How to Protect PHP Installation with Suhosin Security Patch

To Protect PHP Installation with Suhosin Security Patch

In this article we are going to discuss about how to Install Suhosin Security Patch in RHEL/Fedora/CentOS. Suhosin is a open source advanced security system for PHP installation. It was designed basically to protect Servers as well as Users from the known or unknown issues.

Suhosin Patch Installation

Before installing Suhosin we can check for the dependency using rpm command as follows,

[root@linuxhelp~]# rpm -qa | grep php
php-cli-5.3.3-46.el6_7.1.x86_64
php-common-5.3.3-46.el6_7.1.x86_64
php-5.3.3-46.el6_7.1.x86_64

So, We need to install dependency package called php-devel and then download suhosin patch using wget command.

[root@linuxhelp~]# yum install php-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: centos.webwerks.com
 * epel: epel.mirror.net.in
 * extras: centos.webwerks.com
 * nux-dextop: li.nux.ro
 * rpmforge: mirror.oscc.org.my
 * updates: centos.webwerks.com
Resolving Dependencies
-->  Running transaction check
--->  Package php-devel.x86_64 0:5.3.3-46.el6_7.1 will be installed
...
...
...
Installed:
  php-devel.x86_64 0:5.3.3-46.el6_7.1                                                                                                   

Complete!

Now the installation is complete.
After that download the tar file using wget command,

[root@linuxhelp~]# wget http://download.suhosin.org/suhosin-0.9.33.tgz
--2016-04-11 14:31:34--  http://download.suhosin.org/suhosin-0.9.33.tgz
Resolving download.suhosin.org... 85.214.50.221
...
...
2016-04-11 14:31:36 (82.4 KB/s) - “ suhosin-0.9.33.tgz”  saved [104488/104488]

Now extract the tar file.

[root@linuxhelp~]# tar -xvf suhosin-0.9.33.tgz

Then execute the following commands for php suhosin installation,

[root@linuxhelp~]# cd suhosin-0.9.33
[root@linuxhelp~]# phpize
[root@linuxhelp~]# ./configure
[root@linuxhelp~]# make
[root@linuxhelp~]# make install
[root@linuxhelp suhosin-0.9.33]# make install
Installing shared extensions:     /usr/lib64/php/modules/

At last it will install the respective modules.

To Create the suhosin configuration file

To Create the suhosin configuration file with the extension which is mentioned below,

[root@linuxhelp~]# echo ' extension=suhosin.so'  >  /etc/php.d/suhosin.ini

Next, restart the web server,

[root@linuxhelp~]# service httpd restart     (for Apache)
[root@linuxhelp~]# service nginx restart     (for NginX)
[root@linuxhelp~]# service lighttpd restart  (for Lighttpd

To verify Suhosin Patch

Execute the below command,

[root@linuxhelp~]# php -v
PHP 5.3.3 (cli) (built: Feb 9 2016 10:36:17)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH

It will show the Suhosin details.

To know more, create a file in web server root directory

[root@linuxhelp~]# vim /var/www/html/info.php

Include the below lines,

And now restart the Apache and call the respective IP address or the Domain name with the file name that is created now,

And you will get the Php version details scroll down to get the Suhosin Package details.

Suhosin patch configuration is successfully shown and further changes are no needed since these are the recommended settings.

Tag : Suhosin Security Patch
FAQ
Q
How to protect the PHP installations?
A
Warnings that glasses expire after three years are outdated, however, says the space agency, writing: If the filters aren't scratched, punctured, or torn, you may reuse them indefinitely.
Q
How to install Suhosin patch on CentOS?
A
Use the following syntax to install Suhosin patch on CentOS. For syntax: "yum install epel-release"
"yum install php-devel php-suhosin".
Q
How to verify the Suhosin patch has installed properly on the system?
A
You can run the following command to check "php" version has installed on the system. Where you can see the "with Suhosin v0.9.33, Copyright (c) by SektionEins GmbH" output of the "php -v" command.
Q
Can you give me the download link to get the latest version of the Suhosin patch for "php" protection?
A
Use the following link to get download the "Suhosin" patch for "php" protection, "https://www.suhosin.org/stories/index.html"
Q
How to create the Suhosin configuration file for adding a Suhosin extension?
A
You can use the following syntax to create the Suhosin configuration file for adding a Suhosin extension. For syntax: "echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini".