Server Security – Arma 3

From Bohemia Interactive Community
Jump to navigation Jump to search
m (Text replacement - "\[\[[Cc]ategory:[ _]?Arma[ _]3:[ _]?([^|]*)]]" to "{{GameCategory|arma3|$1}}")
m (Text replacement - "^#redirect \[\[" to "#REDIRECT [[")
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Server Security==
#REDIRECT [[Arma 3: Server Config File#Server Security]]
Several of these settings directly contribute to the security of the server and have been highlighted as important, particularly for running Public (no password) servers.
 
;The most updated ones that give a good protection (and are, ''de facto'', the standard for public servers) are:
<syntaxhighlight lang=cpp>
battlEye = 1;
verifySignatures = 2;
allowedFilePatching = 0;
allowedLoadFileExtensions[] = {"hpp","sqs","sqf","fsm","cpp","paa","txt","xml","inc","ext","sqm","ods","fxy","lip","csv","kb","bik","bikb","html","htm","biedi"};
allowedPreprocessFileExtensions[] = {"hpp","sqs","sqf","fsm","cpp","paa","txt","xml","inc","ext","sqm","ods","fxy","lip","csv","kb","bik","bikb","html","htm","biedi"};
allowedHTMLLoadExtensions[] = {"htm","html","xml","txt"};
//allowedHTMLLoadURIs[] = {};
passwordAdmin = "xyzxyz123";
serverCommandPassword = "xyzxyz456";
</syntaxhighlight>
 
'''Note:''' allowedLoad*/allowedPreprocess*/allowedHTML* are server.cfg settings with array list of extensions, for server-side use only. <br>
Above are listed examples for basic-game MP modes, server-admin may attempt to make it stricter for theirs servers (if too strict then server's log file will contain warning entries about unable read)<br>
With the exception of allowedHTMLLoadURIs those arrays covers both files inside and outside PBOs so don't change the above defaults w/o testing first as there's a chance you'll break the game. <br>
'''Warning:''' Not listing any extension means ''everything is allowed''. Defining the setting as empty arrays means ''nothing is allowed''.<br>
To read [[loadFile]] , [[preprocessFile]] , [[preprocessFileLineNumbers]] and to remember, those works on files only-within Arma 3 server directory and it is sub-directories !
:Refer to [[ArmA: Addon Signatures]] for current best practices in server mod signing and the use of key signature files.<br>
 
To further increase security of your servers remember [[BattlEye]] has ability to utilize server-side (including preventing remote execution) and client-side script check filters.<br>
:'''Note:''' these BattlEye filters needs to be written specifically for each mission and mod as the scripting differs in each of them.<br>
 
'''To understand:''' Engine supports absolute (full path) outside Arma 3 server folder for command-line parameters ''-servermod='', ''-mod='' and same for profile directories and config locations<br>
this puts those out of reach by various load script command features which are limited only within Arma 3 folder and it is sub-directories (for logical security reason)<br>
thus e.g. safe folder-structure looks like:<br>
\arma3server\<br>
\arma3server\@publicmods\<br>
\arma3server_servermods_secrethash\<br>
\arma3server_profiles_and_configs_secrethash\<br>
yet note that callExtensions are loaded only from arma 3 server root / subfolders
 
==See Also==
*[[server.cfg]]
*[[ArmA: Server configuration|Server Configuration]]
*[[Armed Assault:Dedicated Server]]
*[[ArmA: Server Side Scripting]]
*[[Operation Flashpoint:Dedicated Server]]
*[[Arma_3_Headless_Client]]
*[[Arma_3:_Mission_voting]]
*[[Arma:_Mission_rotation]]
*[[Arma_2_Mission_Rotation]]
*[[Arma_2_OA:_Multiple_Mission_Parameters_Configuration]]
 
{{GameCategory|arma3| Multiplayer}}

Latest revision as of 23:03, 24 June 2022