Update a bit the configuration

author: jvoisin 2017-09-26 17:57:30 +0200
committer: jvoisin 2017-09-26 17:57:30 +0200
commit: 3040b02639bd71dbcd936311546ef9296165aea5 (patch)
tree: 871173e901c04255de595653b8e1dc237a675b51 /doc/source/faq.rst
parent: 3c14dba94e837322e030b19b41654952624cb485 (diff)
1 files changed, 17 insertions, 10 deletions
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index cd9dfe3..09cb244 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -36,13 +36,14 @@ Like PHP's `ElePHPant <https://secure.php.net/elephpant.php>`_,
 we thought that using an elephant as a mascot would be a great idea.
-Why did you write Snuffleupagus?
+Who are you and why did you write Snuffleupagus?
-""""""""""""""""""""""""""""""""
+""""""""""""""""""""""""""""""""""""""""""""""""
 We're working for `NBS System <https://nbs-system.com/en/>`__,
 a web hosting company (meaning that we're dealing with PHP code all day long),
 with a strong focus on security. We do have hardening
-(kernel, `WAF <https://naxsi.org>`_, `IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, …)
+(`kernel <https://grsecurity.net/>`_, `WAF <https://naxsi.org>`_,
+`IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, …)
 below the web stack, but most of the time, when a website is compromised,
 it's either to send ads, spam, deface it, steal data, …
 This is why we need to harden the website itself too, but we can't touch its
@@ -60,7 +61,8 @@ We're huge fans of `Suhosin <https://suhosin.org>`_, unfortunately:
 We're using the `disable_function <https://secure.php.net/manual/en/ini.core.php#ini.disable-functions>`_
 directive, but unfortunately, it doesn't provide enough usable granularity (guess how many CMS are using
-``system`` to do various mandatory maintenance tasks…).
+the `system <https://secure.php.net/manual/en/function.system.php#refsect1-function.system-notes>`_
+function to perform various mandatory maintenance tasks…).
 This is why we decided to write our own hardening module, in the spirit of Suhosin,
 via virtual-patching support, and other cool new features.
@@ -91,8 +93,8 @@ How mature is this project?
 """""""""""""""""""""""""""
 This project was floating around since early 2016, and we did the first commit
-the 28ᵗʰ of December of the same year. We're currently in a private alpha phase,
+the 28ᵗʰ of December of the same year. We're currently in an alpha phase,
-finding and fixing as much bugs as possible with the help of friends.
+finding and fixing as much bugs as possible before the beta.
 Are you saying that PHP isn't secure?
 """""""""""""""""""""""""""""""""""""
@@ -108,6 +110,9 @@ issues, as stated in their `documentation <https://wiki.php.net/security#not_a_s
 We do think that an security issue that "requires the use of code or settings known to be insecure"
 is still a security issue, and should be treated as such.
+We don't have the pretention to state that Snuffleupagus will magically solve
+all your security issues, but we believe that it might definitely help.
 Installation and configuration
 ------------------------------
@@ -115,8 +120,10 @@ Can snuffleupagus break my application?
 """""""""""""""""""""""""""""""""""""""
 Yes.
-Some options won't break anything, like ``harden_rand``, but some like ``global_strict``
+Some options won't break anything, like :ref:`harden-rand <harden-rand-feature>`,
-or overly-restrictives virtual-patching rules might pretty well break your website.
+but some like :ref:`global_strict <global-strict-feature>`
+or overly-restrictives :ref:`virtual-patching<virtual-patching-feature>`
+rules might pretty well break your website.
 It's up to you to configure Snuffleupaggus accordingly to your needs.
 You can also enable the ``simulation`` mode on features that you're not sure about,
@@ -130,7 +137,7 @@ By checking the logs; Snuffleupagus systematically prefix them with ``[snuffleup
 Does Snuffleupagus run on Windows?
 """"""""""""""""""""""""""""""""""
-No idea.
+No idea, feel free to `try <https://github.com/nbs-system/snuffleupagus/issues/2>`_.
 Will Snuffleupagus run on my old PHP 5?
@@ -206,7 +213,7 @@ Where can I find even more help?
 """"""""""""""""""""""""""""""""
 The :doc:`configuration page <config>` might be what you're looking for.
 If you're adventurous, you can also check the `issue tracker <https://github.com/nbs-system/snuffleupagus/issues/?q=is%3Aissue>`_
-(make sure to check the closed issues too).
+(make sure to check the `closed issues <https://github.com/nbs-system/snuffleupagus/issues?q=is%3Aissue+is%3Aclosed>`_ too).
 I need professional support for my company.
 """""""""""""""""""""""""""""""""""""""""""
author	jvoisin	2017-09-26 17:57:30 +0200
committer	jvoisin	2017-09-26 17:57:30 +0200
commit	3040b02639bd71dbcd936311546ef9296165aea5 (patch)
tree	871173e901c04255de595653b8e1dc237a675b51 /doc/source/faq.rst
parent	3c14dba94e837322e030b19b41654952624cb485 (diff)

diff --git a/doc/source/faq.rst b/doc/source/faq.rst index cd9dfe3..09cb244 100644 --- a/doc/source/faq.rst +++ b/doc/source/faq.rst
@@ -36,13 +36,14 @@ Like PHP's `ElePHPant <https://secure.php.net/elephpant.php>`_,
36	we thought that using an elephant as a mascot would be a great idea.	36	we thought that using an elephant as a mascot would be a great idea.
