It should be possible to configure thresholds for the Anomaly/DoS limits protections

[evilaliv3]

At the end of the implementation of the Anomaly/Anti DoS protections we should keep in mind that it would be useful to configure for the admin to refine thresholds for the Anomaly/DoS limits protections.

This ticket is to keep track of those activities.

Let's consider this as wish list, as it would be a waste of time to refine the DB now that the feature is still under ongoing evaluation.

[vecna]

it is not the same of #1409 ?

[evilaliv3]

right @vecna; i'm moving here under your suggestions so that we can keep track here of the variables needed.

i would not address such a db addition now as i think it would be better to wait for the feautures to be finalized and evaluated.

[evilaliv3]

Here follows the first suggestions of DB edits by @vecna that were first defined in ticket https://github.com/globaleaks/GlobaLeaks/issues/1410

New entry for the DB

• amount of time before raise an exception for jobs/handlers too slow (at the moment, 30 seconds)
• Minutes of delay between one Admin notification and the next one (120 minutes right now, before was 15)
• Number of task that can be processed by a Schedule Job (now is 20, GLSetting.jobs_operation_limit, implemented after the anti-dos-research)
• Number of Notification per receiver that trigger a suspension (has to be Node wide or by Receiver ?)
• Number of Events (Tips, or Files, or Comments) that trigger the Suspension Threshold (at the moment is 200, computed as the jobs_operation_limit * 10
• Disk alarm: at the moment has been hard-coded 300 Mb or 3%, 500 MB or 5%, 1 Gb or 10%. I don't know if make any sense give 6 value flexibility, will require a shitload of integrity checks, too. At least the Admin has to know how much space is available. Also, for every level, there is a trigger. make them configurable is a waste of time and days of bugs. Something simple can be done, but at best "ignore the alarm <= 1, 2 or 3", like at the moment is the switch -A
• Others ?

This values can be part of the %KeywordTemplate% and makes email more detailed.

Failed login alarm/blocks.

They has to be tested, has to be implemented #825 and put Login as part of the Token+Captcha+Hashcash stuff, but beside that side, also the values:

• Failed login alarm (currently 5)
• Failed login block time (currently 5)

can be put in an Admin table.

If Anomaly check get refactored:

• 5 seconds / 1 minute / 10 minutes has to be hard-coded threshold

[evilaliv3]

here you go @fpietrosanti !

from tomorrow remember to adjust this settings on the new setups.

[vodkina]

@evilaliv3, estimate for this issue is set at 13. Please, agree or update accordingly