Move LMS scoring under new Domain Heuristics

2020-08-11 10:27:16 +02:00
parent 85e4beafa1
commit 3b896ee892
5 changed files with 87 additions and 16 deletions
--- a/profile/config.go
+++ b/profile/config.go
@@ -80,6 +80,10 @@ var (
 	cfgOptionRemoveBlockedDNS      config.IntOption // security level option
 	cfgOptionRemoveBlockedDNSOrder = 113

+	CfgOptionDomainHeuristicsKey   = "filter/domainHeuristics"
+	cfgOptionDomainHeuristics      config.IntOption // security level option
+	cfgOptionDomainHeuristicsOrder = 114
+
 	// Permanent Verdicts Order = 128
 )

@@ -378,6 +382,24 @@ Examples:
 	cfgOptionRemoveBlockedDNS = config.Concurrent.GetAsInt(CfgOptionRemoveBlockedDNSKey, int64(status.SecurityLevelsAll))
 	cfgIntOptions[CfgOptionRemoveBlockedDNSKey] = cfgOptionRemoveBlockedDNS

+	// Domain heuristics
+	err = config.Register(&config.Option{
+		Name:            "Enable Domain Heuristics",
+		Key:             CfgOptionDomainHeuristicsKey,
+		Description:     "Domain Heuristics checks for suspicious looking domain names and blocks them. Ths option currently targets domains generated by malware and DNS data tunnels.",
+		Order:           cfgOptionDomainHeuristicsOrder,
+		OptType:         config.OptTypeInt,
+		ExpertiseLevel:  config.ExpertiseLevelExpert,
+		ExternalOptType: "security level",
+		DefaultValue:    status.SecurityLevelsAll,
+		ValidationRegex: "^(0|4|6|7)$",
+	})
+	if err != nil {
+		return err
+	}
+	cfgOptionDomainHeuristics = config.Concurrent.GetAsInt(CfgOptionDomainHeuristicsKey, int64(status.SecurityLevelsAll))
+
+	// Bypass prevention
 	err = config.Register(&config.Option{
 		Name:            "Prevent Bypassing",
 		Key:             CfgOptionPreventBypassingKey,
--- a/profile/profile-layered.go
+++ b/profile/profile-layered.go
@@ -45,6 +45,7 @@ type LayeredProfile struct {
 	FilterSubDomains    config.BoolOption
 	FilterCNAMEs        config.BoolOption
 	PreventBypassing    config.BoolOption
+	DomainHeuristics    config.BoolOption
 }

 // NewLayeredProfile returns a new layered profile based on the given local profile.
@@ -108,6 +109,10 @@ func NewLayeredProfile(localProfile *Profile) *LayeredProfile {
 		CfgOptionPreventBypassingKey,
 		cfgOptionPreventBypassing,
 	)
+	new.DomainHeuristics = new.wrapSecurityLevelOption(
+		CfgOptionDomainHeuristicsKey,
+		cfgOptionDomainHeuristics,
+	)

 	// TODO: load linked profiles.