Suhosin Extension Installation

[xisn]

I have installed the extension and placed the config options in the php.ini but do not see anything reporting in phpinfo()

I was wondering if anyone has installed the extension only and if there was anything I would need to do other than what is listed on their website?

Here is what I did:
#> cd suhosin
#> phpize
#> ./configure
#> make
#> make install

Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20020429/

Added the following to php.ini:

extension=suhosin.so

;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
[suhosin]
; Logging Configuration
suhosin.log.syslog.facility = 9
suhosin.log.use-x-forwarded-for = Off

; Executor Options
suhosin.executor.max_depth = 0
suhosin.executor.include.max_traversal = 4
suhosin.executor.disable_emodifier = Off
suhosin.executor.allow_symlink = Off

; Misc Options
suhosin.simulation = Off

;
suhosin.apc_bug_workaround = Off
suhosin.sql.bailout_on_error = Off
suhosin.multiheader = Off
suhosin.mail.protect = 1
suhosin.memory_limit = 20

; Transparent Encryption Options
suhosin.session.encrypt = On
suhosin.session.cryptua = On
suhosin.session.cryptdocroot = On
suhosin.session.cryptraddr = 0
suhosin.cookie.encrypt = On
suhosin.cookie.cryptua = On
suhosin.cookie.cryptraddr = 0

; Filtering Options
suhosin.filter.action = 406
suhosin.cookie.max_array_depth = 100
suhosin.cookie.max_array_index_length = 64
suhosin.cookie.max_name_length = 64
suhosin.cookie.max_totalname_length = 256
suhosin.cookie.max_value_length = 10000
suhosin.cookie.max_vars = 100
suhosin.cookie.disallow_nul = On
suhosin.get.max_array_depth = 50
suhosin.get.max_array_index_length = 64
suhosin.get.max_name_length = 64
suhosin.get.max_totalname_length = 256
suhosin.get.max_value_length = 512
suhosin.get.max_vars = 100
suhosin.get.disallow_nul = On
suhosin.post.max_array_depth = 100
suhosin.post.max_array_index_length = 64
suhosin.post.max_totalname_length = 256
suhosin.post.max_value_length = 65000
suhosin.post.max_vars = 200
suhosin.post.disallow_nul = On
suhosin.request.max_array_depth = 100
suhosin.request.max_array_index_length = 64
suhosin.request.max_totalname_length = 256
suhosin.request.max_value_length = 65000
suhosin.request.max_vars = 200
suhosin.request.max_varname_length = 64
suhosin.request.disallow_nul = On
suhosin.upload.max_uploads = 25
suhosin.upload.disallow_elf = On
suhosin.upload.disallow_binary = Off
suhosin.upload.remove_binary = Off
suhosin.session.max_id_length = 128

 

[xisn]

ok, got it!

Seems there is an issue with the x64 version.. Follow these steps to make sure it works..

pico /etc/php.ini

add the following line:

extension=suhosin.so

Next, look in /etc/php.ini for the "extension_dir" Mine was /usr/lib64/php4

pico /usr/local/Zend/etc/php.ini

And update to the following:

extension_dir = /usr/lib64/php4

Now, copy the suhosin.so that was installed into the directory displayed after you ran "make install" and copy it to the /usr/lib64/php4 directory

Mine was:

cp -v /usr/local/lib/php/extensions/no-debug-non-zts-20020429/*.so /usr/lib64/php4/

Now restart apache and check phpinfo again, you should see it there, if you do not see the following line in phpinfo() then it is still not working for you:

 This server is protected with the Suhosin Extension 0.9.8

 

[jamesbond]

I installed the suhosin extension today, seems to be working well so far.

Always good to have some extra php security, especially since the php developers themselves don't really seem to care about security issues anymore.

 

[Kelmas]

Would be nice to see Suhosin patch as a cPanel Add-on for easy installation

 

[mohakevin]

I agree with Kemas, it would be necessary

:p

 

[ramprage]

Good suggestion, I'll write a tutorial on installation on WHG

EDIT: Suhosin Tutorial Now available at: http://www.webhostgear.com/416.html

 

[cPanelKenneth]

Would be nice to see Suhosin patch as a cPanel Add-on for easy installation

There is (will be?) an option for this in the new EasyApache.


I'll also discuss it at this springs seminar.

 

[WireNine]

There is (will be?) an option for this in the new EasyApache.


I'll also discuss it at this springs seminar.

Could we possibly get it for the current easyapache since who knows when the new easyapache will be released ?

 

[ramprage]

Tutorial for suhosin finished:
http://www.webhostgear.com/416.html

Enjoy!

 

[verdon]

Logging to other location

Has anyone had any success getting suhosin to log message somewhere other than /var/log/messages ?

I've tried adding ...
suhosin.* /var/log/suhosin

... to /etc/syslog.conf but I haven't had any luck. (Yes, I did restart syslog and the file /var/log/suhosin exists)

Any suggestions?

 

[katmai]

good job rasmprage, you might wanna add to that eaccelerator and zend , just to make a complete kit for apache on cpanel

 

[chae]

Is Suhosin recommended when running PHPSuExec ?

 

[cPanelKenneth]

Suhosin is complemenatary to thigns like PHPSuExec and suPHP

Those only guarantee that a user is allowed to run a program, in the users context (a nd a bit more). Suhosin patches PHP to be a bit more secure (like fixing buffer overflows) and put even more control into the hands of the Admin regarding PHP internals.

 

[AndyReed]

One of our clients had a problem with suhosin. When enabled, clients with customized Php scripts can't upload files to their site. He had to disable suhosin to allow clients upload files using their customized Php scripts. I am not sure if the problem was his clients' scripts.

 

[cPanelKenneth]

One of our clients had a problem with suhosin. When enabled, clients with customized Php scripts can't upload files to their site. He had to disable suhosin to allow clients upload files using their customized Php scripts. I am not sure if the problem was his clients' scripts.

Did you check the various upload configuration setttings in suhosin?

http://www.hardened-php.net/suhosin/configuration.html#suhosin.upload.max_uploads

 

[vanessa]

i have a walkthrough on my site for installed Suhosin. If I were you, I'd leave out the static library and just do the DSO


http://www.v-nessa.net/2007/04/20/sohosin-will-make-your-php-hard/

 

[dropby23]

i couldnt be able to start this after i changed the extension dir

extension_dir = "./"

to

extension_dir = ""
it started to work