I am currently developing a Joomla! 1.6 extension to check your Joomla! site and installed extensions for basic security.
As of now, this is the list of security checks it will make:
- Joomla! site check for an index.html file in every directory under the Joomla! root path.
- Joomla! site check for ownership and permissions for every directory and file under the Joomla! root path.
- Joomla! site check for the existence of JExec or die in every .php file under the Joomla! root path.
- Extension check for an index.html file in every directory under both the site and admin extension path.
- Extension check for ownership and permissions for every directory and file under both the site and admin extension path.
- Extension check for the existence of JExec or die in every .php file under both the site and admin extension path.
The extension will keep a record of every test it makes and you will be able to view the history of each test to make it easy to see if you are making progress or not.
Also, planned for this extension in the future is:
- A directory of Joomla! extensions and a rating of how well they perform on each test.
- Publicly available user comments and critiques
- A desktop application that connects to JCheckSecurity and runs tests from outside Joomla!
I will have version 1 of this extension available by the end of August (2010).