Joomla! Tools Suite v1.0 & Health, Installation and Security Audit Tool

[RussW]

Just installed the script on my development server (WAMP). Haven't explored it all, but just started with the Extensions Audit. Very nice overall. For some reason, certain extensions are listed multiple times:

• RD_Rss is listed 3 times
• Weblinks is listed twice
• Popular Items is listed twice
• JCE Editor Mambot is listed twice

I haven't seen this this behavior in my testing and to-date, no-one else has reported it either, I will continue to look in to it, but I am unsure if I will be able to re-create it.

There doesn't seem to be much consistency in whether unpublished extensions are listed or not. It also missed a number of both core and 3rd party extensions on my site. I'm not sure why this is so difficult to get right. You simple read off the extensions from the database tables for components, modules and mambots that are published. Then you go into the file structure and read the corresponding xml files.

JTS Tools do not distinguish between published or unpublished items, it is an audit, thus the status of them is irrelevant. As with your previous issu, I have not seen this behavior or had it reported to be by others, As you say it isn't hard to do, JTS does not read any database entries, it merely trawls the appropriate directories and reads the xml files, if it finds one, it builds an entry from the content, I will review the regex in-case I am over-looking something, if I am it would most likley be due to any format changes between 1.0 and 1.5 versions of Joomla!  If you can offer any better methodology please feel free, as the Tools do appear within my testing environments to do what they are designed to do.

Some core functions to not have associated function xml files, thus they are not reported through JTS audit routines.

As JCE is a very popular extension, it would be very nice if you could get the audit to list the multiple plugins that go with it. This is very hard to keep track of, as there are so many and they are frequently updated.

In it's current development state, JTS is not designed to perform sub-extension audits for the purpose of maintenance, it is designed to assist with security and version control, at this time I don't foresee this functionality being added in the short-term.

There is some work still to do to clean up the code, add the "missing" DataBase maintenance routines and then convert to a "Translation" friendly format, this will all be done before any new functionality is added. These tools are also planned to be ported to support additional OpenSource Applications in the near future also, so a stable, stationary release is required to enable that process.


If you could provide your Joomla!, JTS and Environment version details, this would assist in researching your reported issues.

[jitteryjack]

Hi,
I've just installed version 1.0.2F on an updated 1.0.12 => 1.0.13 hotfix site. The Core Diagnostics shows almost every file as being changed and I have a lot of _VALID_MOS errors on several extensions (Expose, Chronoforms). I reaplied 1.0.13 patch with no luck. After this, I did a custom hash (did one the first time) and now it shows me several missing files which I now are there. Any way to clear up this errors and get the core diagnostics working?

[RussW]

The core diagnostics work as designed, the base core diagnostics test against the FULL English fresh installation hash's for Joomla! so unfortunately upgraded sites can only rely on doing custom hash's of a known good state for comparison later.

If your extensions do not have the _VALID_MOS heading then you can add it yourself, again the core diagnostics only check hash's against Core Joomla! files, but will check for _VALID_MOS in all .php files found if they are not includes.

hwhich files does JTS say are missing that you can confirm are there?

[jitteryjack]

This are some of them:
errorpage/ all files in directory
backups/ all files in directory
stats/ all files in directory

All directories are none core.

[Gerbs]

When trying to do a file permissions or directory audit, I receive a "Could not open directory" error message.  I'm using Joomla 1.5RC3.  The other parts of the JTS component work fine.  Please let me know how to fix.

[RussW]

Gerbs

I would suggest that the permisisons require fxing up on those directories so that they can be read.

[Gerbs]

I changed the permissions on my www and a subfolder to 777, to validate that permissions were the problem, but even those folders did not get audited.  I still get the same error with no folders being audited.  Do you have any other ideas as to what might be causing the problem?

[theEditor]

Guys i can't seem to download HISA and JTS... on the webpage there is no download option.... am I the only one?

[RussW]

Where are you trying to download them from...?

Either there is information and link in the Extensions Site or you can go to JoomlaCode direct

http://joomlacode.org/gf/project/jts/frs/

[theEditor]

Where are you trying to download them from...?

