Q. WordPress and many other open source application developers asks users to protect PHP apps using Suhosin patch to get protection from the full exploit. Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers from various attacks. How do I install Suhosin under RHEL / CentOS / Fedora Linux?
A. Suhosin was designed to protect your servers against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself including wordpress and many other open source php based apps.
Install Suhosin as extension
Download latest version of Suhosin, enter:
# cd /opt
# wget http://download.suhosin.org/suhosin-0.9.27.tgz
Make sure you have php-devel installed:
# yum install php-devel
Compile Suhosin under PHP 5 and RHEL / CentOS Linux
Type the following commands:
# cd suhosin-0.9.27
# phpize
#./configure
# make
# make install
Configure Suhosin
Type the following command to create Suhosin configuration file:
# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini
Restart web server
Type the following command to restart httpd:
# service httpd restart
If you are using lighttpd, enter:
# service lighttpd restart
Verify Suhosin installation
Type the following command:
$ php -v
Sample output:
PHP 5.1.6 (cli) (built: Jun 12 2008 05:02:36)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
with XCache v1.2.2, Copyright (c) 2005-2007, by mOo
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbHYou can find more information by running phpinfo():
<?php phpinfo(); ?>
Sample output:
Fig.01: Suhosin information and settings displayed by phpinfo().
Further readings:
- Suhosin project home page.
- Php project home page.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 7 comments… read them below or add one }
Excllent info.
For build rpm package for Fedora/RHEL/CentOS
rpmbuild --rebuild http://repo.redhat-club.org/devel/redhat/5/SRPMS/suhosin-0.9.27-el5.rhc.1.src.rpm
After I test package it will be here http://repo.redhat-club.org/redhat/5/SRPMS/
Suhosin hasn’t be updated in over a year… is it still a viable project and therefore safe to use?
I’ve not seen any problem and it works like a charm.
straightforward tutorial. Thank you very much
im getting this error after installing the latest suhosin extension: 0.9.32.1, any clue to fix this error?
———————————————————————————————
PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib64/php/modules/suhosin.so’ – /usr/lib64/php/modules/suhosin.so: undefined symbol: zend_atol in Unknown on line 0
PHP 5.2.10 (cli) (built: Nov 13 2009 11:44:05)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
many thanks for TUT :D