diff options
Diffstat (limited to 'manifests/series7/hardened.pp')
| -rw-r--r-- | manifests/series7/hardened.pp | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/manifests/series7/hardened.pp b/manifests/series7/hardened.pp index 2579f79..d0fb67c 100644 --- a/manifests/series7/hardened.pp +++ b/manifests/series7/hardened.pp @@ -1,20 +1,19 @@ class php::series7::hardened { $fpm = $::php::fpm $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec' - # $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec' + #$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec' if $fpm == 'present' { php::config { - 'allow_url_fopen' : series => '7', sapi => 'fpm', value => 'Off'; - 'allow_url_include' : series => '7', sapi => 'fpm', value => 'Off'; - 'disable_functions' : series => '7', sapi => 'fpm', value => $disable_functions; + 'allow_url_fopen_7_fpm' : param => 'allow_url_fopen', series => '7', sapi => 'fpm', value => 'Off'; + 'allow_url_include_7_fpm' : param => 'allow_url_include', series => '7', sapi => 'fpm', value => 'Off'; + 'disable_functions_7_fpm' : param => 'disable_functions', series => '7', sapi => 'fpm', value => $disable_functions; } } - else { - php::config { - 'allow_url_fopen' : series => '7', value => 'Off'; - 'allow_url_include' : series => '7', value => 'Off'; - 'disable_functions' : series => '7', value => $disable_functions; - } + + php::config { + 'allow_url_fopen_7' : param => 'allow_url_fopen', series => '7', value => 'Off'; + 'allow_url_include_7' : param => 'allow_url_include', series => '7', value => 'Off'; + 'disable_functions_7' : param => 'disable_functions', series => '7', value => $disable_functions; } } |