suhosin.simulation
Suhosin‘s features are all configured through the php.ini configuration file. For most users the Suhosin will work out of the box without any change to the default configuration needed.
If you fear that Suhosin breaks your application, you can activate Suhosin’s simulation mode with this flag. When Suhosin runs in simulation mode, violations are logged as usual, but nothing is blocked or removed from the request.
Type: Boolean
Default: Off
When you only use the Suhosin-Patch only the logging features are supported. When you only use the Suhosin-Extension you cannot use the predefined constants for configuration. This is due to the way php.ini constant support is implemented in PHP.
Using hardening tools Suhosin in Cpanel Servers for PHP
The Suhosin extension “was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.”
Reference : http://www.hardened-php.net/suhosin/
Perhaps more importantly, the Suhosin community would be an excellent starting point for learning about flaws in PHP, as well as other extensions, configurations, and techniques you can use to protect your server.
Since many popular scripts are not compatible with Suhosin’s restrictions, you need to test it before moving to production.
Suhosin Install Guide
Suhosin is an advanced protection system for PHP installations.
It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.
The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
Download http://www.hardened-php.net/suhosin/download.html
Installing the Extension
Source - http://download.suhosin.org/suhosin-0.9.29.tgz
# wget http://download.suhosin.org/suhosin-0.9.29.tgz
The next step is unpacking the extension tarball and performing the usual compilation steps for PHP extensions.
#> tar xzvf suhosin-0.9.29.tgz
#> cd suhosin*
#> phpize
#> ./configure
#> make
#> make install
This should install suhosin in the correct extension directory. The final step is adding a load directive to php.ini
Now copy suhosin.so to /usr/lib/php/extensions which php.ini points to.
Checking PHP
Find where your current PHP.ini is and then add the suhosin.so extension to php.ini
Check your /var/log/messages for logs of Suhosin
