The following scripts have been provided by Fangorn, a member of the NWN Community, for your use. You can also visit his website at Seneam.net. If you have comments, compliments or suggestions, please contact the script creator. If you would like to provide feedback about the script to help others decide whether to use it, please let us know at nwn@stratics.com.
Many programs that act as servers had vulnerabilities discovered at one point or another that could lead to a remote compromise of the computer they're installed on. Even when such a server is ran as underprivileged, there often exist local vulnerabilities that can lead to a root compromise.
This script creates a chrooted environment for your Neverwinter Nights server to run in. It also runs the server as an unprivileged.
Chrooting a program is creating a minimal environment (basic dirs/conf files/libraries/devices) called a "jail" for the program to run in. The program only sees this environment which is contained in a single directory (the jail's root directory).
Using this WILL NOT prevent people from exploiting potential vulnerabilities in nwserver. It only makes it harder for them to gain access to your computer.
Even if they manage to, it will restrict their rights to the user running the script and they won't be able to damage anything outside the jail (which contains nothing but Neverwinter Nights, so they cannot even use a local vulnerability to gain root access).
Your computer, if compromised through nwserver, will only need a re-run of this script and restoring NWN files and your saved games/modules (if you backup your modules and saved games files on a regular basis).
File List
README Instructions (same as this web page)
initnwnd Init script (for startup/shutdown of your computer)
makenwnroottree.sh Installation script
nwnd Main script that controls the server
nwserver.sh Script called by nwnd to launch the server. This is where you can specify command line parameters
Launch makenwnroottree.sh as user root in the directory where you downloaded the server archive (if the script can't find the archive it will try to fetch it for you) and follow instructions. Once installation is complete,change/remove the nwserver command line parameters in the installed nwserver.sh script to suit your needs.
You can also issue those parameters instead of start/stop:
restart : does a stop then a start
reload : sends a HUP signal to the main process
status : gives information about the running server
backup : backup of the saved games and server vault to
directory : /chrootYourRootName/usr/local/neverwinternights-backup
restore : restore files from a backup
Whenever you restart the server you can find the previous run's log files in directory: /chrootYourRootName/usr/local/neverwinternights-logs
There is also a script in the init dir (usually /etc/rc.d/init.d/initnwnd). Just create the appropriate symlinks on this script in your init scripts directories to automatically startup/shutdown the server when you boot up/power down your system.
CRON-ing the Server Operations
A few good practices include restarting services on a regular basis and backing up your data. Easiest thing is to automate everything using the cron daemon.
You can also detect wether the server is still running and if not, restart it automatically (unless you stopped it yourself).
Here are a few things you might want to add to root's crontab (if you don't know how crontabs work, 'man 5 crontab' is your friend):
# Restart NWN server at 6 AM
0 6 * * * sleep 10; /usr/local/sbin/nwnd restart noninteractive "Scheduled restart"
# Backup NWN data at 3:30 AM
30 3 * * * sleep 10; /usr/local/sbin/nwnd backup noninteractive "Scheduled backup"
# If NWN server is not running and PID file exists, restart it (might have crashed)
# Perform this check every 5 minutes
*/5 * * * * if [ -z "$(/sbin/pidof nwserver)" -a -f "/chrootYourRootName/usr/local/neverwinternights/.nwnpid" ]; then /usr/local/sbin/nwnd start noninteractive "Possible crash"; fi
Uninstall
Backup your modules/savegames files then remove /chroot... directory the script created.
Hints
Check for updates of the server! If vulnerabilities are discovered BioWare will fix them and you'll need to install the new program.
About Stratics Plus
