Moving your classes and resources online with a Learning Management System such as Moodle opens up a whole world of possibilities for teaching your students. However, it also opens up a number of threats as your students, private information, and resources become vulnerable to cyber attacks. Learn how to safeguard Moodle to keep the bad guys at bay.
Moodle Security will show you how to make sure that only authorized users can access the information on your Moodle site. This may seem simple, but every day, systems get hacked and information gets lost or misused. Imagine the consequences if that were to happen in your school. The straightforward examples in this book will help you to lock down those access routes one door at a time.
By learning about the different types of potential threats, reading this book will prepare you for the worst. Web robots can harvest your e-mail addresses to send spam e-mails from your account, which could have devastating effects. Moodle comes with a number of set roles and permissions—make sure these are assigned to the right people, and are set to keep out the spam bots, using Moodle's authentication features. Learn how to secure both Windows and Linux servers and to make sure that none of your system files are accessible to the wrong people. Many of the most dangerous web attacks come from inside your system, so once you have all of your security settings in place, you will learn to monitor user activity to make sure that there are no threats from registered users. You will learn to work with the tools that help you to do this and enable you to back up your settings so that even a crashed system can't bother you.
Chapter 1, Delving into World of Security opens the book with a basic introduction regarding the importance of security in web-based systems with total emphasis on Moodle. We expose weak points in every Moodle installation and offer a quick procedure for securely installing a new or securing an existing Moodle instance.
Chapter 2, Securing your server—Linux covers everything that helps securing typical Linux server starting with the OS basics and then moving on a web server configuration, PHP configuration, and database server configuration. Reader will be presented with a detailed explanation regarding inner workings of the file system on Linux and is offered a concrete examples on how to best utilize them regarding Moodle setup. If you do not use or plan on using Linux-based server for your Moodle setup you can skip this chapter.
Chapter 3, Securing your server—Windows covers the general subject of installing basic pieces needed for running Moodle and securing them on a server with Windows OS. We start with the basics related to the general OS issues and then offer explanation regarding file security and ways of getting, deploying, and securing Moodle files. Readers will also be presented with recommended installation and configuration process of PHP under Windows web server and recommended installation and configuration of MySQL.
Chapter 4, Authentication is dedicated to the topic of authentication. What it is and the way it is implemented in Moodle. We present the most used authentication methods and the detailed explanation regarding potential security issues and ways of handling them.
Chapter 5, Roles and Permissions explains that every complex system offers various usage patterns based on user needs and obligations. Based on such use cases we can identify specific roles. Moodle is no different in this respect. By assigning users to one of the predefined or custom roles we are defining spectrum of the options and actions available to them at every location within LMS. It is paramount for every administrator to understand the access rights as they are implemented. Therefore, in this chapter we will focus on access rights to resources and functions within Moodle starting with Roles and Capabilities, Standard Roles, ways of customizing roles, and our take on best practices regarding roles.
Chapter 6, Protection against bots explains how with search engines we—the common users, can find almost anything that is of our personal interest but as a website owner and/or administrator we must know what amount of information is available to the general public and if that amount surpasses our intention or allow boundaries, then we must know how to detect such case and remedy the situation. In this chapter we will dedicate to the exposing the danger of Internet bots. What they are and how they work and how to combat against them.
Chapter 7, Securing user files speaks about potential dangers that can be introduced into Moodle by the users. We list all points where one user can upload a custom file. How that file can affect other users (virus infection, inappropriate content, etc.). What can we do to protect our system and other users against these undesired introductions into system. We also explain in detail how to install, configure, and integrate ClamAV anti-virus in Moodle.
Chapter 8, Securing Moodle Data explains that when we talk about Moodle data we are referring to both user and course information that is within the platform. In the previous chapter we were talking about user files only. Now we will focus our attention to the protection and separation of internal Moodle data between valid platform users. The topics we will cover are user information protection, course information protection, and best practices for using and applying the techniques presented.
Chapter 9, Monitoring User Activity explains that an administrator's work does not end with installation and configuration of Moodle and an operating system. He should constantly monitor the server state and react as quickly as possible. In this chapter we will talk about ways of monitoring the status of Moodle and underlying OS components. We offer list of tools and utilities that can be used on both Linux and Windows for performing these tasks and also a separate section that deals with reports and other elements offered by Moodle for monitoring system activity. We explain how to set up and configure Google maps with Moodle, how to configure Moodle cron and how to configure and use statistics report. The reader is also offered a detailed step by step guide to setting up Webalizer—web traffic analyzer.
Chapter 10, Backup is the cornerstone of every well maintained production server. This chapter will try to explain the importance of such procedures regarding Moodle and present tools available both within the platform and outside of it. We will also try to offer some guidelines for what to do in case of total server failure. The reader will be presented with scripts for Linux and Windows that can be used for performing reliable backup procedures.
Appendix offers a list of less used authentication plugins within Moodle, with their short description and potential uses.
If you are in charge of Moodle—whether you are an administrator or lead teacher—then securing it is one of the most important things that you can do. You need to know the basics of working with Moodle, but no previous experience of system administration is required.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "Create a directory called moodledata somewhere on the disk."
A block of code is set as follows:
DatabaseDirectory Z:\clamav\db DatabaseMirror clamav.edebris.com DatabaseMirror database.clamav.net NotifyClamd Z:\clamav\clamd.conf
Any command-line input or output is written as follows:
CREATE DATABASE moodle CHARSET 'utf8' COLLATION 'utf8_general_ci'; CREATE USER 'moodle'@'localhost' IDENTIFIED BY 'somepass';
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Make sure you check Unattended operation at the bottom".
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to< [email protected]>, and mention the book title via the subject of your message.
If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or e-mail< [email protected]>.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Note
Downloading the example code for this book
You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at< [email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at< [email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.