " " + name
                if names:
                    self.reply(names)
                self.reply("366 %s %s :End of NAMES list"
                           % (self.nickname, channelname))
    
        def __command_handler(self, command, arguments):
            def away_handler():
                pass
    
            def ison_handler():
                if len(arguments) < 1:
                    self.reply_461("ISON")
                    return
                nicks = arguments
                online = [n for n in nicks if server.get_client(n)]
                self.reply("303 %s :%s" % (self.nickname, " ".join(online)))
    
            def join_handler():
                if len(arguments) < 1:
                    self.reply_461("JOIN")
                    return
                if arguments[0] == "0":
                    for (channelname, channel) in self.channels.items():
                        self.message_channel(channel, "PART", channelname, True)
                        self.channel_log(channel, "left", meta=True)
                        server.remove_member_from_channel(self, channelname)
                    self.channels = {}
                    return
                self.__send_names(arguments, for_join=True)
    
            def list_handler():
                if len(arguments) < 1:
                    channels = server.channels.values()
                else:
                    channels = []
                    for channelname in arguments[0].split(","):
                        if server.has_channel(channelname):
                            channels.append(server.get_channel(channelname))
    
                sorted_channels = sorted(channels, key=lambda x: x.name)
                for channel in sorted_channels:
                    self.reply("322 %s %s %d :%s"
                               % (self.nickname, channel.name,
                                  len(channel.members), channel.topic))
                self.reply("323 %s :End of LIST" % self.nickname)
    
            def lusers_handler():
                self.send_lusers()
    
            def mode_handler():
                if len(arguments) < 1:
                    self.reply_461("MODE")
                    return
                targetname = arguments[0]
                if server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    if len(arguments) < 2:
                        if channel.key:
                            modes = "+k"
                            if irc_lower(channel.name) in self.channels:
                                modes += " %s" % channel.key
                        else:
                            modes = "+"
                        self.reply("324 %s %s %s"
                                   % (self.nickname, targetname, modes))
                        return
                    flag = arguments[1]
                    if flag == "+k":
                        if len(arguments) < 3:
                            self.reply_461("MODE")
                            return
                        key = arguments[2]
                        if irc_lower(channel.name) in self.channels:
                            channel.key = key
                            self.message_channel(
                                channel, "MODE", "%s +k %s" % (channel.name, key),
                                True)
                            self.channel_log(
                                channel, "set channel key to %s" % key, meta=True)
                        else:
                            self.reply("442 %s :You're not on that channel"
                                       % targetname)
                    elif flag == "-k":
                        if irc_lower(channel.name) in self.channels:
                            channel.key = None
                            self.message_channel(
                                channel, "MODE", "%s -k" % channel.name,
                                True)
                            self.channel_log(
                                channel, "removed channel key", meta=True)
                        else:
                            self.reply("442 %s :You're not on that channel"
                                       % targetname)
                    else:
                        self.reply("472 %s %s :Unknown MODE flag"
                                   % (self.nickname, flag))
                elif targetname == self.nickname:
                    if len(arguments) == 1:
                        self.reply("221 %s +" % self.nickname)
                    else:
                        self.reply("501 %s :Unknown MODE flag" % self.nickname)
                else:
                    self.reply_403(targetname)
    
            def motd_handler():
                self.send_motd()
    
            def names_handler():
                self.__send_names(arguments)
    
            def nick_handler():
                if len(arguments) < 1:
                    self.reply("431 :No nickname given")
                    return
                newnick = arguments[0]
                client = server.get_client(newnick)
                if newnick == self.nickname:
                    pass
                elif client and client is not self:
                    self.reply("433 %s %s :Nickname is already in use"
                               % (self.nickname, newnick))
                elif not self.__valid_nickname_regexp.match(newnick):
                    self.reply("432 %s %s :Erroneous Nickname"
                               % (self.nickname, newnick))
                else:
                    for x in self.channels.values():
                        self.channel_log(
                            x, "changed nickname to %s" % newnick, meta=True)
                    oldnickname = self.nickname
                    self.nickname = newnick
                    server.client_changed_nickname(self, oldnickname)
                    self.message_related(
                        ":%s!%s@%s NICK %s"
                        % (oldnickname, self.user, self.host, self.nickname),
                        True)
    
