PHP hardening with Suhosin

In this tutorial I'll show you how you can increase your php security by adding Suhosin php patch.

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike the PHP Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.

Install Suhosin as extension

Download latest version of Suhosin, enter:

# cd /opt

# wget http://download.suhosin.org/suhosin-0.9.27.tgz

Make sure you have php-devel installed:

# yum install php-devel

Compile Suhosin under PHP 5 and RHEL / CentOS Linux

Type the following commands:

# cd suhosin-0.9.27

# phpize

#./configure

# make

# make install

Configure Suhosin

Type the following command to create Suhosin configuration file:

# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart web server

Type the following command to restart httpd:

# service httpd restart

Verify Suhosin installation

Type the following command:
$ php -v

Sample output:
PHP 5.1.6 (cli) (built: Jun 12 2008 05:02:36)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
with XCache v1.2.2, Copyright (c) 2005-2007, by mOo
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH