diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2018-06-22 18:27:05 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2018-06-22 18:27:05 -0300 |
| commit | 567d81c23d9a5f09658c09c3666d7a6f65b34f18 (patch) | |
| tree | 92f9ec9e16db4c448b969feab383f0c73ae71df9 /manifests/series5/hardened.pp | |
| parent | bcf5086deca96bf802a8fbf83aceca1b5a5135c3 (diff) | |
| download | puppet-php-567d81c23d9a5f09658c09c3666d7a6f65b34f18.tar.gz puppet-php-567d81c23d9a5f09658c09c3666d7a6f65b34f18.tar.bz2 | |
Support multiple PHP series at the same time, currently only 5 and 7
Diffstat (limited to 'manifests/series5/hardened.pp')
| -rw-r--r-- | manifests/series5/hardened.pp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/manifests/series5/hardened.pp b/manifests/series5/hardened.pp index e512402..7026a25 100644 --- a/manifests/series5/hardened.pp +++ b/manifests/series5/hardened.pp @@ -1,8 +1,19 @@ class php::series5::hardened { + $fpm = $::php::fpm + $disable_functions = 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec' + #$disable_functions = 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec', + + if $fpm == 'present' { + php::config { + 'allow_url_fopen_5_fpm' : param => 'allow_url_fopen', sapi => 'fpm', value => 'Off'; + 'allow_url_include_5_fpm' : param => 'allow_url_include', sapi => 'fpm', value => 'Off'; + 'disable_functions_5_fpm' : param => 'disable_functions', sapi => 'fpm', value => $disable_functions; + } + } + php::config { 'allow_url_fopen' : value => 'Off'; 'allow_url_include' : value => 'Off'; - 'disable_functions' : value => 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'; - #value => 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec', + 'disable_functions' : value => $disable_functions; } } |