To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Log and OpenSSL.cnf SelfSigned: Difference between pages

From ZNC
(Difference between pages)
Jump to navigation Jump to search
KindOne (talk | contribs)
Restore Log from archive.org - 2016/05/08
 
DoctorD90 (talk | contribs)
Created page with " [default] default_md = sha512 name_opt = ca_default cert_opt = ca_default default_days = 375 policy = @policy_selfsigned [ re..."
 
Line 1: Line 1:
{{DISPLAYTITLE:log}}
[default]
{{Core Module}}
default_md        = sha512
 
name_opt          = ca_default
This module logs your conversations to some special place on your disk.
cert_opt          = ca_default
 
default_days      = 375
== '''Notes''' ==
policy            = @policy_selfsigned
  In the znc-0.206 release this module is NOT a core module, see [[ZNC-Extra]] for more information on how to use it
 
[ req ]
Since ZNC 1.2, this module mimics directory permissions set on its data directory (<tt>moddata/log</tt>, in whatever location appropriate to the mode it is running in; see above) when creating new subdirectories. However, as of 2013-08-20, umasks may interfere with it and result in less access being granted than expected. For example, the module may be unable to grant write access to Group or World (umask 0022).
  #Options from the [ req ] section are applied
 
#when creating certificates or certificate signing requests.
To get the directory permission inheritance under ZNC 1.0, use [https://raw.github.com/dgw/znc/log-permissions-1.0-backport/modules/log.cpp this file] and <tt>znc-buildmod log.cpp</tt>, then move the module to the ZNC modules directory.
# Options for the `req` tool (`man req`).
 
default_bits        = 4096
== Usage ==
distinguished_name  = req_selfsigned
 
string_mask        = utf8only
{{Module arguments
default_md          = sha512
|count=one or two
|extra=<br>First argument: <code>-sanitize</code> If presented, removes color codes and [https://en.wikipedia.org/wiki/C0_and_C1_control_codes C0 control codes] from the lines before logged.
<br>Second argument: Relative path where to store logs. It can contain <code>$USER</code>, <code>$NETWORK</code> and <code>$WINDOW</code> tokens as well as [[Timestamps|time format tokens]].
[ req_selfsigned ]
<br>Depending on the scope in which the log module is loaded, the path argument is relative to the following paths: (Note: <code>~/.znc/</code> might be different if you use a non-standard data directory):
# The [ req_dn ] section declares the information
  global: ~/.znc/moddata/log/
# normally required in a certificate signing request.
  user:    ~/.znc/users/$USER/moddata/log/
# You can optionally specify some defaults.
  network: ~/.znc/users/$USER/networks/$NETWORK/moddata/log/
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
Default paths since 1.6:
countryName                    = Country Name (2 letter code)
  global: $USER/$NETWORK/$WINDOW/%Y-%m-%d.log
countryName_min                = 2
  user:    $NETWORK/$WINDOW/%Y-%m-%d.log
countryName_max                = 2
  network: $WINDOW/%Y-%m-%d.log
stateOrProvinceName            = State or Province Name (full name)
Default paths prior 1.6:
localityName                    = Locality Name (eg, city)
  global: $USER_$NETWORK_$WINDOW_%Y%m%d.log
organizationName                = Organization Name (eg, company)
  user:    $NETWORK_$WINDOW_%Y%m%d.log
organizationalUnitName          = Organizational Unit Name (eg, section)
  network: $WINDOW_%Y%m%d.log
  commonName                      = Common Name (e.g. server FQDN or YOUR name)
To convert your old logs to the 1.6 format, you can use [https://github.com/ZacharyDuBois/Random-Scripts/blob/master/convert-znc-1.4-logs-to-1.6.sh this user created script].
emailAddress                    = Email Address
If you want to log to some other place, make a symlink.
}}
  # Optionally, specify some defaults.
 
countryName_default            = IT
Load the module to start logging, unload it to stop logging. Kinda easy, eh?
stateOrProvinceName_default    = Italy
 
localityName_default            = Italy
=== Commands ===
  organizationName_default        = ZNC.in
 
