PHP disable functions

[sunardi]

Hi,

I am a beginner in CentOS, and just installed Sentora panel on my vps 1Gb ram CentOS 6.6 32 bit

I have installed csf firewall and folowing friend's advise I modified php.ini with:

disable functions = "disk_total_space, diskfreespace, exec, system, popen, proc_open, proc_nice, shell_exec, passthru, dl, set_time_limit, mail(), show_source, phpinfo, allow_url_fopen, ini_set"

After I rebooted the vps, the Sentora control panel login page was blank
May I know which command in PHP disable functions above are in conflict?

Any help would be appreciated, thanks in advance!

Thanks and Best Regards,
Sunardi

[apinto]

Greentings sunardi, and welcome to the Sentora Community

You should first enable PHP Debugging (see php.net: error_reporting manual) on your php.ini (see Sentora Docs: Important Paths):

PHP Code:

// Report all PHP errors (see changelog)
error_reporting(E_ALL); 


Note: This should NEVER be left enabled for production servers.


With Debugging enabled you will see errors and not only a blank page (when you try to connect to the Sentora Panel).
Read those errors and try to find what needs to be changed.

Suhosin
Sentora uses suhosin (suhosin Official Website) as the executor, you should check your httpd-vhosts.conf (see Sentora Docs: Important Paths) and edit the following line (only the last line matters, the rest is just for reference):

PHP Code:

<virtualhost *:80>
ServerName yourdomain.com
ServerAlias  www.yourdomain.com
ServerAdmin admin@yourdomain.com
DocumentRoot "/var/sentora/hostdata/user_account/public_html/yourdomain_com"
php_admin_value open_basedir "/var/sentora/hostdata/yourdomain/public_html/yourdomain_com:/var/sentora/temp/"

# EDIT THE LINE BELOW #
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec" 


Editing this, instead of php.ini is, in my opinion, the best way to do it (disable unwanted commands) within Sentora (please, someone correct me if I'm wrong), this will keep them available to Sentora Panel but not for other users.

If you really want to globaly disable those commands, please check witch ones are needed by Sentora by following the steps above (enable PHP debugg and search).

[Ron-e]

All i know is that Sentora needs some of these functions, and disables them with suhosin for the rest..

exemple:

Code:

php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"

You can globally edit this list in "Module Admin" > "Apache Config" > "Suhosin Value" i think, but maybe/i hope someone else has better knowledge of this.

[apinto]

Risking to go offtopic here but...
Actually I think that being able to define the "preset" Suhosin Blacklist for all vhosts (at least future ones) should be easier.

Anyways I'm almost sure (not tried) that you can edit that value somewhere along the Sentora files/database).

[sunardi]

Hi,

Thanks a lot to apinto and Ron-e, very much appreciated for your kind
advise/help, I will do it asap following your advises tomorrow (my time)

Best Regards,
Sunardi

[Me.B]

Disabling function in php.ini will break sentora.

You can have the list of disabled functions using suhosin for each vhost under modules admin > apache config.

M B

[sunardi]

Disabling function in php.ini will break sentora.

You can have the list of disabled functions using suhosin for each vhost under modules admin > apache config.

M B

Hi,

Thank you Me.B, sorry for very late response, just had trouble with my pc

Anyway, I did restore the /etc/php.ini but it won't help and still blank
so I rebuilt my vps from scratch, reinstall CentOS, and now works fine

So now I do not dare to touch php nor suhosin yet...

However as I am a bit paranoid, then I installed mod_security from epel
and I inserted local-infile=0 in my /etc/my.cnf

Everything is running fine, even after rebooted, running without problem

But then from logcheck report I noticed that exim was just installed?


I believed that Sentora default is postfix (BTW I had ran Sentora installer a few times
although everything is okay, but there was always error messages from postfix
"ERROR 1071 (42000) at line 115: Specified key was too long; max key length is 1000 bytes")
so I remove exim, doubled checked that postfix was installed and rebooted the vps

Now, the Sentora login page is blank again, where did I do wrong this time?

Any help would be highly appreciated, TIA!

Best Regards,
Sunardi

[Me.B]

centos 7 or centos 6.5 the error above seem related to centos 6.5

[sunardi]

centos 7 or centos 6.5 the error above seem related to centos 6.5

Hi,

Yes Sir, it is CentOS 6.6 32bit

I hope it is not harmful

Thanks & Best Regards,
Sunardi

[Kevvo]

centos 7 or centos 6.5 the Hydromax seems related to centos 6.5

Hi,

Yes Sir, it is CentOS 6.6 32bit

I hope it is not harmful

Thanks & Best Regards,
Sunardi

Why would it be harmful? I'm sure it's just a bug.