Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

Forums
Forums

Quick Links
- Search Forums
- New Posts
Search titles only

Posted by Member:

Separate names with a comma.

Newer Than:

Search this thread only

Search this forum only

Display results as threads

More...

Useful Searches

Recent Posts
Resources
Resources

Quick Links
Feature Requests
Defects
Menu

This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I modify suhosin settings?

Discussion in 'General Discussion' started by mikelegg, Jul 19, 2011.

mikelegg Well-Known Member

Joined:

Mar 29, 2005

Messages:

330

Likes Received:

0

Trophy Points:

166

I want to change my suhosin configuration which supposedly done via the php.ini file. (Hardened-PHP Project - PHP Security - Configuration)

I opened the PHP Configuration Editor to do this (to prevent changes from being overwritten) and clicked on the "Advanced" option, but the suhosin options aren't there.

So I took a look at /usr/local/lib/php.ini and the settings aren't in there either.

I know suhosin is installed and running - but I can't find it's configuration file - can anybody throw any light on this?

#1 mikelegg, Jul 19, 2011
cPanelTristan Quality Assurance Analyst
Staff Member

Joined:

Oct 2, 2010

Messages:

7,622

Likes Received:

26

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator
Can you check with php -v to ensure it is installed?

Code:

php -v

You might try uninstalling and reinstalling it:

Code:

/scripts/phpextensionmgr uninstall PHPSuHosin /scripts/phpextensionmgr install PHPSuHosin

Those SuHosin settings should be in /usr/local/lib/php.ini file.
cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

#2 cPanelTristan, Jul 19, 2011
mikelegg Well-Known Member

Joined:

Mar 29, 2005

Messages:

330

Likes Received:

0

Trophy Points:

166

Thnaks Tristan

It's definitley there -

[~]# php -v
PHP 5.2.14 (cli) (built: Aug 9 2010 20:47:05)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator
with the ionCube PHP Loader v3.3.20, Copyright (c) 2002-2010, by ionCube Ltd., and
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH
Click to expand...

I'll try the uninstall / reinstall and see what happens.

#3 mikelegg, Jul 19, 2011
mikelegg Well-Known Member

Joined:

Mar 29, 2005

Messages:

330

Likes Received:

0

Trophy Points:

166

I did the uninstall/reinstall but the settings still don't appear in php.ini.

Yet phpinfo() says that suhosin is installed and the messages log shows requests being blocked by suhosin (eg. suhosin[7123]: ALERT - configured GET variable limit exceeded)

#4 mikelegg, Jul 19, 2011
cPanelTristan Quality Assurance Analyst
Staff Member

Joined:

Oct 2, 2010

Messages:

7,622

Likes Received:

26

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator

I was incorrect myself on the behavior. Only the suhosin.so extension is loaded into php.ini file as suhosin comes with default options already set. In order to change those options, you'd need to add them to the existing /usr/local/lib/php.ini file if they aren't there. For some reason, I had thought that they were added previously, but after installing suhosin on my server again, the settings aren't appearing in the global php.ini file.

These are the settings you can add to the existing /usr/local/lib/php.ini file:

; Logging Configuration
suhosin.log.syslog.facility = 9
suhosin.log.use-x-forwarded-for = Off

; Executor Options
suhosin.executor.max_depth = 0
suhosin.executor.include.max_traversal = 4
suhosin.executor.disable_emodifier = Off
suhosin.executor.allow_symlink = Off

; Misc Options
suhosin.simulation = Off
suhosin.apc_bug_workaround = Off
suhosin.sql.bailout_on_error = Off
suhosin.multiheader = Off
suhosin.mail.protect = 1
suhosin.memory_limit = 20

; Transparent Encryption Options
suhosin.session.encrypt = On
suhosin.session.cryptua = On
suhosin.session.cryptdocroot = On
suhosin.session.cryptraddr = 0
suhosin.cookie.encrypt = On
suhosin.cookie.cryptua = On
suhosin.cookie.cryptraddr = 0

; Filtering Options
suhosin.filter.action = 406
suhosin.cookie.max_array_depth = 100
suhosin.cookie.max_array_index_length = 64
suhosin.cookie.max_name_length = 64
suhosin.cookie.max_totalname_length = 256
suhosin.cookie.max_value_length = 10000
suhosin.cookie.max_vars = 100
suhosin.cookie.disallow_nul = On
suhosin.get.max_array_depth = 50
suhosin.get.max_array_index_length = 64
suhosin.get.max_name_length = 64
suhosin.get.max_totalname_length = 256
suhosin.get.max_value_length = 512
suhosin.get.max_vars = 100
suhosin.get.disallow_nul = On
suhosin.post.max_array_depth = 100
suhosin.post.max_array_index_length = 64
suhosin.post.max_totalname_length = 256
suhosin.post.max_value_length = 65000
suhosin.post.max_vars = 200
suhosin.post.disallow_nul = On
suhosin.request.max_array_depth = 100
suhosin.request.max_array_index_length = 64
suhosin.request.max_totalname_length = 256
suhosin.request.max_value_length = 65000
suhosin.request.max_vars = 200
suhosin.request.max_varname_length = 64
suhosin.request.disallow_nul = On
suhosin.upload.max_uploads = 25
suhosin.upload.disallow_elf = On
suhosin.upload.disallow_binary = Off
suhosin.upload.remove_binary = Off
suhosin.session.max_id_length = 128
Click to expand...

