$ actools audit
$ actools audit
$ actools audit
=== ACTOOLS DRUPAL AUDIT === [DRUPAL] PASS Security advisories: none found PASS trusted_host_patterns: configured PASS Error display: hidden PASS Private file path: configured and writable [INTEGRATION] PASS Redis: write/read/TTL confirmed PASS Queue worker: enqueue test passed PASS HTTP: Cache-Control header present [STACK] PASS Containers: all 5/5 running PASS Site response: HTTP 200 PASS TLS: valid, 90 days remaining PASS MariaDB: reachable PASS Worker container: healthy [SECURITY] PASS HTTPS: HTTP redirects to HTTPS PASS HSTS header: present PASS X-Frame-Options header: present PASS Server header: hidden ───────────────────────────────────────── PASS: 22 WARN: 5 FAIL: 1 Audit score: 6/10 Fix FAIL items before next deploy.
=== ACTOOLS DRUPAL AUDIT === [DRUPAL] PASS Security advisories: none found PASS trusted_host_patterns: configured PASS Error display: hidden PASS Private file path: configured and writable [INTEGRATION] PASS Redis: write/read/TTL confirmed PASS Queue worker: enqueue test passed PASS HTTP: Cache-Control header present [STACK] PASS Containers: all 5/5 running PASS Site response: HTTP 200 PASS TLS: valid, 90 days remaining PASS MariaDB: reachable PASS Worker container: healthy [SECURITY] PASS HTTPS: HTTP redirects to HTTPS PASS HSTS header: present PASS X-Frame-Options header: present PASS Server header: hidden ───────────────────────────────────────── PASS: 22 WARN: 5 FAIL: 1 Audit score: 6/10 Fix FAIL items before next deploy.
=== ACTOOLS DRUPAL AUDIT === [DRUPAL] PASS Security advisories: none found PASS trusted_host_patterns: configured PASS Error display: hidden PASS Private file path: configured and writable [INTEGRATION] PASS Redis: write/read/TTL confirmed PASS Queue worker: enqueue test passed PASS HTTP: Cache-Control header present [STACK] PASS Containers: all 5/5 running PASS Site response: HTTP 200 PASS TLS: valid, 90 days remaining PASS MariaDB: reachable PASS Worker container: healthy [SECURITY] PASS HTTPS: HTTP redirects to HTTPS PASS HSTS header: present PASS X-Frame-Options header: present PASS Server header: hidden ───────────────────────────────────────── PASS: 22 WARN: 5 FAIL: 1 Audit score: 6/10 Fix FAIL items before next deploy.
# The Drupal community has enough Report modules.
# What it lacks is a CLI tool that says:
# I found a problem. I won't let you deploy until you run this specific command to fix it.
# The Drupal community has enough Report modules.
# What it lacks is a CLI tool that says:
# I found a problem. I won't let you deploy until you run this specific command to fix it.
# The Drupal community has enough Report modules.
# What it lacks is a CLI tool that says:
# I found a problem. I won't let you deploy until you run this specific command to fix it.
-weight: 500;">docker compose exec -T "$php_svc" bash -c "cat > /tmp/php_inject.php << 'EOF'
\$settings['trusted_host_patterns'] = array('^${domain_escaped}\$', '^.*\\.${domain_escaped}\$');
// trusted_host_patterns_active
EOF
cat /tmp/php_inject.php >> /path/to/settings.php
rm -f /tmp/php_inject.php"
-weight: 500;">docker compose exec -T "$php_svc" bash -c "cat > /tmp/php_inject.php << 'EOF'
\$settings['trusted_host_patterns'] = array('^${domain_escaped}\$', '^.*\\.${domain_escaped}\$');
// trusted_host_patterns_active
EOF
cat /tmp/php_inject.php >> /path/to/settings.php
rm -f /tmp/php_inject.php"
-weight: 500;">docker compose exec -T "$php_svc" bash -c "cat > /tmp/php_inject.php << 'EOF'
\$settings['trusted_host_patterns'] = array('^${domain_escaped}\$', '^.*\\.${domain_escaped}\$');
// trusted_host_patterns_active
EOF
cat /tmp/php_inject.php >> /path/to/settings.php
rm -f /tmp/php_inject.php"
-weight: 500;">git clone https://github.com/actools-pl/actoolsDrupal.-weight: 500;">git
cd actoolsDrupal
cp actools.env.example actools.env && nano actools.env
-weight: 600;">sudo ./actools.sh
actools audit
-weight: 500;">git clone https://github.com/actools-pl/actoolsDrupal.-weight: 500;">git
cd actoolsDrupal
cp actools.env.example actools.env && nano actools.env
-weight: 600;">sudo ./actools.sh
actools audit
-weight: 500;">git clone https://github.com/actools-pl/actoolsDrupal.-weight: 500;">git
cd actoolsDrupal
cp actools.env.example actools.env && nano actools.env
-weight: 600;">sudo ./actools.sh
actools audit - Security advisories via drush pm:security
- trusted_host_patterns — reads settings.php and verifies it's active
- Config drift — but only if the sync directory has a baseline (fresh installs get INFO, not false WARNING)
- Error display mode
- Session cookie security flags
- Queue backlog - Redis behavioral test — not just "is it running" but write/read/TTL cycle
- Redis as actual Drupal cache backend
- HTTP cache headers
- Queue worker — enqueues a test job and verifies processing
- Private file path — verifiable and writable - All containers running
- HTTP 200 response
- TLS validity and days remaining
- Memory available
- Backup existence and age
- MariaDB reachability
- Worker container health - HTTPS redirect
- HSTS header
- X-Frame-Options
- X-Content-Type-Options
- Server header hidden
- Referrer-Policy
- Docker image pinning - Drupal 11 + PHP 8.3-FPM
- Caddy 2 (automatic HTTPS, security headers, rate limiting)
- MariaDB 11.4
- XeLaTeX worker (PDF generation, self-contained)
- GitHub Actions CI (bats + shellcheck + Trivy + CodeQL)
- Hetzner CX22 — €10/month
