In an attempt to assist in the maintenance of multiple Joomla installations and in some part due to the recent increase in attempted exploit activity and events.
In addition to the previously posted "checkJOSVersions" script (reports installed Joomla Base/Core version information) we are now making available a perl script that searches for and reports installed Joomla Core and Custom installed object (components, modules, mambots, plugins and language) versions.
Potentially, this script might be used to assist in support and troubleshooting of version incompatibilty, current and maintainable release monitoring, standard environment consistancy checking.
Installation: 1. Download the script from here
2. FTP to your server
(this is not designed to be run from a web-browser, so preferably NOT in a web accessible directory)
3. Rename "checkJOSOBJVersionsNew.pl.txt" to "checkJOSOBJVersions.pl" or whatever you want.
4. Chmod 755 checkJOSOBJVersions.pl or your chosen filename.
5. Configure input, output , email and core/custom object reporting settings
READ THE OPTION COMMENTS, this is pretty well documented internally.
(The defaults should be ok for most, but you still need to configure the email address at least.)
6. Either run in console mode (through SSH) or configure a cron to run automatically
Run this script either manually from a console session (SSH) or daily/weekly/monthly via cron, make sure you have email output turned on.
It is provided to everyone but there are no guarantees, support and you use at your own risk.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Required Perl Modules: - POSIX;
- File::Find::Rule;
Script Options:
$outputresults = '1'; # Do you want to Output Results to STDOUT? (0 or 1)
$emailresults = '1'; # Do you want to Email the Results? (0 or 1)
$admin_email = 'youremail@yourdomain.com.au'; # Enter Your E-Mail Address
$emailsubject = 'Joomla/Mambo install Objects Audit'; # We will also append hostname and date to the subject
$show_core = '0'; # Display distributed core versions and custom (1) or
# (0) only custom objects
Differences From checkJOSVersions Operation:Directories for searching are selected from the
/etc/passwd file (no need to enter a searchpath in this script) . When run with root/privaledged user rights, all users home directories will be selected within the range provided, if run under a non-privaledge user (probably shared hosting) only the current user is selected from /etc/passwd , as long as that users UiD is in the range selected. However, configuration is still required to avoid searching unwanted user directories, such as system users.
(How do I find my UiD? either SSH and "cat /etc/passwd" or check your FTP client settings, display "UiD/Group" or ask your host if you are in shared hosting without shell access, otherwise leave the deafult settings and you should be lucky )
$uid_from = 500 enter the lower UserID required (normally at least above 500 or 32000 to avoid system users)
$uid_to = 65001 enter the maximum UserID required (lower than 65000 most likely to avoid system users)
Limitations/Restrictions:Due to the nature of the metaData we are searching for, this script operates slightly differently than "checkJOSVersions". Most metaData is held in ".xml" files, as do a multitude of other applications. We attempt to filter for Joomla/Mambo files only, a crude filter is implemented to find the "
tag, if it exists the file is indexed. This does mean that we may not successfully retrieve all Joomla/Mambo items if they do not contain the filtered tag. However, doing this also means that we hopefully do not index non-Joomla xml files (including the Joomla xml help files ! )
CORE and/or CUSTOM (3rd Party Only):
The choice to index CORE Joomla!/Mambo distribution files is available through the "$show_core" setting, this is a simple filter, by filtering on the and tags in the xml files, if $show_core is "0" (Off) then the filter is implemented and we will Exclude any xml file that reports "Joomla! Project" or "Mambo Project" in its tag and/or "www.joomla.org" or "www.mamboserver.com" in the tag. Again, this means that it is possible to occasionally miss Core files or display Core files incorrectly if these tags are mis-reported in anyway.
On servers with high numbers of Joomla!/Mambo implementatons the script may take sometime to run, also if $show_core is also invoked, the console output (may also exceed your SSH clients' line buffering) or email may also be a fair size.
Example STDOUT/Email Output:
The output is catagorised in the three types of objects:
- LEGACY : Those files that are still listed as being Authored by the Mambo Open Source Project (not necessarily a risk or problem)
- CORE : Those files that are listed as being Authored by the Joomla! Project
- CUSTOM : Those files that are Authored by 3rd Parties
-----------------------------------------------------------------------------------
CORE COMPONENT: Mass Mail Ver: 4.5.1 Date: February 2005
Author: Joomla! Project (http://www.joomla.org)
Description: This component allows you to send a mass email to certain us...
/home/userone/public_html/administrator/components/com_massmail/massmail
=================================================
-----------------------------------------------------------------------------------
CUSTOM MODULE: Latest Events Ver: 1.5 Date: November 2004
Author: Dave McDonnell (events.mamboforge.net)
Description: Show latest events for Events component...
/home/userone/public_html/modules/mod_events_latest
==================================================
-----------------------------------------------------------------------------------
CORE MODULE: Random Image Ver: 1.0.0 Date: July 2004
Author: Joomla! Project (http://www.joomla.org)
Description: This module display a random image from your chosen director...
/home/userone/public_html/modules/mod_random_image
==================================================
-----------------------------------------------------------------------------------
CUSTOM TEMPLATE: template2 Ver: 1.0 Date: 4/5/2005
Author: R2_Dzigns (http://www.author.com.au)
Description: A fresh clean style, shows spirit of the company....
/home/userone/public_html/templates/template2/templateDetails
===================================================
-----------------------------------------------------------------------------------
LEGACY MODULE: Group Menu Ver: 4.5.2 Date: March 2005
Author: Mambo Project / Gerard Korsten / Rene Kreijveld (http://www.mamboserver.com)
Description: Displays a menu....
/home/user2/public_html/modules/mod_groupmenu
===================================================
-----------------------------------------------------------------------------------
CORE MENU: Link - Url Ver: 1.0.0 Date: July 2004
Author: Joomla! Project (http://www.joomla.org)
Description: Creates url link...
/home/user3/public_html/home/administrator/components/com_menus/url/url
===================================================
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY or support; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
Updated Script: 18.09.2006
Minor alterations to assist a faster search, fix typo's.
