Kmaiti

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 1 September 2010

How to install suhosin on linux ?

Posted on 04:48 by Unknown
Guys,

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

I have referred following steps to install it on the linux server :

=========
wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz
tar -xvzf suhosin-0.9.32.1.tar.gz
cd suhosin-0.9.32.
phpize
./configure
make
make install
echo "extension=suhosin.so" >> /usr/local/lib/php.ini
=========

Note : You can get latest version of suhosin from that above URL.

Advance setting in the php.ini file(Just add those in php.ini file and restart webserver) :

=========
;************************************************************************
; suhosin Parameters
; For a full list of parameters and their documentation go to:
; (http://www.hardened-php.net/suhosin/configuration.html)
;************************************************************************
[suhosin]
; Logging Configuration
suhosin.log.syslog.facility = 9
suhosin.log.use-x-forwarded-for = Off

; Executor Options
suhosin.executor.max_depth = 0
suhosin.executor.include.max_traversal = 4
suhosin.executor.disable_emodifier = Off
suhosin.executor.allow_symlink = Off
;Example: include.whitelist allows includes from foreign sites,. (comma separated)
;suhosin.executor.include.whitelist = http://externalsite1.tld/, externalsite2.tld/

; Misc Options
suhosin.simulation = Off
;
suhosin.apc_bug_workaround = Off
suhosin.sql.bailout_on_error = Off
suhosin.multiheader = Off
suhosin.mail.protect = 1
suhosin.memory_limit = 20

; Transparent Encryption Options
suhosin.session.encrypt = On
suhosin.session.cryptua = On
suhosin.session.cryptdocroot = On
suhosin.session.cryptraddr = 0
suhosin.cookie.encrypt = On
suhosin.cookie.cryptua = On
suhosin.cookie.cryptraddr = 0

; Filtering Options
suhosin.filter.action = 406
suhosin.cookie.max_array_depth = 100
suhosin.cookie.max_array_index_length = 64
suhosin.cookie.max_name_length = 64
suhosin.cookie.max_totalname_length = 256
suhosin.cookie.max_value_length = 10000
suhosin.cookie.max_vars = 100
suhosin.cookie.disallow_nul = On
suhosin.get.max_array_depth = 50
suhosin.get.max_array_index_length = 64
suhosin.get.max_name_length = 64
suhosin.get.max_totalname_length = 256
suhosin.get.max_value_length = 512
suhosin.get.max_vars = 100
suhosin.get.disallow_nul = On
suhosin.post.max_array_depth = 100
suhosin.post.max_array_index_length = 64
suhosin.post.max_totalname_length = 256
suhosin.post.max_value_length = 65000
suhosin.post.max_vars = 200
suhosin.post.disallow_nul = On
suhosin.request.max_array_depth = 100
suhosin.request.max_array_index_length = 64
suhosin.request.max_totalname_length = 256
suhosin.request.max_value_length = 65000
suhosin.request.max_vars = 200
suhosin.request.max_varname_length = 64
suhosin.request.disallow_nul = On
suhosin.upload.max_uploads = 25
suhosin.upload.disallow_elf = On
suhosin.upload.disallow_binary = Off
suhosin.upload.remove_binary = Off
suhosin.session.max_id_length = 128
;************************************************************************
; End suhosin Parameters
;************************************************************************
=========

That's it try :)
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • unable connect to socket: No route to host (113)
    Guys, This error message usually comes when you try to access remote linux desktop using vncviewer. Please check the firewall in the linux s...
  • NDMP communication failure error
    Guys, Issue : Netbackup server sends alert NDMP communication failure once everyday. But there is no issue to run scheduled backup jobs. Env...
  • what does it mean by "cman expected_votes="1" two_node="1" in cluster.conf ?
    For two node clusters ordinarily, the loss of quorum after one out of two nodes fails will prevent the remaining node from continuing (if bo...
  • How to make bridge over VLAN?
    How to make bridge over VLAN? Bridging over VLAN's : By constructing a bridge between a "normal" and a "VLAN" ethern...
  • How to verify UDP packet communication between two linux system?
    Guys, Today, I had to check UDP packet communication between linux and a windows system. Main purpose of the windows system was to capturing...
  • How to install pdo_mysql module with php on 64 bit linux machine?
    Guys, The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver ...
  • configure: error: C preprocessor "/lib/cpp" fails sanity check + Resolved
    Guys, I got that error messages when I was going to configure any software on the linux server. I was unable to execute easyapache or ./conf...
  • configure: error: could not find library containing RSA_new
    Guys, It seems you have enabled the SSL option during configuring the package. Please either resolve that dependency or disable the SSL opti...
  • Cannot find config.m4 + phpize +Resolved
    Guys, I got the same error messages and sorted out it. Here is the error that I got. ===== root@server [/home/cpeasyapache/src/php-5.2.9/ext...
  • How to redirect output of script to a file(Need to save log in a file and file should be menioned in the script itself?
    Expectation : @subject Steps : 1. Create a bash script. 2. add line : exec > >(tee /var/log/my_logfile.txt) That's it. All output ...

Categories

  • ACL
  • ESX
  • Linux
  • Storage
  • UCS

Blog Archive

  • ►  2013 (5)
    • ►  May (1)
    • ►  April (3)
    • ►  February (1)
  • ►  2012 (10)
    • ►  July (1)
    • ►  June (1)
    • ►  April (1)
    • ►  March (3)
    • ►  February (3)
    • ►  January (1)
  • ►  2011 (86)
    • ►  December (3)
    • ►  November (2)
    • ►  September (19)
    • ►  August (9)
    • ►  July (5)
    • ►  June (9)
    • ►  May (12)
    • ►  April (3)
    • ►  March (4)
    • ►  February (5)
    • ►  January (15)
  • ▼  2010 (152)
    • ►  December (9)
    • ►  November (34)
    • ►  October (20)
    • ▼  September (14)
      • How to integrate tomcat with apache on cpanel linu...
      • How install MRTG on linux?
      • make: *** [install-webconf] Error 1
      • How to install nagios on cpanel or linux server?
      • How to + extract + untar + unzip .tar.gz file on l...
      • How to repair mysql database or tables of the data...
      • FileList::init() failed: ls_dir_wrapper() failed: ...
      • How to install htop on linux machine?
      • Directory lookup for the file "C:\Program Files\Mi...
      • How to build kernel module + How to develop kernel...
      • How to upgrade kernel on linux?
      • How to manually recompile php on cpanel server?
      • configure: error: This c-client library is built w...
      • How to install suhosin on linux ?
    • ►  August (24)
    • ►  July (19)
    • ►  June (3)
    • ►  May (25)
    • ►  April (3)
    • ►  January (1)
Powered by Blogger.