Difference between revisions of "Unreal v227 Manual/Server admin tools"
Neon Knight (talk | contribs) |
Neon Knight (talk | contribs) |
||
| Line 7: | Line 7: | ||
|next=[[Unreal v227 Manual/New mod authoring tools|New mod authoring tools]] | |next=[[Unreal v227 Manual/New mod authoring tools|New mod authoring tools]] | ||
}} | }} | ||
Here are the new tools that serveradmins can use for their servers: | |||
__TOC__ | |||
== Unreal Integrity == | |||
Unreal v227’s own anticheat system. Before Unreal 227, cheat protections were stand-alone mods purely scripted. A general weakness of all of them is that they are all working within the limits of script alone. So, how to catch a DLL hack...? | |||
The two main goals in 227 have been bug reduction and added security. The Unreal Integrity 227 package is the answer to the latter, capable of doing full file checks online comparing file checksums of the files the client is using towards either known lists of files or files the server can load itself. | |||
Unreal Integrity should be able to catch any modified file in Unreal. Patches and exploit-fixes outside of this package take care of a lot of cheats (exploits) as well, so even without using this special package your online experience should already be improved. | |||
{{Navbox|title=Note!|body=Full anticheat protection can only be reached with disabling older clients, so if you need to secure your server, you have to set Unreal.ini, Section [IpDrv.TcpNetDriver], AllowOldCLients=False.|color=Red}} | |||
Unreal Integrity should come readily installed already after you patched your Unreal to version 227. Nevertheless, you should ensure the u-file is present in your system directory and that this entry exists in your Unreal.ini: | |||
<pre>ServerPackages=UnrealIntegrity</pre> | |||
Unreal Integrity performs the following checks: | |||
# Client Unreal Version | |||
# Client Computer Name | |||
# Client Console | |||
# Certain Fabrications of specific values | |||
# Unreal.exe, all loaded package files including DLLs, the Linux versions .bin and .so as well... | |||
# All checks are timed, failure to give expected replies to the server will lead to a kick (and possibly an automated ban). | |||
In order to enable Unreal Integrity, add the package's main mutator on server startup ('''UnrealIntegrity.IntegrityServer'''): | |||
<pre>Unreal.exe ...Game?Mutator=UnrealIntegrity.IntegrityServer ...</pre> | |||
The settings are saved in UnrealIntegrity.ini. The settings can be accessed at '''Advanced Options -> Networking -> Unreal Integrity'''. The default settings should be "all right" for the Joe Average server, you may want to change some of them depending on the type of server you run. | |||
* '''bPerformEndGameCheck''' - checks the client not only when joining but also when the game has ended. | |||
* '''CheckTimeOut''' - how long the server will wait for integrity response from the client. | |||
* '''min_ReCheck Time''' - how long to wait until a midgame check will be performed (when a player dies). | |||
The following options define how to act if the specific event happens: | |||
* '''event_ClientTimeOut''' | |||
* '''event_DuplicatePackage''' | |||
* '''event_FabricatedReply''' | |||
* '''event_IllegalClientRequest''' | |||
* '''event_IllegalConsole''' | |||
* '''event_ModifiedPackage''' | |||
* '''event_UnknownPackage''' | |||
Possible options are: | |||
* '''bTellPlayers''' - tell other players what happened | |||
* '''bKick''' - kick the client | |||
* '''bSessionBan''' - temporarily ban the client for the duration the current map is being played. | |||
* '''bBan''' - full ban of the client until admin removes the entry manually. | |||
Unreal Integrity also comes with another .ini file, SHALinkerCache.ini, which takes care about the checksums used to validate the client. All packages meant to be validated need to be entered here. However, you don't need to add them manually, there are new commands that do this for you. There are two types of sections: <tt>[Linker]</tt> and <tt>[SHA]</tt>. | |||
The <tt>[Linker]</tt> section contains linker information about .u files and provides basic security against modified files and hacks. This protection was specifically implemented to check pre 227 clients and should be able to detect the currently known bots and cheats. Note that this protection is limited to Unreal packages (no dll and exe files) and may not be able to detect newer cheats. 227j contains already the checksums of the older clients for 224,225,226b and 226f as well as some popular packages. In order to add more entries, use the command: | |||
<pre>ucc engine.linkerupdate <path>\<filename>.<extension></pre> | |||
It accepts also the "*" wildcard, this way you can easily add the custom packages running on your server. Example: | |||
<pre>ucc engine.linkerupdate .\*.u</pre> | |||
