How/Steps to install Suhosin Patch(php extension) on Unix/Linux server

Suhosin (Korean, meaning guardian-angel) is an open source patch for PHP. “The goal behind Suhosin is to be a safety net that protects servers from insecure PHP coding practices.” Suhosin goes further than that however in allowing the attack surface that PHP adds to a Web Server to be reduced to the users needs through function whitelists and various other easily enabled protections. This may reduce the risk of deploying previously deemed unsafe PHP programs to an acceptable level.
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
The Suhosin extension protects servers against

>> buffer overflows.
>> insecure programming techniques.
>> other known and unknown vulnerabilities in PHP.

Steps to install Suhosin Patch
Step 1: Login to server via SSH as root
Step 2: Check if suhosin is installed or not by executing the following command.

# php -m | grep suhosin

Step 3: Download the suhosin tarball.

# cd /usr/local/src
# wget https://github.com/stefanesser/suhosin/tarball/master

Step 4: Extract and Change the working directory.

# tar zxvf master  
# cd stefanesser-suhosin-1fba865/

Step 5: Download and replace the session.c file.

# mv session.c session.c.old  
# wget https://raw.github.com/blino/suhosin/117b6aa6efec61afaa1431c698dad8eb553b55f5/session.c

Step 6: Do follow the steps to compile and install suhosin to server.

# phpize
# ./configure
# make
# make install

Step 7: Add suhosin.so extension to php.ini file.

# php --ini : To find the php conf file.
# echo extension=suhosin.so >> /usr/local/lib/php.ini

Step 8: Restart web-server.

# service httpd restart

That’s it. Now you have installed the Suhosin on your server.
Step 9: How to check the Suhosin is installed on your server?
You can check the same by executing any of the following commands.

# php -v  
# php -m | grep suhosin
# php -i | grep -i suhosin

Example.

# php -v
PHP 5.4.23 (cli) (built: Jan  9 2014 15:11:15)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
    with Suhosin v0.9.34-dev, Copyright (c) 2007-2012, by SektionEins GmbH

Thanks.

Related links
iftop installation on Unix/Linux server

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

3 thoughts on “How/Steps to install Suhosin Patch(php extension) on Unix/Linux server

  1. after follow the instructions i have this:

    PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/local/php5/lib/php/extensions/no-debug-non-zts-20090626/suhosin.so’ – /usr/local/php5/lib/php/extensions/no-debug-non-zts-20090626/suhosin.so: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP 5.3.28 (cli) (built: Apr 10 2014 02:57:37)
    Copyright (c) 1997-2013 The PHP Group
    Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies

    whats wrong?

  2. i encountered the same error as Jose when installing suhosin on my Debian 7 based machine.
    After searching for solution on other websites i found this helpful tutorial:
    rosehosting.com/blog/how-to-install-suhosin-on-a-linux-vps/ which fixed the php startup error.

Leave a Reply

Your email address will not be published. Required fields are marked *