You are here

Home » API reference » Guardr Core 7.3

guardr_core.install in Guardr Core 7.3

Same filename and directory in other branches
  1. 8 guardr_core.install
  2. 7 guardr_core.install
  3. 7.2 guardr_core.install
  4. 2.x guardr_core.install

Default configuration of contributed modules.

Here we do any database related configuration for included modules. These points of configuration includes both custom db queries and variable_set(). The only variable's that should be done in here are ones that require an array of data to be set. Variables that have a single entry (not an array) should be set in guardr.info under the settings section.

File

guardr_core.install
View source 
<?php

/**
 * @file
 * Default configuration of contributed modules.
 *
 * Here we do any database related configuration for included modules.
 * These points of configuration includes both custom db queries and
 * variable_set(). The only variable's that should be done in here are
 * ones that require an array of data to be set. Variables that have a
 * single entry (not an array) should be set in guardr.info under the
 * settings section.
 */

/**
 * Implements hook_install().
 */
function guardr_core_install() {

  // General Settings
  variable_set('dblog_row_limit', 1000000);
  variable_set('error_level', 0);
  variable_set('update_check_frequency', 1);
  variable_set('update_check_disabled', 0);
  variable_set('update_notification_threshold', 'security');
  variable_set('user_register', USER_REGISTER_ADMINISTRATORS_ONLY);

  // Guardr_core settings
  variable_set('guardr_intranet', 1);

  // Check to see if administrator role exists, if not create it
  if (!user_role_load_by_name('administrator')) {
    $admin_role = new stdClass();
    $admin_role->name = 'administrator';
    user_role_save($admin_role);
  }

  // Get administrator role information and set as user admin role
  $admin_role = user_role_load_by_name('administrator');
  variable_set('user_admin_role', $admin_role->rid);

  // Look up user1 account information
  $admin = user_load(1);

  // Check if user1 has administrator role and if not set to administrator role
  if (!user_has_role($admin_role->rid, $admin)) {
    db_insert('users_roles')
      ->fields(array(
      'uid' => 1,
      'rid' => $admin_role->rid,
    ))
      ->execute();
  }

  // Set autologout module defaults.
  // PCI v3.0 SAQ D 8.1.8 specifies a 15 minute timeout.
  variable_set('autologout_inactivity_message', 'You have been automatically logged out due to 15 minutes of inactivity.');
  variable_set('autologout_timeout', 900);
  variable_set('autologout_use_watchdog', 1);

  // Login Security
  variable_set('login_security_activity_threshold', 30);
  variable_set('login_security_disable_core_login_error', 1);
  variable_set('login_security_host_wrong_count', 35);
  variable_set('login_security_last_login_timestamp', 1);
  variable_set('login_security_track_time', 1);
  variable_set('login_security_user_wrong_count', 3);

  // Disable password autocomplete for PCI
  variable_set('no_autocomplete_login_form', 1);
  variable_set('no_autocomplete_profile_form', 1);

  /**
   * Set password_policy defaults
   * - Default policy
   * - Guardr Administrator
   * - Guardr Passphrase
   */
  variable_set('password_policy_new_login_change', 0);
  variable_set('password_policy_show_restrictions', 1);
  variable_set('password_policy_warning_subject', "Password expiration warning at !site");
  variable_set('password_policy_warning_body', "Your password at !site will expire in less than !days_left day(s).\n\n    Please go to !edit_uri to change your password.");

  // Default policy
  $policy = array(
    'complexity' => 3,
    'delay' => 24,
    'digit_placement' => 2,
    'history' => 24,
    'length' => 8,
    'letter' => 2,
    'username' => 1,
  );
  $pid = db_insert('password_policy')
    ->fields(array(
    'name' => 'Guardr default',
    'description' => 'The default password policy implementation included with the Guardr distribution.',
    'constraints' => serialize($policy),
    'enabled' => 1,
    'expiration' => '90',
    'warning' => '7,14',
    'created' => REQUEST_TIME,
  ))
    ->execute();

  // Enable authenticated role the above for the default password policy.
  db_insert('password_policy_role')
    ->fields(array(
    'pid' => $pid,
    'rid' => 2,
  ))
    ->execute();

  // Guardr administrator password policy
  $administrators = array(
    'punctuation' => 3,
    'digit' => 2,
    'history' => 48,
    'length' => 12,
    'letter' => 2,
    'username' => 1,
  );
  $pid = db_insert('password_policy')
    ->fields(array(
    'name' => 'Guardr administrator',
    'description' => 'A tougher password policy for administrator roles.',
    'constraints' => serialize($administrators),
    'enabled' => 1,
    'expiration' => '60',
    'warning' => '7,14',
    'created' => REQUEST_TIME,
  ))
    ->execute();
  db_insert('password_policy_role')
    ->fields(array(
    'pid' => $pid,
    'rid' => $admin_role->rid,
  ))
    ->execute();

