xisn

Well-Known Member
Dec 4, 2004
136
5
168
cPanel Access Level
Root Administrator
I have installed the extension and placed the config options in the php.ini but do not see anything reporting in phpinfo()

I was wondering if anyone has installed the extension only and if there was anything I would need to do other than what is listed on their website?

Here is what I did:
#> cd suhosin
#> phpize
#> ./configure
#> make
#> make install
Code:
Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20020429/
Added the following to php.ini:

Code:
extension=suhosin.so

;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
[suhosin]
; Logging Configuration
suhosin.log.syslog.facility = 9
suhosin.log.use-x-forwarded-for = Off

; Executor Options
suhosin.executor.max_depth = 0
suhosin.executor.include.max_traversal = 4
suhosin.executor.disable_emodifier = Off
suhosin.executor.allow_symlink = Off

; Misc Options
suhosin.simulation = Off

;
suhosin.apc_bug_workaround = Off
suhosin.sql.bailout_on_error = Off
suhosin.multiheader = Off
suhosin.mail.protect = 1
suhosin.memory_limit = 20

; Transparent Encryption Options
suhosin.session.encrypt = On
suhosin.session.cryptua = On
suhosin.session.cryptdocroot = On
suhosin.session.cryptraddr = 0
suhosin.cookie.encrypt = On
suhosin.cookie.cryptua = On
suhosin.cookie.cryptraddr = 0

; Filtering Options
suhosin.filter.action = 406
suhosin.cookie.max_array_depth = 100
suhosin.cookie.max_array_index_length = 64
suhosin.cookie.max_name_length = 64
suhosin.cookie.max_totalname_length = 256
suhosin.cookie.max_value_length = 10000
suhosin.cookie.max_vars = 100
suhosin.cookie.disallow_nul = On
suhosin.get.max_array_depth = 50
suhosin.get.max_array_index_length = 64
suhosin.get.max_name_length = 64
suhosin.get.max_totalname_length = 256
suhosin.get.max_value_length = 512
suhosin.get.max_vars = 100
suhosin.get.disallow_nul = On
suhosin.post.max_array_depth = 100
suhosin.post.max_array_index_length = 64
suhosin.post.max_totalname_length = 256
suhosin.post.max_value_length = 65000
suhosin.post.max_vars = 200
suhosin.post.disallow_nul = On
suhosin.request.max_array_depth = 100
suhosin.request.max_array_index_length = 64
suhosin.request.max_totalname_length = 256
suhosin.request.max_value_length = 65000
suhosin.request.max_vars = 200
suhosin.request.max_varname_length = 64
suhosin.request.disallow_nul = On
suhosin.upload.max_uploads = 25
suhosin.upload.disallow_elf = On
suhosin.upload.disallow_binary = Off
suhosin.upload.remove_binary = Off
suhosin.session.max_id_length = 128
 

xisn

Well-Known Member
Dec 4, 2004
136
5
168
cPanel Access Level
Root Administrator
ok, got it!

Seems there is an issue with the x64 version.. Follow these steps to make sure it works..

Code:
pico /etc/php.ini
add the following line:
Code:
extension=suhosin.so
Next, look in /etc/php.ini for the "extension_dir" Mine was /usr/lib64/php4

Code:
pico /usr/local/Zend/etc/php.ini
And update to the following:

Code:
extension_dir = /usr/lib64/php4
Now, copy the suhosin.so that was installed into the directory displayed after you ran "make install" and copy it to the /usr/lib64/php4 directory

Mine was:
Code:
cp -v /usr/local/lib/php/extensions/no-debug-non-zts-20020429/*.so /usr/lib64/php4/
Now restart apache and check phpinfo again, you should see it there, if you do not see the following line in phpinfo() then it is still not working for you:

Code:
 This server is protected with the Suhosin Extension 0.9.8
 

jamesbond

Well-Known Member
Oct 9, 2002
738
1
168
I installed the suhosin extension today, seems to be working well so far.

Always good to have some extra php security, especially since the php developers themselves don't really seem to care about security issues anymore.
 

WireNine

Well-Known Member
Aug 14, 2006
206
4
168
cPanel Access Level
Root Administrator
There is (will be?) an option for this in the new EasyApache.


I'll also discuss it at this springs seminar.
Could we possibly get it for the current easyapache since who knows when the new easyapache will be released ? :confused:
 

verdon

Well-Known Member
Nov 1, 2003
923
11
168
Northern Ontario, Canada
cPanel Access Level
Root Administrator
Logging to other location

Has anyone had any success getting suhosin to log message somewhere other than /var/log/messages ?

I've tried adding ...
suhosin.* /var/log/suhosin

... to /etc/syslog.conf but I haven't had any luck. (Yes, I did restart syslog and the file /var/log/suhosin exists)

Any suggestions?
 

katmai

Well-Known Member
Mar 13, 2006
564
3
168
Brno, Czech Republic
good job rasmprage, you might wanna add to that eaccelerator and zend , just to make a complete kit for apache on cpanel :)
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
76
308
cPanel Access Level
Root Administrator
Suhosin is complemenatary to thigns like PHPSuExec and suPHP

Those only guarantee that a user is allowed to run a program, in the users context (a nd a bit more). Suhosin patches PHP to be a bit more secure (like fixing buffer overflows) and put even more control into the hands of the Admin regarding PHP internals.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
One of our clients had a problem with suhosin. When enabled, clients with customized Php scripts can't upload files to their site. He had to disable suhosin to allow clients upload files using their customized Php scripts. I am not sure if the problem was his clients' scripts.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
76
308
cPanel Access Level
Root Administrator

dropby23

Well-Known Member
Jan 16, 2005
155
0
166
i couldnt be able to start this after i changed the extension dir

extension_dir = "./"

to

extension_dir = ""
it started to work