Protecting PHP Installation with Suhosin Security Patch in CentOS

Suhosin Is an advanced protection system for PHP installations. It aims to protect servers and users from known and unknown vulnerabilities in PHP applications and PHP core. Suhosin Divided into two separate parts that can be used individually or in combination. The first part is a small patch for the PHP core, which implements some low-level protection against buffer overflows or format string vulnerabilities, and the second part is a powerful feature PHP extension Implement all other protective measures.

Install Suhosin patch with source code

First time installation PHP development Package and download the latest version Suhosin patchUse the wget command and unzip it.

# yum install php-devel
# wget http://download.suhosin.org/suhosin-0.9.33.tgz
# tar -xvf suhosin-0.9.33.tgz

Now follow these commands to compile suhosin patch for php installation.

# cd suhosin-0.9.33
# phpize
# ./configure
# make
# make install

Create suhosin configuration file By adding a suhosin extension to it.

# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart web server Apache, Nginx Either Lighttpd.

# service httpd restart
# service nginx restart
# service lighttpd restart

Install Suhosin patch using EPEL repository

First, open the EPEL repository and type the following yum command to install:

# yum install php-devel
# yum install php-suhosin

Restart web server Apache, Nginx Either Lighttpd.

# service httpd restart
# service nginx restart
# service lighttpd restart

Verify Suhosin Patch

Type the following command to verify the installation of suhosin.

# php -v

To find more information about the suhosin patch, create the following file under the web server root directory. E.g, (/ var / www / html /).

# vi phpinfo.php

Add the following lines to it.

Now try to access the page using any web browser and enter http: //youripaddress/info.php. You will see it on the screen below.

Screenshots from 2013-04-23 23:37:48

Sidebar