{* $Id$ *} {title help="Security Admin" admpage="security"}{tr}Security Admin{/tr}{/title} {remarksbox type="tip" title="{tr}Tip{/tr}"} {tr}To report any security issues.{/tr} {tr}For additional security checks, please visit Tiki Server Compatibility Check.{/tr} {/remarksbox}

{tr}Tiki settings{/tr}

{foreach from=$tikisettings key=key item=item} {/foreach} {if !$tikisettings} {norecords _colspan=4} {/if}
{tr}Tiki variable{/tr} {tr}Setting{/tr} {tr}Risk Factor{/tr} {tr}Explanation{/tr}
{$key} {$item.setting} {icon name="{$fmap[$item.risk]['icon']}"} {$item.risk} {$item.message}
{tr}About WikiPlugins and security: Make sure to only grant the "tiki_p_plugin_approve" permission to trusted editors.{/tr} {tr}You can deactivate risky plugins at (tiki-admin.php?page=textarea).{/tr} {tr}You can approve plugin use at tiki-plugins.php.{/tr}

{tr}Security checks{/tr}


{remarksbox type="tip" title="{tr}Info{/tr}"} {tr}Note, that this can take a very long time. You should check your max_execution_time setting in php.ini.{/tr} {/remarksbox}

{if $filecheck}
{foreach from=$tikifiles key=key item=item} {/foreach}
{tr}File checks{/tr}
{tr}Filename{/tr} {tr}State{/tr}
{$key} {$item}
{/if} {tr}Check file permissions{/tr} {remarksbox type="tip" title="{tr}Info{/tr}"} {tr}Note, that this can take a very long time. You should check your max_execution_time setting in php.ini.{/tr}
{tr}This check tries to find files with problematic file permissions. Some file permissions that are shown here as problematic may be unproblematic or unavoidable in some environments.{/tr}
{tr}See end of table for detailed explanations.{/tr} {/remarksbox} {if $permcheck}
{foreach from=$suid key=key item=item} {/foreach} {foreach from=$worldwritable key=key item=item} {/foreach} {foreach from=$apachewritable key=key item=item} {/foreach} {foreach from=$strangeinode key=key item=item} {/foreach} {foreach from=$executable key=key item=item} {/foreach}
{tr}Filename{/tr} {tr}type{/tr} {tr}owner{/tr} {tr}special{/tr} {tr}user{/tr} {tr}group{/tr} {tr}other{/tr}
  {tr}uid{/tr} {tr}gid{/tr} {tr}suid{/tr} {tr}sgid{/tr} {tr}sticky{/tr} {tr}r{/tr}{tr}w{/tr}{tr}x{/tr} {tr}r{/tr}{tr}w{/tr}{tr}x{/tr} {tr}r{/tr}{tr}w{/tr}{tr}x{/tr}
{tr}Set User ID (suid) files{/tr}
{$key} {$item.t} {$item.u} {$item.g} {$item.suid|truex} {$item.sgid|truex} {$item.sticky|truex} {$item.ur|truex}{$item.uw|truex}{$item.ux|truex} {$item.gr|truex}{$item.gw|truex}{$item.gx|truex} {$item.or|truex}{$item.ow|truex}{$item.ox|truex}
{tr}World writable files or directories{/tr}
{$key} {$item.t} {$item.u} {$item.g} {$item.suid|truex} {$item.sgid|truex} {$item.sticky|truex} {$item.ur|truex}{$item.uw|truex}{$item.ux|truex} {$item.gr|truex}{$item.gw|truex}{$item.gx|truex} {$item.or|truex}{$item.ow|truex}{$item.ox|truex}
{tr}Files or directories the Webserver can write to{/tr}
{$key} {$item.t} {$item.u} {$item.g} {$item.suid|truex} {$item.sgid|truex} {$item.sticky|truex} {$item.ur|truex}{$item.uw|truex}{$item.ux|truex} {$item.gr|truex}{$item.gw|truex}{$item.gx|truex} {$item.or|truex}{$item.ow|truex}{$item.ox|truex}
{tr}Strange Inodes (not file, not link, not directory){/tr}
{$key} {$item.t} {$item.u} {$item.g} {$item.suid|truex} {$item.sgid|truex} {$item.sticky|truex} {$item.ur|truex}{$item.uw|truex}{$item.ux|truex} {$item.gr|truex}{$item.gw|truex}{$item.gx|truex} {$item.or|truex}{$item.ow|truex}{$item.ox|truex}
{tr}Executable files{/tr}
{$key} {$item.t} {$item.u} {$item.g} {$item.suid|truex} {$item.sgid|truex} {$item.sticky|truex} {$item.ur|truex}{$item.uw|truex}{$item.ux|truex} {$item.gr|truex}{$item.gw|truex}{$item.gx|truex} {$item.or|truex}{$item.ow|truex}{$item.ox|truex}
{remarksbox type="tip" title="{tr}Info{/tr}"} {tr}What to do with these check results?{/tr}
{tr}Set User ID (suid) files{/tr}
{tr}Suid files are not part of tiki and there is no need for suid files in a webspace. Sometimes intruders that gain elevated privileges leave suid files to "keep the door open".{/tr}
{tr}World writable files or directories{/tr}
{tr}In some environments where you cannot get root or have no other possibilities, it is unavoidable to let your webserver write to some tiki directories like or "temp". In any other case this is not needed. A bug in a script or other users could easily put malicious scripts on your webspace or upload illegal content.{/tr}
{tr}Files or directories the Webserver can write to{/tr}
{tr}The risk is almost the same in shared hosting environments without proper privilege separation (suexec wrappers). The webserver has to be able to write to some directories like "temp". Review the tiki install guide for further information.{/tr}
{tr}Strange Inodes (not file, not link, not directory){/tr}
{tr}Inodes that are not files or directories are not part of tiki. Review these Inodes!{/tr}
{tr}Executable files{/tr}
{tr}Setting the executable bit can be dangerous if the webserver is configured to execute cgi scripts from that directories. If you use the usual php module (for apache) then php scripts and other files in tiki do not need to have the executable bit. You can safely remove the executable bit with chmod.{/tr}
{/remarksbox} {/if}