Check server security bug in directadmin

Post Reply
arazit
Junior Member
Posts: 4
Joined: 07 Sep 2008, 19:26

Check server security bug in directadmin

Post by arazit »

Hello,
When I install php-fpm or suphp or fastcgi in diretctadmin and check server security in CSF firewall I get this:
Check php for enable_dl or disabled dl() You should modify /usr/local/lib/php.ini and set:
enable_dl = Off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in the PHP configuration (usually in /usr/local/lib/php.ini)

and

Check php for disable_functions You should modify the PHP configuration and disable commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list


Check php for ini_set disabled You should consider adding ini_set to the disable_functions in the PHP configuration as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised


I think I need a opition for change php.ini URL in csf.
I install php 5.4 fpm and my php.ini url is:
/usr/local/php54/lib/php.ini
Thank you
asmar
Junior Member
Posts: 10
Joined: 14 Aug 2009, 12:14

Re: Check server security bug in directadmin

Post by asmar »

Hi arazit,

What I did is a simply shortcut to the proper file and it pick up fine afterwards the settings:

Code: Select all

ln -s /usr/local/php56/lib/php.ini /usr/local/lib/php.ini
Post Reply