After installing Drupal many times and having to check file permissions to make sure the site was secure, I got to thinking about how to automate this process. I started by writing a script to take care of this, but eventually I thought a Drupal module might be the way to go. The module could provide a hook, say hook_file_security, that would take an array of files names and their suggested security parameters. This could work very similar to the updates module providing information on the admin/reports/status page and an admin/reports/file-security page that displayed all installed modules, their files, the suggested security settings, and the current security settings. Well, that is the base idea I had. I think something like this would really help new users of Drupal and I'm pretty sure it's possible since the installation script reports on the security settings of the files directory and the settings.php file. Any thoughts, ideas, suggestions are welcome. Cheers, Jon
Its a great idea. An extensible security module would be great. Im happy to lend a hand in design or code. There is lots more it could do (feed into IDS etc) but just basic file security (and maybe .htaccess checking) would be a great boon. steev
Victor, Thanks for your interest. I read up a little on drush and it seems like a really powerful system, but I'm not quite sure its the right way to go with this. Here are some more specifics of what I had in mind. Let me know if you disagree. 1. My first thought was that this would eventually make it into Drupal core. I know that's a long shot, but there are always new web developers getting thier feet wet and this would help ensure a safe and secure Drupal site. drush is a system in itself and would require new users to first, know about it, and second, know how to use it. Not really a newbie thing. 2. I wanted this module to provide a hook that other modules could use to define the files in their module and specify default permissions for those files. If this were a drush extension, it would require that others know about drush and know how to use drush in order to take advantage of the functionality which in the long run I think would mean not as wide an addoption. Steve, I agree, this module could be a lot more than what I had initially thought of. I haven't developed a module that defined it's own hook yet, so I am going to look into what that entails. I would appreciate any up-front design help and code help later on. Cheers, Jon Antoine Antoine Solutions Open Source Development Tutorials & Documentation dev.antoinesolutions.com On Tue, Feb 10, 2009 at 11:49 PM, Steve Power <steev@initsix.co.uk> wrote:
Its a great idea. An extensible security module would be great. Im happy to lend a hand in design or code.
There is lots more it could do (feed into IDS etc) but just basic file security (and maybe .htaccess checking) would be a great boon.
steev
I see where you are going, in that case, full speed ahead! On Thu, Feb 12, 2009 at 12:50 AM, Jon Antoine <antoinesolutions@gmail.com>wrote:
Victor,
Thanks for your interest. I read up a little on drush and it seems like a really powerful system, but I'm not quite sure its the right way to go with this. Here are some more specifics of what I had in mind. Let me know if you disagree.
1. My first thought was that this would eventually make it into Drupal core. I know that's a long shot, but there are always new web developers getting thier feet wet and this would help ensure a safe and secure Drupal site. drush is a system in itself and would require new users to first, know about it, and second, know how to use it. Not really a newbie thing. 2. I wanted this module to provide a hook that other modules could use to define the files in their module and specify default permissions for those files. If this were a drush extension, it would require that others know about drush and know how to use drush in order to take advantage of the functionality which in the long run I think would mean not as wide an addoption.
Steve,
I agree, this module could be a lot more than what I had initially thought of. I haven't developed a module that defined it's own hook yet, so I am going to look into what that entails. I would appreciate any up-front design help and code help later on.
Cheers,
Jon Antoine Antoine Solutions Open Source Development Tutorials & Documentation dev.antoinesolutions.com
On Tue, Feb 10, 2009 at 11:49 PM, Steve Power <steev@initsix.co.uk> wrote:
Its a great idea. An extensible security module would be great. Im happy to lend a hand in design or code.
There is lots more it could do (feed into IDS etc) but just basic file security (and maybe .htaccess checking) would be a great boon.
steev
oooh, sounds like a candidate for a drush extension. See http://drupal.org/project/drush and http://drupal.org/project/drush_extras In its version two in Drupal 6, for example, drush exists entirely outside of Drupal, so on a production server with several different sites, or on your own development box or testing machine, you can install once and run many times. Moreover, it is not a module, but a self-contained system. And the cool part is that in your home user directory you can store easy-to-write extensions, starting with drush_extras (./home/drush). Victor Kane http://awebfactory.com.ar On Wed, Feb 11, 2009 at 1:50 AM, Jon Antoine <antoinesolutions@gmail.com>wrote:
After installing Drupal many times and having to check file permissions to make sure the site was secure, I got to thinking about how to automate this process. I started by writing a script to take care of this, but eventually I thought a Drupal module might be the way to go. The module could provide a hook, say hook_file_security, that would take an array of files names and their suggested security parameters. This could work very similar to the updates module providing information on the admin/reports/status page and an admin/reports/file-security page that displayed all installed modules, their files, the suggested security settings, and the current security settings.
Well, that is the base idea I had. I think something like this would really help new users of Drupal and I'm pretty sure it's possible since the installation script reports on the security settings of the files directory and the settings.php file. Any thoughts, ideas, suggestions are welcome.
Cheers,
Jon
participants (3)
-
Jon Antoine -
Steve Power -
Victor Kane