The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hardened-PHP

Discussion in 'General Discussion' started by Domenico, May 31, 2004.

  1. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    362
    Likes Received:
    0
    Trophy Points:
    16
  2. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Nirvana
    Yep, works fine for me. :D
     
  3. johnnylu

    johnnylu Member

    Joined:
    Mar 17, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Could you please give us a How-to instruction for upgrading this?
    Thanks
     
  4. areha

    areha Well-Known Member

    Joined:
    Oct 30, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    This is an old post, but I think it is more important than ever.

    I think this is how to do it:

    1. Download from Hardened-php.net (make sure to get same version as you have of php)
    http://www.hardened-php.net/documentation.19.html

    2. Unzip into this catalog
    /home/cpapachebuild/buildapache/php-5.0.5 (or whatver php version you have there)

    3. Run
    patch -p 1 < hardening-patch-5.0.5-0.4.8.patch (change file after what you have).

    4. Run Apache update from WHM. Make sure to not change PHP-version from what you have before (since it will delete the php source).
     
  5. areha

    areha Well-Known Member

    Joined:
    Oct 30, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    hmm.. maybe php src there is deleted each time.. Does anyone have a better solution?
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You can compile PHP directly from the source on the shell.

    First you would need to get the configure line necessary for your PHP installation.

    Create a phpinfo.php page that contains:

    PHP:
    <?php phpinfo(); ?>
    When you visit that page in a browser take note of the Configure Command that is stated.

    Now SSH into your server and as root do:

    Code:
    cd /home/cpapachebuild/buildapache
    wget http://layer1.cpanel.net/buildapache/1/php-4.4.2.tar.gz
    tar -zxf php-4.4.2.tar.gz
    cd php-4.4.2
    wget http://www.hardened-php.net/hardening-patch-4.4.2-0.4.8.patch.gz
    gzip -d hardening-patch-4.4.2-0.4.8.patch.gz
    patch -p 1 < hardening-patch-4.4.2-0.4.8.patch
    ./configure ...
    make
    make install
    /scripts/restartsrv_httpd
    Again substitute the desired PHP version and Hardened PHP patch version for whatever PHP version you are wanting to use. Also substitute the same configure line with the configure line found from your phpinfo page. You will need to remove the single quotes (') that are around the word ./configure .

    You may want to remove the current PHP source archive and PHP source directory from the buildapache directory if they already exist. After cd /home/cpapachebuild/buildapache you can do:

    Code:
    rm -f php-4.4.2.tar.gz
    rm -rf php-4.4.2
    This step may or may not be necessary. It should be noted that you should be extremely careful when using "rm -rf". Again substitute the PHP version you are using into the above.

    If you exeperience any problems after you have done the "make install" then its likely there were some errors along the way. You may have to recompile PHP through easyapache either through /scripts/easyapache or through the WHM.

    Alternatively, if you are using PHP as an Apache module then you can back up your old module before doing the PHP recompile:

    Code:
    cp /etc/httpd/libexec/libphp4.so /etc/httpd/libexec/libphp4.so.old
    Then if you experience problems you can move the old PHP module back to go back to your previous PHP compile:

    Code:
    mv /etc/httpd/libexec/libphp4.so.old /etc/httpd/libexec/libphp4.so
    If you are running phpSuExec then there shouldn't be a libphp4.so module or if there is, Apache isn't using it.

    Hope this helps.
     
  7. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I'm inclined to give hardened-php a try. I've read about people having issues with certain scripts (vbulletin for example) though. And I remember it being incompatible with Zend Optimizer, but this might not be the case anymore.

    Anyone else with hardened-php experiences on shared-hosting environments?
     
  8. asterisk

    asterisk Well-Known Member

    Joined:
    Nov 11, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Yeah you are right. It's incompatible with closed source extensions such as Zend Optimizer but apparently compatible with Eaccelerator. You would have to recompile all extensions though.

    I wonder if it's compatible with PHPSuExec.

    I too am wondering what's the memory impact like on a shared hosting environment.
     
Loading...

Share This Page