            def notice_and_privmsg_handler():
                if len(arguments) == 0:
                    self.reply("411 %s :No recipient given (%s)"
                               % (self.nickname, command))
                    return
                if len(arguments) == 1:
                    self.reply("412 %s :No text to send" % self.nickname)
                    return
                targetname = arguments[0]
                message = arguments[1]
                client = server.get_client(targetname)
                if client:
                    client.message(":%s %s %s :%s"
                                   % (self.prefix, command, targetname, message))
                elif server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    self.message_channel(
                        channel, command, "%s :%s" % (channel.name, message))
                    self.channel_log(channel, message)
                else:
                    self.reply("401 %s %s :No such nick/channel"
                               % (self.nickname, targetname))
    
            def part_handler():
                if len(arguments) < 1:
                    self.reply_461("PART")
                    return
                if len(arguments) > 1:
                    partmsg = arguments[1]
                else:
                    partmsg = self.nickname
                for channelname in arguments[0].split(","):
                    if not valid_channel_re.match(channelname):
                        self.reply_403(channelname)
                    elif not irc_lower(channelname) in self.channels:
                        self.reply("442 %s %s :You're not on that channel"
                                   % (self.nickname, channelname))
                    else:
                        channel = self.channels[irc_lower(channelname)]
                        self.message_channel(
                            channel, "PART", "%s :%s" % (channelname, partmsg),
                            True)
                        self.channel_log(channel, "left (%s)" % partmsg, meta=True)
                        del self.channels[irc_lower(channelname)]
                        server.remove_member_from_channel(self, channelname)
    
            def ping_handler():
                if len(arguments) < 1:
                    self.reply("409 %s :No origin specified" % self.nickname)
                    return
                self.reply("PONG %s :%s" % (server.name, arguments[0]))
    
            def pong_handler():
                pass
    
            def quit_handler():
                if len(arguments) < 1:
                    quitmsg = self.nickname
                else:
                    quitmsg = arguments[0]
                self.disconnect(quitmsg)
    
            def topic_handler():
                if len(arguments) < 1:
                    self.reply_461("TOPIC")
                    return
                channelname = arguments[0]
                channel = self.channels.get(irc_lower(channelname))
                if channel:
                    if len(arguments) > 1:
                        newtopic = arguments[1]
                        channel.topic = newtopic
                        self.message_channel(
                            channel, "TOPIC", "%s :%s" % (channelname, newtopic),
                            True)
                        self.channel_log(
                            channel, "set topic to %r" % newtopic, meta=True)
                    else:
                        if channel.topic:
                            self.reply("332 %s %s :%s"
                                       % (self.nickname, channel.name,
                                          channel.topic))
                        else:
                            self.reply("331 %s %s :No topic is set"
                                       % (self.nickname, channel.name))
                else:
                    self.reply("442 %s :You're not on that channel" % channelname)
    
            def wallops_handler():
                if len(arguments) < 1:
                    self.reply_461("WALLOPS")
                    return
                message = arguments[0]
                for client in server.clients.values():
                    client.message(":%s NOTICE %s :Global notice: %s"
                                   % (self.prefix, client.nickname, message))
    
            def who_handler():
                if len(arguments) < 1:
                    return
                targetname = arguments[0]
                if server.has_channel(targetname):
                    channel = server.get_channel(targetname)
                    for member in channel.members:
                        self.reply("352 %s %s %s %s %s %s H :0 %s"
                                   % (self.nickname, targetname, member.user,
                                      member.host, server.name, member.nickname,
                                      member.realname))
                    self.reply("315 %s %s :End of WHO list"
                               % (self.nickname, targetname))
    
