e8537460a3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
1.4 KiB
1.4 KiB
Entry-Point Runtime — PHP-FPM
Signals to gather
argv0equalsphp-fpmorphp-fpm8*variants; master process often invoked with-For--nodaemonize.- Configuration files:
/usr/local/etc/php-fpm.conf,www.conf, pool definitions underphp-fpm.d. - PHP runtime artefacts:
composer.json,public/index.php,artisan,wp-config.php. - Environment variables such as
PHP_FPM_CONFIG,PHP_INI_DIR,APP_ENV. - Socket or port exposure (
listen = 9000,/run/php-fpm.sock).
Implementation notes
- Verify master process vs worker processes (master stays PID 1, workers forked).
- Inspect pool configuration to extract listening endpoint and process manager mode.
- If
docker-php-entrypointis involved, ShellFlow must expand tophp-fpm. - Distinguish FPM from CLI invocations (
php script.php) to avoid misclassification.
Evidence & scoring
- Reward confirmed config files and listening sockets.
- Add evidence for application artefacts (Composer lockfile, framework directories).
- Penalise when only the binary is present without config (could be CLI usage).
Edge cases
- Images bundling Apache/Nginx front-ends should end up as
Supervisorwith PHP-FPM as a child service. - Some Alpine packages install
php-fpm7naming—include aliases in detector. - When
php-fpmis launched vias6or supervisor, rely on child detection to avoid double counting.