diff options
Diffstat (limited to 'manifests/series5')
| -rw-r--r-- | manifests/series5/defaults.pp | 6 | ||||
| -rw-r--r-- | manifests/series5/hardened.pp | 15 | ||||
| -rw-r--r-- | manifests/series5/packages.pp | 26 |
3 files changed, 31 insertions, 16 deletions
diff --git a/manifests/series5/defaults.pp b/manifests/series5/defaults.pp index 15cb8a2..0de7462 100644 --- a/manifests/series5/defaults.pp +++ b/manifests/series5/defaults.pp @@ -1,7 +1,7 @@ class php::series5::defaults { php::config { - 'error_reporting' : value => 'E_ALL & ~E_NOTICE & ~E_STRICT'; - 'post_max_size' : value => '100M'; - 'upload_max_filesize' : value => '100M'; + 'error_reporting_5' : param => 'error_reporting', series => '5', value => 'E_ALL & ~E_NOTICE & ~E_STRICT'; + 'post_max_size_5' : param => 'post_max_size', series => '5', value => '100M'; + 'upload_max_filesize_5' : param => 'upload_max_filezise', series => '5', value => '100M'; } } diff --git a/manifests/series5/hardened.pp b/manifests/series5/hardened.pp index e512402..7026a25 100644 --- a/manifests/series5/hardened.pp +++ b/manifests/series5/hardened.pp @@ -1,8 +1,19 @@ class php::series5::hardened { + $fpm = $::php::fpm + $disable_functions = 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec' + #$disable_functions = 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec', + + if $fpm == 'present' { + php::config { + 'allow_url_fopen_5_fpm' : param => 'allow_url_fopen', sapi => 'fpm', value => 'Off'; + 'allow_url_include_5_fpm' : param => 'allow_url_include', sapi => 'fpm', value => 'Off'; + 'disable_functions_5_fpm' : param => 'disable_functions', sapi => 'fpm', value => $disable_functions; + } + } + php::config { 'allow_url_fopen' : value => 'Off'; 'allow_url_include' : value => 'Off'; - 'disable_functions' : value => 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'; - #value => 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec', + 'disable_functions' : value => $disable_functions; } } diff --git a/manifests/series5/packages.pp b/manifests/series5/packages.pp index 2b7dd3d..373a655 100644 --- a/manifests/series5/packages.pp +++ b/manifests/series5/packages.pp @@ -1,28 +1,30 @@ -class php::series5::packages { +class php::series5::packages inherits php::packages { + $version = $::php::params::version5 + # The needed packages: we could also try libapache2-mod-php5.6filter package { 'php5': - name => 'php5.6', + name => "php${version}", require => File['/etc/apt/sources.list.d/php.list'], } package { 'php5-cli': - name => 'php5.6-cli', + name => "php${version}-cli", require => File['/etc/apt/sources.list.d/php.list'], } - package { [ 'php5.6-mysql', 'php5.6-sqlite3', 'php5.6-curl', 'php5.6-gmp', 'libapache2-mod-php5.6' ]: + package { [ "php${version}-mysql", "php${version}-sqlite3", "php${version}-curl", "php${version}-gmp", "libapache2-mod-php${version}" ]: ensure => installed, require => File['/etc/apt/sources.list.d/php.list'], } # Optional packages - package { [ "php5.6-gd", "php-imagick", "php5.6-xml", "php5.6-mbstring" ]: + package { [ "php${version}-gd", "php${version}-xml", "php${version}-mbstring" ]: ensure => installed, require => File['/etc/apt/sources.list.d/php.list'], } # Not available anymore - package { 'php5.6-suhosin': + package { 'php${version}-suhosin': ensure => absent, require => File['/etc/apt/sources.list.d/php.list'], } @@ -33,10 +35,12 @@ class php::series5::packages { } # Default alternative - file { "/etc/alternatives/php": - ensure => "/usr/bin/php5.6", - owner => root, - group => root, - require => Package['php5'], + if $::php::default_cli == '5' { + file { "/etc/alternatives/php": + ensure => "/usr/bin/php${version}", + owner => root, + group => root, + require => Package['php5-cli'], + } } } |