Difference between revisions of "Security overview report"

Jump to: navigation, search
(XSS trusted users: discussion link)
(vendor directory (MDL-59969))
 
(19 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{stub}}{{Moodle 1.9}}[[Image:Security overview.png|thumb|right|Security overview]]
+
{{Security}}
 +
A security overview report is available via 'Security overview' in the Site administration.
  
 +
*[[report/security/report security check globals|Register globals]]
 +
:register_globals is a PHP setting that must be disabled for Moodle to operate safely.
  
Location: ''Administration > Reports > Security overview''
+
*[[report/security/report security check unsecuredataroot|Insecure dataroot]]
 +
:The dataroot is the directory where Moodle stores user files.  It should not be directly accessible via the web.
  
 +
*[[report/security/report security check displayerrors|Displaying of PHP errors]]
 +
:If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.
  
The security overview report is available in Moodle 1.9.4 onwards.
+
*[[Vendor directory security check|Vendor directory]]
 +
:The vendor directory should not be present on public sites.
  
===Register globals===
+
*[[report/security/report security check noauth|No authentication]]
 +
:Use of the "no authentication" plugin can be dangerous, allowing people to access the site without authenticating.
  
register_globals is a PHP setting that must be disabled for Moodle to operate safely.
+
*[[report/security/report security check embed|Allow EMBED and OBJECT]]
 +
:Allowing ordinary users to embed Flash and other media in their texts (eg forum posts) can be a problem because those rich media objects can be used to steal admin or teacher access, even if the media object is on another server.
  
===Insecure dataroot===
+
*[[report/security/report security check mediafilterswf‎|Enabled .swf media filter]]
 +
:Even the flash media filter can be abused to include malicious flash files.
  
The dataroot is the directory where Moodle stores user files.  It should not be directly accessible via the web.
+
*[[report/security/report security check openprofiles|Open user profiles]]
 +
:User profiles should not be open to the web without authentication, both for privacy reasons and because spammers then have a platform to publish spam on your site.
  
===Displaying of PHP errors===
+
*[[report/security/report security check google|Open to Google]]
 +
:Allowing Google to enter your site means that all the contents become available to the world.  Don't use this unless it's a really public site.
  
If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.
+
*[[report/security/report security check passwordpolicy|Password policy]]
 +
:Using a password policy will force your users to use stronger passwords that are less susceptible to being cracked by a intruder.
  
===No authentication===
+
*[[Password salting|Password salt]]
 +
:Setting a password salt greatly reduces the risk of password theft.
  
Use of the "no authentication" plugin can be dangerous, allowing people to access the site without authenticating.  
+
*[[report/security/report security check emailchangeconfirmation‎|Email change confirmation]]
 +
:You should generally always force users to confirm email address changes via an extra step where a confirmation link is sent to the user.
  
===Allow EMBED and OBJECT===
+
*[[report/security/report security check cookiesecure|Secure cookies]]
 +
:It is recommended to use secure cookies only when serving over SSL.
  
Allowing ordinary users to embed Flash and other media in their texts (eg forum posts) can be a problem because those rich media objects can be used to steal admin or teacher access, even if the media object is on another server.
+
*[[report/security/report security check configrw|Writable config.php]]
 +
:The config.php file must not be writeable by the web server process.  If it is, then it is possible for another vulnerability to allow attackers to rewrite the Moodle code and display whatever they want.
  
===Enabled .swf media filter===
+
*[[report/security/report security check riskxss|XSS trusted users]]
 +
:Make sure that you trust all the people on this list:  they are the ones with permissions to potentially write XSS exploits in forums etc.
  
Even the flash media filter can be abused to include malicious flash files.
+
*[[report/security/report security check riskadmin|Administrators]]
 +
:Review your administrator accounts and make sure you only have what you need.
  
===Open user profiles===
+
*[[Backup of user data]]
 +
:Make sure that only roles that need to backup user data can do so and that all users who have the capability are trusted.
  
User profiles should not be open to the web without authentication, both for privacy reasons and because spammers then have a platform to publish spam on your site.
+
*[[report/security/report security check defaultuserrole‎ |Default role for all users]]
 +
:This checks that the registered user role is defined with sane permissions.
  
