Author Topic: /scripts/cwp_security_audit [SECURITY ALERT] Unauthorized port: php-fpm - Fixed  (Read 56 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Code: [Select]
sh /scripts/cwp_security_audit

------------------------------------------------------

[INFO] Auditing cwpsrv (PID: 734540)

[OK] cwpsrv looks clean.

------------------------------------------------------

[INFO] Auditing php-fpm-cwp (PID: 736416)

[SECURITY ALERT] Unauthorized port: php-fpm

Error:Can't add notification!------------------------------------------------------

[INFO] Auditing apache (PID: 733902)

[OK] apache looks clean.

------------------------------------------------------

[DONE] Security audit finished.


1. Why does [SECURITY ALERT] Unauthorized port: php-fpm appear?
The problem is a flaw in how the script parses the text and compares the data.

Port capture: In the "Port Audit" section, the script executes an lsof command combined with awk to find out which ports are open. Due to how your Linux is configured, this command is not returning a number (like 9000), but rather returns the literal word php-fpm.

Validation: Next, the script takes that word (php-fpm) and compares it one by one against its whitelist called ALLOWED_PORTS.

The failure: If you look at the script's configuration line, ALLOWED_PORTS only contains numbers: ("2030" "2031" "2082" "2083" "2086" "2087" "2095" "2096" "9000" "2302" "2304" "8181" "8443" "80" "443"). Since the word php-fpm is obviously not equal to any of those numbers, the script assumes it is an intruder and triggers the security alert echo.

How to solve it permanently (The Patch)
Since it is a local script that you control, you can fix CWP's poor programming in five seconds.

You just have to edit this file (nano /scripts/cwp_security_audit) and include the word "php-fpm" inside the allowed ports array in the initial configuration.

Change this:


Code: [Select]
ALLOWED_PORTS=("2030" "2031" "2082" "2083" "2086" "2087" "2095" "2096" "9000" "2302" "2304" "8181" "8443" "80" "443")

For this:


Code: [Select]
ALLOWED_PORTS=("2030" "2031" "2082" "2083" "2086" "2087" "2095" "2096" "9000" "2302" "2304" "8181" "8443" "80" "443" "php-fpm")