search

ergochat / ergo

A modern IRC server (daemon/ircd) written in Go.
https://ergo.chat/
MIT License
2.29k stars 181 forks source link

OperServ #629

Open slingamn opened 5 years ago

slingamn commented 5 years ago

Draft spec from @bogdomania:

/* ================ This is subject to change, at any time ====================
 *
 * All plausible commands, needed by the administrator and the tehnical staff.
 * More could be added, as a result of case-study, later on. Because OperServ
 * usage is available only to the staff, I belive that it should provide a
 * useful tool to manage the network health & security.
 * ----------------------------------------------------------------------------
   ADD          - adds a registered NickServ account to OperServ's staff list.
                  Network admin only.
 *-----------------------------------------------------------------------------
   AUTH         - Allows to an account to authenticate to OperServ.
 *-----------------------------------------------------------------------------
   DEL          - deletes an account from OperServ's staff list.
                  Network admin only.
 *-----------------------------------------------------------------------------
   EDIT         - modifies an existing account's entries, such as role, status
                  Network admin and OperServ admin only.
 *-----------------------------------------------------------------------------
   GLOBAL       - Sends a global announcement to the whole network, as a notice,
                  maybe useful for planned shutdowns, restarts, etc.
 *-----------------------------------------------------------------------------
   HUNT         - Hunts down a given user/account/hostmask/ident or all at once.
                  Initially, was a failsafe for a user that evades GLINE, but
                  this ideea could be implemented in ircd itself, rather than
                  OperServ. It could de CPU intensive, while active, to monitor
                  all the incoming connections, for a medium-large network.
                  With some things in place, such as +Z for connections,
                  SSL only and DNSBL working, most of these things should be
                  kept in control. Therefore, I'm not sure about this command.
 *-----------------------------------------------------------------------------
   LIST         - Lists all OperServ staff members along with their infos.
 *-----------------------------------------------------------------------------
   MEMO         - sends a persistent message to another OperServ staff, useful
                  for when other members are offline, they will receive the
                  message as soon as they will log in.
 *-----------------------------------------------------------------------------
   SECLVL       - Implements a security level, in order to mitigate threats.
                  0 - Defaults to normal ( if a previous level was set )
                  1 - SCAN -> Just like below THREATMATRIX
                  2 - Monitors suspicious targets
                  3 - Disables services functionalities, like accounts
                      registrations and channels registration
                  4 - As above and sends to tehnical staff infos about every
                      future attempt of auth or service usage by other users !?
                  5 - Shuts down services functionalities alltogheter. Nothing
                      works for regular users, just for network staff. Also, it
                      logs all network traffic. It also blocks any future
                      incoming connections, except for excepted hosts.
 *-----------------------------------------------------------------------------
   THREATMATRIX - Now, this is my favourite. While scanning, it auto-detects
                  any incoming threats, like clone/bots attack, DoS, DDoS, etc.
                  After that, it informs the staff about it and either goes
                  straight to mitigate the attacks or asks for permission. Maybe
                  it can auto-set SECLVL to a predefined level? Oh, and most
                  important, it logs all the traffic, while in SecLvl mode.
                  Or, this can be passed to SecLvl, as in:
                  /OS SecLvl [mode] (0 to 5) 0 is off(if activated before) at 1
                  it just scans and if it detects something, it switches on to
                  the next level, or top level, depending on the threath.
                  It could also compare nickname/account/channels registered by
                  existing user(s) to hostmasks/ident/etc. of an attacker, as a
                  cross reference, so that the admin knows that an existing user
                  is (part of) the trouble.
 *-----------------------------------------------------------------------------

*/

See also #328.

DanielOaks commented 5 years ago

Makes sense, I like these. As much as we can, let's keep our syntax similar to Anope/Atheme's OperServs for the commands that already exist in those

bogdomania commented 4 years ago

/msg OperServ list [param1] [param2] where

[param1] is: users - it will list all regular users registered staff - it will list all staff members channels - it will list all channels registered

[param2] is: first - in ordered sequence, from oldest to newest (date wise) last - in ordered sequence, from newest to oldest (date wise) ordered - in ordered sequence, alphabetically (starting with letter A -> Z) unordered - in ordered sequence, alphabetically (starting with letter Z -> A)

Example:

/msg OperServ list users first

Username Registered at
1 dan Sun, 29 Dec 2019 11:04:14 UTC
2 slingman Sun, 29 Dec 2019 11:04:14 UTC
3 turtlex Sat, 04 Jan 2020 08:44:32 UTC

Example:

/msg OperServ list staff ordered

Username Role Flags
1 Anna IRCop +acjknoqtux
2 slingman Admin +acjknoqtux

Example:

/msg OperServ list channels unordered

Channel name Registered at Registered by Successor
1 #Zone Gray Tue, 24 Dec 2019 19:32:27 UTC Benny Nicole
2 #Gecko Fri, 03 Jan 2020 14:44:52 UTC turtlex NONE

In case of thousands of nicknames (and maybe channels) should a filter be applied? like max=100?

Example: /msg OperServ list users ordered max=200(or first 200), so that the output is not hairy?

L.E. Some questions: 1 - What happends if in the config file, nicknames of channel names are defined to take a long string as name? It would be crazy to have channels with more than 50-70 chars, same for nicknames!

2 - How can nicknames/channels be ordered, A->Z / Z<-A in case of arabic/hebrew, etc. ?

bogdomania commented 4 years ago

This should be closed, since most if not all commands will be implemented directly in to ircd.

slingamn commented 3 years ago

@jesopo suggests that global notices (#1153) could be given a friendlier interface as an OperServ command.