What Are JTS and HISA?


The Joomla! forums see many posts regarding Installation or Performance issues, Permissions and Security questions. To assist with such questions and to highlight many of the common problems seen the following tools have been developed to help end-users and the Joomla! Working Group Teams quickly and efficiently resolve these issues in the fastest time possible with the least amount of effort.

Joomla! Tools Suite (JTS) and Joomla! Health, Installation, Security Audit (HISA) have been developed with the sole purpose of providing Joomla! end-users with a Self-Help Advice and Information system.

  1. Pre-Joomla! Installation Server Environment Audit
    Before you install Joomla! check if your server is likely to support it fully or if your environment may need some modification
  2. Post-Joomla! Installation Server Environment Audit
    Following the installation of Joomla! keep your installation functioning and optimal with a variety of maintenance tools
  3. Trouble-Shooting and Problem Resolution
    Obtain additional diagnostic and configuration information to aid or speed up the process of problem resolution

Joomla! HISA   Joomla! Tools Suite
Joomla! HISA
Designed with the Joomla! New User in mind, HISA is a single self-contained, all-in-one Audit facility, providing information that will assist you to determine if your hosting environment is suitable for Joomla!, what might be done to improve your change of a successful installation, all prior to installation. Allowing you the opportunity to ask questions before getting frustrated or disappointed. No installation requirement, simply upload the Joomla! HISA file to your proposed or current Joomla! directory and open it in your browser.
 
Joomla! Tools Suite
JTS on the other hand has been designed with a more advanced series of Diagnostic and Maintenance Tools, including the HISA tool-set. Tools range from Pre-Installation environment checks, Post-Installation environment auditing, File and Directory permissions, extension auditing to DataBase optimisation and maintenance. Still maintaining ease of installation and use, simply make a directory within your Joomla! installation folder, upload the files and open in your browser again.
Download HISA Here   Download JTS Here
 
Language Support
  English
  Finnish
  Swedish
  German
  Language Support
  English
  Finnish
  Swedish
  German
  Hungarian
  Hungarian (Informal)
  French

What Do JTS and HISA Actually Do?


Joomla! Health, Installation and Security Audit (HISA)

Based on the server and end-user hosting account configuration variables an assessment is completed, providing feedback regarding the possibility of installation success if prior to installing Joomla! alternatively, following Joomla! installation, reporting on possible problematic configuration issues.

High security risk items severely penalise the assessment scale, whilst minor inconsistencies will only reduce the assessment scale by small increments. The Health Check report will make recommendations and suggestions on how to possibly resolve such issues.


Initial Installation Audit
  Success Assessment scale
  Latest Joomla! v1.x release
  Non "Stable" version notification
  High security risk notification

General Environment Audit
  Host information
    Platform
    Architecture
    Operating System
    IP Address

  Web-Server version
    Port
    Configuration environment

  PHP version
    Enabled common extensions

  MySQL version
    Connection method

  Joomla! Configuration
    Online/Offline status
    Live Site details
    Configured/Actual Absolute Path
    .htaccess use
    Cache settings
    SEF settings

Standard Joomla! Pre-Installation Checks
  Extension Support
    zlib support
    XML support
    MySQL support
    Save Session Path status

  Security Settings
    Joomla! RG_EMULATION status
    PHP register_globals status

  Recommended Settings
    Safe Mode status
    Display Errors status
    File Uploads status
    Magic Quotes GPC status
    Magic Quotes Runtime status
    Output Buffering status
    Session Auto Start status

  Directory and File Mode Check


Joomla! Diagnostic

A "hash" comparison of the installed Joomla! files and the original Joomla! Distribution release files is performed. The Diagnostic report provides feedback of changed, missing or potentially corrupt files within the Joomla! installation allowing the end-user to determine if there are potentially going to be installation problems if run prior to completing the Web-Installer or possibly solving post installation issues caused by FTP upload corruption or unauthorised modification of core files and potential security risks associated with poorly coded extensions allowing direct access to content or scripts.


