'security_review_drush', 'aliases' => array('secrev'), 'description' => "Run the Security Review checklist", ); $items['password-check-setup'] = array( 'callback' => 'security_review_drush_hash_setup', 'aliases' => array('passset'), 'description' => "Create and load a rainbow table for password checking", ); return $items; } /** * Implementation of hook_drush_help(). */ function security_review_drush_help($section) { switch ($section) { case 'drush:security-review': return dt("Run configuration security checks on your Drupal site."); case 'drush:password-check-setup': return dt("Creates a table and fills it with dictionary words for rainbow testing."); } } /** * Run checklist and display results command. */ function security_review_drush() { // Retrieve the checklist. $checklist = module_invoke_all('security_checks'); $args = func_get_args(); if (!empty($args) && $args[0] == 'run') { // Run the checklist. $result = security_review_run($checklist); } else { // Retrieve results from last run of the checklist. $result = db_query("SELECT namespace, reviewcheck, result, lastrun, skip, skiptime, skipuid FROM {security_review}"); foreach ($result as $record) { $checks[] = $record; } $rows = array(); foreach ($checks as $check) { if ($check->result) { $message = $checklist[$check->namespace][$check->reviewcheck]['success']; $status = 'success'; } else { $message = $checklist[$check->namespace][$check->reviewcheck]['failure']; $status = 'error'; } drush_log($message, $status); } } } function security_review_drush_hash_setup() { $args = func_get_args(); if (empty($args)) { drush_die('Filename required'); } if (file_exists($args[0])) { $ret = array(); // Create the rainbow table. if (!db_table_exists('security_review_rainbow')) { $schema = array( 'fields' => array( 'hash_id' => array( 'type' => 'serial', ), 'hash_word' => array( 'type' => 'varchar', 'length' => 20, ), 'hash_hash' => array( 'type' => 'varchar', 'length' => 32, ), ), 'primary key' => array('hash_id'), 'indexes' => array('hash_hash' => array('hash_hash')), ); db_create_table($ret, 'security_review_rainbow', $schema); } // Put an index on users.pass. db_drop_index($ret, 'users', 'pass'); // Drop in case this has already run. db_add_index($ret, 'users', 'pass', array('pass')); $handle = fopen($args[0], 'r'); if ($handle) { $count = 0; while (!feof($handle)) { $buffer = fgets($handle, 4096); $word = trim($buffer); $hash = md5($hash); $sql = "INSERT INTO {security_review_rainbow} (hash_word, hash_hash) VALUES ('%s', '%s')"; db_query($sql, $word, $hash); $count++; } fclose($handle); drush_log(dt('!count records inserted into rainbow table', array('!count' => $count)), 'success'); } } else { drush_die('File not found'); } }