Either there is information and link in the Extensions Site or you can go to JoomlaCode direct

http://joomlacode.org/gf/project/jts/frs/

Right I got it now.... thanks mate... I have both JTS and HISA... all i really need at this stage is installation and security so i will just go for  HISA

So I just upload it to the main directory do I?

[RussW]

For HISA , yes just upload to the main Joomla! "/" directory for JTS make a sub-directory  or use the Component, that has HISA built in to it after installation.

[ewel]

I tried the Joomla Tools Suite component today and I think it should be part of the standard installation package, as I argued in this thread: http://forum.joomla.org/index.php?topic ... icseen#new.

[RussW]

ewel,

thank you for your comments and for using the Joomla! Tools Suite, much appreciated. At the current time, JTS is still under some further development, but has also taken a bit of a back step to other projects and Real Life..... 

Hopefully, I will be able to get back in to it in the very near future again with some new idea's and utilities. As for adding JTS in to the core, although this would be a great thing for the JTS project, I do feel that it woulod make for additional load and code management for the Joomla! team and certainly my code is not up to the standards produced by the Joomal! Poject teams. However, we will continue to make JTS available and hopefully be able to keep up with the Joomla! enhancements and changes as it progresses itself.

Thanks again for the vote of confidence.

Russ

[FishD]

Hi all.
Hope im posting in the right area. I installed the JTS 1.03 (which appears to be latest), and have installed it into my Joomla 1.5rc3 (with nightly update from last week). But Im getting an error message saying that

"JTS was unable to locate your Joomla! instance! Is JTS installed in the correct directory?"

Is this the correct version for the joomla ive installed.
If yes, then what files does JTS look for to conform the existince of Joomla.
Would an incorrect security setting give me this result (I'm using jTS to help me sort out permissions). 

Thanks

Fish

[RussW]

At the current time, JTS doesn't support 1.5 RC4 or nightliies, thus it might fail with such a message, I haven't had the time to test again RC4 yet, I am afraid.  Basically, JTS-sa simply needs to be FTP'd in to a new directory under the Joomla! main installation directory. EG:

    /public_html/joomla/
    /public_html/joomla/jts/

Beyond that, yes if prmisisions are completely stuffed up t the point that JTS via the webserver cannot even read several directories (primarily  "/", "/includes" and a couple of others, then JTS would compain that it could not find a Joomla! instance, also there is a chance that if it cannot find a configuration.php in some circumstances, it will also post the same message, but should also complain about not seeing a configuration.php in this case.

Yes, at this time JTS 1.0.3 for the StandAlone version is the latest release. This should work fine up to RC3, but not all aspects of JTS will work with nightlies, (disgnostic for instance) they change to often to keep up with, sorry..! But most of the auditing features should still work as they are not Joomla! specific features.

[FishD]

Cheers.

[Jdam]

Hi Guys,

Does anyone of you at the moment has the HISA tool?
Joomlacode is down.

thanks
-Jd

[Daerils]

HISA?
For future reference.

[oldschool]

Hello,

I have the JTS-c v1.0.0RC1 component installed and when displayed it shows an assessment rating of 100%

When I publish the Joomla! Tools Suite Assured Module v.1.0.0B though, it always just displays the JTS logo/link and not the "100%" I was expecting. Any ideas why this might be?

[RussW]

Hmmm immediately the only thing I can think of is that Assured is stil in the default mode. Select the module in the backend and there are options to determine what to display, the Default : Assured Logo or the Rating : xy%. We chose to set the logo to default and not the rating so as not to display any unwanted reduced ratings, also if the rating is under 90% we fallback to the logo, again so as not to display low ratings by mistake.

[oldschool]

RussW - thanks but I've definitely edited the Assured module settings in the back end so it should display the rating as long as its over 90% (which it is) and not just display the JTS logo. Any other thoughts?

[newseed]

Can someone explain to me what HISA does and what Tool Kit does. Do I need both?

Also, I am trying to find the article that explains each step to securing a finished Joomla site.

Thanks.

[RussW]

A full description of all the functions of HISA and JTS can be found on the Prject site and within the first few posts of this thread. http://joomlacode.org/gf/project/jts/

In most cases, you would not need both, as JTS has an embedded version of HISA in it.

