What is Suhosin?
Suhosin is an advanced protection system for PHP installations.
Designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.
Suhosin comes in two independent parts:-
The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities .
The second part is a powerful PHP extension that implements all the other protections.
Download the source file for the Suhosin extension
tar -zxvf suhosin-0.9.18.tgz
copy suhosin.so to /usr/lib/php/extensions since our php.ini points to that directory.
Checking PHP :
php -i |grep php.ini
Configuration File (php.ini) Path => /usr/local/Zend/etc/php.ini
Edit the php.ini
Step 1) Ensure the include path/extension is set properly.Search for: extension_dir
You should see something like this:
include_path = .:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extens ions/no-debug-non-zts-20020429: ;extension_dir = /usr/lib/php/extensions/no-debug-non-zts-20020429/ ; directory in which the loadable extensions (modules) reside.
Step 2) Add the suhosin.so extension to php.ini
Search for Dynamic Extensions:
EG you should see:
Advanced Suhosin Configuration :
Transparent Encryption Options
Suhosin is a patch protection for protecting PHP. In clear, you dont need to run apache as cgi to setup suhosin, and this will probably be a very good additional.
Suhosin to control disable_functions per user and set open_basedir.
Check to make sure that PHP is not compiled with enable-versioning.
Versioning breaks extensions. You will need to recompile PHP and make sure versioning is turned OFF.
This only applies if you are using Zend Optimizer. Make sure you are using at least version 3.2.1 or above of Zend Optimizer.
The extention has strict security settings and there is no guarantee that even useful, safe functions will not be blocked.
Output of Suhosin:
PHP 4.4.6 (cli) (built: Mar 19 2007 09:54:33)?
with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies
with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies
Note to 64 bit OS users:
Check to make sure php.ini is using the proper extension_dir setting:
extension_dir = /usr/lib64/php4
Article Authored by Vinu Vijayan
Author, Vinu Vijayan, is a Systems Engineer with SupportPRO. Vinu specializes in L2 and L3 Linux/Windows administration. SupportPRO offers 24X7 technical support services to Web hosting companies and service providers.
If you require help, contact SupportPRO Server Admin