How to Protect PHP Installation with Suhosin Security Patch
To Protect PHP Installation with Suhosin Security Patch
In this article we are going to discuss about how to Install Suhosin Security Patch in RHEL/Fedora/CentOS. Suhosin is a open source advanced security system for PHP installation. It was designed basically to protect Servers as well as Users from the known or unknown issues.
Suhosin Patch Installation
Before installing Suhosin we can check for the dependency using rpm command as follows,
[root@linuxhelp~]# rpm -qa | grep php
php-cli-5.3.3-46.el6_7.1.x86_64
php-common-5.3.3-46.el6_7.1.x86_64
php-5.3.3-46.el6_7.1.x86_64
So, We need to install dependency package called php-devel and then download suhosin patch using wget command.
[root@linuxhelp~]# yum install php-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: centos.webwerks.com
* epel: epel.mirror.net.in
* extras: centos.webwerks.com
* nux-dextop: li.nux.ro
* rpmforge: mirror.oscc.org.my
* updates: centos.webwerks.com
Resolving Dependencies
--> Running transaction check
---> Package php-devel.x86_64 0:5.3.3-46.el6_7.1 will be installed
...
...
...
Installed:
php-devel.x86_64 0:5.3.3-46.el6_7.1
Complete!
Now the installation is complete.
After that download the tar file using wget command,
[root@linuxhelp~]# wget http://download.suhosin.org/suhosin-0.9.33.tgz
--2016-04-11 14:31:34-- http://download.suhosin.org/suhosin-0.9.33.tgz
Resolving download.suhosin.org... 85.214.50.221
...
...
2016-04-11 14:31:36 (82.4 KB/s) - “ suhosin-0.9.33.tgz” saved [104488/104488]
Now extract the tar file.
[root@linuxhelp~]# tar -xvf suhosin-0.9.33.tgz
Then execute the following commands for php suhosin installation,
[root@linuxhelp~]# cd suhosin-0.9.33
[root@linuxhelp~]# phpize
[root@linuxhelp~]# ./configure
[root@linuxhelp~]# make
[root@linuxhelp~]# make install
[root@linuxhelp suhosin-0.9.33]# make install
Installing shared extensions: /usr/lib64/php/modules/
At last it will install the respective modules.
To Create the suhosin configuration file
To Create the suhosin configuration file with the extension which is mentioned below,
[root@linuxhelp~]# echo ' extension=suhosin.so' > /etc/php.d/suhosin.ini
Next, restart the web server,
[root@linuxhelp~]# service httpd restart (for Apache)
[root@linuxhelp~]# service nginx restart (for NginX)
[root@linuxhelp~]# service lighttpd restart (for Lighttpd
To verify Suhosin Patch
Execute the below command,
[root@linuxhelp~]# php -v
PHP 5.3.3 (cli) (built: Feb 9 2016 10:36:17)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH
It will show the Suhosin details.
To know more, create a file in web server root directory
[root@linuxhelp~]# vim /var/www/html/info.php
Include the below lines,
And now restart the Apache and call the respective IP address or the Domain name with the file name that is created now,
And you will get the Php version details scroll down to get the Suhosin Package details.
Suhosin patch configuration is successfully shown and further changes are no needed since these are the recommended settings.
Comments ( 0 )
No comments available