function _acquia_spi_security_review_security_checks in Acquia Connector 6.2
Same name and namespace in other branches
- 7.3 acquia_spi/security_review.inc \_acquia_spi_security_review_security_checks()
- 7.2 acquia_spi/security_review.inc \_acquia_spi_security_review_security_checks()
Checks for acquia_spi_security_review_get_checks().
1 call to _acquia_spi_security_review_security_checks()
- acquia_spi_security_review_get_checks in acquia_spi/
security_review.inc - Helper function allows for collection of this file's security checks.
File
- acquia_spi/
security_review.inc, line 83 - Stand-alone security checks and review system.
Code
function _acquia_spi_security_review_security_checks() {
$checks['file_perms'] = array(
'title' => t('File system permissions'),
'callback' => 'acquia_spi_security_review_check_file_perms',
'success' => t('Drupal installation files and directories (except required) are not writable by the server.'),
'failure' => t('Some files and directories in your install are writable by the server.'),
);
$checks['input_formats'] = array(
'title' => t('Input formats'),
'callback' => 'acquia_spi_security_review_check_input_formats',
'success' => t('Untrusted users are not allowed to input dangerous HTML tags.'),
'failure' => t('Untrusted users are allowed to input dangerous HTML tags.'),
);
$checks['nodes'] = array(
'title' => t('Content'),
'callback' => 'acquia_spi_security_review_check_nodes',
'success' => t('Dangerous tags were not found in the body of any nodes.'),
'failure' => t('Dangerous tags were found in the body of nodes.'),
);
$checks['comments'] = array(
'title' => t('Comments'),
'callback' => 'acquia_spi_security_review_check_comments',
'success' => t('Dangerous tags were not found in any comments.'),
'failure' => t('Dangerous tags were found in comments.'),
);
$checks['error_reporting'] = array(
'title' => t('Error reporting'),
'callback' => 'acquia_spi_security_review_check_error_reporting',
'success' => t('Error reporting set to log only.'),
'failure' => t('Errors are written to the screen.'),
);
$checks['private_files'] = array(
'title' => t('Private files'),
'callback' => 'acquia_spi_security_review_check_private_files',
'success' => t('Private files directory is outside the web server root.'),
'failure' => t('Private files is enabled but the specified directory is not secure outside the web server root.'),
);
$checks['upload_extensions'] = array(
'title' => t('Allowed upload extensions'),
'callback' => 'acquia_spi_security_review_check_upload_extensions',
'success' => t('Only safe extensions are allowed for uploaded files.'),
'failure' => t('Unsafe file extensions are allowed in uploads.'),
);
// Checks dependent on dblog.
if (module_exists('dblog')) {
$checks['query_errors'] = array(
'title' => t('Database errors'),
'callback' => 'acquia_spi_security_review_check_query_errors',
'success' => t('Few query errors from the same IP.'),
'failure' => t('Query errors from the same IP. These may be a SQL injection attack or an attempt at information disclosure.'),
);
$checks['failed_logins'] = array(
'title' => t('Failed logins'),
'callback' => 'acquia_spi_security_review_check_failed_logins',
'success' => t('Few failed login attempts from the same IP.'),
'failure' => t('Failed login attempts from the same IP. These may be a brute-force attack to gain access to your site.'),
);
}
$checks['admin_permissions'] = array(
'title' => t('Drupal admin permissions'),
'callback' => 'acquia_spi_security_review_check_admin_permissions',
'success' => t('Untrusted roles do not have administrative permissions.'),
'failure' => t('Untrusted roles have been granted administrative permissions.'),
);
$checks['password_in_emails'] = array(
'title' => t('Password included in user emails'),
'callback' => 'acquia_spi_security_review_check_email_passwords',
'success' => t('User passwords are not included in emails.'),
'failure' => t('User passwords are included in emails.'),
);
// Check dependent on PHP filter being enabled.
if (module_exists('php')) {
$checks['untrusted_php'] = array(
'title' => t('PHP access'),
'callback' => 'acquia_spi_security_review_check_php_filter',
'success' => t('Untrusted users do not have access to use the PHP input format.'),
'failure' => t('Untrusted users have access to use the PHP input format.'),
);
}
$checks['executable_php'] = array(
'title' => t('Executable PHP'),
'callback' => 'acquia_spi_security_review_check_executable_php',
'success' => t('PHP files in the Drupal files directory cannot be executed.'),
'failure' => t('PHP files in the Drupal files directory can be executed.'),
);
$checks['base_url_set'] = array(
'title' => t('Drupal base URL'),
'callback' => 'acquia_spi_security_review_check_base_url',
'success' => t('Base URL is set in settings.php.'),
'failure' => t('Base URL is not set in settings.php.'),
);
$checks['temporary_files'] = array(
'title' => t('Temporary files'),
'callback' => 'acquia_spi_security_review_check_temporary_files',
'success' => t('No sensitive temporary files were found.'),
'failure' => t('Sensitive temporary files were found on your files system.'),
);
if (module_exists('views') && function_exists('views_get_all_views')) {
$checks['views_access'] = array(
'title' => t('Views access'),
'callback' => 'acquia_spi_security_review_check_views_access',
'success' => t('Views are access controlled.'),
'failure' => t('There are Views that do not provide any access checks.'),
);
}
return array(
'security_review' => $checks,
);
}