Standard Checks Performed
  Security Status
    register_globals setting
    RG_EMULATION setting

  Missing Files

  Corrupt or Modified Files

  Misisng Direct Access Validation

Custom Joomla! Diagnostic

Custom Hash Generation
The "Hash Generation" utility provides the capability to build a Hash file of the current production Joomla! site as it is installed today. This new "Custom" Hash will not only include the Joomla! Core files, but will also include any files installed by Joomla! extensions. This new Hash contains information on the site at a known point in time and can now be compared against the current site to determine if any changes have occured since the last Hash was generated.

Custom Joomla! Diagnostic
In addition to the standard Joomla! Diagnostic highliting files that have been modified or deleted, the new "Custom J!D" report also has the ability to highlite new files that may have been uploaded or added since the last hash was generated, providing a central focal point for "Change Management" and the detection of possible exploit or intrusion of a Joomla! site. Following the Generation of your "Custom" Hash, running "Custom J!D" from the menu will now use the newly created custom hash file instead of the standard Joomla! Core hash files. Joomla! Core Files may still be compared from the standard integrated Joomla! Diagnostic option.

The "Custom Hash Utility" should be capable of handling Joomla! sites of any version/release/dev status/language or with core hacks due to not using the standard core file structure hash, including current and future v1.5 releases.


Standard Checks Performed
  Security Status
    register_globals setting
    RG_EMULATION setting

  Unexpected New and Uploaded Files

  Missing Files

  Corrupt or Modified Files

  Missing Direct Access Validation


Permissions Auditing

Permissions auditing provides the end-user with a comprehensive view of all Directories and Files within the Joomla! installation, including their ownership, current pemrissions mode and Web-Server accessibility and Write capability.

Working on the assumption of 755 for Directories and 644 for Files as the permissions base and being the generally accepted best practice, the Joomla! Tools Suite Permissions Audit report will determine and highlight any permissions not below these modes in the following manner;


Directories and Files
  Green    Generally sane and acceptable
  Blue       Elevated pemrissions but could still be acceptable
  Red        World-Writable, potential of a security exposure
                  ( name also highlighted yellow )

Files Only
  Warning Triangle : Potentially suspect file found
                                    ( .pl, .cgi, .zip, .tar, .tar.gz, these should be investigated )
  Size and Last Modified Date


Extensions Auditing

This section of JTS provides feedback to the end-user relating to currently installed Components, Modules and Mambots, the report includes Name, Version/Release, author contact details and a description of its purpose. To assist with security management and control each extension is colour coded to differentiate between Joomla! Core extensions and 3rd Party Developer extensions.


Extension Differentiation
  Green    Joomla! Core extension
  Red       3rd Party supplied extension


DB Maintenance

Providing a simple interface in to the Health of the Joomla! Database, the JTS DB Maintenance routine initially provides the end-user with details of MySQL backend connection and performs a database table-space Health and Status check and Stale Sessions check. There is also provision made for the end-user to immediately attempt a table repair, clear Stale Sessions and subsequently "Optimise" the Joomla! tables, cleaning up allocated but unused space potentially improving the perfomance of the database and thus the Joomla! Web Site in the front-end.

DB Maintenance automatically runs a table-space health check, confirming that all the standard required Joomla! tables are present, readable and useable. Any errors found during these checks will be highlighted in red, if required and possible, DB Maintenance will attempt to repair any damaged or corrupt Joomla! core tables. The #__session table is also checked for Stale Sessions, displaying all current entries and highlighting those that are stale based on the $mosConfig_lifetime variable in configuration.php.

Selecting the "Optimise Now" button will activate the Database Optimisation routines of MySQL and is not run automatically when entering this section of JTS. Database Optimisation should only be run during quiet or offline periods to avoid the potential to effect front-end performance or possibility of table corruption.