Suhosin Security PHP
Suhosin (pronounced “su-ho-shin”) is an advanced protection system for PHP installations. It is designed to protect servers and users from known and unknown errors in PHP applications and the PHP kernel.
Suhosin is available in two independent parts, which can be used individually or in combination. The first part is a small patch against the PHP kernel that implements low level protection against buffer overflows or format string vulnerabilities, and the second part is a powerful PHP extension that implements many other protections.
Installing Suhosin :
nstall the packages required to build the Suhosin extension.
sudo apt-get -y install gcc make autoconf libc-dev pkg-config
Next, run the following commands on your server:
git clone https://github.com/sektioneins/suhosin7 cd suhosin7 /opt/sp/php7.X/bin/phpize PATH=/opt/sp/php7.X/bin:$PATH ./configure make sudo make install sudo bash -c "echo extension=suhosin.so > /etc/php7.X-sp/conf.d/suhosin.ini" sudo service php7.X-fpm-sp restart
Verifying the Installation
phpX.Y-sp -i | grep suhosin
You should see the following output:
/etc/phpX.Y-sp/conf.d/suhosin.ini, suhosin suhosin.apc_bug_workaround => Off => Off suhosin.cookie.checkraddr => 0 => 0 suhosin.cookie.cryptdocroot => On => On suhosin.cookie.cryptkey => [ protected ] => [ protected ] suhosin.cookie.cryptlist => no value => no value suhosin.cookie.cryptraddr => 0 => 0 suhosin.cookie.cryptua => On => On suhosin.cookie.disallow_nul => 1 => 1 suhosin.cookie.disallow_ws => 1 => 1 suhosin.cookie.encrypt => Off => Off ...
To find out more information about suhosin patch create the following file under your web server root directory. For example, (/var/www/html/).
# vi phpinfo.php
Add the following lines to it.
<?php phpinfo (); ?>