Warden: Monitoring the security of your Drupal estate
Warden is a solution for in-house development teams and agencies who need to keep track of the status of many Drupal websites, hosted on a variety of different platforms.
Warden gives you a central dashboard which lists all your Drupal websites and highlights any which have issues, for example needing security updates.
Hosting companies, like Acquia and Pantheon, have their own reporting tools but these only work if you host on their platforms. If you have an estate of websites which run on multiple platforms you need a tool which can report on them all.
The Warden application is composed of two parts, a Warden module which you need to install on each of your websites and the central Warden dashboard you will need to host on a web server. The Warden dashboard is an application written in Symfony and is freely available on github.
At present only a Drupal integration exists but work is underway to produce a pluggable system which will allow new modules to be created for Wordpress and pure Symfony sites. Others may then wish to contribute additions for their own needs, for example by providing different kinds of reports for the sites.
Warden Dashboard
After correctly configuring the Warden Symfony application you will be presented with the Warden Dashboard. This lists all the sites in your estate with high level details of each. Sites requiring a security update are highlighted as red, sites with module updates which are not security are yellow and sites with no problems are white.
Drupal modules listing screen
The Drupal plugin for the Warden application provides a modules listing screen. This lists all Drupal modules installed across all you estate and allows you to see which Drupal websites have and do not have a particular module installed. This helps when you need to know how many sites need to be updated as a result of a module change or knowing how many of your Drupal sites might be missing a best practice module.
Security
The Warden application uses OpenSSL to encyrpt data which is sent between it and the Drupal website. The PHP OpenSSL Cryptography extension is required for both Warden and the Drupal sites it will take data from. You can also IP restrict which servers can request data from your Drupal websites in the module configuration.
In normal operation the Warden dashboard will poll the sites periodically to request the sites data be refreshed. You can alternatively configure it so that the sites push the data to the Warden dashboard. In either configuration, the site will only send data to the configured dashboard and not to the site making the request for data.
It is also recommended that you use a signed SSL certificate on your Drupal websites and your Warden dashboard.
Where to get Warden
You can download the Warden central applications from GitHub here: https://github.com/teamdeeson/warden
The Drupal module is available on drupal.org here: https://www.drupal.org/project/warden
If you have problems with the Warden application the you can log a support issue on GitHub and we'll get back to you: https://github.com/teamdeeson/warden/issues
What next?
We welcome contributions to the Drupal module or the Symfony application codebase, let us know what you think!
If you are intersted in integrating Warden into other web tools then you'll need a copy of the PHP API which is available here: https://github.com/teamdeeson/wardenapi