Notes php.ini

; Allow the <? tag. Otherwise, only <?php and <script> tags are recognized. 
short_open_tag = Off

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off
 
 
date.timezone = 'Europe/Paris'
 
Voir https://www.dokuwiki.org/install:php
 
et 
 
https://www.zabbix.com/documentation/2.0/manual/installation/install
 
Apparemment le "safe mode" et remplacé par : 
disable_functions =
 
http://php.net/disable-functions
 
http://php.net/disable-classes
 
max_execution_time 
memory_limit = 
max_input_time = 
default_socket_timeout = 

; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
 
 
sql.safe_mode =

http://www.thonky.com/how-to/prevent-base-64-decode-hack/

allow_url_fopen=Off
allow_url_include=Off
open_basedir = On
register_globals = Off
exec = Off
shell_exec = Off
allow_url_fopen = Off
allow_url_include = Off
 
allow_url_fopen = off
allow_url_include = off
 
 
display_errors = Off       //safe to disable on live site
register_globals = Off    //off by default but a good reminder to check
expose_php = Off         //safe to disable
allow_url_fopen = Off    //might break something
allow_url_include = Off  //might break something
log_errors = On           //logging errors is always a good idea if you check them
error_log = /var/log/phperror.log
enable_dl = Off           //might break something
 
file_uploads = Off //will most likely break something
 
disable_functions="popen,exec,system,passthru,proc_open,shell_exec,show_source,php
disable_functions = =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
disable_functions = show_source,system,shell_exec,passthru,exec,phpinfo,popen,proc_open,allow_url_fopen
 
exec, passthru, shell_exec, system, proc_open, posix_mkfifo, pg_lo_import, dbmopen, dbase_open, popen, chgrp, chown, chmod, symlink, pcntl_exec,
apache_child_terminate, apache_setenv, define_syslog_variables, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid,
posix_setuid, posix_uname, proc_close, pclose, proc_nice, proc_terminate, shell_exec
 
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen, phpinfo, gzinflate, fsockopen, pfsockopen
 
 
apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, show_source, syslog, system, xmlrpc_entity_decode, ini_set
 
 
 
disable_functions = "ln, cat, popen, pclose, posix_getpwuid, posix_getgrgid, posix_kill, parse_perms, system, dl, passthru, exec, shell_exec, popen, proc_close, proc_get_status, proc_nice, proc_open, escapeshellcmd, escapeshellarg, show_source, posix_mkfifo, mysql_list_dbs, get_current_user, getmyuid, pconnect, link, symlink, pcntl_exec, ini_alter, pfsockopen, leak, apache_child_terminate, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, stream_select, socket_select, socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, virtual, chmod, file_upload, delete, deleted, edit, fwrite, cmd, rename, unlink, mkdir, mv, touch, cp, cd, pico"
 
disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"
 
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,parse_ni_file,show_source,phpinfo,proc_open,base64_decode,base64_encodem,proc_terminate;
 
base64_decode
 
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

http://www.totalcomputersusa.com/2012/05/evalbase64_decodehardening-php-how-to-protect-your-site-and-your-visitors/

allow_url_include = Off
allow_url_fopen = Off
session.use_only_cookies = 1
session.cookie_httponly = 1
expose_php = Off
display_errors = Off
register_globals = Off
disable_functions = escapeshellarg, escapeshellcmd,passthru, proc_close, proc_get_status, proc_nice, proc_open,proc_terminate

Voir :

• http://manpagesfr.free.fr/man/man2/listen.2.html
• http://www.saltwaterc.eu/nginx-php-fpm-for-high-loaded-websites.html
• http://serverfault.com/questions/518862/will-increasing-net-core-somaxconn-make-a-difference

/etc/php-fpm.d/www.conf

listen.backlog = -1

man 2 listen
php-fpm -tt -y /etc/php-fpm.conf

cat /proc/sys/net/core/somaxconn

sysctl net.core.somaxconn=1024

Valeur possibles :

• 128
• 1024
• 65535