Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Moodle Security
Moodle Security

Moodle Security: Learn how to install and configure Moodle in the most secure way possible

eBook
S$46.99 S$52.99
Paperback
S$66.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Moodle Security

Chapter 2. Securing Your Server Linux

Linux has become a very important player as a mainstream operating system for servers. According to the Netcraft report of most reliable hosting company sites dating from February 2010, 6 out of 10 servers were running some brand of Linux. This indicates the strong position of this Operating System (OS) and the confidence it generates. Some of the reasons for this are:

  • Initial price: Linux is open source and therefore free for commercial use

  • Stability and Reliability: Linux is a highly stable and reliable platform with all of its elements well tested; any bug is usually quickly resolved by the community

  • Security: Linux is, by default, quite secure and is in fact in a much better position than Windows since it is at risk from much fewer viruses and Trojans

  • Better utilization of hardware resources

  • Availability of commercial support

Another reason for which we are starting with Linux is because Moodle is primarily developed on Linux using MySQL, Apache and...

Securing your Linux—the basics


We will try to explain the basic elements of Linux on which you should focus your attention during initial configuration.

Firewall

A Firewall is a part of a computer system designed to block or permit network communication based on set of predefined rules. The design and operation of the Internet is based on the Internet Protocol Suite, also commonly called Transfer Control Protocol / Internet Protocol (TCP/IP). In this system, hosts and host services are referenced using two components: an address and a port number. For example, HTTP—standard web protocol uses port 80 by default. In general, most services use a limited number of ports. A common technique for detecting running services on a public server is port scanning. It is used by administrators for verification of their security policies and by hackers for obtaining lists of potential targets for later attack. To prevent this and other types of misuse we should block access to all ports except the ones...

Apache configuration


Apache web server is one of the most popular implementations of web server on UNIX-like operating systems. As of February 2010, Apache served over 54 percent of all websites on the Internet. It is a stable and reliable software recommended for both high and small load websites. It is easily configurable and highly flexible because it features modular design which permits to use only parts of the functionality that we really need. This reduces memory footprint and makes server faster to operate and respond. We still must be sure that it is properly configured in terms of basic functionality and security.

Where to start

When attackers want to infiltrate a website they start first by probing for server information. If not properly configured, a web-server can expose sufficient information to the prying eye that can enable the attacker to find a security hole and access private data or services.

All communication between the web browser and web server is performed according...

MySQL configuration


Database is a crucial element of any LMS. In this way, Moodle is no different than all the other platforms. The recommended database for Moodle is MySQL. Most of the development is done using that RDBMS which makes it therefore less error prone and better tested than the other options. This, of course, does not imply that we can just sit back and enjoy the benefits of the default installation that comes with CentOS. Here is the checklist we should go over that improves our setup of MySQL:

  1. 1. Don't use MyISAM engine: CentOS 5.4 comes with MySQL 5.0.77. By default, this version uses the MyISAM engine for storing data. MyISAM is good as a storage engine for most of the read-oriented websites, but as soon as we get a lot of writing it tends to break. Apart from security, we also need reliability. Therefore we should switch the default DB engine to the much better InnoDB. To do that, open the MySQL configuration file located in /etc/my.cnf and add these lines in the [mysqld...

PHP configuration


PHP stands for PHP: Hypertext Preprocessor. This kind of idiom is known as a recursive acronym. A recursive acronym is an acronym that refers to itself in the expression for which it stands. It is widely used in programming since recursion is one of the common methods used in everyday programming. PHP is an open source, general purpose scripting language widely used for web development. Moodle is completely written in PHP and therefore to run Moodle we need to install and configure PHP. As any other software PHP has potential and real security problems. Because of that we need to be sure that it is configured properly in order to reduce potential security issues.

Installation

To install the PHP that comes with CentOS, execute the following commands from the command prompt:

yum install php php-cli php-common php-gd php-mysql php-mbstring php-xml php-xmlrpc php-tidy

This version of PHP is not the latest so we need even more security. Luckily there is the Suhosin plugin. Suhosin...

File security permissions


A computer server is a source of many services, resources, and facilities. Some of these are open for public use while others may be protected. The system that permits an authority to specify and control access of individuals to areas and resources in a server is called the Access Control System (ACS). In Linux almost every resource available in the system is defined as a file-system object. Therefore a crucial part of Linux security is file system permission. The following sections describe the several types of ACS available today.

Discretionary Access Control—DAC

This is the basic type of access protection based on the identity of the subjects and/or groups to which they may or may not belong. It is discretionary because a subject with certain permissions is capable of passing that permission on to any other subject. Linux implements DAC using the concept of owner. Every object in the file-system must have an owner and a group specified. Owner controls permissions...

Adequate location for a Moodle installation


RedHat-based Linux distributions closely follow the File System Hierarchy Standard. This standard contains a set of requirements and guidelines for file and directory placement under UNIX-like operating systems. According to this standard any variable set of data should be placed in the /var directory. This directory is assumed to be on a separate partition (whenever possible) and it is mounted as read/write. Under CentOS, Apache web server has a special directory designated to its needs —/var/www. The default directory for any web file is /var/www/html. Files placed in that directory are located on the www root of the web server.

As we already know, Moodle has two major directories. One contains Moodle itself (usually called Moodle) while the other has all user and platform data that can change during the course of usage (usually Moodledata).

