Moodle Security -- Moodle Security -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers, and more -- Why Subscribe? -- Free Access for Packt account holders -- Preface -- What this book covers -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- 1. Delving into the World of Security -- Moodle and security -- Weak points -- The secure installation of Moodle -- Starting from scratch -- Installation checklist -- Quickly securing Moodle -- Review the Moodle security overview report -- Summary -- 2. Securing Your Server Linux -- Securing your Linux-the basics -- Firewall -- User accounts and passwords -- Removing unnecessary software packages -- Patching -- Apache configuration -- Where to start -- Directory browsing -- Load only a minimal number of modules -- Install and configure ModSecurity -- MySQL configuration -- PHP configuration -- Installation -- File security permissions -- Discretionary Access Control-DAC -- Directory permissions -- Access Control Lists -- Mandatory Access Control (MAC) -- Adequate location for a Moodle installation -- How to secure Moodle files -- DAC -- ACL -- Summary -- 3. Securing Your Server-Windows -- Securing Windows-the basics -- Firewall -- Keeping OS updated -- Configuring Windows update -- Anti-virus -- New security model -- File security permissions -- Adequate location for Moodle installation -- Installing and securing PHP under Internet Information Server -- Preparing IIS -- Getting the right version of PHP -- Configuring php.ini -- Adding PHP to the IIS -- Creating Application pool -- Create new website -- Adding PHP mapping -- Securing MySQL -- MySQL configuration wizard -- Configure MySQL service to run under low/privileged user -- Create a mysql account -- Summary -- 4. Authentication.

Basics of authentication -- Logon procedure -- Common authentication attacks -- Weak passwords -- Enforcing a good password policy -- Protecting user logon -- Closing the security breach -- Password change -- Recover a forgotten password -- Preventing a potential security risk -- Securing user profile fields -- User model in Moodle -- Authentication types in Moodle -- Manual accounts -- E-mail based self-registration -- Specifying allowed or denied e-mail domains -- Captcha -- Session hijacking -- No login -- Summary -- 5. Roles and Permissions -- Roles and capabilities -- Capability -- Context -- Permissions -- Role -- How it all fits together -- Standard Moodle roles -- Customizing roles -- Overriding roles -- Best practices -- Risky capabilities -- Summary -- 6. Protection Against Bots -- Internet bots -- Search engine content indexing -- Harvesting email addresses -- Website scraping -- Spam generators -- Protecting Moodle from unwanted search bots -- Search engines -- Moodle and search engines -- Moodle access check -- Protection against spam bots -- User profiles -- E-mail-based self-registration -- User blogs -- Moodle messaging system -- Cleaning up spam -- Protection against brute force attacks -- Summary -- 7. Securing User Files -- Uploading files into Moodle -- How Moodle stores files -- Points of submitting user files -- WYSIWYG HTMLArea editor -- Upload single file simple/advanced assignment -- Forum -- Database activity -- Dangers and pitfalls -- Classic viruses -- Macro viruses -- Applying protection measures -- Disable WYSIWIG editor if you do not need it -- Enable file upload in forums only when you really need it -- Anti-virus and Moodle -- ClamAV on Linux -- Configuring Moodle -- ClamAV on Windows -- Downloading -- Configuring clamd service -- Setting up virus signature database update -- Scheduling updates -- Final steps.

Summary -- 8. Securing Moodle Data -- User information protection -- User profile page -- Reaching profile page -- People block -- Forum topics -- Messaging system -- Protecting user profile information -- Limit information exposed to all users -- Completely block ability to view profiles -- Disable View participants capability -- Hide messaging system -- Disable Messaging system -- Not using general forums -- Disable View user profiles capability -- Course information protection -- Course backups -- Important information for users of Moodle prior to 1.9.7 -- Password hashes and salt -- Enable password policy -- Enable password salt -- Disable teacher's ability to back up and restore courses -- Security issues with course backups -- Scheduled backups -- Summary -- 9. Monitoring User Activity -- Activity monitoring using Moodle tools -- Moodle log -- Accessing the Moodle reports -- Logs report -- IP address look up page setup -- Configuring Moodle to use GeoIP database -- Live Logs report -- Statistics report -- Moodle cron -- Moodle cron on Windows -- Moodle cron on Linux -- Enabling statistics report -- Activity monitoring using OS native tools -- Linux -- Server load -- Disk space -- Web server load -- Web server statistics -- Configuring The Webalizer -- Windows -- Server load -- Task manager -- Performance and Reliability Monitor -- The Webalizer on Windows -- Summary -- 10. Backup -- Importance of backup -- Backup tools in Moodle -- Manual backup -- Automatic backup -- Content export options for automatic backup -- Execution configuration options -- When to use Moodle automated backup -- Site backup -- Database -- Server log -- Linux -- Windows -- Automating database backup-Linux -- Backup script explanation -- Automating database backup-Windows -- Restoring database -- Moodledata directory -- Linux -- Windows -- Moodle directory.

Disaster recovery scenario -- Summary -- A. Authentication Plugins -- Plugins less common in production servers -- LDAP server -- Configuring LDAP PHP extension -- CAS server -- FirstClass server -- IMAP server -- Moodle network authentication -- NNTP server -- No authentication -- PAM (Pluggable Authentication Modules) -- POP3 server -- Shibboleth -- Radius -- Summary.