You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AFAICT from the php sources fopen is ONLY used for opening local files. So allowing opening Internet related resource is probably not needed => should be discouraged.
(can't vouch for non-installed modules though),
allow_url_fopen = Off
Similar option:
allow_url_include = off
which could allow getting files though the network/
Lynis audit run on OPNSense might help
(Lynis knows about BSD, just not OPNSense so there might be false positives).
I will try to get Lynis fixed as well.
Environment
Software version used and hardware type if relevant, e.g.:
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
AFAICT from the php sources fopen is ONLY used for opening local files. So allowing opening Internet related resource is probably not needed => should be discouraged.
(can't vouch for non-installed modules though),
allow_url_fopen = Off
Similar option:
allow_url_include = off
which could allow getting files though the network/
(Note: on other systems this often is an issue, lynis an audit tool warns for these issues, see also
lynis website: https://cisofy.com/lynis/controls/PHP-2376/ , https://cisofy.com/lynis/controls/PHP-2378 )
Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)
To Reproduce
Check configs
Expected behavior
N/A
Describe alternatives you considered
N/A
Screenshots
N/A
Relevant log files
N/A
Additional context
Lynis audit run on OPNSense might help
(Lynis knows about BSD, just not OPNSense so there might be false positives).
I will try to get Lynis fixed as well.
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 24.7.10 (amd64).
Intel® i7
Network Intel®
The text was updated successfully, but these errors were encountered: