The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Suhosin Extension Installation

Discussion in 'General Discussion' started by xisn, Oct 22, 2006.

  1. xisn

    xisn Well-Known Member

    Joined:
    Dec 4, 2004
    Messages:
    128
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I have installed the extension and placed the config options in the php.ini but do not see anything reporting in phpinfo()

    I was wondering if anyone has installed the extension only and if there was anything I would need to do other than what is listed on their website?

    Here is what I did:
    #> cd suhosin
    #> phpize
    #> ./configure
    #> make
    #> make install
    Code:
    Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20020429/
    Added the following to php.ini:

    Code:
    extension=suhosin.so
    
    ;;;;;;;;;;;;;;;;;;;
    ; Module Settings ;
    ;;;;;;;;;;;;;;;;;;;
    [suhosin]
    ; Logging Configuration
    suhosin.log.syslog.facility = 9
    suhosin.log.use-x-forwarded-for = Off
    
    ; Executor Options
    suhosin.executor.max_depth = 0
    suhosin.executor.include.max_traversal = 4
    suhosin.executor.disable_emodifier = Off
    suhosin.executor.allow_symlink = Off
    
    ; Misc Options
    suhosin.simulation = Off
    
    ;
    suhosin.apc_bug_workaround = Off
    suhosin.sql.bailout_on_error = Off
    suhosin.multiheader = Off
    suhosin.mail.protect = 1
    suhosin.memory_limit = 20
    
    ; Transparent Encryption Options
    suhosin.session.encrypt = On
    suhosin.session.cryptua = On
    suhosin.session.cryptdocroot = On
    suhosin.session.cryptraddr = 0
    suhosin.cookie.encrypt = On
    suhosin.cookie.cryptua = On
    suhosin.cookie.cryptraddr = 0
    
    ; Filtering Options
    suhosin.filter.action = 406
    suhosin.cookie.max_array_depth = 100
    suhosin.cookie.max_array_index_length = 64
    suhosin.cookie.max_name_length = 64
    suhosin.cookie.max_totalname_length = 256
    suhosin.cookie.max_value_length = 10000
    suhosin.cookie.max_vars = 100
    suhosin.cookie.disallow_nul = On
    suhosin.get.max_array_depth = 50
    suhosin.get.max_array_index_length = 64
    suhosin.get.max_name_length = 64
    suhosin.get.max_totalname_length = 256
    suhosin.get.max_value_length = 512
    suhosin.get.max_vars = 100
    suhosin.get.disallow_nul = On
    suhosin.post.max_array_depth = 100
    suhosin.post.max_array_index_length = 64
    suhosin.post.max_totalname_length = 256
    suhosin.post.max_value_length = 65000
    suhosin.post.max_vars = 200
    suhosin.post.disallow_nul = On
    suhosin.request.max_array_depth = 100
    suhosin.request.max_array_index_length = 64
    suhosin.request.max_totalname_length = 256
    suhosin.request.max_value_length = 65000
    suhosin.request.max_vars = 200
    suhosin.request.max_varname_length = 64
    suhosin.request.disallow_nul = On
    suhosin.upload.max_uploads = 25
    suhosin.upload.disallow_elf = On
    suhosin.upload.disallow_binary = Off
    suhosin.upload.remove_binary = Off
    suhosin.session.max_id_length = 128
    
     
  2. xisn

    xisn Well-Known Member

    Joined:
    Dec 4, 2004
    Messages:
    128
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    ok, got it!

    Seems there is an issue with the x64 version.. Follow these steps to make sure it works..

    Code:
    pico /etc/php.ini
    
    add the following line:
    Code:
    extension=suhosin.so
    
    Next, look in /etc/php.ini for the "extension_dir" Mine was /usr/lib64/php4

    Code:
    pico /usr/local/Zend/etc/php.ini
    
    And update to the following:

    Code:
    extension_dir = /usr/lib64/php4
    
    Now, copy the suhosin.so that was installed into the directory displayed after you ran "make install" and copy it to the /usr/lib64/php4 directory

    Mine was:
    Code:
    cp -v /usr/local/lib/php/extensions/no-debug-non-zts-20020429/*.so /usr/lib64/php4/
    
    Now restart apache and check phpinfo again, you should see it there, if you do not see the following line in phpinfo() then it is still not working for you:

    Code:
     This server is protected with the Suhosin Extension 0.9.8
    
     
  3. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I installed the suhosin extension today, seems to be working well so far.

    Always good to have some extra php security, especially since the php developers themselves don't really seem to care about security issues anymore.
     
  4. Kelmas

    Kelmas Well-Known Member

    Joined:
    Nov 6, 2006
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    Would be nice to see Suhosin patch as a cPanel Add-on for easy installation :)
     
  5. mohakevin

    mohakevin Well-Known Member

    Joined:
    Jan 19, 2005
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    I agree with Kemas, it would be necessary

    :p
     
  6. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    #6 ramprage, Mar 16, 2007
    Last edited: Mar 19, 2007
  7. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    There is (will be?) an option for this in the new EasyApache.


    I'll also discuss it at this springs seminar.
     
  8. WireNine

    WireNine Well-Known Member

    Joined:
    Aug 14, 2006
    Messages:
    197
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Could we possibly get it for the current easyapache since who knows when the new easyapache will be released ? :confused:
     
  9. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
  10. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Logging to other location

    Has anyone had any success getting suhosin to log message somewhere other than /var/log/messages ?

    I've tried adding ...
    suhosin.* /var/log/suhosin

    ... to /etc/syslog.conf but I haven't had any luck. (Yes, I did restart syslog and the file /var/log/suhosin exists)

    Any suggestions?
     
  11. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    526
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brno, Czech Republic
    good job rasmprage, you might wanna add to that eaccelerator and zend , just to make a complete kit for apache on cpanel :)
     
  12. chae

    chae Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Auckland, New Zealand
    Is Suhosin recommended when running PHPSuExec ?
     
  13. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Suhosin is complemenatary to thigns like PHPSuExec and suPHP

    Those only guarantee that a user is allowed to run a program, in the users context (a nd a bit more). Suhosin patches PHP to be a bit more secure (like fixing buffer overflows) and put even more control into the hands of the Admin regarding PHP internals.
     
  14. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    One of our clients had a problem with suhosin. When enabled, clients with customized Php scripts can't upload files to their site. He had to disable suhosin to allow clients upload files using their customized Php scripts. I am not sure if the problem was his clients' scripts.
     
  15. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Did you check the various upload configuration setttings in suhosin?

    http://www.hardened-php.net/suhosin/configuration.html#suhosin.upload.max_uploads
     
  16. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
  17. dropby23

    dropby23 Well-Known Member

    Joined:
    Jan 16, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    i couldnt be able to start this after i changed the extension dir

    extension_dir = "./"

    to

    extension_dir = ""
    it started to work
     
Loading...

Share This Page