            def whois_handler():
                if len(arguments) < 1:
                    return
                username = arguments[0]
                user = server.get_client(username)
                if user:
                    self.reply("311 %s %s %s %s * :%s"
                               % (self.nickname, user.nickname, user.user,
                                  user.host, user.realname))
                    self.reply("312 %s %s %s :%s"
                               % (self.nickname, user.nickname, server.name,
                                  server.name))
                    self.reply("319 %s %s :%s"
                               % (self.nickname, user.nickname,
                                  " ".join(user.channels)))
                    self.reply("318 %s %s :End of WHOIS list"
                               % (self.nickname, user.nickname))
                else:
                    self.reply("401 %s %s :No such nick"
                               % (self.nickname, username))
    
            handler_table = {
                "AWAY": away_handler,
                "ISON": ison_handler,
                "JOIN": join_handler,
                "LIST": list_handler,
                "LUSERS": lusers_handler,
                "MODE": mode_handler,
                "MOTD": motd_handler,
                "NAMES": names_handler,
                "NICK": nick_handler,
                "NOTICE": notice_and_privmsg_handler,
                "PART": part_handler,
                "PING": ping_handler,
                "PONG": pong_handler,
                "PRIVMSG": notice_and_privmsg_handler,
                "QUIT": quit_handler,
                "TOPIC": topic_handler,
                "WALLOPS": wallops_handler,
                "WHO": who_handler,
                "WHOIS": whois_handler,
            }
            server = self.server
            valid_channel_re = self.__valid_channelname_regexp
            try:
                handler_table[command]()
            except KeyError:
                self.reply("421 %s %s :Unknown command" % (self.nickname, command))
    
        def socket_readable_notification(self):
            try:
                data = self.socket.recv(2 ** 10)
                self.server.print_debug(
                    "[%s:%d] -> %r" % (self.host, self.port, data))
                quitmsg = "EOT"
            except socket.error as x:
                data = ""
                quitmsg = x
            if data:
                self.__readbuffer += socket_to_buffer(data)
                self.__parse_read_buffer()
                self.__timestamp = time.time()
                self.__sent_ping = False
            else:
                self.disconnect(quitmsg)
    
        def socket_writable_notification(self):
            try:
                sent = self.socket.send(buffer_to_socket(self.__writebuffer))
                self.server.print_debug(
                    "[%s:%d] <- %r" % (
                        self.host, self.port, self.__writebuffer[:sent]))
                self.__writebuffer = self.__writebuffer[sent:]
            except socket.error as x:
                self.disconnect(x)
    
        def disconnect(self, quitmsg):
            self.message("ERROR :%s" % quitmsg)
            self.server.print_info(
                "Disconnected connection from %s:%s (%s)." % (
                    self.host, self.port, quitmsg))
            self.socket.close()
            self.server.remove_client(self, quitmsg)
    
        def message(self, msg):
            self.__writebuffer += msg + "\r\n"
    
        def reply(self, msg):
            self.message(":%s %s" % (self.server.name, msg))
    
        def reply_403(self, channel):
            self.reply("403 %s %s :No such channel" % (self.nickname, channel))
    
        def reply_461(self, command):
            nickname = self.nickname or "*"
            self.reply("461 %s %s :Not enough parameters" % (nickname, command))
    
        def message_channel(self, channel, command, message, include_self=False):
            line = ":%s %s %s" % (self.prefix, command, message)
            for client in channel.members:
                if client != self or include_self:
                    client.message(line)
    
        def channel_log(self, channel, message, meta=False):
            if not self.server.channel_log_dir:
                return
            if meta:
                format = "[%s] * %s %s\n"
            else:
                format = "[%s] <%s> %s\n"
            timestamp = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S UTC")
            logname = channel.name.replace("_", "__").replace("/", "_")
            fp = open("%s/%s.log" % (self.server.channel_log_dir, logname), "a")
            fp.write(format % (timestamp, self.nickname, message))
            fp.close()
    
        def message_related(self, msg, include_self=False):
            clients = set()
            if include_self:
                clients.add(self)
            for channel in self.channels.values():
                clients |= channel.members
            if not include_self:
                clients.discard(self)
            for client in clients:
                client.message(msg)
    
        def send_lusers(self):
            self.reply("251 %s :There are %d users and 0 services on 1 server"
                       % (self.nickname, len(self.server.clients)))
    