Meanwhile, the <tt>[SHA]</tt> section contains SHA256 checksums for the files of 227* clients. These checksums are used to validate all files in use, including native .exe and .dll files (also applies to Linux .so and .bin files) and is way extensive than the checks possible on pre-227i clients. In order to add new entries, you can use the command: | |||
<pre>ucc engine.shaupdate <path>\<filename>.<extension></pre> | |||
It also accepts the wildcard "*", this will create checksums for every file (but it makes no sense for .ini files). Example: | |||
<pre>ucc engine.shaupdate ..\SystemClassic\*</pre> | |||
It is also possible to use some other tool to create the SHA256 checkum and add it manually. | |||
Unreal Integrity was created with mod-compatibility in mind. It will not try to validate server actors that do not exist on clients and it will automatically try to find files and packages in its home directory system if a package name is encountered which is not yet loaded in the current session. | |||
There is one interface in the Unreal Integrity server. Mods may indicate that "NOW" would be a good time for rechecks on players. Basically every round-based gametype is a prime example for such a feature, because the mod knows when a round is over, at which time checks would (not likely) interfere with any player-critical gameplay. | |||
For mods it is not needed to use this 227 feature to actually HAVE 227 at compile time in order to use it. What mods have to do is: | |||
* Find the "UnrealServer" mutator (e.g. via "IsA(...)") | |||
* call "trigger()" on it, using the mutator itself as first parameter | |||
Example code: | |||
<pre>// demonstration code how to suggest to the mutator | |||
// when to perform rechecks of everyone from OUTSIDE 227 | |||
// MOD PROGRAMMERS: COPY AND PASTE THIS INTO YOUR CODE :) | |||
final function TriggerInGameChecks() | |||
{ | |||
local Mutator mut; | |||
for(mut = Level.Game.BaseMutator; mut != none; mut = mut.NextMutator) | |||
{ | |||
if (mut.IsA('IntegrityServer')) | |||
mut.Trigger(mut,none); | |||
} | |||
}</pre> | |||
You can also initiate mid-game scan for one specific player by giving a trigger instigator: | |||
<pre>final function MidGameScanClient( PlayerPawn Other ) | |||
{ | |||
local Mutator mut; | |||
for(mut = Level.Game.BaseMutator; mut != none; mut = mut.NextMutator) | |||
{ | |||
if (mut.IsA('IntegrityServer')) | |||
mut.Trigger(mut,Other); | |||
} | |||
}</pre> | |||
Unlike other packages, the Unreal Integrity package CAN NOT BE MADE NETCOMPATIBLE across versions, so with each new Unreal patch, a new Integrity Package must be created. | |||
Server administrators will need to adjust their mutator line in the server startup and possibly the serverpackages if the updater did not take care of it. Other than that, everything is supposed to remain as is. | |||
Revision as of 19:47, 27 June 2022
| Article stub |
|---|
| The following is an article stub. You can help us by expanding it. |
| Unreal v227 Manual |
|---|
| Main page • New maps and items • New menu options • Video renderers • Audio renderers • Server admin tools • New mod authoring tools • Frequently Asked Questions |
| Unreal v227 Manual | |
|---|---|
| <- Previous | Audio renderers |
| Next -> | New mod authoring tools |
Here are the new tools that serveradmins can use for their servers:
Unreal Integrity
Unreal v227’s own anticheat system. Before Unreal 227, cheat protections were stand-alone mods purely scripted. A general weakness of all of them is that they are all working within the limits of script alone. So, how to catch a DLL hack...?
The two main goals in 227 have been bug reduction and added security. The Unreal Integrity 227 package is the answer to the latter, capable of doing full file checks online comparing file checksums of the files the client is using towards either known lists of files or files the server can load itself.
Unreal Integrity should be able to catch any modified file in Unreal. Patches and exploit-fixes outside of this package take care of a lot of cheats (exploits) as well, so even without using this special package your online experience should already be improved.
| Note! |
|---|
| Full anticheat protection can only be reached with disabling older clients, so if you need to secure your server, you have to set Unreal.ini, Section [IpDrv.TcpNetDriver], AllowOldCLients=False. |
Unreal Integrity should come readily installed already after you patched your Unreal to version 227. Nevertheless, you should ensure the u-file is present in your system directory and that this entry exists in your Unreal.ini:
ServerPackages=UnrealIntegrity
Unreal Integrity performs the following checks:
- Client Unreal Version
- Client Computer Name
- Client Console
- Certain Fabrications of specific values
- Unreal.exe, all loaded package files including DLLs, the Linux versions .bin and .so as well...
