-
Notifications
You must be signed in to change notification settings - Fork 12
/
INSTALL
78 lines (61 loc) · 3.38 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
Installing oidentd
******************
Copyright (c) 2019 Janik Rabe
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without any warranty.
Introduction
============
This document describes how to install oidentd from a release tarball.
For instructions for building from git, please refer to the 'HACKING' file.
Optional Dependencies
=====================
Unless the '--disable-libnfct' flag is used, oidentd is compiled with
support for libnetfilter_conntrack on Linux systems on which it is available.
Please note that this requires the libnetfilter_conntrack library and its
headers to be installed. libnetfilter_conntrack allows oidentd to obtain
connection tracking information without using the '/proc' filesystem. This is
useful on kernels without CONFIG_NF_CONNTRACK_PROCFS, on which
'/proc/net/nf_conntrack' is not available.
Build Configuration
===================
Run './configure' to configure the build. The './configure' script accepts
a number of optional flags:
- '--disable-nat': disable NAT support
Disables '--forward', '--masquerade' and '--masquerade-first'
- '--disable-ipv6': disable IPv6 support
Disables listening on IPv6 and ignores all IPv6 connections
- '--disable-libnfct': disable Linux libnetfilter_conntrack support
See "Optional Dependencies" above for more information
- '--disable-xdgbdir': disable XDG Base Directory support
Do not look for '~/.config/oidentd.conf' before '~/.oidentd.conf'
- '--disable-debug': disable debugging support
Disables support for the '--debug' option
- '--enable-warn': enable additional compiler warnings
Show more warnings during compilation
By default, oidentd is configured with a prefix of '/usr/local'. This is
the directory that files will be installed to. For example, the oidentd binary
will be installed to '/usr/local/sbin/oidentd'. The prefix can be changed by
passing the '--prefix' option to the './configure' script. A complete list of
options can be viewed by running './configure --help'.
Compilation and Installation
============================
Run 'make' to compile the source code and documentation, then 'make install'
to install the compiled files. Note that 'make install' must be run as root if
the current user does not have permission to write to the directory that was
specified with the '--prefix' option to './configure'.
Running oidentd
===============
Like most internet-facing services, oidentd should not run as root. For
this reason, it drops its privileges after starting up. However, oidentd still
needs to be started as root for a number of reasons:
- to bind the privileged port 113 (unless the '--port' option is used)
- to open the kernel memory device (on systems where this is required)
- to open the connection tracking file (on systems where this is required)
The user and group oidentd runs as after dropping privileges can be
specified with the '--user' and '--group' options, respectively. Documentation
for these options are available in oidentd.conf(5).
Note that in some cases, oidentd may be unable to run as an unprivileged
user on FreeBSD, NetBSD, and DragonFly BSD. On affected systems, a warning
will be shown at runtime and when running './configure'.