Fix the default configuration

ini_[sg]et first parameter is actually varname, and not var_name. Thanks to @gergo314 for flagging this!
author: jvoisin 2019-10-16 00:52:50 +0200
committer: jvoisin 2019-10-16 00:52:50 +0200
commit: 6347fa7afa8936ad53c108f15a2ea6ccacd812fb (patch)
tree: b90cab8a0dd06d68494eb5020fa12aa1122af297 /config/default.rules
parent: 504f02992ace82a5520bc0ca43d9562c077a06e4 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/config/default.rules b/config/default.rules
index 82f8b5d..dc749e5 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -66,16 +66,16 @@ sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\
 sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 # Prevent runtime modification of interesting things
-sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();
+sp.disable_function.function("ini_set").param("varname").value("assert.active").drop();
-sp.disable_function.function("ini_set").param("var_name").value("zend.assertions").drop();
+sp.disable_function.function("ini_set").param("varname").value("zend.assertions").drop();
-sp.disable_function.function("ini_set").param("var_name").value("memory_limit").drop();
+sp.disable_function.function("ini_set").param("varname").value("memory_limit").drop();
-sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();
+sp.disable_function.function("ini_set").param("varname").value("include_path").drop();
-sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
+sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();
 # Detect some backdoors via environnement recon
-sp.disable_function.function("ini_get").param("var_name").value("allow_url_fopen").drop();
+sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();
-sp.disable_function.function("ini_get").param("var_name").value("open_basedir").drop();
+sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();
-sp.disable_function.function("ini_get").param("var_name").value_r("suhosin").drop();
+sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();
 sp.disable_function.function("function_exists").param("function_name").value("eval").drop();
 sp.disable_function.function("function_exists").param("function_name").value("exec").drop();
 sp.disable_function.function("function_exists").param("function_name").value("system").drop();
author	jvoisin	2019-10-16 00:52:50 +0200
committer	jvoisin	2019-10-16 00:52:50 +0200
commit	6347fa7afa8936ad53c108f15a2ea6ccacd812fb (patch)
tree	b90cab8a0dd06d68494eb5020fa12aa1122af297 /config/default.rules
parent	504f02992ace82a5520bc0ca43d9562c077a06e4 (diff)

diff --git a/config/default.rules b/config/default.rules index 82f8b5d..dc749e5 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -66,16 +66,16 @@ sp.disable_function.function("exec").param("command").value_r("[$\|;&`\\n\\(\\)\\
66	sp.disable_function.function("proc_open").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();	66	sp.disable_function.function("proc_open").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
67		67
68	# Prevent runtime modification of interesting things	68	# Prevent runtime modification of interesting things
69	sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();	69	sp.disable_function.function("ini_set").param("varname").value("assert.active").drop();
70	sp.disable_function.function("ini_set").param("var_name").value("zend.assertions").drop();	70	sp.disable_function.function("ini_set").param("varname").value("zend.assertions").drop();
71	sp.disable_function.function("ini_set").param("var_name").value("memory_limit").drop();	71	sp.disable_function.function("ini_set").param("varname").value("memory_limit").drop();
72	sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();	72	sp.disable_function.function("ini_set").param("varname").value("include_path").drop();
73	sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();	73	sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();
74		74
75	# Detect some backdoors via environnement recon	75	# Detect some backdoors via environnement recon
76	sp.disable_function.function("ini_get").param("var_name").value("allow_url_fopen").drop();	76	sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();
77	sp.disable_function.function("ini_get").param("var_name").value("open_basedir").drop();	77	sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();
78	sp.disable_function.function("ini_get").param("var_name").value_r("suhosin").drop();	78	sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();
79	sp.disable_function.function("function_exists").param("function_name").value("eval").drop();	79	sp.disable_function.function("function_exists").param("function_name").value("eval").drop();
80	sp.disable_function.function("function_exists").param("function_name").value("exec").drop();	80	sp.disable_function.function("function_exists").param("function_name").value("exec").drop();
81	sp.disable_function.function("function_exists").param("function_name").value("system").drop();	81	sp.disable_function.function("function_exists").param("function_name").value("system").drop();