diff options
Diffstat (limited to 'include/tests_php')
-rw-r--r-- | include/tests_php | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/include/tests_php b/include/tests_php index fcb582a2..11135491 100644 --- a/include/tests_php +++ b/include/tests_php @@ -61,7 +61,7 @@ if [ "${tFILES}" = "" ]; then logtext "Result: no files found for ${I}" else - logtext "Result: found files in location ${I}, checking.." + logtext "Result: found files in location ${I}, checking" for I in ${tFILES}; do if [ -f ${I} ]; then logtext "Result: file ${I} exists, adding to php.ini array" @@ -72,11 +72,11 @@ done if [ ! "${PHPINIFILE}" = "" ]; then - Display --indent 2 --text "- Checking PHP..." --result "FOUND" --color GREEN + Display --indent 2 --text "- Checking PHP" --result "FOUND" --color GREEN logtext "Result: using single file ${PHPINIFILE} for main php.ini tests" logtext "Result: using php.ini array ${PHPINI_ALLFILES} for further tests" else - Display --indent 2 --text "- Checking PHP..." --result "NOT FOUND" --color WHITE + Display --indent 2 --text "- Checking PHP" --result "NOT FOUND" --color WHITE logtext "Result: no php.ini file found" fi fi @@ -109,13 +109,13 @@ done if [ ${FOUND} -eq 0 ]; then logtext "Result: all PHP functions can be executed" - Display --indent 4 --text "- Checking PHP disabled functions..." --result "NONE" --color YELLOW + Display --indent 4 --text "- Checking PHP disabled functions" --result "NONE" --color YELLOW ReportSuggestion ${TEST_NO} "Harden PHP by disabling risky functions" logtext "Functions of interest to research/disable: chown, diskfreespace, disk_free_space, disk_total_space, dl, exec, escapeshellarg, escapeshellcmd, fileinode, highlight_file, max_execution_time, passthru, pclose, phpinfo, popen, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, set_time_limit, shell_exec, show_source, system)" AddHP 0 1 else logtext "Result: one or more PHP functions are disabled/blacklisted" - Display --indent 4 --text "- Checking PHP disabled functions..." --result "FOUND" --color GREEN + Display --indent 4 --text "- Checking PHP disabled functions" --result "FOUND" --color GREEN AddHP 3 3 fi fi @@ -139,16 +139,16 @@ fi Register --test-no PHP-2368 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP register_globals option" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking PHP register_globals option.." + logtext "Test: Checking PHP register_globals option" FIND=`cat ${PHPINIFILE} | egrep -i 'register_globals.*(on|yes|1)' | grep -v '^;'` if [ ! "${FIND}" = "" ]; then - Display --indent 4 --text "- Checking register_globals option..." --result WARNING --color RED + Display --indent 4 --text "- Checking register_globals option" --result WARNING --color RED ReportWarning ${TEST_NO} "M" "PHP option register_globals option is turned on, which can be a risk for variable value overwriting" ReportSuggestion ${TEST_NO} "Change the register_globals line to: register_globals = Off" logtext "Result: register_globals option is turned on, which can be a risk for variable value overwriting." AddHP 1 2 else - Display --indent 4 --text "- Checking register_globals option..." --result OK --color GREEN + Display --indent 4 --text "- Checking register_globals option" --result OK --color GREEN logtext "Result: No 'register_globals' found. Most likely it is in disabled state (0, no, or off), which is the default nowadays and considered the safe value." ReportManual ${TEST_NO}:01 AddHP 2 2 @@ -163,16 +163,16 @@ if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PHP-2372 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP expose_php option" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking expose_php option.." + logtext "Test: Checking expose_php option" FIND=`cat ${PHPINIFILE} | egrep -i 'expose_php.*(off|no|0)' | grep -v '^;'` if [ "${FIND}" = "" ]; then - Display --indent 4 --text "- Checking expose_php option..." --result ON --color RED + Display --indent 4 --text "- Checking expose_php option" --result ON --color RED ReportWarning ${TEST_NO} "M" "PHP option expose_php is possibly turned on, which can reveal useful information for attackers." ReportSuggestion ${TEST_NO} "Change the expose_php line to: expose_php = Off" report "Result: expose_php option is turned on, which can expose useful information for an attacker" AddHP 1 2 else - Display --indent 4 --text "- Checking expose_php option..." --result OFF --color GREEN + Display --indent 4 --text "- Checking expose_php option" --result OFF --color GREEN logtext "Result: Found 'expose_php' in disabled state (0, no, or off)" AddHP 2 2 fi @@ -187,15 +187,15 @@ if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PHP-2374 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP enable_dl option" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking PHP enable_dl option.." + logtext "Test: Checking PHP enable_dl option" FIND=`cat ${PHPINIFILE} | egrep -i 'enable_dl.*(off|no|0)' | grep -v '^;'` if [ "${FIND}" = "" ]; then - Display --indent 4 --text "- Checking enable_dl option..." --result ON --color YELLOW + Display --indent 4 --text "- Checking enable_dl option" --result ON --color YELLOW report "Result: enable_dl option is turned on, which can be used for riskful downloads via PHP" ReportSuggestion ${TEST_NO} "Change the enable_dl line to: enable_dl = Off, to disable downloads via PHP" AddHP 0 1 else - Display --indent 4 --text "- Checking enable_dl option..." --result OFF --color GREEN + Display --indent 4 --text "- Checking enable_dl option" --result OFF --color GREEN logtext "Result: Found 'enable_dl' in disabled state (0, no, or off)" AddHP 2 2 fi @@ -210,15 +210,15 @@ if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PHP-2376 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_fopen option" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking PHP allow_url_fopen option.." + logtext "Test: Checking PHP allow_url_fopen option" FIND=`cat ${PHPINIFILE} | egrep -i 'allow_url_fopen.*(off|no|0)' | grep -v '^;'` if [ "${FIND}" = "" ]; then - Display --indent 4 --text "- Checking allow_url_fopen option..." --result ON --color YELLOW + Display --indent 4 --text "- Checking allow_url_fopen option" --result ON --color YELLOW report "Result: allow_url_fopen option is turned on, which can be used for riskful downloads via PHP" ReportSuggestion ${TEST_NO} "Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP" AddHP 0 1 else - Display --indent 4 --text "- Checking allow_url_fopen option..." --result OFF --color GREEN + Display --indent 4 --text "- Checking allow_url_fopen option" --result OFF --color GREEN logtext "Result: Found 'allow_url_fopen' in disabled state (0, no, or off)" AddHP 2 2 fi @@ -233,15 +233,15 @@ if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PHP-2378 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_include option" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking PHP allow_url_include option.." + logtext "Test: Checking PHP allow_url_include option" FIND=`cat ${PHPINIFILE} | egrep -i 'allow_url_include.*(off|no|0)' | grep -v '^;'` if [ "${FIND}" = "" ]; then - Display --indent 4 --text "- Checking allow_url_include option..." --result ON --color YELLOW + Display --indent 4 --text "- Checking allow_url_include option" --result ON --color YELLOW report "Result: allow_url_include option is turned on, which can be used for riskful downloads via PHP" ReportSuggestion ${TEST_NO} "Change the allow_url_include line to: allow_url_include = Off, to disable downloads via PHP" AddHP 0 1 else - Display --indent 4 --text "- Checking allow_url_include option..." --result OFF --color GREEN + Display --indent 4 --text "- Checking allow_url_include option" --result OFF --color GREEN logtext "Result: Found 'allow_url_include' in disabled state (0, no, or off)" AddHP 2 2 fi |