How to Install Suhosin. Cpanel Plesk Direct Admin

What is Suhosin?

Suhosin is a protective covering for PHP. Lets move with ordered steps. There are 2 separate versions on Suhosin. Both of them can be run together or separately.

First is the raw patch where you need to recompile PHP in shell to wo rk. This adds low level protection against things like buffer overflows and format string vulnerabilities.
Second is a PHP extension that protects at runtime, easy to install. Both versions will still you allow you to use other PHP extensions like Zend Optimizer without any issues.

We will deal with the installation of the extension.

Installing Suhosin
Before you start, make a phpinfo page.
Next is to make sure that PHP is NOT compiled with –enable-versioning
This can be seen from the Configure Command section at the top, make sure you do not see
–enable-versioning
If it contains this option, the extension will not work.
Then the only option left is to recompile PHP.

The final check is applied if you are using Zend Optimizer. Make sure you are using at least version 3.2.1 or above of Zend Optimizer. If you are using anything below that there is a known bug in Zend Optimizer that gets caught up in Suhosin while reading zend encoded pages.

So be sure to upgrade Optimizer to a more recent release before you install Suhosin to avoid issues.

If you have it installed you’ll see something like:

#php -v
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

with Zend Extension Manager v1.0.10, Copyright (c) 2003-2006, by Zend Technologies

with Zend Optimizer v3.0.1, Copyright (c) 1998-2006, by Zend Technologies

Suhosin works fine on cPanel/WHM servers, DirectAdmin, Plesk and any others.

Installing Suhosin Extension

Download the source file for the Suhosin extension

============================
cd /usr/local/
wget http://www.hardened-php.net/suhosin/_media/suhosin-0.9.18.tgz
tar -zxvf suhosin-0.9.18.tgz
cd suhosin-0.9.18
phpize
./configure
make
make install
============================

Output for “make install” will be something like this:

Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20020429/
Make a note of the directory location and confirm it exists and has suhosin.so in it:

ls –lah /usr/local/lib/php/extensions/no-debug-non-zts-20020429/
-rwxr-xr-x 1 root root 334K Mar 19 09:17 suhosin.so*

Now copy suhosin.so to /usr/lib/php/extensions since our php.ini points to that directory and not the one the make install used

============================
cp /usr/local/lib/php/extensions/no-debug-non-zts-20020429/suhosin.so /usr/lib/php/extensions/no-debug-non-zts-20020429
============================

Checking PHP

Now we need to check PHP to ensure suhosin will be added in.
Find where your current PHP.ini is:

============================
php -i |grep php.ini
============================

Configuration File (php.ini) Path => /usr/local/Zend/etc/php.ini

Edit the php.ini

vi /usr/local/Zend/etc/php.ini
Please take a backup of the php.ini !!!!

Ensure the include path/extension is set properly.

Search for: extension_dir

You should see something like this:

;;;;;;;;;;;;;;;;;;;;;;;;;

; Paths and Directories ;

;;;;;;;;;;;;;;;;;;;;;;;;;

include_path = “.:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20020429:” ;

extension_dir = /usr/lib/php/extensions/no-debug-non-zts-20020429/ ; directory in which the loadable extensions (modules) reside

Note the exact path is the same as what we wrote down when we did “make install”
If not, you will need to add it or COPY the file to the new location as mentioned above.

Add the suhosin.so extension to php.ini
While still in php.ini search for Dynamic Extensions

/Dynamic Extensions

You should see:
;;;;;;;;;;;;;;;;;;;;;;

; Dynamic Extensions ;

;;;;;;;;;;;;;;;;;;;;;;

Add this below:

============================
extension=suhosin.so
============================

Note to 64 bit OS users:
Check to make sure php.ini is using the proper extension_dir setting:

============================
extension_dir = /usr/lib64/php4
============================

Then copy the suhosin.so to that directory after you do “make install”

============================
cp -v /usr/local/lib/php/extensions/no-debug-non-zts-20020429/suhosin.so /usr/lib64/php4/
============================

End 64 Bit OS note:

Now save php.ini and check PHP from shell:

php -v

PHP 4.4.6 (cli) (built: Mar 19 2007 09:54:33)

Copyright (c) 1997-2007 The PHP Group

Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies

with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project

with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies

NOTE if checking using phpinfo.php page make SURE you RESTART the apache web server: service httpd restart

/etc/rc.d/ini.d/httpd restart

Thats all :)