Updating d7/d8 profiles to include security headers

timclifford · Nov 9, 2020 · 4781598 · 4781598
1 parent 64b867f
commit 4781598
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 38 deletions.
diff --git a/Profiles/algm_d7_sla_site.profile.yml b/Profiles/algm_d7_sla_site.profile.yml
@@ -1,43 +1,36 @@
 title: 'ALGM Drupal 7 SLA audit'
 description: 'This audit is for Drupal 7 sites which are under the ALGM SLA'
 policies:
-    # General
-    'algm:HealthCheck': { severity: high }
-    'algm:DrushStatus': { severity: normal }
-    'algm:FileSystemAnalysis': { severity: normal }
-    'Drupal:moduleUpdates': { severity: normal }
-    # Drupal 7
-    'Drupal-7:NoDuplicateModules': { severity: normal }
-    'Drupal-7:OverlayModuleDisabled': { severity: normal }
-    'Drupal-7:BlackListPermissions': { severity: normal }
-    'Drupal-7:PhpModuleDisabled': { severity: normal }
-    'Drupal-7:SimpletestModuleDisabled': { severity: normal }
-    'Drupal-7:StatisticsModuleDisabled': { severity: normal }
-    'Drupal-7:UpdateModuleDisabled': { severity: normal }
-    'Drupal-7:XMLSitemapBaseURL': { severity: normal }
-    'Drupal-7:ZenRegistryRebuild': { severity: normal }
-    # FS and Database
-    'fs:largeFiles': { severity: normal }
-    'Drupal:largeFiles': { severity: normal }
-    'Drupal:updates':
-      {
-        severity: normal,
-        parameters: {
-          max_size: 1000,
-          warning_size: 250
-        }
-      }
-    'Database:Fulltext': { severity: normal }
-    'Database:Size': { severity: normal }
-    # Security
-    'algm:Security:D7SecurityModuleUpdates': { severity: high }
-    'Drupal-7:User1LockDown': { severity: normal }
-    'fs:SensitivePublicFiles':
-      {
-        severity: high,
-        parameters: {
-          extensions: 'sql, sh, php, py, bz2, gz, tar, tgz, zip'
-        }
+  # General
+  'algm:HealthCheck': { severity: high }
+  'algm:DrushStatus': { severity: normal }
+  #'algm:FileSystemAnalysis': { severity: normal }
+  'Drupal:moduleUpdates': { severity: normal }
+  # Drupal 7
+  'Drupal-7:NoDuplicateModules': { severity: normal }
+  'Drupal-7:OverlayModuleDisabled': { severity: normal }
+  'Drupal-7:BlackListPermissions': { severity: normal }
+  'Drupal-7:PhpModuleDisabled': { severity: normal }
+  'Drupal-7:SimpletestModuleDisabled': { severity: normal }
+  'Drupal-7:StatisticsModuleDisabled': { severity: normal }
+  'Drupal-7:UpdateModuleDisabled': { severity: normal }
+  'Drupal-7:XMLSitemapBaseURL': { severity: normal }
+  'Drupal-7:ZenRegistryRebuild': { severity: normal }
+  # FS and Database
+  'fs:largeFiles': { severity: normal }
+  'Drupal:largeFiles': { severity: normal }
+  'Drupal:updates': { severity: medium }
+  'Database:Fulltext': { severity: normal }
+  'Database:Size': { severity: normal }
+  # Security
+  'algm:Security:D7SecurityModuleUpdates': { severity: high }
+  'Drupal-7:User1LockDown': { severity: normal }
+  'fs:SensitivePublicFiles':
+    {
+      severity: high,
+      parameters: {
+        extensions: 'sql, sh, php, py, bz2, gz, tar, tgz, zip'
       }
+    }
 include:
-  - d7_security_review
+  - security_headers
diff --git a/Profiles/algm_sla_site.profile.yml b/Profiles/algm_sla_site.profile.yml
@@ -67,3 +67,5 @@ policies:
         status: 1
       }
     }
+include:
+  - security_headers