        def send_motd(self):
            server = self.server
            motdlines = server.get_motd_lines()
            if motdlines:
                self.reply("375 %s :- %s Message of the day -"
                           % (self.nickname, server.name))
                for line in motdlines:
                    self.reply("372 %s :- %s" % (self.nickname, line.rstrip()))
                self.reply("376 %s :End of /MOTD command" % self.nickname)
            else:
                self.reply("422 %s :MOTD File is missing" % self.nickname)
    
    
    class Server(object):
        def __init__(self, options):
            self.ports = options.ports
            self.password = options.password
            self.ssl_pem_file = options.ssl_pem_file
            self.motdfile = options.motd
            self.verbose = options.verbose
            self.debug = options.debug
            self.channel_log_dir = options.channel_log_dir
            self.chroot = options.chroot
            self.setuid = options.setuid
            self.state_dir = options.state_dir
            self.log_file = options.log_file
            self.log_max_bytes = options.log_max_size * 1024 * 1024
            self.log_count = options.log_count
            self.logger = None
    
            if options.password_file:
                with open(options.password_file, "r") as fp:
                    self.password = fp.read().strip("\n")
    
            if self.ssl_pem_file:
                self.ssl = __import__("ssl")
    
            # Find certificate after daemonization if path is relative:
            if self.ssl_pem_file and os.path.exists(self.ssl_pem_file):
                self.ssl_pem_file = os.path.abspath(self.ssl_pem_file)
            # else: might exist in the chroot jail, so just continue
    
            if options.listen:
                self.address = socket.gethostbyname(options.listen)
            else:
                self.address = ""
            server_name_limit = 63  # From the RFC.
            self.name = socket.getfqdn(self.address)[:server_name_limit]
    
            self.channels = {}  # irc_lower(Channel name) --> Channel instance.
            self.clients = {}  # Socket --> Client instance.
            self.nicknames = {}  # irc_lower(Nickname) --> Client instance.
            if self.channel_log_dir:
                create_directory(self.channel_log_dir)
            if self.state_dir:
                create_directory(self.state_dir)
    
        def make_pid_file(self, filename):
            try:
                fd = os.open(filename, os.O_RDWR | os.O_CREAT | os.O_EXCL, 0o644)
                os.write(fd, "%i\n" % os.getpid())
                os.close(fd)
            except:
                self.print_error("Could not create PID file %r" % filename)
                sys.exit(1)
    
        def daemonize(self):
            try:
                pid = os.fork()
                if pid > 0:
                    sys.exit(0)
            except OSError:
                sys.exit(1)
            os.setsid()
            try:
                pid = os.fork()
                if pid > 0:
                    self.print_info("PID: %d" % pid)
                    sys.exit(0)
            except OSError:
                sys.exit(1)
            os.chdir("/")
            os.umask(0)
            dev_null = open("/dev/null", "r+")
            os.dup2(dev_null.fileno(), sys.stdout.fileno())
            os.dup2(dev_null.fileno(), sys.stderr.fileno())
            os.dup2(dev_null.fileno(), sys.stdin.fileno())
    
        def get_client(self, nickname):
            return self.nicknames.get(irc_lower(nickname))
    
        def has_channel(self, name):
            return irc_lower(name) in self.channels
    
        def get_channel(self, channelname):
            if irc_lower(channelname) in self.channels:
                channel = self.channels[irc_lower(channelname)]
            else:
                channel = Channel(self, channelname)
                self.channels[irc_lower(channelname)] = channel
            return channel
    
        def get_motd_lines(self):
            if self.motdfile:
                try:
                    return open(self.motdfile).readlines()
                except IOError:
                    return ["Could not read MOTD file %r." % self.motdfile]
            else:
                return []
    
        def print_info(self, msg):
            if self.verbose:
                print(msg)
                sys.stdout.flush()
            if self.logger:
                self.logger.info(msg)
    
        def print_debug(self, msg):
            if self.debug:
                print(msg)
                sys.stdout.flush()
            if self.logger:
                self.logger.debug(msg)
    
        def print_error(self, msg):
            sys.stderr.write("%s\n" % msg)
            if self.logger:
                self.logger.error(msg)
    
