Commit 58d26857 authored by o's avatar o
Browse files

puppet likes eating backspace

eat some more backspace
parent 4e38acb2
......@@ -6,7 +6,7 @@ class php::snuffleupagus::global(
# based on https://snuffleupagus.readthedocs.io/config.html#miscellaneous-examples
$rules = {
'010-mail-add-params' => '# Prevent various `mail`-related vulnerabilities
sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();',
sp.disable_function.function("mail").param("additional_parameters").value_r("\\\\-").drop();',
'020-putenv' => '# Since it\'s now burned, me might as well mitigate it publicly
sp.disable_function.function("putenv").param("setting").value_r("LD_").drop();',
'030-includes' => '##Prevent various `include`-related vulnerabilities
......@@ -19,10 +19,10 @@ sp.disable_function.function("include").value_r("\.php$").allow();
sp.disable_function.function("require_once").drop();
sp.disable_function.function("include_once").drop();',
'040-system' => '# Prevent `system`-related injections
sp.disable_function.function("system").param("command").value_r("[$|;&`\\n]").drop();
sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n]").drop();
sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n]").drop();
sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n]").drop();',
sp.disable_function.function("system").param("command").value_r("[$|;&`\\\\n]").drop();
sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\\\n]").drop();
sp.disable_function.function("exec").param("command").value_r("[$|;&`\\\\n]").drop();
sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\\\n]").drop();',
'050-runtime-mods' => '# Prevent runtime modification of interesting things
sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();
sp.disable_function.function("ini_set").param("var_name").value("zend.assertions").drop();
......@@ -32,7 +32,7 @@ sp.disable_function.function("ini_set").param("var_name").value("open_basedir").
'060-env-recon' => '# Detect some backdoors via environnement recon
sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_fopen|open_basedir|suhosin)").drop();',
'070-file-upload' => '#File upload
sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();',
sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\\\.ph").drop();
sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\\\.ht").drop();',
} + $base_rules
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment