Eggdrop is an IRC bot with Tcl scripting and party-line administration. Hardening should prioritize owner authentication, script trust, and restricted network/service exposure.
- Set strong owner and botnet passwords.
- Disable default/example accounts and test handles.
- Restrict party-line/console access to trusted hosts only.
- Rotate credentials after operator changes.
- Load only reviewed Tcl scripts and modules.
- Keep script directories writable only by bot admins.
- Avoid scripts that execute arbitrary shell commands.
- Audit script updates before deployment.
¶ 3) Harden IRC and host runtime
- Enforce secure IRC connections (TLS) when network supports it.
- Restrict inbound/outbound ports to required IRC services.
- Run Eggdrop as non-root user with minimal filesystem permissions.
- Keep logs and configs protected from non-admin users.
¶ Verification commands
eggdrop -v 2>/dev/null || eggdrop -h 2>/dev/null
grep -R "set owner\|set my-hostname\|listen\|ssl" /etc/eggdrop /opt/eggdrop 2>/dev/null | head
sudo ss -tulpn | grep -E ':6667|:6697'
- Eggdrop official docs: https://docs.eggheads.org/
- Eggdrop source repository: https://github.com/eggheads/eggdrop
- Eggdrop releases/changelog: https://github.com/eggheads/eggdrop/releases