Closed egypcio closed 1 year ago
Like gpg, this is more something that I would leave to an apache role, aka harden-apache added the sid length a while ago - https://github.com/juju4/ansible-harden-apache/commit/23bc9a1055e601f72160e0c9c6fba9b03c6ae38b strict already included before
I need to review how this file is used as likely old work and duplicated.
IMHO it wouldn't hurt to add/leave those into this role's php.ini
(misp-php.ini.j2), but I understand your point.
all fine for you to close this one. much appreciated for the time of writing back!
Closing as leaving those to external role.
Description
Add MISP recommendations about PHP sessions settings
Motivation and Context
Once we wave a new deployment of MISP and check the
/servers/serverSettings/diagnostics
route, there are quite a few tweaks one can plan to change in the system to improve a better experience while using (and maintaining) a MISP instance.Here we are motivated to address the following:
use_strict_mode
set to true;sid-length
has at least 32 chars/bits (recommended by the PHP Project itself too).How Has This Been Tested?
/etc/php/7.4/apache2/conf.d/99-misp.ini
;/etc/php/7.4/mods-available/misp-php.ini
;Types of changes
Checklist: