#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2008, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Software: PHP
#
#################################################################################
#
    InsertSection "Software: PHP"

    # Possible locations of php.ini
    PHPINILOCS="/etc/php.ini /usr/local/etc/php.ini /etc/php5/apache2/php.ini \
                /private/etc/php.ini /var/www/conf/php.ini"

    #Display --indent 2 --text "- Checking PHP..." --result FOUND --color WHITE
#
#################################################################################
#
    # Test        : PHP-2211
    # Description : Check php.ini presence
    Register --test-no PHP-2211 --weight L --network NO --description "Check php.ini presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking for presence php.ini"
	PHPINIFILE=""
	for I in ${PHPINILOCS}; do
	    if [ -f ${I} ]; then
	        PHPINIFILE=${I}
	        logtext "Found php.ini file (${PHPINIFILE})"
	    fi
	done
	if [ ! "${PHPINIFILE}" = "" ]; then
	    Display --indent 2 --text "- Checking PHP..." --result "FOUND" --color GREEN
	  else
    	    Display --indent 2 --text "- Checking PHP..." --result "NOT FOUND" --color WHITE
	    logtext "Result: no php.ini file found"
	fi
    fi
#
#################################################################################
#
    # Test        : PHP-2372
    # Description : Check php.ini presence
    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no PHP-2372 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check php options"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking expose_php option.."
        FIND=`cat ${PHPINIFILE} | grep 'expose_php = Off' | grep -v '^;'`
        if [ "${FIND}" = "" ]; then
            Display --indent 4 --text "- Checking expose_php option..." --result WARNING --color RED
	    ReportWarning ${TEST_NO} "M" "PHP option expose_php is possibly turned on, which can reveal useful information for attackers."
	    logtext "Change the expose_php line to: expose_php = Off"
	    report "warning[]=expose_php option is turned on, which can expose useful information for an attacker"
	  else
    	    Display --indent 4 --text "- Checking expose_php option..." --result OK --color GREEN
	    logtext "Result: Found 'expose_php = Off'"
	fi	
    fi
#
#################################################################################
#
    # Test        : PHP-2416
    # Description : Check php version number
#
#################################################################################
#

wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2008, Michael Boelen - www.rootkit.nl - The Netherlands
