Comments (5)
also my additional .ini files registered by PHP configscandir compile option
php --ini
Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File: /usr/local/lib/php.ini
Scan for additional .ini files in: /etc/centminmod/php.d
Additional .ini files parsed: /etc/centminmod/php.d/a_customphp.ini,
/etc/centminmod/php.d/curlcainfo.ini,
/etc/centminmod/php.d/zendopcache.ini
you could add that to array of .ini files you check for php.ini which you grep for any checked php variables like expose_php and make sure those get higher priority over php.ini as they would potentially override php.ini values ?
although simple
php -i | grep expose
would be easier
from lynis.
how to set "expose_php = Off" in Debian server ?
from lynis.
Correction to initial bug report, php.d/*.ini
has nothing to do with PHP-FPM. That is what php-fpm.d/*.conf
is for.
What's going on here is similar to psecio/iniscan#82 where PHP settings can be defined in additional .ini
files in php.d/*.ini
, and/or defined per site pool in PHP-FPM config files in php-fpm.d/*.conf
.
php -i | grep expose
Will work for the .ini
files overriding the master php.ini values, but will not work to check values set via the PHP-FPM .conf
files. At least via commandline.
from lynis.
This item is "on hold", as it is hard to parse them properly. We will do more research later, to see if we can create a reliable way to parse different PHP configurations and keep the versions in mind as well.
from lynis.
Closing this issue, to clean up a little bit. Right now, no changes are made to the PHP scanning logic, as it needs a rewrite.
from lynis.
Related Issues (20)
- Add Alt Linux to a list of a checkable versions of linux HOT 5
- Unknown OS: OSMC HOT 3
- systemd Plugin tests get stuck on Debian 12 HOT 11
- Cryptography tests get stuck on Debian 12 HOT 2
- Consider to add MFA checking on Lynis HOT 4
- Consider to add checks for some more kernel and memory hardenig HOT 1
- Firewalls [x] but nftables HOT 2
- fail2ban.configreader prints warning to stderr (allowipv6) HOT 8
- Error message on debian 12 HOT 4
- Exception found! [KRNL-5730] _ReportException_ should have _GREPTOOL_ passed in and not _GREPBINARY_ HOT 1
- Unraid /boot Function/test: [KRNL-5830:2] Can not find any vmlinuz or kernel files in
- SSH daemon is running - Exception Found HOT 3
- Unknown OS found - Neon KDE HOT 1
- Lynis on OpenBSD HOT 9
- Download area cannot be listed anymore HOT 7
- [INSE-8000] The inetd service is not detected HOT 2
- [PKGS-7410] Does not detect the package containing the kernel. HOT 2
- PKGS-7392 - Found one or more vulnerable package right after dist-upgrade HOT 10
- NETW-3200 and FILE-6430 do no longer detect blacklisted modules HOT 4
- Function/test: [SSH-7404:01], Exception found!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lynis.