From 4781598edd746fcba26520de49fcf85cb385585c Mon Sep 17 00:00:00 2001 From: Tim Clifford Date: Mon, 26 Oct 2020 08:45:32 +0000 Subject: [PATCH] Updating d7/d8 profiles to include security headers --- Profiles/algm_d7_sla_site.profile.yml | 69 ++++++++++++--------------- Profiles/algm_sla_site.profile.yml | 2 + 2 files changed, 33 insertions(+), 38 deletions(-) diff --git a/Profiles/algm_d7_sla_site.profile.yml b/Profiles/algm_d7_sla_site.profile.yml index b51e974..d6b1a19 100644 --- a/Profiles/algm_d7_sla_site.profile.yml +++ b/Profiles/algm_d7_sla_site.profile.yml @@ -1,43 +1,36 @@ title: 'ALGM Drupal 7 SLA audit' description: 'This audit is for Drupal 7 sites which are under the ALGM SLA' policies: - # General - 'algm:HealthCheck': { severity: high } - 'algm:DrushStatus': { severity: normal } - 'algm:FileSystemAnalysis': { severity: normal } - 'Drupal:moduleUpdates': { severity: normal } - # Drupal 7 - 'Drupal-7:NoDuplicateModules': { severity: normal } - 'Drupal-7:OverlayModuleDisabled': { severity: normal } - 'Drupal-7:BlackListPermissions': { severity: normal } - 'Drupal-7:PhpModuleDisabled': { severity: normal } - 'Drupal-7:SimpletestModuleDisabled': { severity: normal } - 'Drupal-7:StatisticsModuleDisabled': { severity: normal } - 'Drupal-7:UpdateModuleDisabled': { severity: normal } - 'Drupal-7:XMLSitemapBaseURL': { severity: normal } - 'Drupal-7:ZenRegistryRebuild': { severity: normal } - # FS and Database - 'fs:largeFiles': { severity: normal } - 'Drupal:largeFiles': { severity: normal } - 'Drupal:updates': - { - severity: normal, - parameters: { - max_size: 1000, - warning_size: 250 - } - } - 'Database:Fulltext': { severity: normal } - 'Database:Size': { severity: normal } - # Security - 'algm:Security:D7SecurityModuleUpdates': { severity: high } - 'Drupal-7:User1LockDown': { severity: normal } - 'fs:SensitivePublicFiles': - { - severity: high, - parameters: { - extensions: 'sql, sh, php, py, bz2, gz, tar, tgz, zip' - } + # General + 'algm:HealthCheck': { severity: high } + 'algm:DrushStatus': { severity: normal } + #'algm:FileSystemAnalysis': { severity: normal } + 'Drupal:moduleUpdates': { severity: normal } + # Drupal 7 + 'Drupal-7:NoDuplicateModules': { severity: normal } + 'Drupal-7:OverlayModuleDisabled': { severity: normal } + 'Drupal-7:BlackListPermissions': { severity: normal } + 'Drupal-7:PhpModuleDisabled': { severity: normal } + 'Drupal-7:SimpletestModuleDisabled': { severity: normal } + 'Drupal-7:StatisticsModuleDisabled': { severity: normal } + 'Drupal-7:UpdateModuleDisabled': { severity: normal } + 'Drupal-7:XMLSitemapBaseURL': { severity: normal } + 'Drupal-7:ZenRegistryRebuild': { severity: normal } + # FS and Database + 'fs:largeFiles': { severity: normal } + 'Drupal:largeFiles': { severity: normal } + 'Drupal:updates': { severity: medium } + 'Database:Fulltext': { severity: normal } + 'Database:Size': { severity: normal } + # Security + 'algm:Security:D7SecurityModuleUpdates': { severity: high } + 'Drupal-7:User1LockDown': { severity: normal } + 'fs:SensitivePublicFiles': + { + severity: high, + parameters: { + extensions: 'sql, sh, php, py, bz2, gz, tar, tgz, zip' } + } include: - - d7_security_review + - security_headers diff --git a/Profiles/algm_sla_site.profile.yml b/Profiles/algm_sla_site.profile.yml index bd78d69..35a6944 100644 --- a/Profiles/algm_sla_site.profile.yml +++ b/Profiles/algm_sla_site.profile.yml @@ -67,3 +67,5 @@ policies: status: 1 } } +include: + - security_headers