[CoD2] Setup CoD2 on your Ubuntu server

[IzNoGoD]

Step 3: Installing CoD2
Installing cod2 is as simple as uploading the lnxded file (see another thread here on killtube for the binary files) to, for example, /home/USERNAME/_bin/cod2/cod2_lnxded_1_3 . This needs at least file permissions 500, (read+execute for the owner, assuming you're gonna run this under your own username) so

Code:

chmod 500 cod2_lnxded_1_3

Then you need to upload the corresponding main directory to your server (note: main directories differ between v1.0/1.2/1.3) to, for example, /home/USERNAME/_stock/cod2_1_3/main/
These files need to be readable by the useraccount that will start the server

Step 4 (optional): Installing libcod prerequisites
As copied from the libcod github:

Code:

sudo apt-get -y install gcc-multilib
sudo apt-get -y install libmysqlclient-dev:i386
sudo apt-get -y install g++-multilib

I've tried installing these all in one command, but that failed for some unknown reasons. So just keep these as separate commands.

Step 5 (optional): compiling libcod from source
In order to compile libcod, you first need to obtain the source code. There are currently multiple libcod versions out there:
Kung foo man's original version
Mitch's version which is a bit more experimental and has a few more features than the original version
Php's version has a few nice functions but seems to be out-of-date
voron00's version which seems to be the best maintained version currently

To obtain the code, either download the source from github and upload, or

Code:

sudo apt-get install git
git clone [github url here]

You can then easily compile the stuff with

Code:

./doit.sh clean
./doit.sh base
./doit.sh cod2_1_3

For different cod versions, change the last line.
The final product (the actual libcod "executable") is then inside the bin folder as libcod2_1_3.so

Step 6: Starting your CoD2 server
Create a .sh file with the following contents:

Code:

#!/bin/bash

sv_maxclients="32"
fs_game="your_mod_folder_here"
fs_homepath="/home/USER_HERE/YOUR_COD_DIR"
cod="/full/path/to/cod2_1_3_lnxded"
com_hunkMegs="256"
config="configfile.cfg"
net_port="28960"


args=\
"+set fs_homepath \"$fs_homepath\" "\
"+set fs_game $fs_game "\
"+set net_port $net_port "\
"+set com_hunkMegs $com_hunkMegs "\
"+set sv_maxclients $sv_maxclients "\
"+set fs_basepath \"$fs_homepath\" "\
"+exec $config"

$cod $args +set g_gametype tdm +map mp_toujane

Adjust where required.

Then, start your server with:

Code:

./filename.sh

To keep your server running after you leave the ssh session, use screen:

Code:

screen -AmdS somename
screen -x somename
./filename.sh

Step 7 (optional): Starting your CoD2 server with libcod
Requires a few small edits to your .sh file:

Code:

#!/bin/bash

sv_maxclients="32"
fs_game="your_mod_folder_here"
fs_homepath="/home/USER_HERE/YOUR_COD_DIR"
cod="/full/path/to/cod2_1_3_lnxded"
com_hunkMegs="256"
config="configfile.cfg"
cracked="1"
net_port="28960"


args=\
"+set fs_homepath \"$fs_homepath\" "\
"+set sv_cracked $cracked "\
"+set fs_game $fs_game "\
"+set net_port $net_port "\
"+set com_hunkMegs $com_hunkMegs "\
"+set sv_maxclients $sv_maxclients "\
"+set fs_basepath \"$fs_homepath\" "\
"+exec $config"

LD_PRELOAD="relative/path/to/libcod2_1_3.so" $cod $args +set g_gametype tdm +map mp_toujane

Step 8: Creating your first mod
work in progress

Step 9: Protecting your server
Update: Since a few months a patch has been added to both Mitch's github repo as wel as voron00's. The next passage is not applicable to any who use an updated libcod version from the aforementioned sources.

To prevent your server from being used as a ddos amplifier (http://blog.alejandronolla.com/2013/...sis-2-slash-2/), you have to apply some iptables rules. As you should have iptables installed from the previous steps already, you can skip right to the protection part. Create a file called anti_ddos in /etc/init.d with the following contents:

Code:

#!/bin/bash

# Carry out specific functions when asked to by the system
case "$1" in
  start)
		iptables -N QUERY-BLOCK
		iptables -A QUERY-BLOCK -m recent --set --name blocked-hosts -j DROP
		iptables -N QUERY-CHECK
		iptables -A QUERY-CHECK -p udp -m string ! --string "getstatus" --algo bm --from 32 --to 41 -j RETURN
		iptables -A QUERY-CHECK -p udp --sport 0:1025 -j DROP
		iptables -A QUERY-CHECK -p udp --sport 3074 -j DROP
		iptables -A QUERY-CHECK -p udp --sport 7777 -j DROP
		iptables -A QUERY-CHECK -p udp --sport 8002 -j DROP
		iptables -A QUERY-CHECK -p udp --sport 27015:27100 -j DROP
		iptables -A QUERY-CHECK -p udp --sport 25200 -j DROP
		iptables -A QUERY-CHECK -p udp --sport 25565 -j DROP
		iptables -A QUERY-CHECK -m recent --update --name blocked-hosts --seconds 30 --hitcount 1 -j DROP
		iptables -A QUERY-CHECK -m hashlimit --hashlimit-mode srcip --hashlimit-name getstatus --hashlimit-above 5/second -j QUERY-BLOCK
		iptables -A INPUT -p udp --dport 28960 -j QUERY-CHECK
    ;;
	stop)
		exit 0
		;;
  *)
    echo "Usage: /etc/init.d/anti_ddos {start|stop}"
    exit 1
    ;;
esac

exit 0

To protect more than just the default port, edit this line:

Code:

iptables -A INPUT -p udp --dport 28960 -j QUERY-CHECK

into something like:

Code:

iptables -A INPUT -p udp --dport 28960:28970 -j QUERY-CHECK

This will limit the amount of queries to 5/second per client which should be plenty for normal queries and should temper or block all ddos amplifications.

Save this file, chmod 500 it, and add it to bootup with

Code:

sudo update-rc.d anti_ddos defaults

Check if it works by doing:

Code:

service anti_ddos start

twice. If you see "chain already exists" you did everything right.
Step 10: Go make something awesome
work in progress