Security-group block

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

Security groups are introduced in UnrealIRCd 5.0.8. There two most important groups that exist by default are: known-users (user is identified to services or has high enough reputation) and unknown-users (all other users).

There are also three more groups that exist by default:

  • tls-users: all users who are using SSL/TLS
  • tls-and-known-users: all users using SSL/TLS, plus all users that are identified to Services or have 25 or more reputation score.
  • webirc-users: all users using WEBIRC. (UnrealIRCd 5.2.0 and later)

Where security groups are used[edit]

  • In the ~G extban, eg: MODE #chan +b ~G:unknown-users to block low reputation and unidentified users
  • In the set::anti-flood block

Syntax[edit]

security-group <name> {
        identified <yes|no>;
        webirc <yes|no>;
        tls <yes|no>;
        reputation-score <value>;
        include-mask { <mask>; };
}

identified: if set to yes, then if the user is identified to Services then it is considered a match.
webirc: if set to yes, then if the user comes from a WEBIRC gateway then it is considered a match.
tls: if set to yes, then if the user is using a SSL/TLS connection then it is considered a match.
reputation-score: if set, then if the user has a reputation score of this value or higher, it is considered a match.
include-mask: if a mask item matches, then the security group is considered a match. (UnrealIRCd 5.2.1 or later)
Any items set to no mean the check will be skipped. Any items set to yes that are true mean the security group matches the user (only 1 item that is set to yes needs to match).

Example and changing the known-users group[edit]

The default security group known-users has the following settings:

security-group known-users {
        identified yes;
        webirc no;
        reputation-score 25;
}

If you have no security-group known-users { } in your configuration file then these are the defaults. If you want to change the settings, then add the block to your config and modify it.

The magic unknown-users security-group[edit]

The unknown-users security group is a special group matching users that are NOT matched by the known-users group. In other words: unknown-users is the same as !known-users (the exclamation mark prefix meaning 'NOT').

See also[edit]

  • Reputation score: what is a reputation score, how is it calculated, and where else can it be used
  • Extended bans: In particular the ~G extban that can be added in a channel to match a security group.
  • Extended server bans: In particular ~G that can be used in GLINE/ELINE/etc to match a security group.