background preloader

Securité

Facebook Twitter

Belgian eID IDP integration. A small module that allows users to authenticate with a Belgian eID card, using Fedict's OpenID Identity Provider.

Belgian eID IDP integration

A short presentation can be found on the eID applet code repository. The Drupal website will act as the Relying Party, while the IDP will take care of the communication with the eID card itself, using a java applet running on the client's computer (no need to install the OS-specific eID middleware). Account Sync. Webserver authentication. Production check & Production monitor. 6.x-1.0 & 7.x-1.0-beta1 upgrade notice: Running update.php is required for both modules!

Production check & Production monitor

Backup your database! Performance monitoring note: kbahey was kind enough to grant me permissions to bring life back into the Performance project after it was removed from Devel this summer 2011.This module now integrates with Production check and Production monitor to provide the Drupal community with a full monitoring suite! Nagios integration is already present and will be expanded / optimised where needed. Introduction When bringing a site live, you should double check a lot of settings, like the error logging, site e-mail, disabling the Devel module and so on. Monitoring Drupal with Icinga. Overview: Monitoring one or two Drupal sites can be done by logging into the status report every few days and reviewing settings, looking at your watchdog log, and reading the emails the sites send you.

Monitoring Drupal with Icinga

However, as you run more and more sites that process becomes overwhelming and can take up a large amount of time. A few services exist to help monitor all of your sites in one place, Droptor, Drupal Monitor, and Acquia all provide really slick solutions. However, if you want to roll your own due to cost, corporate security, etc… the Drupal community has developed several tools leveraging Nagios. Paranoia. The Paranoia module attempts to identify all the places that a user can evaluate PHP via Drupal's web interface and then block those.

Paranoia

It reduces the potential impact of an attacker gaining elevated permission on a Drupal site. The specific features are: Disable granting of the "use PHP for block visibility" permission.Disable creation of input formats that use the PHP filter.Disable editing the user #1 account.Prevent granting risky permissions.Disable disabling this module. 6 Ways to Stay on top of Drupal Security. Within the Drupal community, one would like to assume that all Drupal developers are staying on top of all security updates and patches.

6 Ways to Stay on top of Drupal Security

The reality of security is that there is never enough time in the day to make this the priority it should be. In light of the security breach of Drupal.org yesterday (May 29, 2013), we thought we'd share some tips and controls we have implemented to constantly stay up-to-date on security, as well as ensure your entire development team is a part of the process: 1. Make Security a constant agenda topic for your agile scrum sessions. New Relic APM Features: Application Performance Monitoring Tools. Application Response Times The application response time is an average of the total time spent, across all web transactions occurring during a selected time frame, on the server-side.

New Relic APM Features: Application Performance Monitoring Tools

In the application overview the time spent in the app server is broken down into different layers including, request queuing, database, caching, application code, external calls and more. Application Histograms & Percentiles Histograms and Percentiles are valuable statistical tools that show you the distribution of response times for all of your transactions. Whether you're looking for deeper visibility into your app or browser side performance issues, or just want to identify transaction outliers, histograms and percentiles will provide you the kind of actionable data you need to quickly pinpoint and troubleshoot problems. Drupal performance monitoring with NewRelic. At the 2011 DrupalCon in Chicago I met the staff from NewRelic ( I took at closer look at the metrics they were collecting for online applications, and decided to use the trial offer.

Drupal performance monitoring with NewRelic

This came right in time as we are about to launch a new Drupal site. The hardware of our Drupal system is very powerful. We have 16GB memory on the web server with 24 cpu cores. The MySQL database server has 16 cores with 48 GB of memory. Anything on this hardware should be fast, right? Well, our Drupal pages were sluggish in response.

Monitoring Drupal with OSSEC. 30 November -0001 Drupal offers a number of defensive configurations that can enable a site to more proactively detect attacks and alert administrators.

Monitoring Drupal with OSSEC

One such module is the Login Security module. This module detects brute force attacks and locks out attackers after a certain number of failed authentication attempts. This module works quite well, but if you are using a host based intrusion detection system (HIDS) like OSSEC it would be much more efficient to utilize your existing HIDS infrastructure to alert you to these sorts of attacks. La_securite_sous_drupal.pdf. Nagios monitoring. The Nagios monitoring module integrates your Drupal site with the Nagios monitoring application.

Nagios monitoring

The module reports to Nagios that the site is up and running normally, including: PHP is parsing scripts and modules correctly (in case PHP gets disabled for some reason)The database is accessible from DrupalWhether there are configuration issues with the site, such as: pending Drupal version updatepending Drupal module updatesunwritable 'files' directoryPending updates to the database schemaCron not running for a specified periodAnything else reported in the Administer -> Reports -> Status report (requirements) If you already use Nagios in your organization to monitor your infrastructure, then this module will be useful for you.

If you only run one or two Drupal sites, Nagios may be overkill for this task. Security Note This module supports two ways of interacting with Nagios. Installation and Configuration. Monitoring. Overview This project introduces a vendor independent framework for deeply monitoring Drupal and all its projects / modules.

Monitoring

It provides a 360 degree perspective on Drupal system health, being a critical piece for true enterprise Drupal platforms. Our goal is to make monitoring an affordable and well established standard feature. These days, every website is somehow mission critical and the era of lazy-/unmonitored enterprise applications needs to come to an end.

With this vendor independent definition, we recommend every contrib module to provide its own sensors that allows the measuring of module health by default. Login Security.