Added new test PHP-2382

1 files changed, 36 insertions, 0 deletions

diff --git a/include/tests_php b/include/tests_php
index a452781a..0f498fff 100644
--- a/include/tests_php
+++ b/include/tests_php
@@ -464,6 +464,42 @@
 #
 #################################################################################
 #
+    # Test        : PHP-2382
+    # Description : Check listen option
+    # Background  : https://github.com/CISOfy/lynis/issues/837
+    if [ -n "${PHPINI_ALLFILES}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PHP-2382 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP expose_php option"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        for FILE in ${PHPINI_ALLFILES}; do
+            # Don't look at this setting in cli configuration
+            case "${FILE}" in
+                */cli/*)
+                    continue
+                    ;;
+            esac
+            LogText "Test: Checking file ${FILE}"
+            FIND=$(${EGREPBINARY} -i "^listen = [0-9]{1,5}$" ${FILE})
+            if HasData "${FIND}"; then
+                LogText "Result: found listen on just a port number"
+                LogText "Data: ${FIND}"
+                LogText "Note: when possible, limit access to just localhost, so it can't be accessed from outside"
+                FOUND=1
+            fi
+        done
+
+        if [ ${FOUND} -eq 1 ]; then
+            Display --indent 4 --text "- Checking listen option" --result "${STATUS_SUGGESTION}" --color YELLOW
+            #ReportSuggestion "${TEST_NO}" "Limit the listening of FastCGI to just localhost or a local socket" "listen = 127.0.0.1:9000" "-"
+            AddHP 1 3
+        else
+            Display --indent 4 --text "- Checking listen option" --result "${STATUS_OK}" --color GREEN
+            AddHP 2 2
+        fi
+    fi
+#
+#################################################################################
+#
 
 WaitForKeyPress