Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_php
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_php')
-rw-r--r--include/tests_php72
1 files changed, 36 insertions, 36 deletions
diff --git a/include/tests_php b/include/tests_php
index 96eb63d0..0891bbf0 100644
--- a/include/tests_php
+++ b/include/tests_php
@@ -5,7 +5,7 @@
# Lynis
# ------------------
#
-# Copyright 2007-2015, Michael Boelen, CISOfy (michael.boelen@cisofy.com)
+# Copyright 2007-2016, Michael Boelen, CISOfy (michael.boelen@cisofy.com)
# Web site: https://cisofy.com
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
@@ -42,18 +42,18 @@
# Description : Check php.ini presence
Register --test-no PHP-2211 --weight L --network NO --description "Check php.ini presence"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking for presence php.ini"
+ LogText "Test: Checking for presence php.ini"
PHPINIFILE=""
PHPINI_ALLFILES=""
for I in ${PHPINILOCS}; do
- logtext "Test: checking presence ${I}"
+ LogText "Test: checking presence ${I}"
if [ -f ${I} ]; then
PHPINIFILE=${I}
- logtext "Result: Found php.ini file (${PHPINIFILE})"
- logtext "Note: Adding file to php.ini array"
+ LogText "Result: Found php.ini file (${PHPINIFILE})"
+ LogText "Note: Adding file to php.ini array"
PHPINI_ALLFILES="${PHPINI_ALLFILES} ${PHPINIFILE}"
else
- logtext "Result: file ${I} not found"
+ LogText "Result: file ${I} not found"
fi
done
@@ -61,12 +61,12 @@
for I in ${PHPINIDIRS}; do
tFILES=`ls ${I}/*.ini 2>/dev/null`
if [ "${tFILES}" = "" ]; then
- logtext "Result: no files found for ${I}"
+ LogText "Result: no files found for ${I}"
else
- logtext "Result: found files in location ${I}, checking"
+ LogText "Result: found files in location ${I}, checking"
for I in ${tFILES}; do
if [ -f ${I} ]; then
- logtext "Result: file ${I} exists, adding to php.ini array"
+ LogText "Result: file ${I} exists, adding to php.ini array"
PHPINI_ALLFILES="${PHPINI_ALLFILES} ${I}"
fi
done
@@ -75,11 +75,11 @@
if [ ! "${PHPINIFILE}" = "" ]; then
Display --indent 2 --text "- Checking PHP" --result "FOUND" --color GREEN
- logtext "Result: using single file ${PHPINIFILE} for main php.ini tests"
- logtext "Result: using php.ini array ${PHPINI_ALLFILES} for further tests"
+ LogText "Result: using single file ${PHPINIFILE} for main php.ini tests"
+ LogText "Result: using php.ini array ${PHPINI_ALLFILES} for further tests"
else
Display --indent 2 --text "- Checking PHP" --result "NOT FOUND" --color WHITE
- logtext "Result: no php.ini file found"
+ LogText "Result: no php.ini file found"
fi
fi
#
@@ -92,31 +92,31 @@
if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0
for I in ${PHPINI_ALLFILES}; do
- logtext "Test: Checking for PHP function hardening disabled_functions or suhosin.executor.func.blacklist in file ${I}"
+ LogText "Test: Checking for PHP function hardening disabled_functions or suhosin.executor.func.blacklist in file ${I}"
FIND=`grep "^disable_functions.*=" ${I}`
if [ "${FIND}" = "" ]; then
- logtext "Result: ${I}: disabled_functions not found"
+ LogText "Result: ${I}: disabled_functions not found"
else
- logtext "Result: ${I}: found disabled_functions"
+ LogText "Result: ${I}: found disabled_functions"
FOUND=1
fi
FIND=`grep "^suhosin.executor.func.blacklist=" ${I}`
if [ "${FIND}" = "" ]; then
- logtext "Result: ${I}: suhosin.executor.func.blacklist not found"
+ LogText "Result: ${I}: suhosin.executor.func.blacklist not found"
else
- logtext "Result: ${I}: found suhosin.executor.func.blacklist"
+ LogText "Result: ${I}: found suhosin.executor.func.blacklist"
FOUND=1
fi
done
if [ ${FOUND} -eq 0 ]; then
- logtext "Result: all PHP functions can be executed"
+ LogText "Result: all PHP functions can be executed"
Display --indent 4 --text "- Checking PHP disabled functions" --result "NONE" --color YELLOW
ReportSuggestion ${TEST_NO} "Harden PHP by disabling risky functions"
- logtext "Functions of interest to research/disable: chown, diskfreespace, disk_free_space, disk_total_space, dl, exec, escapeshellarg, escapeshellcmd, fileinode, highlight_file, max_execution_time, passthru, pclose, phpinfo, popen, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, set_time_limit, shell_exec, show_source, system)"
+ LogText "Functions of interest to research/disable: chown, diskfreespace, disk_free_space, disk_total_space, dl, exec, escapeshellarg, escapeshellcmd, fileinode, highlight_file, max_execution_time, passthru, pclose, phpinfo, popen, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, set_time_limit, shell_exec, show_source, system)"
AddHP 0 1
else
- logtext "Result: one or more PHP functions are disabled/blacklisted"
+ LogText "Result: one or more PHP functions are disabled/blacklisted"
Display --indent 4 --text "- Checking PHP disabled functions" --result "FOUND" --color GREEN
AddHP 3 3
fi
@@ -146,17 +146,17 @@
fi
Register --test-no PHP-2368 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP register_globals option"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking PHP register_globals option"
+ LogText "Test: Checking PHP register_globals option"
FIND=`egrep -i 'register_globals.*(on|yes|1)' ${PHPINIFILE} | grep -v '^;'`
if [ ! "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking register_globals option" --result WARNING --color RED
ReportWarning ${TEST_NO} "M" "PHP option register_globals option is turned on, which can be a risk for variable value overwriting"
ReportSuggestion ${TEST_NO} "Change the register_globals line to: register_globals = Off"
- logtext "Result: register_globals option is turned on, which can be a risk for variable value overwriting."
