Jump to content
Sign in to follow this  
Dwarden

How to secure Your server? - Read here!

Recommended Posts

Sable,

we have an issue with our linux box.

The server reports only 500MB ram usage. Which is normal for us.

However, it is actually eating up all 4Gigs of RAM.

Furthermore, BE fails to start with -bepath full or relative.

And the beserver.so gets automatically deleted.

And question #2

if we run multiple servers off the same config, will that "autorename" interfere with each other?

FYI: the file get's renamed to beserver_ac<random>.cfg and not the format you posted.

Did the RAM usage only increase after the last BE update?

Also, -BEpath might not be implemented properly on Linux, so you might not be able to use it (I will try to check this with BIS).

Regarding the rename bug, I will research and fix this shortly. And no, running multiple servers with the same BE folder shouldn't cause problems here, however it is never recommended to do this due to BE's auto-update.

---------- Post added at 17:58 ---------- Previous post was at 16:28 ----------

Regarding the rename bug, I will research and fix this shortly.

Fixed now.

Share this post


Link to post
Share on other sites

After much poking around with strace

1. RAM usage increased to ridiculous levels, after battleye update or around the same time. No change to the box. I will be running memtest on the box to validate that ram isnt' faulty. We did have a fault stick couple of month ago. There were no hardware or software updates on the box, it wasn't rebooted for a month either. 1 instance tends to max out the ram (4gigs) and proceeds to swap causing horrific lag.

Any ideas how i can trouble shoot this? Nothing was changed on the box.

~$ free
            total       used       free     shared    buffers     cached
Mem:       4109520    3988364     121156          0       2824      49716
-/+ buffers/cache:    3935824     173696
Swap:      3903752     456476    3447276

2. -bepath isn't working on linux

3. bans are not being enforced, and can't connect to rcon remotely.

Edit: it appears while my message was passing moderation, this got fixed.

4. battle eye appears to be running, atleast acorrding to strace it opens beserver.so and checks for beserver.so.new

and the process re-reads bans file every now and than

Edit: It removes beserver.so located at -bepath

5. After much poking around it appears the server is looking for bans.txt both in BattlEye folder and in the root folder of arma. Which is kinda odd.

Any thoughts on that?

6. BattleEye when started searches for beserver.cfg according to my strace efforts. It should be trying to load beserver_*.cfg instead.

I fixed this issue by modifying the server start up script to always copy beserver_*.cfg into beserver.cfg and let the battle eye take care of renaming.

Edit: Again, my message was passing moderation, it is fixed now indeed.

Edited by nomad_man

Share this post


Link to post
Share on other sites
After much poking around with strace

1. RAM usage increased to ridiculous levels, after battleye update or around the same time. No change to the box. I will be running memtest on the box to validate that ram isnt' faulty. We did have a fault stick couple of month ago. There were no hardware or software updates on the box, it wasn't rebooted for a month either. 1 instance tends to max out the ram (4gigs) and proceeds to swap causing horrific lag.

Any ideas how i can trouble shoot this? Nothing was changed on the box.

~$ free
            total       used       free     shared    buffers     cached
Mem:       4109520    3988364     121156          0       2824      49716
-/+ buffers/cache:    3935824     173696
Swap:      3903752     456476    3447276

2. -bepath isn't working on linux

3. bans are not being enforced, and can't connect to rcon remotely.

Edit: it appears while my message was passing moderation, this got fixed.

4. battle eye appears to be running, atleast acorrding to strace it opens beserver.so and checks for beserver.so.new

and the process re-reads bans file every now and than

Edit: It removes beserver.so located at -bepath

5. After much poking around it appears the server is looking for bans.txt both in BattlEye folder and in the root folder of arma. Which is kinda odd.

Any thoughts on that?

6. BattleEye when started searches for beserver.cfg according to my strace efforts. It should be trying to load beserver_*.cfg instead.

I fixed this issue by modifying the server start up script to always copy beserver_*.cfg into beserver.cfg and let the battle eye take care of renaming.

Edit: Again, my message was passing moderation, it is fixed now indeed.

