Suhosin (Korean 수호신, meaning guardian-angel) is used to securing PHP web applications such as WordPress and others. Suhosin comes as the extension and the patch. Both parts can be installed separately and have no dependencies to each other. [donotprint]
Tutorial details | |
---|---|
Difficulty | Intermediate (rss) |
Root privileges | Yes |
Requirements | None |
Time | 5m |
How To Installing Suhosin on Debian and Ubuntu [Binary Method]
Type the following command on a Ubuntu Linux 14.04 LTS server:
sudo -s echo 'deb http://repo.suhosin.org/ ubuntu-trusty main' >> /etc/apt/sources.list apt-get update
Debian Linux 8.x user type the following command:
sudo -s echo 'deb http://repo.suhosin.org/ debian-jessie main' >> /etc/apt/sources.list apt-get update
Sample outputs:
Ign http://security.ubuntu.com trusty-security InRelease Get:1 http://security.ubuntu.com trusty-security Release.gpg [933 B] Get:2 http://security.ubuntu.com trusty-security Release [63.5 kB] Ign http://archive.ubuntu.com trusty InRelease Ign http://archive.ubuntu.com trusty-updates InRelease Get:3 http://security.ubuntu.com trusty-security/main amd64 Packages [319 kB] Hit http://archive.ubuntu.com trusty Release.gpg Ign http://repo.suhosin.org ubuntu-trusty InRelease Get:4 http://security.ubuntu.com trusty-security/restricted amd64 Packages [8,875 B] Get:5 http://security.ubuntu.com trusty-security/universe amd64 Packages [111 kB] Get:6 http://archive.ubuntu.com trusty-updates Release.gpg [933 B] Get:7 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [3,683 B] Get:8 http://repo.suhosin.org ubuntu-trusty Release.gpg [816 B] Get:9 http://security.ubuntu.com trusty-security/main Translation-en [172 kB] Hit http://archive.ubuntu.com trusty Release Get:10 http://repo.suhosin.org ubuntu-trusty Release [1,074 B] Get:11 http://archive.ubuntu.com trusty-updates Release [63.5 kB] Get:12 http://repo.suhosin.org ubuntu-trusty/main amd64 Packages [722 B] Hit http://security.ubuntu.com trusty-security/multiverse Translation-en Hit http://archive.ubuntu.com trusty/main amd64 Packages Hit http://security.ubuntu.com trusty-security/restricted Translation-en Hit http://security.ubuntu.com trusty-security/universe Translation-en Hit http://archive.ubuntu.com trusty/restricted amd64 Packages Hit http://archive.ubuntu.com trusty/universe amd64 Packages Hit http://archive.ubuntu.com trusty/multiverse amd64 Packages Hit http://archive.ubuntu.com trusty/main Translation-en Hit http://archive.ubuntu.com trusty/multiverse Translation-en Ign http://repo.suhosin.org ubuntu-trusty/main Translation-en_US Hit http://archive.ubuntu.com trusty/restricted Translation-en Ign http://repo.suhosin.org ubuntu-trusty/main Translation-en Hit http://archive.ubuntu.com trusty/universe Translation-en Get:13 http://archive.ubuntu.com trusty-updates/main amd64 Packages [584 kB] Get:14 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [11.8 kB] Get:15 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [297 kB] Get:16 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [12.0 kB] Hit http://archive.ubuntu.com trusty-updates/main Translation-en Hit http://archive.ubuntu.com trusty-updates/multiverse Translation-en Hit http://archive.ubuntu.com trusty-updates/restricted Translation-en Hit http://archive.ubuntu.com trusty-updates/universe Translation-en Ign http://archive.ubuntu.com trusty/main Translation-en_US Ign http://archive.ubuntu.com trusty/multiverse Translation-en_US Ign http://archive.ubuntu.com trusty/restricted Translation-en_US Ign http://archive.ubuntu.com trusty/universe Translation-en_US Fetched 1,651 kB in 6s (250 kB/s) Reading package lists... Done
The repository suhosin.org is signed with key, so install it with wget command:
## Run as root user ## wget https://sektioneins.de/files/repository.asc sudo apt-key add repository.asc
Sample outputs:
Fig.01: Installing key
sudo apt-get install php5-suhosin-extension
Sample outputs:
Fig.02: Installing php5-suhosin-extension package
Enable the php5-suhosin-extension
sudo php5enmod php5-suhosin
Restart php5-fpm on a Ubuntu LTS 14.04
sudo /sbin/restart php5-fpm
Restart php5-fpm on a Debian Linux 8.0
sudo systemctl restart php5-fpm
Test it
Create a file called test.php:
sudo vi /var/www/test.php
Append the following code:
<?php phpinfo(); ?>
Save and close the file. You can open the Browser and type the following url:
http://server-ip-here/test.php
OR
http://1.2.3.4/test.php
Sample outputs:
Fig.03: Suhosin enabled on server
Configuration
You need to edit the file /etc/php5/mods-available/suhosin.ini, enter:
# vi /etc/php5/mods-available/suhosin.ini
You can see comma separated whitelist of functions are not allowed to be called:
suhosin.executor.func.blacklist = assert,unserialize,exec,popen,proc_open,passthru,shell_exec,system,hail,parse_str,mt_srand suhosin.executor.eval.whitelist = assert,unserialize,exec,popen,proc_open,passthru,shell_exec,system,hail,parse_str,mt_srand
Save and close the file. You need to restart php5-fpm. I suggest you see the configuration page for a complete list of possible configuration options.
🐧 5 comments so far... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Hi,
I’m a beginner and I was wondering, why do we need to install Suhosin ?
Which hacks or kind of hacks are prevent by this extension ?
Steven, for example, there are tons of WordPress exploits that a user could gain access to your OS. They can then us it to send SPAM, or as a part of a larger botnet to hack other sites or DDoS attacks. I’m sysadmin for a hosting company and this is a constant struggle.
Another great article, thanks!
A few questions about “best-practice”:
* Why not create a new repo file in /etc/apt/sources.d/ instead of appending to sources.list? I’ve started doing this based on previous reading and found it’s far easier to manage dist-upgrades.
* At the beginning you have “sudo -s”.
— Again, I’ve read “sudo -i” is the better flag to use?
— Also, once in “sudo -s”, there are still references all through to using sudo, but no point to exit from the original sudo shell.
Had to do “sudo php5enmod suhosin” instead “sudo php5enmod php5-suhosin“, because there is /etc/php5/mods-available/suhosin.ini file not /etc/php5/mods-available/php5-suhosin.ini .
This works. Thanks Hubert!