PHP Easter egg why not OFF by default

I know this is not a big issue but when we are considering NS like a secure platform can we disable it by default?
To be honest adjustments like:

“config setprop php ExposePhp 0”

do not solve a problem.

For expirienced pentest man this pages can give good picture about the php ver etc.
Why not avoid it on OS config layer

Any suggestion about hardening the current config is welcome!

Attackers know well the PHP version of NethServer because it’s publicly available from Centos packages.

1 Like

I don’t think Security through Obscurity is a good practice :smiley:

By the way, if you want to change PHP configuration, beside what is currently supported by props, you can implement a template-custom for /etc/php.d/nethserver.ini or edit any other file inside /etc/php.d/.

Just for reference: