Can someone please let me know:
the file permissions number (777 for example)
to which folders and files to apply it ?
in order tio solve the following risks:
Permissions on files in web root directory : Some files or directories are not in a read-only mode
Example: users/1, users/2, export/temp/2, users/3, core/filemanagerdol/browser/default/images/icons/32, includes/webklex/php-imap/vendor/illuminate/contracts/Auth/Access, includes/swiftmailer/lib/classes/Swift/AddressEncoder, includes/stripe/stripe-php/lib/ApiOperations, includes/stripe/stripe-php/lib/Service/Apps, includes/stripe/stripe-php/lib/Apps, includes/sabre/sabre/http/lib/Auth, includes/sabre/sabre/dav/lib/DAV/Auth, includes/swiftmailer/lib/classes/Swift/Transport/Esmtp/Auth, includes/webklex/php-imap/vendor/illuminate/contracts/Auth, includes/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/AutoFilter, includes/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Shared/Escher/DggContainer/BstoreContainer/BSE, includes/sabre/sabre/dav/lib/CalDAV/Backend, includes/sabre/sabre/dav/lib/CardDAV/Backend, includes/sabre/sabre/dav/lib/DAV/PropertyStorage/Backend, includes/sabre/sabre/dav/lib/DAV/Locks/Backend, includes/sabre/sabre/dav/lib/DAV/Auth/Backend, includes/stripe/stripe-php/lib/Service/BillingPortal …
Permissions on file conf/conf.php : The conf file is readable or writable by any users. Give permission to web server user and group only. User: www-data:www-data (POSIX www-data:www-data:/var/www:/usr/sbin/nologin)
$dolibarr_main_prod : 0 If you are on a production environment, you should set this property to 1.
$dolibarr_nocsrfcheck : 0 (Recommended: 0)
$dolibarr_main_restrict_ip : None
$dolibarr_main_restrict_os_commands : mysqldump, mysql, pg_dump, pgrestore, clamdscan, clamscan.exe (Recommended: mysqldump, mysql, pg_dump, pgrestore, clamdscan)
$dolibarr_main_db_pass : Database password is NOT obfuscated in conf file (Recommended: Set option Encrypt database password stored in conf.php. It is strongly recommended to activate this option. to Yes)
PHP session.use_strict_mode = No (Recommended: 1)
PHP session.use_only_cookies = 1 (Recommended: 1)
PHP session.cookie_httponly = 1 (Recommended: 1)
PHP session.cookie_samesite = Lax (Recommended: Lax)
PHP open_basedir = No (Recommended: Some restricted path for data files, Example: /var/www/html,/var/www/html)
PHP short_open_tag = No (Recommended: No)
PHP allow_url_fopen = 1 (Recommended: No)
PHP allow_url_include = No (Recommended: No)
PHP disable_functions =
You should disable PHP functions: pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wifcontinued, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_get_handler, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority, pcntl_async_signals
Except if you need to run system commands in custom code, you shoud disable PHP functions: passthru, shell_exec, system, proc_open, popen
