Table of Contents
This is a preliminary version of the netpanzer server howto. Feedback and improvement to the scripts, tips&tricks are appreciated. Please send them to matze@braunis.de.
The server comes with the normal netpanzer package, look into the README there on how to install netpanzer.
You can find the server configuration file in your home directory in .netpanzer/config/netpanzer-dedicated.ini. If this file doesn't exist yet, start your server once and quit (by using the quit command) and this file should have been created. You can find a description of all theconfig commands in the netpanzer README.
Unfortunately the netpanzer server is not as stable yet as it should be. So you should install a script that restarts the server automatically in case of a crash. This can be achieved with the following script (called start-netpanzer-dedicated.sh).
#!/bin/bash
# insert the directory of the server binary here
DIR=.
cd $DIR
running=yes
while [ $running = "yes" ]; do
./netpanzer -d $@
if [ $? -ge 128 ]; then
echo "`date`: Restarting server after crash"
# wait a bit to not blow cpu and logfiles on constant crashs
sleep 30
else
#normal exit
running=no
fi
done
Typically you don't always want to monitor your server in a terminal window. Also in case your monitoring terminal terminates the server is normally stopped too. To solve these problems there's a handy little tool called Screen that allows you to run your applications in a virtual terminal to which you can attach/detach at any time.
So typically you write another script with your startup parameters like this (also take a look at the Security Warning at the end of this document for the commented variants).
#!/bin/bash
# insert the directory of the start-netpanzer-dedicated.sh here
DIR=.
cd $DIR
# starts the server in a screen. Please consider using 1 of the 2 variants below
# for increased security
screen -A -m -d -S netpanzer ./start-netpanzer-dedicated.sh $@
# This version switches to a more secure user account
# screen -A -m -d -S netpanzer su - netpserver -c "./start-netpanzer-dedicated.sh $@"
# This version starts the server in a chroot environment and with a different
# user for even more security
# screen -A -m -d -S netpanzer chroot /home/netpserver su - netpserver -c "./start-netpanzer-dedicated.sh $@"
You can attach to this virtual netpanzer terminal by typing screen -r netpanzer. You can detach again by pressing CTRL+A and then CTRL+D. See the Screen documentation for details.
Often you want to further integrate the server into your system so that it is automatically started on startup and checked on a regular basis.
Most linux and bsd systems come with an init script system that takes care of starting and stopping services on the system. Creating such initscripts is distribution specific, so I just present the script for gentoo here as an example:
#!/sbin/runscripts
depend() {
need net
}
start() {
ebegin "Starting netpanzer server"
start-stop-daemon --start --quiet --pidfile /var/run/netpanzer.pid --exec /usr/local/scripts/netpanzer-screen.sh --pidfile=/var/run/netpanzer.pid
eend $?
}
stop() {
ebegin "Stopping netpanzer server"
start-stop-daemon --stop --quiet --pidfile /var/run/netpanzer.pid
eedn $?
}
If you can't integrate the server into the initscripts of your system (if you have only a user account for example) then you can use cron to make sure your server stays running even after system restarts. You should write another script that checks for a running server and eventually restarts it (called check-netpanzer-server.sh
#!/bin/sh
procs=`/bin/ps`
if echo "$procs" | grep netpanzer > /dev/null; then
exit
fi
# start netpanzer server
cd /usr/local/scripts
./netpanzer-screen.sh
You should start this script regularly in a cronjob. By adding the following line in your crontab (type crontab -e to edit your crontab). This will check the server every hour (54 minutes after the full hour) to make sure it is still running.
# min hour day month dayofweek command
54 * * * * /bin/sh /usr/local/scripts/check-netpanzer-server.sh
The code of the server hasn't undergone an in-depth review for security holes yet, so you should expect the possibility that attackers can find buffer overflows to obtain control over the netpanzer executable and the user account the server is running. (Experience shows that this also happens with other servers that claim to be secure...)
Therefore it is recommended to run the server in a special user account with limited rights. On linux/bsd you should also consider using a chroot environment for increased security. Consult external documentation about details. The screen startup script shown above also demonstrates in a comment how to do this with the su and chroot commands.
Tobias Blersch has written a php script which allows you display a list of running netpanzer servers on your homepage. You can find it at the download section of netpanzer in the misc category.
The netpanzer masterserver protocol is compatible with qstat (http://www.qstat.org). You can query for netpanzer server with the command qstat -gsm,netpanzer 81.169.185.36. There are several tools and scripts available to display server status on homepages with the help of qstat.