tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-29 00:34:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

[PHP-2379] Suhosin test disabled

Browse Source
This commit is contained in:
Michael Boelen 2018-04-23 11:06:36 +02:00
parent f744d0b800
commit 8077d24432
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 68 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
include/tests_php
View File

@ -311,79 +311,80 @@
# #
################################################################################# #################################################################################
# #
# - test disabled for time being, as newer suhosin7 work is not stable enough -
# Test : PHP-2379 # Test : PHP-2379
# Description : Check PHP suhosin extension status # Description : Check PHP suhosin extension status
if [ ! -z "${PHPINI_ALLFILES}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi #if [ ! -z "${PHPINI_ALLFILES}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status" #Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status"
if [ ${SKIPTEST} -eq 0 ]; then #if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0 # FOUND=0
SIMULATION=0 # SIMULATION=0
MAJOR_VERSION=$(echo ${PHPVERSION} | ${EGREPBINARY} "^7") # MAJOR_VERSION=$(echo ${PHPVERSION} | ${EGREPBINARY} "^7")
if [ "${OS}" = "OpenBSD" ]; then # if [ "${OS}" = "OpenBSD" ]; then
FOUND=1 # On OpenBSD, Suhosin is hard linked into PHP # FOUND=1 # On OpenBSD, Suhosin is hard linked into PHP
SIMULATION=off # SIMULATION=off
else # else
for I in ${PHPINI_ALLFILES}; do # for I in ${PHPINI_ALLFILES}; do
LogText "Test: Checking for PHP suhosin extension status in file ${I}" # LogText "Test: Checking for PHP suhosin extension status in file ${I}"
FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin7?.so.*$' ${I}) # FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin7?.so.*$' ${I})
if [ -z "${FIND}" ]; then # if [ -z "${FIND}" ]; then
LogText "Result: ${I}: suhosin is not enabled" # LogText "Result: ${I}: suhosin is not enabled"
else # else
LogText "Result: ${I}: suhosin is enabled" # LogText "Result: ${I}: suhosin is enabled"
FOUND=1 # FOUND=1
fi # fi
LogText "Test: Check Suhosin simulation mode status" # LogText "Test: Check Suhosin simulation mode status"
SIMULATION=$(${GREPBINARY} -oP '^suhosin.simulation.*$' ${I} | ${CUTBINARY} -d= -f2 | ${GREPBINARY} -io 'off' | ${TRBINARY} '[:upper:]' '[:lower:]') # SIMULATION=$(${GREPBINARY} -oP '^suhosin.simulation.*$' ${I} | ${CUTBINARY} -d= -f2 | ${GREPBINARY} -io 'off' | ${TRBINARY} '[:upper:]' '[:lower:]')
if [ "${SIMULATION}" = "off" ]; then # if [ "${SIMULATION}" = "off" ]; then
LogText "Result: ${I}: suhosin simulation mode is not active" # LogText "Result: ${I}: suhosin simulation mode is not active"
else # else
LogText "Result: ${I}: suhosin simulation mode is active" # LogText "Result: ${I}: suhosin simulation mode is active"
fi # fi
done # done
fi # fi
# Check Suhosin for PHP 7 # # Check Suhosin for PHP 7
if [ ! -z "${MAJOR_VERSION}" -a ${FOUND} -eq 1 ]; then # if [ ! -z "${MAJOR_VERSION}" -a ${FOUND} -eq 1 ]; then
LogText "Test: Check Suhosin for PHP 7 is not enabled" # LogText "Test: Check Suhosin for PHP 7 is not enabled"
LogText "Result: Suhosin for PHP 7 is in alpha stage and should not be used in production" # LogText "Result: Suhosin for PHP 7 is in alpha stage and should not be used in production"
ReportSuggestion ${TEST_NO} "Disable Suhosin for PHP 7" # ReportSuggestion ${TEST_NO} "Disable Suhosin for PHP 7"
Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED # Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED
Display --indent 6 --text "- Suhosin is enabled for PHP 7" --result "${STATUS_WARNING}" --color RED # Display --indent 6 --text "- Suhosin is enabled for PHP 7" --result "${STATUS_WARNING}" --color RED
AddHP 0 1 # AddHP 0 1
elif [ ! -z "${MAJOR_VERSION}" -a ${FOUND} -eq 0 ]; then # elif [ ! -z "${MAJOR_VERSION}" -a ${FOUND} -eq 0 ]; then
LogText "Test: Check Suhosin for PHP 7 is not enabled" # LogText "Test: Check Suhosin for PHP 7 is not enabled"
LogText "Result: Suhosin for PHP 7 is not enabled" # LogText "Result: Suhosin for PHP 7 is not enabled"
Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN # Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN
Display --indent 6 --text "- Suhosin is not enabled for PHP 7" --result "${STATUS_OK}" --color GREEN # Display --indent 6 --text "- Suhosin is not enabled for PHP 7" --result "${STATUS_OK}" --color GREEN
AddHP 1 1 # AddHP 1 1
else # else
if [ ${FOUND} -eq 0 ]; then # if [ ${FOUND} -eq 0 ]; then
LogText "Result: Suhosin extension is not enabled" # LogText "Result: Suhosin extension is not enabled"
Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED # Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED
ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension" # ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension"
LogText "suhosin extension is not enabled" # LogText "suhosin extension is not enabled"
AddHP 0 1 # AddHP 0 1
else # else
LogText "Result: Suhosin extension is enabled" # LogText "Result: Suhosin extension is enabled"
Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN # Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN
AddHP 2 2 # AddHP 2 2
fi # fi
if [ "${SIMULATION}" = "off" ]; then # if [ "${SIMULATION}" = "off" ]; then
LogText "Result: Suhosin simulation mode is not active" # LogText "Result: Suhosin simulation mode is not active"
Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_OK}" --color GREEN # Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_OK}" --color GREEN
AddHP 2 2 # AddHP 2 2
else # else
LogText "Result: Suhosin simulation mode is active" # LogText "Result: Suhosin simulation mode is active"
Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_WARNING}" --color RED # Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_WARNING}" --color RED
ReportSuggestion ${TEST_NO} "Harden PHP by deactivating suhosin simulation mode" # ReportSuggestion ${TEST_NO} "Harden PHP by deactivating suhosin simulation mode"
LogText "suhosin simulation mode is active" # LogText "suhosin simulation mode is active"
AddHP 0 1 # AddHP 0 1
fi # fi
fi # fi
fi #fi
# #
################################################################################# #################################################################################
# #