There are numerous options available as to where to install Moodle files. Three such possible options...

How to secure Moodle files


Securing Moodle files means to permit only the needed users and groups to access the files in both the Moodle and the moodledata folder. We will approach this task by using standard DAC methods, and later mention alternatives available with ACL.

DAC

In CentOS, the user under which the Apache process is executed is called Apache. That user is a member of the group apache. Therefore, we need to give read-only access to all of the files in the Moodle folder and full read/write access in moodledata. Assuming that we use first option for deploying files, here are the set of commands to set adequate permissions for moodledata:

/bin/chown -R root:apache /var/www/moodledata/
/bin/chmod -R ug=rwX,o= /var/www/moodledata/

The first line sets the owner of the folder (superuser root) and permitted user group (apache). We do this because, as explained earlier, the owner has full rights over anything related to the particular file system object. In case a malicious user manages...

Summary


We learned some basic facts about securing a Linux-based Moodle server: What web server and database server we need to use, how to install and configure MySQL, PHP, and Apache,.and what hat alternatives are available for MySQL and PHP. Explanation was given about file security system in Linux and the reader will feel more comfortable next time he sees acronyms like DAC, ACL, MAC, and SELinux. Next stop—how to transform your Windows server into an impenetrable fortress!

Left arrow icon Right arrow icon

What you will learn

  • Use CAPTCHA to make sure that humans are creating new accounts on Moodle - not Spambots Configure PHP and Apache servers to protect your Windows and Linux systems from malicious threats Assign the most appropriate permissions to different files to ensure the right level of protection Create custom roles to control who accesses what Protect your site from external attacks with secure HTTP Organize regular anti-virus scans to ensure no new risks have been introduced to the system Monitor the security of Moodle easily with notifications and security reports Minimize the downtime of Moodle in the case of actual damage

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 10, 2011
Length: 204 pages
Edition :
Language : English
ISBN-13 : 9781849512640
Vendor :
Moodle
Languages :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Feb 10, 2011
Length: 204 pages
Edition :
Language : English
ISBN-13 : 9781849512640
Vendor :
Moodle
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total S$ 216.97
Moodle 2 Administration
S$74.99
Moodle as a Curriculum and Information Management System
S$74.99
Moodle Security
S$66.99
Total S$ 216.97 Stars icon

Table of Contents

10 Chapters
Delving into the World of Security Chevron down icon Chevron up icon
Securing Your Server Linux Chevron down icon Chevron up icon
Securing Your Server—Windows Chevron down icon Chevron up icon
Authentication Chevron down icon Chevron up icon
Roles and Permissions Chevron down icon Chevron up icon
Protection Against Bots Chevron down icon Chevron up icon
Securing User Files Chevron down icon Chevron up icon
Securing Moodle Data Chevron down icon Chevron up icon
Monitoring User Activity Chevron down icon Chevron up icon
Backup Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(6 Ratings)
5 star 50%
4 star 33.3%
3 star 16.7%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Martin Biermann Jan 08, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excellent primer on Moodle security. It even mentions SELinux! The only detail that was out of date was the Moodledata file system. It's now based on hashes. (I have been using Moddle since v. 2.9).
Amazon Verified review Amazon
Mónico Mar 22, 2012
Full star icon Full star icon Full star icon Full star icon Full star icon 5
After of several years of teaching, using, installing, and updating Moodle. Finally, I can get an excellent book of Moodle Security written by Darko. This book has all security topics related with Moodle. Throughout this book you will find useful examples on Linux and Windows Operating system. This is a must-have book for Moodle administrators.By the way, I just installed Moodle 2.2 on Ubuntu server following the book instructions. Most of them are still useful.
Amazon Verified review Amazon
DennisJ Jul 25, 2011
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A valuable "how to" guide on how to set up and strengthen a Moodle site's security. If you're a Moodle administrator, you need to have this book! Although some of the topics are covered in other references, this book brings that information, in more detail, together concerning this important subject. You won't find a lot of theory here - this book covers the threat space topic-by-topic and provides solutions about how to counter each type of threat.
Amazon Verified review Amazon
Isotonic Turtle May 09, 2011
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The book covers all aspects of Moodle 1.9 Security and explains concepts in a clear and well-written style.It is good to see that the security of underlying components, that is, operating system (Linux and Windows), database, web server and PHP are covered in detail, as this is where a lot of setups fall short of taking precautions. The author then walks you through all the key aspects of Moodle where "something can go wrong" in terms of security. This covers subjects like authentication, roles, permissions, files, etc. An entire chapter has been dedicated to protection against bots, monitoring user activity, and backups, respectively. The book concludes with an appendix that provides some details on authentication plugins used less common, for instance, LDAP.All in all a well-written book on Moodle 1.9 security that doesn't shy away touching on system-related topics.
Amazon Verified review Amazon
mylearningspace Mar 14, 2011
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
This book is a must-have for any LMS administrator who is serious about data security and information privacy for their Moodle learning management system. It is a concisely and expertly written text which covers a range of technical topics in a clear and accessible manner. Naturally, much is said about the configuration of Moodle's global parameters including authentication, roles, files and backups. On the same token, there is good coverage of security-related considerations at a server level for linux and windows. The text is written for Moodle 1.9.x but much of the book is also relevant for 2.0.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.