نمایش نتایج: از شماره 1 تا 2 , از مجموع 2

موضوع: چگونگی نصب Suhosin

  1. #1
    مدیر کل Vahid آواتار ها
    تاریخ عضویت
    Aug 2008
    نوشته ها
    2,724
    تشکر تشکر کرده 
    435
    تشکر تشکر شده 
    6,976
    تشکر شده در
    2,085 پست

    پیش فرض چگونگی نصب Suhosin

    Suhosin Install Guide

    Suhosin is the big brother to the Hardened-PHP patch which adds an extra level of protection to PHP. Installing Suhosin can be a bit confusing so we'll show you how it can be easily installed on Linux.



    Hardened-PHP Project - PHP Security - Suhosin

    What is Suhosin?
    There are 2 separate versions on Suhosin. You can run both together or one separately.

    1) A raw patch where you need to recompile PHP in shell to work. This adds low level protection against things like buffer overflows and format string vulnerabilities.
    2) A PHP extension that protects at runtime, easy to install.


    Both versions will still you allow you to use other PHP extensions like Zend Optimizer without any issues.
    See the full features list comparision here: Hardened-PHP Project - PHP Security - Feature List

    This guide we'll show you how to install the Extension ONLY. Recompiling PHP for the patch is a whole guide in itself, so I only recommend that for experienced users or having someone do it for you like a server admin company such as ServerProgress - www.serverprogress.com or click on Hire an Expert.



    Installing Suhosin

    Things to do before getting started and questions you probably have.
    1) First off you need to create a phpinfo page on your web server, this is so you can see if Suhosin is installed and working or not.

    EG: http://mysite.com/phpinfo.php

    phpinfo();



    That’s all it should contain. You should bring it up to make sure it works.

    2) Check to make sure that PHP is NOT compiled with --enable-versioning

    You will see this in the Configure Command section at the top, make sure you do not see
    --enable-versioning

    If it is, the extension will not work. Versioning breaks extensions. You will need to recompile PHP and make sure versioning is turned OFF.

    3) This only applies if you are using Zend Optimizer. Make sure you are using at least version 3.2.1 or above of Zend Optimizer. If you are using anything below that there is a known bug in Zend Optimizer that gets caught up in Suhosin while reading zend encoded pages. So be sure to upgrade Optimizer to a more recent release before you install Suhosin to avoid issues.
    You can check your version while in shell by doing:
    php –v
    If you have it installed you’ll see something like:
    Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
    with Zend Extension Manager v1.0.10, Copyright (c) 2003-2006, by Zend Technologies
    with Zend Optimizer v3.0.1, Copyright (c) 1998-2006, by Zend Technologies

    So this version is old and needs to be upgraded. See http://www.webhostgear.com/184.html our Zend Optimizer install guide for more details.



    Suhosin works fine on cPanel/WHM servers, DirectAdmin, Plesk and any others. As long as the above mentioned items are met then you should be fine.


    Installing Suhosin Extension
    Download the source file for the Suhosin extension

    cd /usr/local/wget http://www.hardened-php.net/suhosin/...sin-0.9.18.tgz
    tar -zxvf suhosin-0.9.18.tgz
    cd suhosin-0.9.18
    phpize
    OUTPUT will be something like this:
    # phpize
    Configuring for:
    PHP Api Version: 20020918
    Zend Module Api No: 20020429
    Zend Extension Api No: 20050606

    ./configure
    make
    OUTPUT will be something like this:
    Libraries have been installed in:
    /usr/local/suhosin-0.9.18/modules

    make install

    OUTPUT will be something like this:
    Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20020429/
    Make a note of the directory location and confirm it exists and has suhosin.so in it:

    ls –lah /usr/local/lib/php/extensions/no-debug-non-zts-20020429/
    -rwxr-xr-x 1 root root 334K Mar 19 09:17 suhosin.so*

    Now copy suhosin.so to /usr/lib/php/extensions since our php.ini points to that directory and not the one the make install used

    cp /usr/local/lib/php/extensions/no-debug-non-zts-20020429/suhosin.so /usr/lib/php/extensions/no-debug-non-zts-20020429
    Checking PHP
    Now we need to check PHP to ensure suhosin will be added in.