37		37
38		38
39	Why did you write Snuffleupagus?	39	Who are you and why did you write Snuffleupagus?
40	""""""""""""""""""""""""""""""""	40	""""""""""""""""""""""""""""""""""""""""""""""""
41		41
42	We're working for `NBS System <https://nbs-system.com/en/>`__,	42	We're working for `NBS System <https://nbs-system.com/en/>`__,
43	a web hosting company (meaning that we're dealing with PHP code all day long),	43	a web hosting company (meaning that we're dealing with PHP code all day long),
44	with a strong focus on security. We do have hardening	44	with a strong focus on security. We do have hardening
45	(kernel, `WAF <https://naxsi.org>`_, `IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, …)	45	(`kernel <https://grsecurity.net/>`_, `WAF <https://naxsi.org>`_,
		46	`IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, …)
46	below the web stack, but most of the time, when a website is compromised,	47	below the web stack, but most of the time, when a website is compromised,
47	it's either to send ads, spam, deface it, steal data, …	48	it's either to send ads, spam, deface it, steal data, …
48	This is why we need to harden the website itself too, but we can't touch its	49	This is why we need to harden the website itself too, but we can't touch its
@@ -60,7 +61,8 @@ We're huge fans of `Suhosin <https://suhosin.org>`_, unfortunately:
60		61
61	We're using the `disable_function <https://secure.php.net/manual/en/ini.core.php#ini.disable-functions>`_	62	We're using the `disable_function <https://secure.php.net/manual/en/ini.core.php#ini.disable-functions>`_
62	directive, but unfortunately, it doesn't provide enough usable granularity (guess how many CMS are using	63	directive, but unfortunately, it doesn't provide enough usable granularity (guess how many CMS are using
63	``system`` to do various mandatory maintenance tasks…).	64	the `system <https://secure.php.net/manual/en/function.system.php#refsect1-function.system-notes>`_
		65	function to perform various mandatory maintenance tasks…).
64		66
65	This is why we decided to write our own hardening module, in the spirit of Suhosin,	67	This is why we decided to write our own hardening module, in the spirit of Suhosin,
66	via virtual-patching support, and other cool new features.	68	via virtual-patching support, and other cool new features.
@@ -91,8 +93,8 @@ How mature is this project?
91	"""""""""""""""""""""""""""	93	"""""""""""""""""""""""""""
92		94
93	This project was floating around since early 2016, and we did the first commit	95	This project was floating around since early 2016, and we did the first commit
94	the 28ᵗʰ of December of the same year. We're currently in a private alpha phase,	96	the 28ᵗʰ of December of the same year. We're currently in an alpha phase,
95	finding and fixing as much bugs as possible with the help of friends.	97	finding and fixing as much bugs as possible before the beta.
96		98
97	Are you saying that PHP isn't secure?	99	Are you saying that PHP isn't secure?
98	"""""""""""""""""""""""""""""""""""""	100	"""""""""""""""""""""""""""""""""""""
@@ -108,6 +110,9 @@ issues, as stated in their `documentation <https://wiki.php.net/security#not_a_s
108	We do think that an security issue that "requires the use of code or settings known to be insecure"	110	We do think that an security issue that "requires the use of code or settings known to be insecure"
109	is still a security issue, and should be treated as such.	111	is still a security issue, and should be treated as such.
110		112
		113	We don't have the pretention to state that Snuffleupagus will magically solve
		114	all your security issues, but we believe that it might definitely help.
		115
111	Installation and configuration	116	Installation and configuration
112	------------------------------	117	------------------------------
113		118
@@ -115,8 +120,10 @@ Can snuffleupagus break my application?
115	"""""""""""""""""""""""""""""""""""""""	120	"""""""""""""""""""""""""""""""""""""""
116	Yes.	121	Yes.
117		122
118	Some options won't break anything, like ``harden_rand``, but some like ``global_strict``	123	Some options won't break anything, like :ref:`harden-rand <harden-rand-feature>`,
119	or overly-restrictives virtual-patching rules might pretty well break your website.	124	but some like :ref:`global_strict <global-strict-feature>`
		125	or overly-restrictives :ref:`virtual-patching<virtual-patching-feature>`
		126	rules might pretty well break your website.
120	It's up to you to configure Snuffleupaggus accordingly to your needs.	127	It's up to you to configure Snuffleupaggus accordingly to your needs.
121		128
122	You can also enable the ``simulation`` mode on features that you're not sure about,	129	You can also enable the ``simulation`` mode on features that you're not sure about,
@@ -130,7 +137,7 @@ By checking the logs; Snuffleupagus systematically prefix them with ``[snuffleup
130		137
131	Does Snuffleupagus run on Windows?	138	Does Snuffleupagus run on Windows?
132	""""""""""""""""""""""""""""""""""	139	""""""""""""""""""""""""""""""""""
133	No idea.	140	No idea, feel free to `try <https://github.com/nbs-system/snuffleupagus/issues/2>`_.
134		141
135		142
136	Will Snuffleupagus run on my old PHP 5?	143	Will Snuffleupagus run on my old PHP 5?
@@ -206,7 +213,7 @@ Where can I find even more help?
206	""""""""""""""""""""""""""""""""	213	""""""""""""""""""""""""""""""""
207	The :doc:`configuration page <config>` might be what you're looking for.	214	The :doc:`configuration page <config>` might be what you're looking for.
208	If you're adventurous, you can also check the `issue tracker <https://github.com/nbs-system/snuffleupagus/issues/?q=is%3Aissue>`_	215	If you're adventurous, you can also check the `issue tracker <https://github.com/nbs-system/snuffleupagus/issues/?q=is%3Aissue>`_
209	(make sure to check the closed issues too).	216	(make sure to check the `closed issues <https://github.com/nbs-system/snuffleupagus/issues?q=is%3Aissue+is%3Aclosed>`_ too).
210		217
211	I need professional support for my company.	218	I need professional support for my company.
212	"""""""""""""""""""""""""""""""""""""""""""	219	"""""""""""""""""""""""""""""""""""""""""""