Saturday, 21 May 2011

Improve PHP Security – Part I. Add Suhosin to PHP

Test PHP
Before we install anything, let’s see if PHP is working
php - v

Download Suhosin
This will download the archive, extract it to /opt and delete the original archive
wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz
tar -xzf suhosin-0.9.32.1.tar.gz
rm suhosin-0.9.32.1.tar.gz
mv suhosin-0.9.32.1 /opt/suhosin-0.9.32.1



Install Suhosin
This will... install Suhosin :)
cd /opt/suhosin-0.9.32.1
phpize
./configure
make
make install
echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini
/etc/init.d/httpd restart


Test PHP again :)
Now you should have “with Suhosin...”
php - v

Good, let’s restrict open_basedir (let’s not let PHP files have access to all your files on the server)!

No comments:

Post a Comment