Integrate Guard-App capabilities into core

[sorbaugh]

Subtask to #40160

The goal is to merge the code from the Nextcloud Guard app into core and use its capabilities from there. The infos and checks that are provided via guard should be displayed in the Admin overview, for the ones possible.

[sorbaugh]

We will probably need some estimate about the time needed to re-implement these features in core and see if/how much of the code we can "copy paste".

A preliminary scan of the available checks&benchmarks are:

• HTTP
• LDAP
• MariaDB
• Nextcloud Configuration
• PHP
• Redis
• SSL
• System Info

[come-nc]

Is this supposed to replace current «Security & setup warnings» section?
Should existing checks from this section be merged with the new thing?

Regarding Nextcloud guard, it’s doing benchmarks, do we really want to execute benchmarks at each administration settings load? Seems like a bad idea as people will open admin settings when things are going wrong and it might not be the right time to put pressure on the system.

Quick review of guard checks:

• ldap.php
  • Checks that connecting to the LDAP works, and count entries at the root.
  • We can reuse ldap:test-config command implementation for this (same feature is already in LDAP admin settings)
• logfile.php
  • Counts errors and fatals in logfile Add a setupcheck for errors and warnings in log file logreader#1021
• mariadb.php
  • Tests connection to DB. My guess is if connection is broken the admin won’t make it to this page
  • Checks and display version of DB server. Already part of setup checks.
  • Checks number of opened table
• nextcloud.php
  • Tests connection to the url in config.php. Again, if this fails we’re not here.
  • Shows nextcloud version, already done in current overview
  • Shows available updates, already done
  • Shows maintenance mode status, if on we’re not here so does not apply.
  • Shows if DB needs upgrading, if true we’re not here
  • Shows whether we have extended support, this is done in the support app I think
• php.php
  • Checks PHP version. Already part of setup checks.
  • Checks memory_limit. Already part of setup checks.
  • Checks loaded extension. Some are already part of setup checks, but more could be added. Check for more php modules #40889
• redis.php
  • Shows memcache configuration
• ssl.php
  • Tests URL from config.php with ssl. This is done on frontend side with current URL it seems. Not sure if equivalent.
• system.php
  • Shows stuff about OS and hardware. Done by https://github.com/nextcloud/serverinfo

Guard benchmarks:

• ldap_benchmark.php
  • Benchmarks searching for entries at LDAP root
• http_benchmark.php
  • Benchmarks login page
• system_benchmark.php
  • Benchmarks the hardware

[sorbaugh]

^ cc @jancborchardt

[sorbaugh]

I agree that we shouldn't be running the benchmarks every time every time the admin overview is loaded.

[come-nc]

What we could do is show (possibly behind a button click) the checks which are passing, so that admins can see what the setup checks are checking.
Currently only fails and warnings are shown, which may make it look like it does not test much.

[jancborchardt]

Can someone post a Guard screenshot?

@come-nc thanks for the summary, maybe what we could do is show the last results in a greyed out way and offer a button to re-trigger the scan?

And yes I would say it should be part of the admin overview. If you think it is too unrelated to the "Security & setup checks" section then it can be its own below.

[sorbaugh]

Since this task kept growing too much, reducing the scope to what has been done already and moving the missing bits and pieces to new tasks to schedule in the future:

#43911
#43912