Automated Security Reviews of Drupal Sites

Most experienced Drupal developers have worked on sites with security issues. Keeping modules up to date is a pretty straight forward process, especially if you pay attention to the security advisories. Coder can find security issues in your code.

Recently I needed to perform a mass security audit to ensure a collection of sites were properly configured. After searching and failing to find a module that would do what I needed, I decided to write my own. The Security Check module for Drupal checks basic configuration options to ensure a site configuration doesn't have any obvious security flaws. This module isn't designed to find all flaws in your site.

Security Check works by checking a list of installed modules, settings for variables and permission assignments. I hope that others in the community will have suggestions for other generic tests that can be implemented in the module. If you have any ideas (or patches), please submit them as issues in the queue.

This module isn't a substitute for a full security audit, which can be conducted in house or by a third party such as Acquia's Professional Service team. Security Check is designed to be run as part of an automated site audit to catch low hanging fruit.

To use Security Checker install it in ~/.drush and then cd to any docroot and run "drush security-check" or if you prefer to use an alias run "drush @example secchk" from anywhere.

That´s a great idea. I didnt

Manu wrote:

That´s a great idea.

I didnt looked at the code right now, but it would be great to have a pluggable class system like Migrate to be able to implement custom tests for various situations...

Added Tue, 2013-07-16 05:33

Security Review module

Ben wrote:

I'm not sure what your searches were but the http://drupal.org/project/security_review project has existed for a long time and is this exact same goal. And it provides a hook so individuals can create their own tests.

Added Tue, 2013-07-16 05:58

Reply to comment | Dave Hall Consulting

rinoplastia cirugias de nariz wrote:

Heya i am for the first time here. I came across this board and I find It really useful & it helped me out much. I hope to give something back and aid others like you helped me.

Added Fri, 2013-07-19 09:53

Reply to comment | Dave Hall Consulting

pizza party wrote:

Hey! Someone in my Facebook group shared this site with us so I came to look it over. I'm definitely loving the information. I'm bookmarking and will be tweeting this to my followers! Fantastic blog and superb style and design.

Added Fri, 2013-07-19 22:55

Reply to comment | Dave Hall Consulting

real money online wrote:

Though this is the prosperous market for many, it's not at all worthy of novices. And, after-all, that's really the most decisive reason he was so passionately adored, contrary to the total havoc his character in No Down Payment would have propagated just as vindictively, as well as desperately and graspingly, without hesitation, by even the most independently self-willed of any would-be slave, even in conjunction with all the latter's most persistently ever-annoying appearances to the contrary. However, others may find that being unemployed and then starting their own business had been the greatest blessing.

Added Sun, 2013-07-21 22:46

コースを行って

by clicking here wrote:

コースを行っていないことを逃した。私は他の作家'書き込みアップの私のためらいについて扱うため、今ではとても愚かに感じる。はい、私たちは、多様な景色を眺めることができます。そして、私はその事実を我慢できない!

Added Fri, 2013-09-27 00:52

Drupal Web Design

James Durke wrote:

Drupal web design assumes that there will be many different kinds of users with various levels of control who are administering a website.

Added Tue, 2014-02-25 16:32

?

Anonymous wrote:

i need your help please I really need a job but i cant go outside to find one due to illness and government ( high cost no car ) so im looking for a blogging job but they ask for 2000 plus followers and friends this is where i need your help If its not a great effort please follow pinterest com/rialinardakis2 and friend george plakidas azalea on facebook

Added Thu, 2014-02-27 17:18

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <p> <div> <blockquote> <pre>

More information about formatting options