[Thinkey]

Deleting my last post, since it fixed itself somehow...

When will you be upgrading to Joomla! 1.0.15 Stable [ Daytime ] ?

And..well...

I get a

Code: Select all

Fatal error: Call to undefined function posix_getpwuid() in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/dpa.jts.php on line 61    

in the directories permissions audit...

Code: Select all

Fatal error: Call to undefined function posix_getpwuid() in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/fpa.jts.php on line 94

in file permissions audit...

And this ...

Code: Select all

Warning: opendir(../administrator/components/109343.php) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 31

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 33

Warning: opendir(../administrator/components/.htaccess) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 31

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 33

Warning: opendir(../administrator/components/202081.php) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 31

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 33

Warning: opendir(../administrator/components/78794.php) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 31

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 33

And this...

Code: Select all

Warning: opendir(../components/.htaccess) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 129

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 131

Warning: opendir(../components/89090.php) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 129

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 131

Warning: opendir(../components/223330.php) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 129

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ico.jts.php on line 131

In the components audit.

Code: Select all

Warning: opendir(../mambots/132906.php) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ima.jts.php on line 46

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ima.jts.php on line 48

Warning: opendir(../mambots/.htaccess) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ima.jts.php on line 46

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ima.jts.php on line 48

Warning: opendir(../mambots/68062.php) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ima.jts.php on line 46

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ima.jts.php on line 48

Warning: opendir(../mambots/190500.php) [function.opendir]: failed to open dir: Not a directory in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ima.jts.php on line 46

Warning: readdir(): supplied argument is not a valid Directory resource in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/ima.jts.php on line 48

This is the mambots audit... ^^^


Database optimization says : Coming Soon..! ? Is that right?

Any help appreciated thanks.

[RussW]

Do you think that maybe a re-install of the files might help??. It would seem that you are having some very odd problems and the files have been corrupted somehow. Also, maybe check the directory permisisons being too restrictive, does the rest of the site work at all ?

[Thinkey]

Yea the rest of the site works (now that's not saying i didn't have to fix stuff!!) I'm re-installing as I write this.

I had a major server overload this past weekend and i know its due to a surge in traffic, so I've been fooling iwth cache systems, but now looking at my stats, I realize that I've had scanners looking at my site, so I'm trying to secure it as well. I'm going down the Joomla security checklist doing what I understand for now.

2 tries to reinstall - permission problems copying files...uninstalled again, and deleted from webserver both folders..trying again..

Install success this time, perfect.

Still with the same errors...

Code: Select all

Fatal error: Call to undefined function posix_getpwuid() in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/dpa.jts.php on line 61

Which folders should i check permissions on then?

[Thinkey]

It has to be a permissions problem. Right now i can't even change permissions withion the component folder for this.

I'll look into it.

[aussiemike]

I have had a lot of scanners hitting my sites in the last month. Not wanting to advertise for anyone inparticular but you might like to consider JDefender - I found it work really well and blocks the IP address of the scanners.


I also use Jooml! Tools Suite and can't recommend it highly enough!

[Thinkey]

It's getting less. These are the ones i have now for errors:

Joomla! 1.0.15 Stable [ Daytime ] 22 February 2008

Directory permissions audit:

Code: Select all

Fatal error: Call to undefined function posix_getpwuid() in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/dpa.jts.php on line 61

File permissions audit:

Code: Select all

Fatal error: Call to undefined function posix_getpwuid() in /home/thinkey/public_html/xfilesnews/administrator/components/com_jts/fpa.jts.php on line 94

I found out the problem with the other sections - it was because there were files sitting in the component/mambot/module directories that weren't supposed to be there - deleted them and that fixed the problem. I need help with the errors above however.. Thanks.

[RussW]

For those that may not have seen the newest Joomla! Tools Suite family member

JTS-post Released a small single file script to assist with posting of Joomla! Diagnostic information in to the forums.

Current Translations include;

- English/Australian
- French
- Swedish
- Danish
- German
- Dutch
- Spanish

Available from the JTS Project at JoomlaCode