Protect PHP Installation with Suhosin Security Patch in

Protect PHP Installation with Suhosin Security Patch in 

http://kb.datapool.vn/how-to-huong-dan-chi-tiet-cai-cac-modules-ho-tro-ma-nguon-php-tren-linux-bang-open-source-2/

RHEL / CentOS / Fedora

By Ravi Saive Under: CentOS, Fedora, Linux Distros, RedHat On: December 5, 2012

Suhosin is an open source advanced security and protection patch system for PHP installation. The main goal of suhosin is to protect servers and users against various unknown vulnerabilities and other known and unknown flaws in applications including WordPress and many other php based applications.

Install Suhosin Patch for PHP Installation in Linux

In this article we will show you two methods for installing Suhosin Patch under RHEL /CentOS / Fedora systems. Please note in some Linux distributions like Debian and Ubuntu, suhosin shipped by default.

See also : Protect Linux Servers with LMD (Linux Malware Detect)

The first part includes using source code installation and the second part instillation is by turning on third party epel repository.

Part 1: Installing Suhosin Patch using Source Code

First install dependency package php-devel and then download latest version of suhosin patchusing wget command and unpack it.

# yum install php-devel
# wget http://download.suhosin.org/suhosin-0.9.33.tgz
# tar -xvf suhosin-0.9.33.tgz

Next, run the following commands to compile suhosin patch for php installation.

# cd suhosin-0.9.33
# phpize
# ./configure
# make
# make install

Create the suhosin configuration file by adding suhosin extension to it.

# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart the web server Apache, Nginx or Lighttpd.

# service httpd restart
# service nginx restart
# service lighttpd restart

Part 2: Installing Suhosin Patch using EPEL repository

Turn on EPEL repository under RHEL / CentOS systems and then run the following command to install it. (Note : Fedora user’s don’t need to add epel repository).

# yum install php-devel
# yum install php-suhosin

Restart the web server Apache, Nginx or Lighttpd.

# service httpd restart
# service nginx restart
# service lighttpd restart

Verify Suhosin Patch

Type the following command to verify suhosin installation.

# php -v

PHP 5.3.3 (cli) (built: Jul  3 2012 16:40:30)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH

To find out more information about suhosin patch create the following file under your web server root directory. For example, (/var/www/html/).

# vi phpinfo.php

Add the following lines to it.

<?php

     phpinfo ();
?>

Now try to access the page using any web browser and typehttp://yourdomain.com/phpinfo.php. You will see below screen.

Suhosin Configuration Preview

Suhosin comes with default configuration and works out of the box, no further changes needed. But if you would like configure it according to your setup, then visit the suhosin configurate page for more information.