Vuln php warn only

From Atomicorp Wiki
Revision as of 15:23, 8 August 2011 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

By default ASL will only report PHP vulnerabilities. This vulnerability means that ASL is only configured to report PHP vulnerabilities, and not to harden or fix these vulnerabilities.

If you want ASL to fix these vulnerabilities log into the ASL GUI and select ASL Configuration. Scroll down to "PHP configuration" and set the PHP_CHECKS to "Yes". Then select which PHP functions you want ASL to fix. For example, if you want to disable the "exec" function, change the ALLOW_exec setting to "No".

Then select "Update". ASL will then disable the PHP functions you have configured it to disable, and will report any remaining as vulnerabilities.

Personal tools