===Open to Google===
+
*[[report/security/report security check guestrole|Guest role]]
 +
:This checks that the guest role is defined with sane permissions.
  
Allowing Google to enter your site means that all the contents become available to the world.  Don't use this unless it's a really public site.
+
*[[report/security/report security check frontpagerole‎|Frontpage role]]
 +
:This checks that the frontpage user role is defined with sane permissions.
  
===Password policy===
+
==See also==
 
 
Using a password policy will force your users to use stronger passwords that are less susceptible to being cracked by a intruder.
 
 
 
===Email change confirmation===
 
 
 
You should generally always force users to confirm email address changes via an extra step where a confirmation link is sent to the user.
 
 
 
===Writable config.php===
 
 
 
The config.php file must not be writeable by the web server process.  If it is, then it is possible for another vulnerability to allow attackers to rewrite the Moodle code and display whatever they want.
 
 
 
===XSS trusted users===
 
 
 
Make sure that you trust all the people on this list:  they are the ones with permissions to potentially write XSS exploits in forums etc. See the Using Moodle discussion [http://moodle.org/mod/forum/discuss.php?d=115805 How to fix XSS trusted users problem] for further details.
 
 
 
===Administrators===
 
 
 
Review your administrator accounts and make sure you only have what you need.
 
 
 
===Registered user role===
 
 
 
This checks that the registered user role is defined with sane permissions.
 
 
 
===Guest role===
 
 
 
This checks that the guest role is defined with sane permissions.
 
 
 
===Frontpage role===
 
  
This checks that the frontpage user role is defined with sane permissions.
+
* [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum] on moodle.org
 
 
===Default course role (global)===
 
 
 
This checks that the default course role globally is defined with sane permissions.
 
 
 
===Default roles (courses)===
 
 
 
This check alerts you if any courses are using an odd default course role.
 
 
 
 
 
==See also==
 
  
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]
+
[[Category:Report]]
 +
[[Category:Site administration]]
  
[[Category:Security]]
+
[[de:Sicherheitsbericht]]
 +
[[es:Reporte Vista general de Seguridad]]
 +
[[eu:Seguratasunaren_ikuspegi_orokorra]]
 +
[[fr:Panorama de sécurité]]
 +
[[ja:セキュリティオーバービュー]]

Latest revision as of 07:37, 19 September 2017

A security overview report is available via 'Security overview' in the Site administration.

register_globals is a PHP setting that must be disabled for Moodle to operate safely.
The dataroot is the directory where Moodle stores user files. It should not be directly accessible via the web.
If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.
The vendor directory should not be present on public sites.
Use of the "no authentication" plugin can be dangerous, allowing people to access the site without authenticating.
Allowing ordinary users to embed Flash and other media in their texts (eg forum posts) can be a problem because those rich media objects can be used to steal admin or teacher access, even if the media object is on another server.
Even the flash media filter can be abused to include malicious flash files.
User profiles should not be open to the web without authentication, both for privacy reasons and because spammers then have a platform to publish spam on your site.
Allowing Google to enter your site means that all the contents become available to the world. Don't use this unless it's a really public site.
Using a password policy will force your users to use stronger passwords that are less susceptible to being cracked by a intruder.
Setting a password salt greatly reduces the risk of password theft.
You should generally always force users to confirm email address changes via an extra step where a confirmation link is sent to the user.
It is recommended to use secure cookies only when serving over SSL.
The config.php file must not be writeable by the web server process. If it is, then it is possible for another vulnerability to allow attackers to rewrite the Moodle code and display whatever they want.
Make sure that you trust all the people on this list: they are the ones with permissions to potentially write XSS exploits in forums etc.
Review your administrator accounts and make sure you only have what you need.
Make sure that only roles that need to backup user data can do so and that all users who have the capability are trusted.
This checks that the registered user role is defined with sane permissions.
This checks that the guest role is defined with sane permissions.
This checks that the frontpage user role is defined with sane permissions.

See also