You can review Hardened-PHP Project - PHP Security - Configuration location for any details on the various settings.

cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

#5 cPanelTristan, Jul 20, 2011
mikelegg Well-Known Member

Joined:

Mar 29, 2005

Messages:

330

Likes Received:

0

Trophy Points:

166

Thanks Tristan

#6 mikelegg, Jul 23, 2011
lbeachmike Well-Known Member

Joined:

Dec 27, 2001

Messages:

313

Likes Received:

0

Trophy Points:

316

Location:

Long Beach, NY

cPanel Access Level:

Root Administrator

Thanks Tristan - my question was the same as the above, as to where to find the configuration settings, but I'm entirely unclear on why the suhosin configuration settings are not in place at all. How is it that suhosin appears to be taking actions - at least by logging memory alerts - when it is not at all configured?

Also, what does the lack of configuration mean that it is actually supposed to be doing by default? Does the lack of configuration settings effectively mean that it offers none of the advertised protections until they are configured?

Thanks.

Mike

www.cpaneladminhelp.com

#7 lbeachmike, Feb 26, 2012
mtindor Well-Known Member

Joined:

Sep 14, 2004

Messages:

1,303

Likes Received:

42

Trophy Points:

178

Location:

inside a catfish

cPanel Access Level:

Root Administrator

If you don't have specific suhosin.* directives in your php.ini, Suhosin uses the defaults set during compile time.

The best thing for you to do is put <? phpinfo(); ?> into a php file and call it via a web browser. You'll then see all of the suhosin.* directives as well as what they are currently set to. Of course remove that file when you're done so nobody else can view it.

Compare the suhosin.* values in your phpinfo with all of the directive options available at Hardened-PHP Project - PHP Security - Configuration, and then adjust your configuration accordingly if you feel it is necessary to do so.

No -- the lack of specific configuration directives does NOT mean that it isn't offering any protection. It just means it's using default settings.

M

The eyes are the windows of your face

#8 mtindor, Feb 26, 2012
lbeachmike Well-Known Member

Joined:

Dec 27, 2001

Messages:

313

Likes Received:

0

Trophy Points:

316

Location:

Long Beach, NY

cPanel Access Level:

Root Administrator

Incidentally, if I make the change I need in php.ini, won't that get over-written with an upgrade? How can I make this change so that the change will be preserved with upgrades?

Thanks.

Mike

www.cpaneladminhelp.com

#9 lbeachmike, Feb 26, 2012
mtindor Well-Known Member

Joined:

Sep 14, 2004

Messages:

1,303

Likes Received:

42

Trophy Points:

178

Location:

inside a catfish

cPanel Access Level:

Root Administrator

php.ini (whether it is /usr/local/lib/php.ini or if it is a custom php.ini you have somewhere for a specific user] should not ever get overwritten. It may get "modified" -- such as when you install suhosin it will add the extension line to the php.ini. But it doesn't get overwritten.

Of course, if you have a php.ini in place that is customized, make a backup of it just in case. But it should never get totally overwritten by a completely new/different php.ini.

Mike

The eyes are the windows of your face

#10 mtindor, Feb 26, 2012

(You must log in or sign up to post here.)

Loading...

Similar Threads - modify suhosin settings

Modify cPanel stats bar

tecwithquestion, Sep 20, 2017 at 9:42 AM, in forum: User Experience

Replies:

1

Views:

26

cPanelMichael

Sep 20, 2017 at 10:18 AM
Prevent users from modifying email quotas ?

Tearabite, Sep 7, 2017, in forum: General Discussion

Replies:

1

Views:

55

cPanelMichael

Sep 7, 2017
php-fpm disabled after modifying account

vacancy, Sep 6, 2017, in forum: EasyApache

Replies:

3

Views:

82

cPanelMichael

Sep 7, 2017
modify_accounts script doesn't clear cache

Haym, Aug 26, 2017, in forum: cPanel Developers

Replies:

2

Views:

80

cPanelMichael

Aug 28, 2017
Modify Account?

sunilsaini, Jul 31, 2017, in forum: General Discussion

Replies:

1

Views:

82

cPanelMichael

Jul 31, 2017

Share This Page