- All checks are timed, failure to give expected replies to the server will lead to a kick (and possibly an automated ban).
In order to enable Unreal Integrity, add the package's main mutator on server startup (UnrealIntegrity.IntegrityServer):
Unreal.exe ...Game?Mutator=UnrealIntegrity.IntegrityServer ...
The settings are saved in UnrealIntegrity.ini. The settings can be accessed at Advanced Options -> Networking -> Unreal Integrity. The default settings should be "all right" for the Joe Average server, you may want to change some of them depending on the type of server you run.
- bPerformEndGameCheck - checks the client not only when joining but also when the game has ended.
- CheckTimeOut - how long the server will wait for integrity response from the client.
- min_ReCheck Time - how long to wait until a midgame check will be performed (when a player dies).
The following options define how to act if the specific event happens:
- event_ClientTimeOut
- event_DuplicatePackage
- event_FabricatedReply
- event_IllegalClientRequest
- event_IllegalConsole
- event_ModifiedPackage
- event_UnknownPackage
Possible options are:
- bTellPlayers - tell other players what happened
- bKick - kick the client
- bSessionBan - temporarily ban the client for the duration the current map is being played.
- bBan - full ban of the client until admin removes the entry manually.
Unreal Integrity also comes with another .ini file, SHALinkerCache.ini, which takes care about the checksums used to validate the client. All packages meant to be validated need to be entered here. However, you don't need to add them manually, there are new commands that do this for you. There are two types of sections: [Linker] and [SHA].
The [Linker] section contains linker information about .u files and provides basic security against modified files and hacks. This protection was specifically implemented to check pre 227 clients and should be able to detect the currently known bots and cheats. Note that this protection is limited to Unreal packages (no dll and exe files) and may not be able to detect newer cheats. 227j contains already the checksums of the older clients for 224,225,226b and 226f as well as some popular packages. In order to add more entries, use the command:
ucc engine.linkerupdate <path>\<filename>.<extension>
It accepts also the "*" wildcard, this way you can easily add the custom packages running on your server. Example:
ucc engine.linkerupdate .\*.u
Meanwhile, the [SHA] section contains SHA256 checksums for the files of 227* clients. These checksums are used to validate all files in use, including native .exe and .dll files (also applies to Linux .so and .bin files) and is way extensive than the checks possible on pre-227i clients. In order to add new entries, you can use the command:
ucc engine.shaupdate <path>\<filename>.<extension>
It also accepts the wildcard "*", this will create checksums for every file (but it makes no sense for .ini files). Example:
ucc engine.shaupdate ..\SystemClassic\*
It is also possible to use some other tool to create the SHA256 checkum and add it manually.
Unreal Integrity was created with mod-compatibility in mind. It will not try to validate server actors that do not exist on clients and it will automatically try to find files and packages in its home directory system if a package name is encountered which is not yet loaded in the current session.
There is one interface in the Unreal Integrity server. Mods may indicate that "NOW" would be a good time for rechecks on players. Basically every round-based gametype is a prime example for such a feature, because the mod knows when a round is over, at which time checks would (not likely) interfere with any player-critical gameplay.
For mods it is not needed to use this 227 feature to actually HAVE 227 at compile time in order to use it. What mods have to do is:
- Find the "UnrealServer" mutator (e.g. via "IsA(...)")
- call "trigger()" on it, using the mutator itself as first parameter
Example code:
// demonstration code how to suggest to the mutator
// when to perform rechecks of everyone from OUTSIDE 227
// MOD PROGRAMMERS: COPY AND PASTE THIS INTO YOUR CODE :)
final function TriggerInGameChecks()
{
local Mutator mut;
for(mut = Level.Game.BaseMutator; mut != none; mut = mut.NextMutator)
{
if (mut.IsA('IntegrityServer'))
mut.Trigger(mut,none);
}
}
You can also initiate mid-game scan for one specific player by giving a trigger instigator:
final function MidGameScanClient( PlayerPawn Other )
{
local Mutator mut;
for(mut = Level.Game.BaseMutator; mut != none; mut = mut.NextMutator)
{
if (mut.IsA('IntegrityServer'))
mut.Trigger(mut,Other);
}
}
Unlike other packages, the Unreal Integrity package CAN NOT BE MADE NETCOMPATIBLE across versions, so with each new Unreal patch, a new Integrity Package must be created.
Server administrators will need to adjust their mutator line in the server startup and possibly the serverpackages if the updater did not take care of it. Other than that, everything is supposed to remain as is.