Suhosin Security PHP
Suhosin (pronounced ‘su-ho-shin’) is an advanced protection system for PHP installations. It is designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.
Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements numerous other protections.
Installing Suhosin :
nstall the packages required to build the Suhosin extension.
sudo apt-get -y install gcc make autoconf libc-dev pkg-config
Next, run the following commands on your server:
git clone https://github.com/sektioneins/suhosin7 cd suhosin7 /opt/sp/php7.X/bin/phpize PATH=/opt/sp/php7.X/bin:$PATH ./configure make sudo make install sudo bash -c "echo extension=suhosin.so > /etc/php7.X-sp/conf.d/suhosin.ini" sudo service php7.X-fpm-sp restart
Verifying the Installation
phpX.Y-sp -i | grep suhosin
You should see the following output:
/etc/phpX.Y-sp/conf.d/suhosin.ini, suhosin suhosin.apc_bug_workaround => Off => Off suhosin.cookie.checkraddr => 0 => 0 suhosin.cookie.cryptdocroot => On => On suhosin.cookie.cryptkey => [ protected ] => [ protected ] suhosin.cookie.cryptlist => no value => no value suhosin.cookie.cryptraddr => 0 => 0 suhosin.cookie.cryptua => On => On suhosin.cookie.disallow_nul => 1 => 1 suhosin.cookie.disallow_ws => 1 => 1 suhosin.cookie.encrypt => Off => Off ...
To find out more information about suhosin patch create the following file under your web server root directory. For example, (/var/www/html/).
# vi phpinfo.php
Add the following lines to it.
<?php phpinfo (); ?>