{"description": "PHP is a widely-used and often misconfigured server-side scripting language. It should\nbe used with caution, but configured appropriately when needed.\n<br /><br />\nReview <tt>/etc/php.ini</tt> and make the following changes if possible:\n<pre># Do not expose PHP error messages to external users\ndisplay_errors = Off\n\n# Enable safe mode\nsafe_mode = On\n\n# Only allow access to executables in isolated directory\nsafe_mode_exec_dir = php-required-executables-path\n\n# Limit external access to PHP environment\nsafe_mode_allowed_env_vars = PHP_\n\n# Restrict PHP information leakage\nexpose_php = Off\n\n# Log all errors\nlog_errors = On\n\n# Do not register globals for input data\nregister_globals = Off\n\n# Minimize allowable PHP post size\npost_max_size = 1K\n\n# Ensure PHP redirects appropriately\ncgi.force_redirect = 0\n\n# Disallow uploading unless necessary\nfile_uploads = Off\n\n# Disallow treatment of file requests as fopen calls\nallow_url_fopen = Off\n\n# Enable SQL safe mode\nsql.safe_mode = On\n</pre>", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Configure PHP Securely", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_configure_php_securely/group.yml"}