Moodle Security - Miletic, Darko Ebook Oświęcim

Spis treści: Moodle Security Table of Contents Moodle Security Credits About the Author About the Reviewers www.PacktPub.com Support files, eBooks, discount offers, and more Why Subscribe? Free Access for Packt account holders Preface What this book covers Who this book is for Conventions Reader feedback Customer support Errata Piracy Questions 1. Delving into the World of Security Moodle and security Weak points The secure installation of Moodle Starting from scratch Installation checklist Quickly securing Moodle Review the Moodle security overview report Summary 2. Securing Your Server Linux Securing your Linuxthe basics Firewall User accounts and passwords Removing unnecessary software packages Patching Apache configuration Where to start Directory browsing Load only a minimal number of modules Install and configure ModSecurity MySQL configuration PHP configuration Installation File security permissions Discretionary Access ControlDAC Directory permissions Access Control Lists Mandatory Access Control (MAC) Adequate location for a Moodle installation How to secure Moodle files DAC ACL Summary 3. Securing Your ServerWindows Securing Windowsthe basics Firewall Keeping OS updated Configuring Windows update Anti-virus New security model File security permissions Adequate location for Moodle installation Installing and securing PHP under Internet Information Server Preparing IIS Getting the right version of PHP Configuring php.ini Adding PHP to the IIS Creating Application pool Create new website Adding PHP mapping Securing MySQL MySQL configuration wizard Configure MySQL service to run under low/privileged user Create a mysql account Summary 4. Authentication Basics of authentication Logon procedure Common authentication attacks Weak passwords Enforcing a good password policy Protecting user logon Closing the security breach Password change Recover a forgotten password Preventing a potential security risk Securing user profile fields User model in Moodle Authentication types in Moodle Manual accounts E-mail based self-registration Specifying allowed or denied e-mail domains Captcha Session hijacking No login Summary 5. Roles and Permissions Roles and capabilities Capability Context Permissions Role How it all fits together Standard Moodle roles Customizing roles Overriding roles Best practices Risky capabilities Summary 6. Protection Against Bots Internet bots Search engine content indexing Harvesting email addresses Website scraping Spam generators Protecting Moodle from unwanted search bots Search engines Moodle and search engines Moodle access check Protection against spam bots User profiles E-mail-based self-registration User blogs Moodle messaging system Cleaning up spam Protection against brute force attacks Summary 7. Securing User Files Uploading files into Moodle How Moodle stores files Points of submitting user files WYSIWYG HTMLArea editor Upload single file simple/advanced assignment Forum Database activity Dangers and pitfalls Classic viruses Macro viruses Applying protection measures Disable WYSIWIG editor if you do not need it Enable file upload in forums only when you really need it Anti-virus and Moodle ClamAV on Linux Configuring Moodle ClamAV on Windows Downloading Configuring clamd service Setting up virus signature database update Scheduling updates Final steps Summary 8. Securing Moodle Data User information protection User profile page Reaching profile page People block Forum topics Messaging system Protecting user profile information Limit information exposed to all users Completely block ability to view profiles Disable View participants capability Hide messaging system Disable Messaging system Not using general forums Disable View user profiles capability Course information protection Course backups Important information for users of Moodle prior to 1.9.7 Password hashes and salt Enable password policy Enable password salt Disable teachers ability to back up and restore courses Security issues with course backups Scheduled backups Summary 9. Monitoring User Activity Activity monitoring using Moodle tools Moodle log Accessing the Moodle reports Logs report IP address look up page setup Configuring Moodle to use GeoIP database Live Logs report Statistics report Moodle cron Moodle cron on Windows Moodle cron on Linux Enabling statistics report Activity monitoring using OS native tools Linux Server load Disk space Web server load Web server statistics Configuring The Webalizer Windows Server load Task manager Performance and Reliability Monitor The Webalizer on Windows Summary 10. Backup Importance of backup Backup tools in Moodle Manual backup Automatic backup Content export options for automatic backup Execution configuration options When to use Moodle automated backup Site backup Database Server log Linux Windows Automating database backupLinux Backup script explanation Automating database backupWindows Restoring database Moodledata directory Linux Windows Moodle directory Disaster recovery scenario Summary A. Authentication Plugins Plugins less common in production servers LDAP server Configuring LDAP PHP extension CAS server FirstClass server IMAP server Moodle network authentication NNTP server No authentication PAM (Pluggable Authentication Modules) POP3 server Shibboleth Radius Summary Index