1、禁用PHP不安全函数:
vim /usr/local/php/etc/php.ini
disable_functions = system,exec,shell_exec,passthru,proc_open,proc_close, proc_get_status,checkdnsrr,getmxrr
disable_functions = getservbyport, syslog,popen,show_source,highlight_file,dl,socket_listen,socket_create,socket_bind
disable_functions = socket_accept, socket_connect,getservbyname,posix_times,posix_ttyname,posix_uname
disable_functions = posix_getrlimit, posix_getsid,posix_getuid,posix_get_last_error
disable_functions = stream_socket_server, stream_socket_accept,stream_socket_client,posix_isatty, posix_kill,posix_getgrgid
disable_functions = posix_getgrnam,posix_getgroups,posix_getlogin,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid
disable_functions = ftp_connect, ftp_login,ftp_pasv,ftp_get,sys_getloadavg,disk_total_space, disk_free_space,posix_ctermid
disable_functions = posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid,
disable_functions = posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror
2、禁用PHP不安全类
disable_classes = SQLiteDatabase,SQLiteResult,SQLiteUnbuffered,SQLiteException
3、重启PHP-FPM
systemctl restart php-fpm
本文转自 boy461205160 51CTO博客,原文链接:http://blog.51cto.com/461205160/1949724