Kmaiti

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 1 September 2010

How to install suhosin on linux ?

Posted on 04:48 by Unknown
Guys,

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

I have referred following steps to install it on the linux server :

=========
wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz
tar -xvzf suhosin-0.9.32.1.tar.gz
cd suhosin-0.9.32.
phpize
./configure
make
make install
echo "extension=suhosin.so" >> /usr/local/lib/php.ini
=========

Note : You can get latest version of suhosin from that above URL.

Advance setting in the php.ini file(Just add those in php.ini file and restart webserver) :

=========
;************************************************************************
; suhosin Parameters
; For a full list of parameters and their documentation go to:
; (http://www.hardened-php.net/suhosin/configuration.html)
;************************************************************************
[suhosin]
; Logging Configuration
suhosin.log.syslog.facility = 9
suhosin.log.use-x-forwarded-for = Off

; Executor Options
suhosin.executor.max_depth = 0
suhosin.executor.include.max_traversal = 4
suhosin.executor.disable_emodifier = Off
suhosin.executor.allow_symlink = Off
;Example: include.whitelist allows includes from foreign sites,. (comma separated)
;suhosin.executor.include.whitelist = http://externalsite1.tld/, externalsite2.tld/

; Misc Options
suhosin.simulation = Off
;
suhosin.apc_bug_workaround = Off
suhosin.sql.bailout_on_error = Off
suhosin.multiheader = Off
suhosin.mail.protect = 1
suhosin.memory_limit = 20

; Transparent Encryption Options
suhosin.session.encrypt = On
suhosin.session.cryptua = On
suhosin.session.cryptdocroot = On
suhosin.session.cryptraddr = 0
suhosin.cookie.encrypt = On
suhosin.cookie.cryptua = On
suhosin.cookie.cryptraddr = 0

; Filtering Options
suhosin.filter.action = 406
suhosin.cookie.max_array_depth = 100
suhosin.cookie.max_array_index_length = 64
suhosin.cookie.max_name_length = 64
suhosin.cookie.max_totalname_length = 256
suhosin.cookie.max_value_length = 10000
suhosin.cookie.max_vars = 100
suhosin.cookie.disallow_nul = On
suhosin.get.max_array_depth = 50
suhosin.get.max_array_index_length = 64
suhosin.get.max_name_length = 64
suhosin.get.max_totalname_length = 256
suhosin.get.max_value_length = 512
suhosin.get.max_vars = 100
suhosin.get.disallow_nul = On
suhosin.post.max_array_depth = 100
suhosin.post.max_array_index_length = 64
suhosin.post.max_totalname_length = 256
suhosin.post.max_value_length = 65000
suhosin.post.max_vars = 200
suhosin.post.disallow_nul = On
suhosin.request.max_array_depth = 100
suhosin.request.max_array_index_length = 64
suhosin.request.max_totalname_length = 256
suhosin.request.max_value_length = 65000
suhosin.request.max_vars = 200
suhosin.request.max_varname_length = 64
suhosin.request.disallow_nul = On
suhosin.upload.max_uploads = 25
suhosin.upload.disallow_elf = On
suhosin.upload.disallow_binary = Off
suhosin.upload.remove_binary = Off
suhosin.session.max_id_length = 128
;************************************************************************
; End suhosin Parameters
;************************************************************************
=========

That's it try :)
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • unable connect to socket: No route to host (113)
    Guys, This error message usually comes when you try to access remote linux desktop using vncviewer. Please check the firewall in the linux s...
  • NDMP communication failure error
    Guys, Issue : Netbackup server sends alert NDMP communication failure once everyday. But there is no issue to run scheduled backup jobs. Env...
  • How to verify UDP packet communication between two linux system?
    Guys, Today, I had to check UDP packet communication between linux and a windows system. Main purpose of the windows system was to capturing...
  • How to redirect output of script to a file(Need to save log in a file and file should be menioned in the script itself?
    Expectation : @subject Steps : 1. Create a bash script. 2. add line : exec > >(tee /var/log/my_logfile.txt) That's it. All output ...
  • "cluster is not quorate. refusing connection"
    Guys, Environment : Red Hat Enterprise Linux 5.6, RHCS Error : subject line Issue : I am not sure while I got this error in the system log s...
  • Steps to develop patch and apply it to original source file
    1. Create test.c  Above file contains : -------- [kamalma@test-1 C_Programming]$ cat test.c #include #include int main()  {  printf("\n...
  • How to install subversion (svn) on linux ?
    Guys, I have referred the second procedure to install svn on my rhel6 mc. Procedure 1 : ========= cd /usr/local/src/ wget http://subversion...
  • How to add sudo user in linux?
    1. #useradd test123 2. #usermod -G wheel -a test123 //add user to wheel group 3. Uncomment following in /etc/sudoers file : # Uncomment to ...
  • How to change php handler from backend on cpanel server?
    Guys, I have referred the following commands to switch the php handler on the cpanel serevrs: 1. Command to display the current php handler ...
  • How to remotely access the linux desktop from any linux or windows machine?
    Guys, I referred the following steps : ======================= 1. On server-linux(Which will be accessed) : yum install vnc* 2. On client-li...

Categories

  • ACL
  • ESX
  • Linux
  • Storage
  • UCS

Blog Archive

  • ►  2013 (5)
    • ►  May (1)
    • ►  April (3)
    • ►  February (1)
  • ►  2012 (10)
    • ►  July (1)
    • ►  June (1)
    • ►  April (1)
    • ►  March (3)
    • ►  February (3)
    • ►  January (1)
  • ►  2011 (86)
    • ►  December (3)
    • ►  November (2)
    • ►  September (19)
    • ►  August (9)
    • ►  July (5)
    • ►  June (9)
    • ►  May (12)
    • ►  April (3)
    • ►  March (4)
    • ►  February (5)
    • ►  January (15)
  • ▼  2010 (152)
    • ►  December (9)
    • ►  November (34)
    • ►  October (20)
    • ▼  September (14)
      • How to integrate tomcat with apache on cpanel linu...
      • How install MRTG on linux?
      • make: *** [install-webconf] Error 1
      • How to install nagios on cpanel or linux server?
      • How to + extract + untar + unzip .tar.gz file on l...
      • How to repair mysql database or tables of the data...
      • FileList::init() failed: ls_dir_wrapper() failed: ...
      • How to install htop on linux machine?
      • Directory lookup for the file "C:\Program Files\Mi...
      • How to build kernel module + How to develop kernel...
      • How to upgrade kernel on linux?
      • How to manually recompile php on cpanel server?
      • configure: error: This c-client library is built w...
      • How to install suhosin on linux ?
    • ►  August (24)
    • ►  July (19)
    • ►  June (3)
    • ►  May (25)
    • ►  April (3)
    • ►  January (1)
Powered by Blogger.