search

jvoisin / snuffleupagus

Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!
https://snuffleupagus.readthedocs.io
GNU Lesser General Public License v3.0
746 stars 86 forks source link

Using Docker PHP 8.3 with Debian Bookworm & Apache won't log anything #495

Open olaxe opened 3 weeks ago

olaxe commented 3 weeks ago

Hello,

Whatever I tried, no log from Snuffleupagus I use :

FROM public.ecr.aws/docker/library/php:apache-bookworm
ARG SNUFFLEUPAGUS_VERSION=0.10.0
RUN mkdir -p /usr/src/php/ext/snuffleupagus && \
    curl -fsSL "https://github.com/jvoisin/snuffleupagus/archive/refs/tags/v$SNUFFLEUPAGUS_VERSION.tar.gz" | tar xz -C /usr/src/php/ext/snuffleupagus --strip-components=2 snuffleupagus-$SNUFFLEUPAGUS_VERSION/src && \
    docker-php-ext-install snuffleupagus

or:

FROM public.ecr.aws/docker/library/php:apache-bookworm
RUN mkdir -p /usr/src/php/ext && \
    git clone https://github.com/jvoisin/snuffleupagus /tmp/snuffleupagus && \
    mv /tmp/snuffleupagus/src /usr/src/php/ext/snuffleupagus && \
    docker-php-ext-install snuffleupagus

I can check the installation from phpinfo:

snuffleupagus support   enabled
Version 0.10.0-sng (with Suhosin-NG patches)
Valid config    yes
Directive   Local Value Master Value
sp.allow_broken_configuration   On  On
sp.configuration_file   /etc/php/conf.d/snuffleupagus.rules /etc/php/conf.d/snuffleupagus.rules

I have tried simple snuffleupagus.rules:

sp.log_media("syslog");
sp.ini_protection.simulation();
sp.disable_function.function("system").drop();

with some variations using sp.log_media("php"); or sp.ini_protection.simulate(); to force an error like some others did in other issues without any success. Maybe because in this Docker all Apache logs are redirected for Docker logs:

ls -al /var/log/apache2
total 12
drwxrwxrwt 1 www-data www-data  84 Jun 13 02:00 .
drwxr-xr-x 1 root     root     112 Jun 13 02:00 ..
lrwxrwxrwx 1 www-data www-data  11 Jun 13 02:00 access.log -> /dev/stdout
lrwxrwxrwx 1 www-data www-data  11 Jun 13 02:00 error.log -> /dev/stderr
lrwxrwxrwx 1 www-data www-data  11 Jun 13 02:00 other_vhosts_access.log -> /dev/stdout

Let me know if I can do other tests? Btw, all drop features are working fine so I assume only logs are not working.

jvoisin commented 2 weeks ago

Did you check if there are some snuffleupagus logs in the docker logs?

olaxe commented 2 weeks ago

Of course, I can find Apache and PHP logs only. For PHP, I am using: error_log('['.$status_name.'] '.$message_extended."\n", 3, 'php://stdout'); or syslog($status,'['.$status_name.'] '.$message_extended);

jvoisin commented 2 weeks ago

When you're using sp.log_media("php");, are there any snuffleupagus logs in the docker logs, since this is where your php ones are going?

olaxe commented 2 weeks ago

Not at all, even if I don't specify sp.log_media, it won't log anything

jvoisin commented 2 weeks ago

This is excessively odd :/