1. Please research further. This is unlikely to be caused by BE.

2. Possible, I will forward this to BIS (only they can fix it).

3. Did you remove the -BEpath parameter? Most likely this parameter prevented BE from loading its files correctly.

4. See 2.

5. The ArmA server loads "ban.txt" from root, the BE Server loads "bans.txt" from BE folder - note the difference.

6. You shouldn't need to do this. The BE Server now renames the beserver.cfg to beserver_active_[randomtext].cfg to prevent a remote script exploit. If the server is shut down properly, it will automatically be renamed back. But even if it isn't when the server crashes, the config should be loaded without problems the next time.

Share this post


Link to post
Share on other sites

The update seems to have killed RCon on one of our servers (but it works on the others). The beserver.cfg is the same and it appears to be recognized since it was renamed to beserver_active_*.cfg.

The strange thing is the server log shows several successful RCon connections from me every time I attempt to log in, but the client itself doesn't show that. I'm using the official BE command line RCon tool from the wiki (0.91 I believe).

Share this post


Link to post
Share on other sites
1. Please research further. This is unlikely to be caused by BE.

Well, i checked the hardware no issues, no software updates were happening either.

The symptoms are as follows: the server starts up normal, and than the ram usage continuously increases.

Here is what i'm thinking to do. Drop an older version of BE on the server, and block off the ip for auto-update if possible and see if we still have an issue.

What ip should i block? Will clients with newer version be capable of connecting?

PS: We do have battle eye load correctly now.

Share this post


Link to post
Share on other sites
Here is what i'm thinking to do. Drop an older version of BE on the server, and block off the ip for auto-update if possible and see if we still have an issue.

Just change the owner of beserver.so to root. No need to block any IPs.

Share this post


Link to post
Share on other sites
2. -bepath isn't working on linux

It works for me, but only as long as the beserver.so binary is still to be found in its default location (e.g. <server-root>/expansion/battleye or <server-root>/battleye)

I'm currently loading the beserver.cfg from outside the server root using -bepath=<absolute-path-to-dir> and it works okay.

This is on Debian Lenny btw.

Share this post


Link to post
Share on other sites
It works for me, but only as long as the beserver.so binary is still to be found in its default location (e.g. <server-root>/expansion/battleye or <server-root>/battleye)

I'm currently loading the beserver.cfg from outside the server root using -bepath=<absolute-path-to-dir> and it works okay.

This is on Debian Lenny btw.

Oh yes, that makes perfect sense. On Windows BE is also removed from the working directory when it has been uninstalled (i.e. removed from the BE install folder).

Anyway, using -bepath for this purpose is no longer needed now due to the new beserver.cfg randomization.

Share this post


Link to post
Share on other sites

So i run 2 full memtest86+ v4.00

And nothing, so it's not ram/hardware issue.

I've cleaned up our mpmissions folder and still nothing.

We don't run any addons serverside other than cba.

I'm quickly running out of options. I reverted to older version of the map we play, and still the same memory issues.

Any other thoughts or ideas? This is not normal we were able to run 5-6 instances of the arma2oa server and now only 1.

Share this post


Link to post
Share on other sites

Might be a silly question, but as I can yield no search results with a direct answer I'll ask here, how do I create a V2 signature?

Found this, actually decided to use google instead.... :p

Edited by VIPER[CWW]

Share this post


Link to post
Share on other sites

it's now fully recomended to use BattlEye even on closed community / passworded servers (due to additional layers of protection)

Share this post


Link to post
Share on other sites

can we get a proper howto regarding battleye and its configuration and integration on LINUX?

I am confused how to call it with this beserver.cfg and how and where to use this -bepath=<absolute-path-to-dir>.

I dont want to spend the whole day in figuring this out.

Share this post


Link to post
Share on other sites

BE and RCON GUI are fubar at the moment aswell. So things are difficult at the moment for us admins.

Share this post


Link to post
Share on other sites
BE and RCON GUI are fubar at the moment aswell. So things are difficult at the moment for us admins.

Hows BE fubar? Did you report it to the author?

Rcon GUI? Reported to the author?

