New php.ini file on php-internal from cPanel or Imunify?
Hello,
Today after a CSF scan I have notice this:
In my main php.ini file on server that running php7.4 I have enable_dl = Off and disable_functions etc. Anyone knows what exactly is this separate php.ini and if I must change it manually or not? I have imunify antivirus installed and at the past I see exceptions that refer to imunify. It's safe to keep this "strange" php.ini with the default configurations? Any suggestion?
PHP Check
Check php for enable_dl or disabled dl()
You should set:
enable_dl = Off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in the PHP configuration:
Affected PHP versions:
/opt/alt/php-internal/etc/php.ini (/opt/alt/php-internal/usr/bin/php)
Check php for disable_functions
You should consider disabling commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list:
Affected PHP versions:
/opt/alt/php-internal/etc/php.ini (/opt/alt/php-internal/usr/bin/php)In my main php.ini file on server that running php7.4 I have enable_dl = Off and disable_functions etc. Anyone knows what exactly is this separate php.ini and if I must change it manually or not? I have imunify antivirus installed and at the past I see exceptions that refer to imunify. It's safe to keep this "strange" php.ini with the default configurations? Any suggestion?
-
Hey there! This file is part of the CloudLinux PHP system, as we can see it is owned by one of those packages. Here is some output from a test server showing this: root@server1 [~]# rpm -qf /opt/alt/php-internal/etc/php.ini alt-php-internal-common-7.4.16-6.el6.x86_64
You won't want to remove that file or things related to CloudLinux, such as Imunify, may not function properly.0 -
Hey there! This file is part of the CloudLinux PHP system, as we can see it is owned by one of those packages. Here is some output from a test server showing this:
root@server1 [~]# rpm -qf /opt/alt/php-internal/etc/php.ini alt-php-internal-common-7.4.16-6.el6.x86_64
You won't want to remove that file or things related to CloudLinux, such as Imunify, may not function properly.
Is this php version can be usable with end-user? If we cannot add disable_functions on this file; is it creating any security problem?0 -
Burti This PHP won't be used by any end user accounts and they cannot use it anyway either, since these are installed/compiled by CloudLinux for their services to run internally there. 0
Please sign in to leave a comment.
Comments
3 comments