        def client_changed_nickname(self, client, oldnickname):
            if oldnickname:
                del self.nicknames[irc_lower(oldnickname)]
            self.nicknames[irc_lower(client.nickname)] = client
    
        def remove_member_from_channel(self, client, channelname):
            if irc_lower(channelname) in self.channels:
                channel = self.channels[irc_lower(channelname)]
                channel.remove_client(client)
    
        def remove_client(self, client, quitmsg):
            client.message_related(":%s QUIT :%s" % (client.prefix, quitmsg))
            for x in client.channels.values():
                client.channel_log(x, "quit (%s)" % quitmsg, meta=True)
                x.remove_client(client)
            if client.nickname \
                    and irc_lower(client.nickname) in self.nicknames:
                del self.nicknames[irc_lower(client.nickname)]
            del self.clients[client.socket]
    
        def remove_channel(self, channel):
            del self.channels[irc_lower(channel.name)]
    
        def start(self):
            serversockets = []
            for port in self.ports:
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
                try:
                    s.bind((self.address, port))
                except socket.error as e:
                    self.print_error("Could not bind port %s: %s." % (port, e))
                    sys.exit(1)
                s.listen(5)
                serversockets.append(s)
                del s
                self.print_info("Listening on port %d." % port)
            if self.chroot:
                os.chdir(self.chroot)
                os.chroot(self.chroot)
                self.print_info("Changed root directory to %s" % self.chroot)
            if self.setuid:
                os.setgid(self.setuid[1])
                os.setuid(self.setuid[0])
                self.print_info("Setting uid:gid to %s:%s"
                                % (self.setuid[0], self.setuid[1]))
    
            self.init_logging()
            try:
                self.run(serversockets)
            except:
                if self.logger:
                    self.logger.exception("Fatal exception")
                raise
    
        def init_logging(self):
            if not self.log_file:
                return
    
            log_level = logging.INFO
            if self.debug:
                log_level = logging.DEBUG
            self.logger = logging.getLogger("miniircd")
            formatter = logging.Formatter(
                ("%(asctime)s - %(name)s[%(process)d] - "
                 "%(levelname)s - %(message)s"))
            fh = RotatingFileHandler(
                self.log_file,
                maxBytes=self.log_max_bytes,
                backupCount=self.log_count)
            fh.setLevel(log_level)
            fh.setFormatter(formatter)
            self.logger.setLevel(log_level)
            self.logger.addHandler(fh)
    
        def run(self, serversockets):
            last_aliveness_check = time.time()
            while True:
                (iwtd, owtd, ewtd) = select.select(
                    serversockets + [x.socket for x in self.clients.values()],
                    [x.socket for x in self.clients.values()
                     if x.write_queue_size() > 0],
                    [],
                    10)
                for x in iwtd:
                    if x in self.clients:
                        self.clients[x].socket_readable_notification()
                    else:
                        (conn, addr) = x.accept()
                        if self.ssl_pem_file:
                            try:
                                conn = self.ssl.wrap_socket(
                                    conn,
                                    server_side=True,
                                    certfile=self.ssl_pem_file,
                                    keyfile=self.ssl_pem_file)
                            except Exception as e:
                                self.print_error(
                                    "SSL error for connection from %s:%s: %s" % (
                                        addr[0], addr[1], e))
                                continue
                        try:
                            self.clients[conn] = Client(self, conn)
                            self.print_info("Accepted connection from %s:%s." % (
                                addr[0], addr[1]))
                        except socket.error as e:
                            try:
                                conn.close()
                            except:
                                pass
                for x in owtd:
                    if x in self.clients:  # client may have been disconnected
                        self.clients[x].socket_writable_notification()
                now = time.time()
                if last_aliveness_check + 10 < now:
                    for client in list(self.clients.values()):
                        client.check_aliveness()
                    last_aliveness_check = now
    