---------- Post added at 11:39 ---------- Previous post was at 11:37 ----------

I dont want to spend the whole day in figuring this out.
Arma server admin sounded more nice in the job description than it really is in practice? :P

Share this post


Link to post
Share on other sites

Just to clarify BE and RCON GUI working in conjunction with each other are fubar! Is that better!

Share this post


Link to post
Share on other sites
can we get a proper howto regarding battleye and its configuration and integration on LINUX?
see here
I am confused how to call it with this beserver.cfg and how and where to use this -bepath=<absolute-path-to-dir>.

I dont want to spend the whole day in figuring this out.

Start with the standard installation of BE described in the wiki so you get acquainted with how it works. If you want to have the BattlEye working directory elsewhere than the default one, edit the Arma II start script and add -bepath to the OTHERPARAMS variable. For example:

OTHERPARAMS='-cpucount=2 -bepath=/path/to/my/battleye'

Then copy (note copy, not "move", see 23262) battleye.so and beserver.cfg do that custom BE directory.

Edited by Killswitch

Share this post


Link to post
Share on other sites
see here

Start with the standard installation of BE described in the wiki so you get acquainted with how it works. If you want to have the BattlEye working directory elsewhere than the default one, edit the Arma II start script and add -bepath to the OTHERPARAMS variable. For example:

OTHERPARAMS='-cpucount=2 -bepath=/path/to/my/battleye'

Then copy (note copy, not "move", see 23262) battleye.so and beserver.cfg do that custom BE directory.

Ok this was helpful. Except the rcon, all has been done during the installation. I just was confused if there is something special.

Thanx

[/color]Arma server admin sounded more nice in the job description than it really is in practice? :P

The time is an issue if you have to work...long time ago when I was just a lazy student I would spend time to find it out on my own...but now I prefer to ask before spending my valuable spare time into this..

Edited by byteslam

Share this post


Link to post
Share on other sites

Tell me about it :) No worries, meant jokingly anyway :P

Share this post


Link to post
Share on other sites

Wrong signature... do someone has an explanation? we switched back to v1 as long as this happens.

Player Red: Wrong signature for file PMC\addons\video_pmc.pbo

Player ByteSlam: Wrong signature for file BAF\addons\air_d_baf.pbo

ByteSlam: Wrong signature for file BAF\addons\air_d_baf.pbo

Share this post


Link to post
Share on other sites
Wrong signature... do someone has an explanation? we switched back to v1 as long as this happens.

Player Red: Wrong signature for file PMC\addons\video_pmc.pbo

Player ByteSlam: Wrong signature for file BAF\addons\air_d_baf.pbo

ByteSlam: Wrong signature for file BAF\addons\air_d_baf.pbo

See this thread. It's fixed in one of the betas.

Share this post


Link to post
Share on other sites
See this thread. It's fixed in one of the betas.

Ok end of story no official solution, only in beta which is not acceptable for a normal Gameserver.

Share this post


Link to post
Share on other sites

Apologies if this is the wrong place to put this, but I can't find a more appropriate place without starting a new thread somewhere...

I am going through the process of securing my server (as much as I can) and today switched it over to V2 keys. The problem is now that a lot of addons no longer get accepted. Is this just a fact of life until addon makers re-sign their addons or have I done something wrong?

An example is the Lingor addon. Although Lingor itself has a v2 key, it's dependencies such as MGB_Buildings2 and brg_africa do not (I am used the theory that a bisign of 500 bytes is V2 as apposed to 290 bytes which is V1). So if I try and join I get kicked because these addons are not signed correctly.

I have both the bi.bikey and bi2.bikey in my keys directory and have set verifySignatures to 2 - other than that I haven't made any other changes in relation to keys. All the mods on the server are updated to the latest version that SixUpdater has. Everything works if I switch back to v1 keys in my config file.

I am running the latest OA beta on the server.

Share this post


Link to post
Share on other sites
Ok end of story no official solution, only in beta which is not acceptable for a normal Gameserver.

It's a client-side fix. You don't need to run the beta server, only the beta client.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×