DISA Unix STIGS and O/S Hardening

As a former Sysadmin for a multitude of Unix varieties I was often hit with the task of adhering to some governing policy regarding lockdown or hardening of the O/S's that I administered. One of the more challenging was compliance with DISA UNIX STIGs. If you've ever had this task, you'll know that there are three components (the STIG policy document, the SRR scripts, and a manual checklist). There was never an automated way of getting the O/S in compliance, and worse, an automated way to ensure compliance as the servers evolved over time. This rather mundane task (finding, editing, and checking a series of configuration files, CHMODs, and the like) quickly became a daily "chore". Keeping servers in-sync with one another was a task in itself and making mistakes while editing O/S configuration files could set you back a day or two.


In Drupal the ubiquitous "t" function is used to translate strings to a page language or a given user language. As such in module writing the "t" function should be used extensively to encapsulate all user readable text. The "t" function works with special placeholders that signal "dynamic information" in a string that needs "extra" filtering or should not be filtered or translated at all, such as URLs. There are three different placeholders that offer three different exceptions to the normal operation of "t".
!Prevents all manipulation by "t", text is inserted as is.