  // Guardr passphrase password policy
  $passphrase = array(
    'length' => 20,
    'username' => 1,
  );
  $pid = db_insert('password_policy')
    ->fields(array(
    'name' => 'Guardr passphrase',
    'description' => 'An alternate Guardr password policy with fewer complexity restrictions, but a longer character length.',
    'constraints' => serialize($passphrase),
    'enabled' => 0,
    'created' => REQUEST_TIME,
  ))
    ->execute();
  db_insert('password_policy_role')
    ->fields(array(
    'pid' => $pid,
    'rid' => 2,
  ))
    ->execute();

  // Permission Watchdog
  $permission_watchdog = array(
    'all' => 'all',
  );
  variable_set('permission_watchdog_roles', $permission_watchdog);

  // Revision All
  $revision_all = array(
    'revision_all_types' => 1,
    'prevent_type_override' => 1,
    'prevent_node_override' => 1,
    'enable_future' => 1,
  );
  variable_set('revision_all', $revision_all);

  // Session expiration
  // Session age
  variable_set('session_expire_age', 43200);

  // Session type anonymous and authenticated
  variable_set('session_expire_mode', 1);

  // Perform garbage collection on every cron job
  variable_set('session_expire_interval', 0);

  // PCI v3.0 does not permit shared accounts, so set new sessions to
  // automatically logout other sessions.
  variable_set('session_limit_behaviour', 1);
  variable_set('session_limit_max', 1);

  // PCI does not specify to block logins based on IP.
  // Setting an IP block could even DoS users sharing a NAT or corporate proxy.
  variable_set('user_failed_login_ip_window', 0);

  // PCI v3.0 SAQ D 8.1.6 limits failures to 6 attempts.
  variable_set('user_failed_login_user_limit', 6);

  // PCI v3.0 SAQ D 8.1.2 says lockouts should last 30 minutes,
  // but doesn't specify the window in which to count attempt failures.
  variable_set('user_failed_login_user_window', 1800);

  // Notification Emails
  // -------------------
  // Set custom user_mail messages without references to user names or user ids.
  // "Welcome (new user created by administrator)"
  variable_set('user_mail_register_admin_created_subject', "An administrator created an account for you at [site:name]");
  variable_set('user_mail_register_admin_created_body', "A site administrator at [site:name] has created an account for you. You may now log in by clicking this link or copying and pasting it to your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password.\n\nAfter setting your password, you will be able to log in at [site:login-url] in the future using:\n\nusername: Your username\npassword: Your password\n\n--  [site:name] team");

  // "Welcome (awaiting approval)"
  variable_set('user_mail_register_pending_approval_subject', "Account details at [site:name] (pending admin approval)");
  variable_set('user_mail_register_pending_approval_body', "Thank you for registering at [site:name]. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.\n\n\n--  [site:name] team");

  // "Welcome (no approval required)"
  variable_set('user_mail_register_no_approval_required_subject', "Account details at [site:name]");
  variable_set('user_mail_register_no_approval_required_body', "Thank you for registering at [site:name]. You may now log in by clicking this link or copying and pasting it to your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password.\n\nAfter setting your password, you will be able to log in at [site:login-url] in the future using:\n\nusername: Your username\npassword: Your password\n\n--  [site:name] team");

  // "Account activation"
  variable_set('user_mail_status_activated_notify', 1);
  variable_set('user_mail_status_activated_subject', "Account details at [site:name] (approved)");
  variable_set('user_mail_status_activated_body', "Your account at [site:name] has been activated.\n\nYou may now log in by clicking this link or copying and pasting it into your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password.\n\nAfter setting your password, you will be able to log in at [site:login-url] in the future using:\n\nusername: Your username\npassword: Your password\n\n--  [site:name] team");

  // "Account blocked"
  variable_set('user_mail_status_blocked_notify', 0);
  variable_set('user_mail_status_blocked_subject', "Account details at [site:name] (blocked)");
  variable_set('user_mail_status_blocked_body', "Your account on [site:name] has been blocked.\n\n--  [site:name] team");

  // "Account cancellation confirmation"
  variable_set('user_mail_cancel_confirm_subject', "Account cancellation request at [site:name]");
  variable_set('user_mail_cancel_confirm_body', "A request to cancel your account has been made at [site:name].\n\nYou may now cancel your account on [site:url-brief] by clicking this link or copying and pasting it into your browser:\n\n[user:cancel-url]\n\nNOTE: The cancellation of your account is not reversible.\n\nThis link expires in one day and nothing will happen if it is not used.\n\n--  [site:name] team");

  // "Account canceled"
  variable_set('user_mail_status_canceled_notify', 0);
  variable_set('user_mail_status_canceled_subject', "Account details at [site:name] (canceled)");
  variable_set('user_mail_status_canceled_body', "Your account on [site:name] has been canceled.\n\n--  [site:name] team");

  // "Password recovery"
  variable_set('user_mail_password_reset_subject', "Replacement login information at [site:name]");
  variable_set('user_mail_password_reset_body', "A request to reset the password for your account has been made at [site:name].\n\nYou may now log in by clicking this link or copying and pasting it to your browser:\n\n[user:one-time-login-url]\n\nThis link can only be used once to log in and will lead you to a page where you can set your password. It expires after one day and nothing will happen if it's not used.\n\n--  [site:name] team");
}

Functions

Namesort descending Description
guardr_core_install Implements hook_install().