    
    _maketrans = str.maketrans if PY3 else string.maketrans
    _ircstring_translation = _maketrans(
        string.ascii_lowercase.upper() + "[]\\^",
        string.ascii_lowercase + "{}|~")
    
    
    def irc_lower(s):
        return s.translate(_ircstring_translation)
    
    
    def main(argv):
        op = OptionParser(
            version=VERSION,
            description="miniircd is a small and limited IRC server.")
        op.add_option(
            "--channel-log-dir",
            metavar="X",
            help="store channel log in directory X")
        op.add_option(
            "-d", "--daemon",
            action="store_true",
            help="fork and become a daemon")
        op.add_option(
            "--debug",
            action="store_true",
            help="print debug messages to stdout")
        op.add_option(
            "--listen",
            metavar="X",
            help="listen on specific IP address X")
        op.add_option(
            "--log-count",
            metavar="X", default=10, type="int",
            help="keep X log files; default: %default")
        op.add_option(
            "--log-file",
            metavar="X",
            help="store log in file X")
        op.add_option(
            "--log-max-size",
            metavar="X", default=10, type="int",
            help="set maximum log file size to X MiB; default: %default MiB")
        op.add_option(
            "--motd",
            metavar="X",
            help="display file X as message of the day")
        op.add_option(
            "--pid-file",
            metavar="X",
            help="write PID to file X")
        op.add_option(
            "-p", "--password",
            metavar="X",
            help="require connection password X; default: no password")
        op.add_option(
            "--password-file",
            metavar="X",
            help=("require connection password stored in file X;"
                  " default: no password"))
        op.add_option(
            "--ports",
            metavar="X",
            help="listen to ports X (a list separated by comma or whitespace);"
                 " default: 6667 or 6697 if SSL is enabled")
        op.add_option(
            "-s", "--ssl-pem-file",
            metavar="FILE",
            help="enable SSL and use FILE as the .pem certificate+key")
        op.add_option(
            "--state-dir",
            metavar="X",
            help="save persistent channel state (topic, key) in directory X")
        op.add_option(
            "--verbose",
            action="store_true",
            help="be verbose (print some progress messages to stdout)")
        if os.name == "posix":
            op.add_option(
                "--chroot",
                metavar="X",
                help="change filesystem root to directory X after startup"
                     " (requires root)")
            op.add_option(
                "--setuid",
                metavar="U[:G]",
                help="change process user (and optionally group) after startup"
                     " (requires root)")
        else:
            op.chroot = False
            op.setuid = False
    
        (options, args) = op.parse_args(argv[1:])
        if options.debug:
            options.verbose = True
        if options.ports is None:
            if options.ssl_pem_file is None:
                options.ports = "6667"
            else:
                options.ports = "6697"
        if options.chroot:
            if os.getuid() != 0:
                op.error("Must be root to use --chroot")
        if options.setuid:
            from pwd import getpwnam
            from grp import getgrnam
            if os.getuid() != 0:
                op.error("Must be root to use --setuid")
            matches = options.setuid.split(":")
            if len(matches) == 2:
                options.setuid = (getpwnam(matches[0]).pw_uid,
                                  getgrnam(matches[1]).gr_gid)
            elif len(matches) == 1:
                options.setuid = (getpwnam(matches[0]).pw_uid,
                                  getpwnam(matches[0]).pw_gid)
            else:
                op.error("Specify a user, or user and group separated by a colon,"
                         " e.g. --setuid daemon, --setuid nobody:nobody")
        if (os.getuid() == 0 or os.getgid() == 0) and not options.setuid:
            op.error("Running this service as root is not recommended. Use the"
                     " --setuid option to switch to an unprivileged account after"
                     " startup. If you really intend to run as root, use"
                     " \"--setuid root\".")
    
        ports = []
        for port in re.split(r"[,\s]+", options.ports):
            try:
                ports.append(int(port))
            except ValueError:
                op.error("bad port: %r" % port)
        options.ports = ports
        server = Server(options)
        if options.daemon:
            server.daemonize()
        if options.pid_file:
            server.make_pid_file(options.pid_file)
        try:
            server.start()
        except KeyboardInterrupt:
            server.print_error("Interrupted.")
    
    
    main(sys.argv)
    
