Kmaiti

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 1 September 2010

How to install suhosin on linux ?

Posted on 04:48 by Unknown
Guys,

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

I have referred following steps to install it on the linux server :

=========
wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz
tar -xvzf suhosin-0.9.32.1.tar.gz
cd suhosin-0.9.32.
phpize
./configure
make
make install
echo "extension=suhosin.so" >> /usr/local/lib/php.ini
=========

Note : You can get latest version of suhosin from that above URL.

Advance setting in the php.ini file(Just add those in php.ini file and restart webserver) :

=========
;************************************************************************
; suhosin Parameters
; For a full list of parameters and their documentation go to:
; (http://www.hardened-php.net/suhosin/configuration.html)
;************************************************************************
[suhosin]
; Logging Configuration
suhosin.log.syslog.facility = 9
suhosin.log.use-x-forwarded-for = Off

; Executor Options
suhosin.executor.max_depth = 0
suhosin.executor.include.max_traversal = 4
suhosin.executor.disable_emodifier = Off
suhosin.executor.allow_symlink = Off
;Example: include.whitelist allows includes from foreign sites,. (comma separated)
;suhosin.executor.include.whitelist = http://externalsite1.tld/, externalsite2.tld/

; Misc Options
suhosin.simulation = Off
;
suhosin.apc_bug_workaround = Off
suhosin.sql.bailout_on_error = Off
suhosin.multiheader = Off
suhosin.mail.protect = 1
suhosin.memory_limit = 20

; Transparent Encryption Options
suhosin.session.encrypt = On
suhosin.session.cryptua = On
suhosin.session.cryptdocroot = On
suhosin.session.cryptraddr = 0
suhosin.cookie.encrypt = On
suhosin.cookie.cryptua = On
suhosin.cookie.cryptraddr = 0

; Filtering Options
suhosin.filter.action = 406
suhosin.cookie.max_array_depth = 100
suhosin.cookie.max_array_index_length = 64
suhosin.cookie.max_name_length = 64
suhosin.cookie.max_totalname_length = 256
suhosin.cookie.max_value_length = 10000
suhosin.cookie.max_vars = 100
suhosin.cookie.disallow_nul = On
suhosin.get.max_array_depth = 50
suhosin.get.max_array_index_length = 64
suhosin.get.max_name_length = 64
suhosin.get.max_totalname_length = 256
suhosin.get.max_value_length = 512
suhosin.get.max_vars = 100
suhosin.get.disallow_nul = On
suhosin.post.max_array_depth = 100
suhosin.post.max_array_index_length = 64
suhosin.post.max_totalname_length = 256
suhosin.post.max_value_length = 65000
suhosin.post.max_vars = 200
suhosin.post.disallow_nul = On
suhosin.request.max_array_depth = 100
suhosin.request.max_array_index_length = 64
suhosin.request.max_totalname_length = 256
suhosin.request.max_value_length = 65000
suhosin.request.max_vars = 200
suhosin.request.max_varname_length = 64
suhosin.request.disallow_nul = On
suhosin.upload.max_uploads = 25
suhosin.upload.disallow_elf = On
suhosin.upload.disallow_binary = Off
suhosin.upload.remove_binary = Off
suhosin.session.max_id_length = 128
;************************************************************************
; End suhosin Parameters
;************************************************************************
=========

That's it try :)
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • How to verify UDP packet communication between two linux system?
    Guys, Today, I had to check UDP packet communication between linux and a windows system. Main purpose of the windows system was to capturing...
  • [a fatal error or timeout occurred while processing this directive] + cpanel
    Guys, Just check the cpanel log file and you'll get the clue from there. I got following messages : execute : tail -f /usr/local/cpanel/...
  • NDMP communication failure error
    Guys, Issue : Netbackup server sends alert NDMP communication failure once everyday. But there is no issue to run scheduled backup jobs. Env...
  • unable connect to socket: No route to host (113)
    Guys, This error message usually comes when you try to access remote linux desktop using vncviewer. Please check the firewall in the linux s...
  • Steps to develop patch and apply it to original source file
    1. Create test.c  Above file contains : -------- [kamalma@test-1 C_Programming]$ cat test.c #include #include int main()  {  printf("\n...
  • "cluster is not quorate. refusing connection"
    Guys, Environment : Red Hat Enterprise Linux 5.6, RHCS Error : subject line Issue : I am not sure while I got this error in the system log s...
  • How to remotely access the linux desktop from any linux or windows machine?
    Guys, I referred the following steps : ======================= 1. On server-linux(Which will be accessed) : yum install vnc* 2. On client-li...
  • How to redirect output of script to a file(Need to save log in a file and file should be menioned in the script itself?
    Expectation : @subject Steps : 1. Create a bash script. 2. add line : exec > >(tee /var/log/my_logfile.txt) That's it. All output ...
  • Details about NFS timeout on Red Hat Enterprise Linux 5
    There are two mount options for timeouts of an NFS request. # timeo: a timeout value. the unit is 1/10 seconds. # retran...
  • How to change php handler from backend on cpanel server?
    Guys, I have referred the following commands to switch the php handler on the cpanel serevrs: 1. Command to display the current php handler ...

Categories

  • ACL
  • ESX
  • Linux
  • Storage
  • UCS

Blog Archive

  • ►  2013 (5)
    • ►  May (1)
    • ►  April (3)
    • ►  February (1)
  • ►  2012 (10)
    • ►  July (1)
    • ►  June (1)
    • ►  April (1)
    • ►  March (3)
    • ►  February (3)
    • ►  January (1)
  • ►  2011 (86)
    • ►  December (3)
    • ►  November (2)
    • ►  September (19)
    • ►  August (9)
    • ►  July (5)
    • ►  June (9)
    • ►  May (12)
    • ►  April (3)
    • ►  March (4)
    • ►  February (5)
    • ►  January (15)
  • ▼  2010 (152)
    • ►  December (9)
    • ►  November (34)
    • ►  October (20)
    • ▼  September (14)
      • How to integrate tomcat with apache on cpanel linu...
      • How install MRTG on linux?
      • make: *** [install-webconf] Error 1
      • How to install nagios on cpanel or linux server?
      • How to + extract + untar + unzip .tar.gz file on l...
      • How to repair mysql database or tables of the data...
      • FileList::init() failed: ls_dir_wrapper() failed: ...
      • How to install htop on linux machine?
      • Directory lookup for the file "C:\Program Files\Mi...
      • How to build kernel module + How to develop kernel...
      • How to upgrade kernel on linux?
      • How to manually recompile php on cpanel server?
      • configure: error: This c-client library is built w...
      • How to install suhosin on linux ?
    • ►  August (24)
    • ►  July (19)
    • ►  June (3)
    • ►  May (25)
    • ►  April (3)
    • ►  January (1)
Powered by Blogger.