/[drupal]/contributions/modules/phpids/README.txt
ViewVC logotype

Contents of /contributions/modules/phpids/README.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.12 - (show annotations) (download)
Fri Jan 23 16:12:16 2009 UTC (10 months ago) by gos77
Branch: MAIN
CVS Tags: DRUPAL-6--1-8-BETA2, DRUPAL-6--1-8-BETA1, HEAD
Changes since 1.11: +29 -23 lines
File MIME type: text/plain 
new maintainer: Gos77
add possibillity for global PHP-IDS installaltion
add drupal watchdog logentry if warning mail is send
move module admin form to phpids.admin.inc file
1 $Id: README.txt,v 1.11.4.2.2.3 2008/04/19 14:36:54 swentel Exp $
2
3 IMPORTANT
4 ---------
5
6 PHP5 only - at least 5.1.6 - 5.2.x recommended
7
8 DESCRIPTION
9 -----------
10
11 This module adds a security layer to Drupal based on PHPIDS (www.php-ids.org).
12 With a defined set or rules, it tries to detect malicious input from the (anonymous)
13 user - it does not strip, filter or sanitize the input. It logs directly to watchdog
14 or syslog (if enabled), so you have a clear view on who's trying to break your site.
15 It can send out a mail after a certain level of impact has been reached or redirect the
16 user to another page thus making his action completely worthless.
17
18 Although the functionality is there to redirect users after a certain impact, I
19 advise you to only log the attacks for now as I have to think about how to implement
20 white lists and so on. Sending a mail is, at this moment, a better option.
21
22 INSTALLATION
23 ------------
24
25 1) Download the latest PHPIDS package from http://www.php-ids.org.
26 2) Unpack the tar/zip and move the IDS directory in phpids-0.x/lib
27 to the module directory of phpids.
28 3) make sure the IDS/tmp folder is writable (for caching the filters)
29 On Unix do chown webuser:webuser IDS/tmp (or a chmod 666, but try to avoid that)
30
31 There is a Config.ini in the IDS/Config folder, do not worry, it's harmless, just keep
32 it like it is.
33
34 CONFIGURATION AND TESTING
35 -------------------------
36
37 After that, enable the module and surf to the settings page on
38 http://yourdrupal/?q=admin/settings/logging/phpids and change the default
39 settings to your needs.
40
41 Test if PHPIDS starts logging (not as user 1)
42
43 * normal log level
44 http://yourdrupal/?q=admin/reports/dblog&test=">XXX
45 * mail level - if you filled in an email
46 http://yourdrupal/?q=admin/reports/dblog&test=">XXX<"><script>
47 * warning level - redirects the (anonymous) user
48 http://yourdrupal/?q=admin/reports/dblog&test=<script>alert('hi')</script>&test2=<script>alert('hi2')</script>
49
50 You should see the attacks logged in your dblog or in your syslog file.
51
52 BUGS, REQUESTS
53 --------------
54
55 http://drupal.org/project/phpids
56
57 TODO / FEATURES
58 ---------------
59
60 * link phpids impact level with watchdog levels
61 * Build in white lists (more users/roles / forms etc)
  ViewVC Help
Powered by ViewVC 1.1.2