    #################################
    
    top of the script don't think needed just in case
    ya might add 'import ssl'
    on github the python file is named a bit different
    to start the script save it as example: minircd.py
    chmod +x the script
    
    as root from hidircz directory with your pem file and motd file:
    # python minircd.py --ssl-pem-file=/root/hidircz/hidz.pem --listen 127.0.0.1 --motd=huh.motd --setuid=root
    
    i didn't test this out but to run the script as non root ya might need change directory to say /home/nonrootuser
    move everything there, chown -R nonroot:nonroot all the files
    so ssl doesn't gripe about an error i might be wrong on this fyi 
    
    to get help with the irc server:
    # python minircd.py -h
    
    i forgot to mention to start tor at least on arch:
    # /usr/bin/tor -f /etc/tor/torrc
    
    so now you have a irc tor chat server up in stealth mode
    plus an additional layer of ssl 
    
    the clients say via irssi can connect as follows:
    # socat TCP4-LISTEN:8000,reuseaddr,fork SOCKS4a:127.0.0.1:newtorsitenamehere.onion:6697,socksport=9050
    
    you don't add the 'irc' in front of the 'domain' just the onion address without 'irc' 
    
    then launch irssi and to connect
    /connect -ssl 127.0.0.1 8000
    
    you can create a room join chat typical irc stuff
    anything done as /whois will show localhost no ip info
    
    for pidgin users little different but not much...
    basic tab is irc protocol
    yer user name
    server is the tor address without 'irc'
    advanced tab
    port 6697
    proxy tab...
    proxy is http
    host 127.0.0.1 port 8118
    
    start privoxy before connecting:
    # /usr/bin/privoxy --no-daemon /etc/privoxy/config
    
    here is my privoxy config:
    #######################################
    
    # Generally, this file goes in /etc/privoxy/config
    # unfucked config by cm0s 010117
    # to start /usr/bin/privoxy --no-dameon /etc/privoxy/config
    # Tor listens as a SOCKS4a proxy here:
    forward-socks5 / 127.0.0.1:9050 .
    
    # confz
    confdir /etc/privoxy
    logdir /var/log/privoxy
    # actionsfile standard  # Internal purpose, recommended
    actionsfile default.action   # Main actions file
    actionsfile user.action      # User customizations
    filterfile default.filter
    
    # timeout shit
    keep-alive-timeout 600
    # mohr timeout shit
    default-server-timeout 600
    # yet mohhhrrr...
    socket-timeout 600
    
    # Don't log interesting things, only startup messages, warnings and errors
    logfile logfile
    #jarfile jarfile
    #debug   0    # show each GET/POST/CONNECT request
    debug   4096 # Startup banner and warnings
    debug   8192 # Errors - *we highly recommended enabling this*
    
    user-manual /usr/share/doc/privoxy/user-manual
    listen-address  localhost:8118
    toggle  1
    enable-remote-toggle 0
    enable-edit-actions 0
    enable-remote-http-toggle 0
    buffer-limit 4096
    #
    #
    ########################################
    
    a quick side note:
    make sure logging is off in pidgin and also the otr plugin
    
    so recap, ya just launched your very own irc chat server
    can make your own motd, publish your otr key add whatever custom
    stuff ya want and ya really made it private coz it's in stealth mode
    stealth mode tor is NOT listed in the tor directory and even if someone
    finds your onion address they can't do anything, won't even let them 
    scan your address without the auth cookie, and you added another layer of ssl
    
    cheerz
    
    splif
    
    

  16. i don't think the reply was useless,

    simply pointing out ya don't need newer hardware

    to get performance

     

    for me, i trust the older hardware more than the newer stuff

    by far, the other thing is tends to be less tracks on it

    since older computers were bought/sold many times

     

    and if someone is at your cpu probably game over anyway right?

