Suhosin Install Guide

Suhosin is an advanced protection system for PHP installations.

It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.

The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Download http://www.hardened-php.net/suhosin/download.html


Installing the Extension

Source - http://download.suhosin.org/suhosin-0.9.29.tgz

# wget http://download.suhosin.org/suhosin-0.9.29.tgz

The next step is unpacking the extension tarball and performing the usual compilation steps for PHP extensions.

#> tar xzvf suhosin-0.9.29.tgz
#> cd suhosin*
#> phpize
#> ./configure
#> make
#> make install

This should install suhosin in the correct extension directory. The final step is adding a load directive to php.ini

extension=suhosin.so

Now copy suhosin.so to /usr/lib/php/extensions which php.ini points to.

Checking PHP

Find where your current PHP.ini is and then add the suhosin.so extension to php.ini

php -i |grep php.ini

Check your /var/log/messages for logs of Suhosin

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.