You are here

Drush commands every Drupal developer needs to know to carry out a security audit (discovery).

paulbooker's picture
Submitted by paulbooker on Fri, 07/07/2017 - 21:58

Login as the "super" administrator

drush uli

Modules that have security updates

drush up --security-only -n

Modified code (drupal, ..)

drush dl hacked --dev
drush en -y hacked
drush hlp
drush hd drupal

Reviewing security reports

drush dl security_review --dev
drush en -y security_review
drush ev 'print json_encode(user_roles()) . "\n";'
{"1":"anonymous user","2":"authenticated user","3":"administrator","4":"Site Editor","5":"Site Manager","6":"Volunteer","7":"Site Super Manager"}
drush vset --format=json security_review_untrusted_roles '[1,2]'
drush secrev --results
drush dl site_audit --dev
drush aa --html --bootstrap --detail --skip=insights > ~/Desktop/report.html
drush dl drupalgeddon --dev
drush en -y drupalgeddon
drush asec

PHP Modules

drush pm-list --pipe --type=module --status=enabled | grep php

Modules that are enabled (look for devel, ..)

drush pm-list --pipe --type=module --status=enabled --no-core | grep 'devel'

Modules that are disabled (which could be uninstalled)

drush pm-list --pipe --type=module --status=disabled --no-core

Number of lines of code in custom modules.

find sites/all/modules/custom '*.php' | xargs wc -l

Number of lines of code in the current theme.

drush status theme
wc -l sites/all/themes/mytheme/template.php 
find sites/all/themes/mytheme '*.php' | xargs wc -l

General information

  
drush core-status

You'll also find the following linux commands very helpful.

If you need Drupal support for your website: please send me an email, and let me know what services you need.