     

    have a good day


  17. a magnet is a txt file

     

    not much overhead there

     

    adware on a torrent site means a 3rd party

     

    has access to your site's traffic

     

    that by itself is the biggest liability to a torrent

     

    site's security

     

    you can hit github, get a magnet scraper, scrape your favorite torrent site

     

    and put all the magents up on one single page on a site somewhere for next to

     

    nothing

     

    i got a couple magnets up on my site, cost me zero to add them, few minutes of time

     

    and drinking too much coffee  


  18. with iptables these are the rules i am using basically:

     

    iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router
    iptables -A INPUT -s 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router
    iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #communicate within lan
    iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
    iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # make sure eth0/tun0 can communicate
    iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to 10.5.0.1 #use vpn dns
    iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 # use vpn dns
    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # map tun0 outgoing IP addy
    iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP # if traffic isn't vpn
    

    and my tor config:

    VirtualAddrNetwork 10.192.0.0/10
    TransPort 9040
    DNSPort 53
    AutomapHostsOnResolve 1
    
    ##hidden service shit
    HiddenServiceDir /var/lib/tor/
    HiddenServicePort 443 127.0.0.1:443
    HiddenServiceAuthorizeClient stealth v1ztr
    HidServAuth z4ojdtiaqvdfi4ys.onion sumkewlkey 
    
    

    with static config my /etc/resolv.conf shows only airvpn 10.5.0.1

    and have my router set to static also

     

    i'm working on a script that works with airvpn/ssl/tor

    what i am trying to do is i have found scripts/iptables rules online that

    you can make your tor traffic on your box system wide, meaning if ya use any

    app on your box your box's traffic goes through tor system wide and that i know how to do, what i'd like to do is have some iptables rules that allows me to connect to airvpn first like above, because really at this point my threat model is my ISP, just from their basic data-mining practices, anway, could someone paste a set of iptables rules that adds onto what is above so after my box is connected to airvpn/ssl via port 443 all traffic then gets routed to the tor network?

    i've come close modding the backbox anonymous script that raffaele made for his distro backbox

     

    splif

     

    not sure if it would be a good idea to do transparent routing but if you do have iptables rules that can route all traffic through vpn and have tor system wide please let me know, been googling it and testing this, i don't want to mess with the resolv.conf want to keep that 10.5.0.1

    the idea here is this saves me from having to torsocks this or privoxy that, however might be further ahead to keep the config like it is, dunno yet...


  19. say yer drive is incrypted your grub would look like this:

    GRUB_CMDLINE_LINUX_DEFAULT="quiet"
    GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:cryptroot ipv6.disable=1 video=1360x768"

     

    then recheck/build...
    # grub-install --recheck /dev/sda
    # grub-mkconfig -o /boot/grub/grub.cfg

     

    if you do an ip link command or ifconfig and don't see ipv6 addr good sign

    here's another link for debian ubuntu etc:

     

    http://www.binarytides.com/disable-ipv6-ubuntu/

     

    arch basically above but more info:

    https://wiki.archlinux.org/index.php/IPv6

     

    same info but mohr detail as above:

    https://askubuntu.com/questions/440302/how-to-disable-ipv6-when-connecting-to-an-openvpn-server-using-network-manager-o

     

    iptables stuff:

    https://unix.stackexchange.com/questions/108029/is-it-better-to-set-rules-in-ip6tables-or-disable-ipv6

    https://superuser.com/questions/488341/block-ipv6-traffic-using-iptables-on-linux-using-layer-2-info


  20. speaking of the old days serenacat that reminded me for jean clead's point,

    about linux being open also, it's just less popular out there

    but yeah, old hardware, go as old as you can and still have your config function

     

    i do not trust anything new at all

     

    right now my boxes are pentium 4s with about a gig of ram in them

    one is literally out of a dumpster and i love that box

     

    it's all in the config, i can down a torrent with rtorrent, dump via t-shark, run suricata ids, my firewall

    browse the net with firefox and run my tor site plus other stuff around a gig of ram on a pentium 4

     

    now the torrent app if it starts to really pull in will slow firefox down at times but most time it doesn't

     

    the average phone out there crushes my boxes but there ya go, bloat config

     

    probably one really good thing about microsoft getting so big jean clead, they took a lot of the malware biz

    with them, i'll run clamav, unhide etc once in a while but like anyone else, get lazy on it

     

    that's the thing to remember kinda a diff between the general junk you encounter online and say stuff written

    for your distro or specifically getting targeted

×
×
  • Create New...