Suhosin (Korean, meaning guardian-angel) is an open source patch for PHP. “The goal behind Suhosin is to be a safety net that protects servers from insecure PHP coding practices.” Suhosin goes further than that however in allowing the attack surface that PHP adds to a Web Server to be reduced to the users needs through function whitelists and various other easily enabled protections. This may reduce the risk of deploying previously deemed unsafe PHP programs to an acceptable level.
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
The Suhosin extension protects servers against
>> buffer overflows. >> insecure programming techniques. >> other known and unknown vulnerabilities in PHP.
Steps to install Suhosin Patch
Step 1: Login to server via SSH as root
Step 2: Check if suhosin is installed or not by executing the following command.
# php -m | grep suhosin
Step 3: Download the suhosin tarball.
# cd /usr/local/src # wget https://github.com/stefanesser/suhosin/tarball/master
Step 4: Extract and Change the working directory.
# tar zxvf master # cd stefanesser-suhosin-1fba865/
Step 5: Download and replace the session.c file.
# mv session.c session.c.old # wget https://raw.github.com/blino/suhosin/117b6aa6efec61afaa1431c698dad8eb553b55f5/session.c
Step 6: Do follow the steps to compile and install suhosin to server.
# phpize # ./configure # make # make install
Step 7: Add suhosin.so extension to php.ini file.
# php --ini : To find the php conf file.
# echo extension=suhosin.so >> /usr/local/lib/php.ini
Step 8: Restart web-server.
# service httpd restart
That’s it. Now you have installed the Suhosin on your server.
Step 9: How to check the Suhosin is installed on your server?
You can check the same by executing any of the following commands.
# php -v # php -m | grep suhosin # php -i | grep -i suhosin
# php -v PHP 5.4.23 (cli) (built: Jan 9 2014 15:11:15) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies with Suhosin v0.9.34-dev, Copyright (c) 2007-2012, by SektionEins GmbH
iftop installation on Unix/Linux server