Closed gralex54 closed 4 years ago
Hi,
Maybe I can look into the code and add the check of ini files in subfolders. A spontaneous question however: how would you like the test to handle multiple occurrences of one parameter and especially contradictory configurations like expose_php = On
in one file and expose_php = Off
in another?
It would be safer to report that "bad" setting even if found only once anywhere, right?
Hello,
It would be nice if you can look into the code and add the check of ini files in subfolders. Yes, I'm agree it would be much safer to report that "bad" setting even if found only once anywhere.
Thanks and regards, Alex.
Hi @gralex54
I looked into the code and noticed that I only had to add the missing folders. I didn't had to change any code regarding the test itself. I created the pull request #805 now. Could you test that, please?
Thanks in advance.
Hi @Schmuuu
Thanks. I confirm it's working now
- Checking expose_php option [ OFF ]
with:
# grep -i -R ^expose /usr/local/php*/lib/
/usr/local/php52/lib/php.ini-dist:expose_php = On
/usr/local/php52/lib/php.ini-recommended:expose_php = On
/usr/local/php52/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php52/lib/php.ini:expose_php = Off
/usr/local/php53/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php53/lib/php.ini:expose_php = off
/usr/local/php54/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php54/lib/php.ini:expose_php = off
/usr/local/php55/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php55/lib/php.ini:expose_php = off
/usr/local/php56/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php56/lib/php.ini:expose_php = off
/usr/local/php70/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php70/lib/php.ini:expose_php = off
/usr/local/php71/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php71/lib/php.ini:expose_php = off
/usr/local/php72/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php72/lib/php.ini:expose_php = off
/usr/local/php73/lib/php.conf.d/90-custom.ini:expose_php = off
/usr/local/php73/lib/php.ini:expose_php = off
Regards, Alex.
Describe the bug
The control panel DirectAdmin (www.directadmin.com) installs PHP from sources, it compiles PHP versions and installs them into
/usr/local/php<VERSION>/
directories, e.g. the following PHP binaries might exist (depending on options a server administrator chooses):<VERSION>
might be any possible existing versions of PHP in a format 55, 56, 70, 71, 72, 73 corresponding to 5.5, 5.6, 7.0, 7.1, 7.2, 7.3And every PHP version has its own directory for PHP ini files:
/usr/local/php<VERSION>/lib/php.ini
/usr/local/php<VERSION>/lib/php.conf.d/
For example (for PHP installed as suphp, fastcgi, PHP-FPM):
and (for PHP installed as mod_php):
And here where the issue comes out. The
lynis
does not check those directories and files for settings when doing tests from/usr/share/lynis/include/tests_php
.Version
Expected behavior Lynis should detect PHP ini files installed by DirectAdmin. Actually under
php.conf.d/
of the listed above locations any number of custom*.ini
files might exist.Output
Additional context
Please advise.