#organizationalUnitName_default  = ZNC Service
; <code>ClearRules</code>
#commonName_default            = wiki.znc.in
: Clear all logging rules
emailAddress_default            = user [at] example [dot] com
 
; <code>Help <search term></code>
[ policy_selfsigned ]
: Generate this output. Optionally search for a given word/phrase.
# See the POLICY FORMAT section of the `ca` man page.
 
countryName            = optional
; <code>ListRules</code>
stateOrProvinceName    = optional
: List all logging rules
localityName            = optional
 
organizationName        = optional
; <code>Set boolean</code> ''(added in 1.7)''
organizationalUnitName  = optional
: Set one of the following booleans: joins, quits, nickchanges.
commonName              = optional
: For example, <code>/msg *log Set quits false</code> to exclude quit messages from the log.
emailAddress            = optional
 
; <code>SetRules <rules></code>
[ usr_cert ]
: Filter chat rooms which should be logged (all by default). Use <code>!#chan</code> or <code>!query</code> to negate and <code>*</code> for wildcards
# We’ll apply the usr_cert extension when signing client certificates,
 
# such as those used for remote user authentication.
== pisg ==
# Extensions for client certificates (`man x509v3_config`).
 
basicConstraints = critical, CA:FALSE
The log module uses the "energymech" format so it can be used with [http://pisg.sourceforge.net/ pisg] if so desired.
subjectKeyIdentifier = hash
 
authorityKeyIdentifier = keyid:always, issuer:always
=== Example Config ===
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement
 
extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning
    <channel="#znc">
        # Before ZNC 1.6.0
[ server_cert ]
        Logfile = "/home/znc/.znc/users/efnet/moddata/log/#znc_*.log"
# We’ll apply the server_cert extension when signing server certificates,
        # Since ZNC 1.6.0
# such as those used for web servers.
        LogDir="/home/znc/.znc/moddata/log/user/efnet/#znc"
# Extensions for server certificates (`man x509v3_config`).
        Format = "energymech"
basicConstraints = critical, CA:FALSE
        Network = "EFnet"
subjectKeyIdentifier = hash
        OutputFile = "znc.html"
authorityKeyIdentifier = keyid:always, issuer:always
    </channel>
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = critical, serverAuth

Revision as of 18:03, 23 August 2021

[default]
default_md        = sha512
name_opt          = ca_default
cert_opt          = ca_default
default_days      = 375
policy            = @policy_selfsigned

[ req ]
#Options from the [ req ] section are applied
#when creating certificates or certificate signing requests.
# Options for the `req` tool (`man req`).
default_bits        = 4096
distinguished_name  = req_selfsigned
string_mask         = utf8only
default_md          = sha512


[ req_selfsigned ]
# The [ req_dn ] section declares the information
# normally required in a certificate signing request.
# You can optionally specify some defaults.
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName                     = Country Name (2 letter code)
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
localityName                    = Locality Name (eg, city)
organizationName                = Organization Name (eg, company)
organizationalUnitName          = Organizational Unit Name (eg, section)
commonName                      = Common Name (e.g. server FQDN or YOUR name)
emailAddress                    = Email Address

# Optionally, specify some defaults.
countryName_default             = IT
stateOrProvinceName_default     = Italy
localityName_default            = Italy
organizationName_default        = ZNC.in
#organizationalUnitName_default  = ZNC Service
#commonName_default             = wiki.znc.in
emailAddress_default            = user [at] example [dot] com

[ policy_selfsigned ]
# See the POLICY FORMAT section of the `ca` man page.
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = optional
emailAddress            = optional

[ usr_cert ]
# We’ll apply the usr_cert extension when signing client certificates,
# such as those used for remote user authentication.
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement
extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning

[ server_cert ]
# We’ll apply the server_cert extension when signing server certificates,
# such as those used for web servers.
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = critical, serverAuth