diff options
Diffstat (limited to 'manifests/series8/hardened.pp')
-rw-r--r-- | manifests/series8/hardened.pp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/manifests/series8/hardened.pp b/manifests/series8/hardened.pp new file mode 100644 index 0000000..74b81f8 --- /dev/null +++ b/manifests/series8/hardened.pp @@ -0,0 +1,19 @@ +class php::series8::hardened { + $fpm = $::php::fpm + $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec' + #$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec' + + if $fpm == 'present' { + php::config { + 'allow_url_fopen_8_fpm' : param => 'allow_url_fopen', series => '8', sapi => 'fpm', value => 'Off'; + 'allow_url_include_8_fpm' : param => 'allow_url_include', series => '8', sapi => 'fpm', value => 'Off'; + 'disable_functions_8_fpm' : param => 'disable_functions', series => '8', sapi => 'fpm', value => $disable_functions; + } + } + + php::config { + 'allow_url_fopen_8' : param => 'allow_url_fopen', series => '8', value => 'Off'; + 'allow_url_include_8' : param => 'allow_url_include', series => '8', value => 'Off'; + 'disable_functions_8' : param => 'disable_functions', series => '8', value => $disable_functions; + } +} |