diff options
| author | n[oO]ne <noone@silentrunners.de> | 2018-01-11 11:47:47 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2018-01-11 11:47:47 +0300 |
| commit | aebb0c8ed440cd1367b3a1cd195128f57f611745 (patch) | |
| tree | be8fe6bc03f415dd4cef2c0bff6641e21b5220a0 /include/tests_php | |
| parent | 408ee73737e36079b7179c5451ed2f32f163d433 (diff) | |
lynis should not suggest suhosin for PHP 7 (#498)
Diffstat (limited to 'include/tests_php')
| -rw-r--r-- | include/tests_php | 64 |
1 files changed, 44 insertions, 20 deletions
diff --git a/include/tests_php b/include/tests_php index 5a6e0000..f0c17489 100644 --- a/include/tests_php +++ b/include/tests_php @@ -65,6 +65,12 @@ ${ROOTDIR}opt/alt/php71/etc/php.ini" PHPINIDIRS="${ROOTDIR}etc/php5/conf.d \ + ${ROOTDIR}etc/php/7.0/cli/conf.d \ + ${ROOTDIR}etc/php/7.1/cli/conf.d \ + ${ROOTDIR}etc/php/7.2/cli/conf.d \ + ${ROOTDIR}etc/php/7.0/fpm/conf.d \ + ${ROOTDIR}etc/php/7.1/fpm/conf.d \ + ${ROOTDIR}etc/php/7.2/fpm/conf.d \ ${ROOTDIR}etc/php.d \ ${ROOTDIR}opt/cpanel/ea-php54/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php55/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php56/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php70/root/etc/php.d \ ${ROOTDIR}opt/cpanel/ea-php71/root/etc/php.d \ @@ -302,16 +308,18 @@ # Description : Check PHP suhosin extension status if [ ! -z "${PHPINI_ALLFILES}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status" + if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 SIMULATION=0 + MAJOR_VERSION=$(echo ${PHPVERSION} | ${EGREPBINARY} "^7") if [ "${OS}" = "OpenBSD" ]; then FOUND=1 # On OpenBSD, Suhosin is hard linked into PHP SIMULATION=off else for I in ${PHPINI_ALLFILES}; do LogText "Test: Checking for PHP suhosin extension status in file ${I}" - FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin.so.*$' ${I}) + FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin7?.so.*$' ${I}) if [ -z "${FIND}" ]; then LogText "Result: ${I}: suhosin is not enabled" else @@ -329,29 +337,45 @@ done fi - if [ ${FOUND} -eq 0 ]; then - LogText "Result: Suhosin extension is not enabled" + # Check Suhosin for PHP 7 + if [ ! -z ${MAJOR_VERSION} -a ${FOUND} -eq 1 ]; then + LogText "Test: Check Suhosin for PHP 7 is not enabled" + LogText "Result: Suhosin for PHP 7 is in alpha stage and should not be used in production" + ReportSuggestion ${TEST_NO} "Disable Suhosin for PHP 7" Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED - ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension" - LogText "suhosin extension is not enabled" + Display --indent 6 --text "- Suhosin is enabled for PHP 7" --result "${STATUS_WARNING}" --color RED AddHP 0 1 - - else - LogText "Result: Suhosin extension is enabled" + elif [ ! -z ${MAJOR_VERSION} -a ${FOUND} -eq 0 ]; then + LogText "Test: Check Suhosin for PHP 7 is not enabled" + LogText "Result: Suhosin for PHP 7 is not enabled" Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN - AddHP 2 2 - fi - - if [ "${SIMULATION}" = "off" ]; then - LogText "Result: Suhosin simulation mode is not active" - Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_OK}" --color GREEN - AddHP 2 2 + Display --indent 6 --text "- Suhosin is not enabled for PHP 7" --result "${STATUS_OK}" --color GREEN + AddHP 1 1 else - LogText "Result: Suhosin simulation mode is active" - Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_WARNING}" --color RED - ReportSuggestion ${TEST_NO} "Harden PHP by deactivating suhosin simulation mode" - LogText "suhosin simulation mode is active" - AddHP 0 1 + if [ ${FOUND} -eq 0 ]; then + LogText "Result: Suhosin extension is not enabled" + Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED + ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension" + LogText "suhosin extension is not enabled" + AddHP 0 1 + + else + LogText "Result: Suhosin extension is enabled" + Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN + AddHP 2 2 + fi + + if [ "${SIMULATION}" = "off" ]; then + LogText "Result: Suhosin simulation mode is not active" + Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_OK}" --color GREEN + AddHP 2 2 + else + LogText "Result: Suhosin simulation mode is active" + Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_WARNING}" --color RED + ReportSuggestion ${TEST_NO} "Harden PHP by deactivating suhosin simulation mode" + LogText "suhosin simulation mode is active" + AddHP 0 1 + fi fi fi # |