Red Hat / CentOS Linux Install Suhosin PHP 5 Protection Security Patch

Q. WordPress and many other open source application developers asks users to protect PHP apps using Suhosin patch to get protection from the full exploit. Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers from various attacks. How do I install Suhosin under RHEL / CentOS / Fedora Linux?

ADVERTISEMENTS

A. Suhosin was designed to protect your servers against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself including wordpress and many other open source php based apps.

Install Suhosin as extension

Download latest version of Suhosin, enter:
# cd /opt
# wget http://download.suhosin.org/suhosin-0.9.27.tgz

Make sure you have php-devel installed:
# yum install php-devel

Compile Suhosin under PHP 5 and RHEL / CentOS Linux

Type the following commands:
# cd suhosin-0.9.27
# phpize
#./configure
# make
# make install

Configure Suhosin

Type the following command to create Suhosin configuration file:
# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart web server

Type the following command to restart httpd:
# service httpd restart
If you are using lighttpd, enter:
# service lighttpd restart

Verify Suhosin installation

Type the following command:
$ php -v
Sample output:

PHP 5.1.6 (cli) (built: Jun 12 2008 05:02:36) 
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
    with XCache v1.2.2, Copyright (c) 2005-2007, by mOo
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

You can find more information by running phpinfo():

<?php
phpinfo();
?>

Sample output:

Fig.01: Suhosin information and settings displayed by phpinfo().

Fig.01: Suhosin information and settings displayed by phpinfo().

Further readings:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
9 comments… add one
  • diay Sep 15, 2008 @ 10:48

    Excllent info.

  • Frolov Denis Sep 15, 2008 @ 14:30

    For build rpm package for Fedora/RHEL/CentOS


    rpmbuild --rebuild http://repo.redhat-club.org/devel/redhat/5/SRPMS/suhosin-0.9.27-el5.rhc.1.src.rpm

    After I test package it will be here http://repo.redhat-club.org/redhat/5/SRPMS/

  • Thx1138 Sep 15, 2008 @ 16:30

    Suhosin hasn’t be updated in over a year… is it still a viable project and therefore safe to use?

  • 🐧 nixCraft Sep 15, 2008 @ 17:15

    I’ve not seen any problem and it works like a charm.

  • bypasser Dec 11, 2008 @ 15:08

    straightforward tutorial. Thank you very much

  • MIchael West Nov 27, 2011 @ 22:29

    im getting this error after installing the latest suhosin extension: 0.9.32.1, any clue to fix this error?
    ———————————————————————————————
    PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib64/php/modules/suhosin.so’ – /usr/lib64/php/modules/suhosin.so: undefined symbol: zend_atol in Unknown on line 0
    PHP 5.2.10 (cli) (built: Nov 13 2009 11:44:05)
    Copyright (c) 1997-2009 The PHP Group
    Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

  • ranty Mar 31, 2012 @ 23:29

    many thanks for TUT :D

  • Alper Jun 3, 2013 @ 22:04

    Thank you very much

  • leon Aug 24, 2013 @ 18:53

    when i run php -v command i get the info that suhosin is installed but when i upload the php file to server there is no information about suhosin

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.