mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[MISC] Warn for poorly tuned argon2id deployments (#1426)
The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments. We could potentially look to expand this to FreeBSD in future too.
This commit is contained in:
parent
43af825f47
commit
66b1600455
|
@ -1,9 +1,12 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
duoapi "github.com/duosecurity/duo_api_golang"
|
||||
"github.com/fasthttp/router"
|
||||
|
@ -140,6 +143,22 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
|
|||
logging.Logger().Fatalf("Error initializing listener: %s", err)
|
||||
}
|
||||
|
||||
if configuration.AuthenticationBackend.File != nil && configuration.AuthenticationBackend.File.Password.Algorithm == "argon2id" && runtime.GOOS == "linux" {
|
||||
f, err := ioutil.ReadFile("/sys/fs/cgroup/memory/memory.limit_in_bytes")
|
||||
if err != nil {
|
||||
logging.Logger().Warnf("Error reading hosts memory limit: %s", err)
|
||||
} else {
|
||||
m, _ := strconv.Atoi(strings.TrimSuffix(string(f), "\n"))
|
||||
hostMem := float64(m) / 1024 / 1024 / 1024
|
||||
argonMem := float64(configuration.AuthenticationBackend.File.Password.Memory) / 1024
|
||||
|
||||
if hostMem/argonMem <= 2 {
|
||||
logging.Logger().Warnf("Authelia's password hashing memory parameter is set to: %gGB this is %g%% of the available memory: %gGB", argonMem, argonMem/hostMem*100, hostMem)
|
||||
logging.Logger().Warn("Please read https://www.authelia.com/docs/configuration/authentication/file.html#memory and tune your deployment")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if configuration.TLSCert != "" && configuration.TLSKey != "" {
|
||||
logging.Logger().Infof("Authelia is listening for TLS connections on %s%s", addrPattern, configuration.Server.Path)
|
||||
logging.Logger().Fatal(server.ServeTLS(listener, configuration.TLSCert, configuration.TLSKey))
|
||||
|
|
Loading…
Reference in New Issue
Block a user