HEX
Server: Apache/2
System: Linux ind.multivistaglobal.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: multivis (1002)
PHP: 8.1.32
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /etc/systemd/system/
Upload Files
File: //etc/systemd/system/php-fpm74.service
# php-fpm startup for DirectAdmin servers
# To alter the FPM environment, drop a file with the suffix
# .conf in /etc/systemd/system/php-fpm.service.d, with
#     [Service]
#     Environment=FOO=bar
# To reload systemd daemon after changes to this file:
# systemctl --system daemon-reload

[Unit]
Description=The PHP FastCGI Process Manager
After=syslog.target network.target

[Service]
Type=notify
PIDFile=/run/php-fpm74.pid
ExecStart=/usr/local/php74/sbin/php-fpm74 --nodaemonize --pid=/run/php-fpm74.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitMEMLOCK=infinity
LimitNOFILE=65535

# Set up a new file system namespace and mounts private /tmp and /var/tmp directories
# so this service cannot access the global directories and other processes cannot
# access this service's directories.
PrivateTmp=true

# Sets up a new /dev namespace for the executed processes and only adds API pseudo devices
# such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it,
# but no physical devices such as /dev/sda.
# CageFS does not work with php-fpm on DirectAdmin servers. The issue is caused by this directive set to true, thus, commented out
#PrivateDevices=true

# Attempts to create memory mappings that are writable and executable at the same time,
# or to change existing memory mappings to become executable are prohibited.

# Commented out, problems with PHP 7.0/7.1 reported
#MemoryDenyWriteExecute=true

# Explicit module loading will be denied. This allows to turn off module load and unload
# operations on modular kernels. It is recommended to turn this on for most services that
# do not need special file systems or extra kernel modules to work.
ProtectKernelModules=true

# Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats,
# /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be made read-only to all processes
# of the unit. Usually, tunable kernel variables should only be written at boot-time, with the
# sysctl.d(5) mechanism. Almost no services need to write to these at runtime; it is hence
# recommended to turn this on for most services.
ProtectKernelTunables=true

# Required for resource throttling
ProtectControlGroups=false

# Any attempts to enable realtime scheduling in a process of the unit are refused.
RestrictRealtime=true

# Restricts the set of socket address families accessible to the processes of this unit.
# Protects against vulnerabilities such as CVE-2016-8655
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX

# Takes away the ability to create or manage any kind of namespace
#RestrictNamespaces=true

[Install]
WantedBy=multi-user.target
@ Telegram