+ LogText "Result: register_globals option is turned on, which can be a risk for variable value overwriting."
AddHP 1 2
else
Display --indent 4 --text "- Checking register_globals option" --result OK --color GREEN
- logtext "Result: No 'register_globals' found. Most likely it is in disabled state (0, no, or off), which is the default nowadays and considered the safe value."
+ LogText "Result: No 'register_globals' found. Most likely it is in disabled state (0, no, or off), which is the default nowadays and considered the safe value."
ReportManual ${TEST_NO}:01
AddHP 2 2
fi
@@ -170,17 +170,17 @@
if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PHP-2372 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP expose_php option"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking expose_php option"
+ LogText "Test: Checking expose_php option"
FIND=`egrep -i 'expose_php.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking expose_php option" --result ON --color RED
ReportWarning ${TEST_NO} "M" "PHP option expose_php is possibly turned on, which can reveal useful information for attackers."
ReportSuggestion ${TEST_NO} "Change the expose_php line to: expose_php = Off"
- report "Result: expose_php option is turned on, which can expose useful information for an attacker"
+ Report "Result: expose_php option is turned on, which can expose useful information for an attacker"
AddHP 1 2
else
Display --indent 4 --text "- Checking expose_php option" --result OFF --color GREEN
- logtext "Result: Found 'expose_php' in disabled state (0, no, or off)"
+ LogText "Result: Found 'expose_php' in disabled state (0, no, or off)"
AddHP 2 2
fi
#YYY Check through all files
@@ -194,16 +194,16 @@
if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PHP-2374 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP enable_dl option"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking PHP enable_dl option"
+ LogText "Test: Checking PHP enable_dl option"
FIND=`egrep -i 'enable_dl.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking enable_dl option" --result ON --color YELLOW
- report "Result: enable_dl option is turned on, which can be used for riskful downloads via PHP"
+ Report "Result: enable_dl option is turned on, which can be used for riskful downloads via PHP"
ReportSuggestion ${TEST_NO} "Change the enable_dl line to: enable_dl = Off, to disable downloads via PHP"
AddHP 0 1
else
Display --indent 4 --text "- Checking enable_dl option" --result OFF --color GREEN
- logtext "Result: Found 'enable_dl' in disabled state (0, no, or off)"
+ LogText "Result: Found 'enable_dl' in disabled state (0, no, or off)"
AddHP 2 2
fi
#YYY Check through all files
@@ -217,16 +217,16 @@
if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PHP-2376 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_fopen option"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking PHP allow_url_fopen option"
+ LogText "Test: Checking PHP allow_url_fopen option"
FIND=`egrep -i 'allow_url_fopen.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking allow_url_fopen option" --result ON --color YELLOW
- report "Result: allow_url_fopen option is turned on, which can be used for riskful downloads via PHP"
+ Report "Result: allow_url_fopen option is turned on, which can be used for riskful downloads via PHP"
ReportSuggestion ${TEST_NO} "Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP"
AddHP 0 1
else
Display --indent 4 --text "- Checking allow_url_fopen option" --result OFF --color GREEN
- logtext "Result: Found 'allow_url_fopen' in disabled state (0, no, or off)"
+ LogText "Result: Found 'allow_url_fopen' in disabled state (0, no, or off)"
AddHP 2 2
fi
#YYY Check through all files
@@ -240,16 +240,16 @@
if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PHP-2378 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_include option"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking PHP allow_url_include option"
+ LogText "Test: Checking PHP allow_url_include option"
FIND=`egrep -i 'allow_url_include.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking allow_url_include option" --result ON --color YELLOW
- report "Result: allow_url_include option is turned on, which can be used for riskful downloads via PHP"
+ Report "Result: allow_url_include option is turned on, which can be used for riskful downloads via PHP"
ReportSuggestion ${TEST_NO} "Change the allow_url_include line to: allow_url_include = Off, to disable downloads via PHP"
AddHP 0 1
else
Display --indent 4 --text "- Checking allow_url_include option" --result OFF --color GREEN
- logtext "Result: Found 'allow_url_include' in disabled state (0, no, or off)"
+ LogText "Result: Found 'allow_url_include' in disabled state (0, no, or off)"
AddHP 2 2
fi
fi
@@ -261,4 +261,4 @@ wait_for_keypress
#
#================================================================================
-# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com
+# Lynis - Copyright 2007-2016, Michael Boelen, CISOfy - https://cisofy.com
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 19:35:59 +0300