I got two questions as I was exploring Fortification. Is there any way to re-enable it on GUI, once it’s released or there is no point in that?
If I click “Reset permissions” it seems to work.
But on a webapp, where Fortification was never released, there is nothing marked.
(Exhibit 2 will be in my second post, as I can’t upload it on first one)
I am making wild guess here that RESET mode = Fortification never released mode, or am I not correct?
Question 2:
Does anyone have any “template” or way to make Fortification learn the writable paths for phpBB and Prestashop?
Question 3:
With Fortification disabled (or in release mode), I suppose the user can’t write outside his directory, right?
It is only applicable if there is an app installed for which there is a known profile. For example, WordPress has defined profiles. An unknown app with undefined profiles lacks this.
“Learning Mode” is the best option for this. It’ll release fortification for the set time, then based upon file changes, apply Fortification to those locations. A Manifest allows you to declare writeable locations under the fortification key. Use Learning Mode first to see what changes.
Release grants PHP-FPM unrestricted write-access to files within the application root, which is typically the document root. Files outside of there are unaffected.
