Vulnerability scanner
Table of Contents
MageStack has a built in vulnerability scanner, which performs a number of roles
- Detects common PHP exploits
- Detects Magento 3rd party module exploits
- Identifies potentially compromised files
- Identifies abnormal files
- Checks if all available Magento patches have been applied
The scanner is automated and logs its results to the audit log, named magescan-YYYY-MM-DD.log.gz
Report priorities
Three difference priorities are used in the report to classify the potential risk,
- Critical - High risk. This issue must be immediately investigated (eg. an urgent Magento patch)
- Warning - Medium risk. This requires investigation, it could be a false positive or non-critical (eg. an abnormal file or low-priority Magento patch)
- Notice - Low risk. But should be investigated
HTML/JSON/Email report
You can generate the report in many different formats to suit your needs,
You can send a copy of the report to one or many recipients via email,
php /microcloud/scripts/classes/Healthcheck.php --output email --type all --recipients "user1@example.com,user2@example.com"
HTML
The script will echo the output to stdout, so if you want to write it to a file for viewing, redirect the output. We do not recommend leaving a report publicly exposed.
php /microcloud/scripts/classes/Healthcheck.php --output html --type all > /microcloud/domains/example/domains/example.com/http/report.html
JSON
If you are aggregating data and want a parseable format, it can be exported in JSON, the script will again echo the output to stdout (so redirect to a file if desired)
php /microcloud/scripts/classes/Healthcheck.php --output json --type all
Text based/Log report
Format
The scan first tests for Magento patches (identified by the patch version/revision), followed by the other vectors (identified by an arbitrary ID)
Eg.
Test ID: SUPEE-6788
Description: [Critical] Magento patch
Critical example.com:/microcloud/data/domains/example/domains/example.com/http/app/code/core/Mage/Admin/etc/config.xml
A successful test will not report any warnings/files beneath the description.
Excludes/ignores
Entire document root
To exclude an entire document root from scans, create a file named .ignore.magescan
in the document root,
Eg.
cd /microcloud/domains/example/domains/example.com/http
touch .ignore.magescan
Specific file
To exclude individual files/directories from scans, create a file named .exclude.magescan
in the document root and enter the files/directories to be ignored, separating each with a new line with no trailing whitespace,
Eg.
cd /microcloud/domains/example/domains/example.com/http
touch .exclude.magescan
Then inside .exclude.magescan
,
/microcloud/data/domains/example/domains/example.com/http/media/safe_file.php
/microcloud/data/domains/example/domains/example.com/http/skin/ignore_me.php
! The full path as reported by the scan must be entered in the file (ie. including /microcloud/data
)