{"id":132,"date":"2009-07-31T01:00:12","date_gmt":"2009-07-31T07:00:12","guid":{"rendered":"http:\/\/blog.supportpro.com\/?p=132"},"modified":"2019-10-30T06:18:01","modified_gmt":"2019-10-30T12:18:01","slug":"suhosin","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/suhosin\/","title":{"rendered":"Suhosin .."},"content":{"rendered":"

What is Suhosin?<\/strong><\/p>\n

Suhosin is an advanced protection system for PHP installations.<\/p>\n

Designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.<\/p>\n

Suhosin comes in two independent parts:-<\/p>\n

The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities .<\/p>\n

The second part is a powerful PHP extension that implements all the other protections.<\/p>\n

<\/p>\n

Installing Suhosin:<\/strong><\/p>\n

Download the source file for the Suhosin extension<\/p>\n

cd \/usr\/local\/<\/p>\n

wget http:\/\/www.hardened-php.net\/suhosin\/sin-0.9.18.tgz<\/p>\n

tar -zxvf suhosin-0.9.18.tgz<\/p>\n

cd suhosin-0.9.18<\/p>\n

phpize<\/p>\n

.\/configure<\/p>\n

make<\/p>\n

make install<\/p>\n

copy suhosin.so to \/usr\/lib\/php\/extensions since our php.ini points to that directory.<\/p>\n

Checking PHP :<\/strong><\/p>\n

php -i |grep php.ini<\/p>\n

Configuration File (php.ini) Path => \/usr\/local\/Zend\/etc\/php.ini<\/p>\n

Edit the php.ini<\/p>\n

vi \/usr\/local\/Zend\/etc\/php.ini<\/p>\n

Step 1) Ensure the include path\/extension is set properly.Search for: extension_dir<\/p>\n

You should see something like this:<\/p>\n

include_path = .:\/usr\/lib\/php:\/usr\/local\/lib\/php:\/usr\/lib\/php\/extensions:\/usr\/lib\/php\/extens ions\/no-debug-non-zts-20020429: ;extension_dir = \/usr\/lib\/php\/extensions\/no-debug-non-zts-20020429\/ ; directory in which the loadable extensions (modules) reside.<\/p>\n

Step 2) Add the suhosin.so extension to php.ini<\/p>\n

Search for Dynamic Extensions:<\/p>\n

EG you should see:<\/p>\n

extension=suhosin.so<\/p>\n

Advanced Suhosin Configuration :<\/strong><\/p>\n

Modules:<\/p>\n

Logging Configuration<\/p>\n

Executor Options<\/p>\n

Misc Options<\/p>\n

Transparent Encryption Options<\/p>\n

Filtering Options<\/p>\n

Advantages :<\/strong><\/p>\n

Suhosin is a patch protection for protecting PHP. In clear, you dont need to run apache as cgi to setup suhosin, and this will probably be a very good additional.<\/p>\n

Suhosin to control disable_functions per user and set open_basedir.<\/p>\n

Disadvantages :<\/strong><\/p>\n

Check to make sure that PHP is not compiled with enable-versioning.<\/p>\n

Versioning breaks extensions. You will need to recompile PHP and make sure versioning is turned OFF.<\/p>\n

This only applies if you are using Zend Optimizer. Make sure you are using at least version 3.2.1 or above of Zend Optimizer.<\/p>\n

The extention has strict security settings and there is no guarantee that even useful, safe functions will not be blocked.<\/p>\n

Output of Suhosin:<\/p>\n

php -v<\/p>\n

PHP 4.4.6 (cli) (built: Mar 19 2007 09:54:33)?<\/p>\n

with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies<\/p>\n

with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project<\/p>\n

with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies<\/p>\n

Note to 64 bit OS users:<\/strong><\/p>\n

Check to make sure php.ini is using the proper extension_dir setting:<\/p>\n

extension_dir = \/usr\/lib64\/php4<\/p>\n

http:\/\/mysite.com\/phpinfo.php<\/p>\n

Article Authored by Vinu Vijayan <\/strong><\/p>\n

Author, Vinu Vijayan, is a Systems Engineer with SupportPRO. Vinu specializes in L2 and L3 Linux\/Windows administration. SupportPRO offers 24X7 technical support services to Web hosting companies and service providers.<\/strong><\/p>\n

If you require help, contact SupportPRO Server Admin<\/a><\/p>\n

\"Server<\/a><\/span>