    Find where your current PHP.ini is:
    php -i |grep php.ini Configuration File (php.ini) Path => /usr/local/Zend/etc/php.ini

    Edit the php.ini
    vi /usr/local/Zend/etc/php.ini
    Step 1) Ensure the include path/extension is set properly.
    Search for: extension_dir

    You should see something like this:
    ;;;;;;;;;;;;;;;;;;;;;;;;;
    ; Paths and Directories ;
    ;;;;;;;;;;;;;;;;;;;;;;;;;
    include_path = ".:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20020429:" ;
    extension_dir = /usr/lib/php/extensions/no-debug-non-zts-20020429/ ; directory in which the loadable extensions (modules) reside

    Note the exact path is the same as what we wrote down when we did “make install”
    If not, you will need to add it or COPY the file to the new location as mentioned above.

    Step 2) Add the suhosin.so extension to php.ini
    While still in php.ini search for Dynamic Extensions

    /Dynamic Extensions

    EG you should see:
    ;;;;;;;;;;;;;;;;;;;;;;

    ; Dynamic Extensions ;
    ;;;;;;;;;;;;;;;;;;;;;;

    Add this below:

    extension=suhosin.so


    Note to 64 bit OS users:
    Check to make sure php.ini is using the proper extension_dir setting:
    extension_dir = /usr/lib64/php4

    Then copy the suhosin.so to that directory after you do "make install"
    cp -v /usr/local/lib/php/extensions/no-debug-non-zts-20020429/*.so /usr/lib64/php4/
    End 64 Bit OS note:


    Now save php.ini and check PHP from shell:


    php -v PHP 4.4.6 (cli) (built: Mar 19 20070933)
    Copyright (c) 1997-2007 The PHP Group
    Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
    with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies
    with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
    with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies


    Excellent! We managed to get the Suhosin extension module working. NOTE if checking using phpinfo.php page make SURE you RESTART the apache web server: service httpd restart
    Otherwise you won’t see the changes.

    Suhosin in PHPinfo page – Screenshot 1
    Click to enlarge


    Suhosin in PHPinfo page – Screenshot 2 configuration details
    Click to enlarge






    برای پیش رفت در علم آسانسوری وجود ندارد پله ها را باید پیاده رفت /./ همیشه این یادتان باشد که دست بالای دست بسیار است.
    يادمان باشد براي يك بار ايستادن صد ها بار افتاده ايم /./ بک آپ مهمترین رمز موفقیت هاستینگ /./ امنیت مطلق نیست.
    ارتباط مستقیم با من :
    Admin -{(@)}- WebHostingTalk . ir

  2. تعداد تشکر ها از Vahid به دلیل پست مفید


  3. # ADS




     

  4. #2
    مدیر کل Vahid آواتار ها
    تاریخ عضویت
    Aug 2008
    نوشته ها
    2,724
    تشکر تشکر کرده 
    435
    تشکر تشکر شده 
    6,976
    تشکر شده در
    2,085 پست

    پیش فرض

    Suhosin Logs and reports

    Check your /var/log/messages for logs of Suhosin

    EG:
    Mar 19 10:28:23 ocean suhosin[32652]: ALERT - Include filename ('http://tutorialgeek.com/slimstat/inc.stats.php') is an URL that is not allowed (attacker '74.6.73.61', file '/home/lireland/public_html/index.php', line 3)



    Advanced Suhosin Configuration
    Configuring Suhosin – example suhosin configuration

    You can manually configure options for Suhosin in the php.ini for PHP. This is the most confusing part that most people get lost at.
    If you want advanced configuration to change the default settings form Suhosin you can edit the PHP.ini and add in these values below the extension=suhosin.so

    Note this part isn’t required, only for your own liking.

    ;;;;;;;;;;;;;;;;;;;
    ; Module Settings ;
    ;;;;;;;;;;;;;;;;;;;
    [suhosin]
    ; Logging Configuration
    suhosin.log.syslog.facility = 9
    suhosin.log.use-x-forwarded-for = Off

    ; Executor Options
    suhosin.executor.max_depth = 0
    suhosin.executor.include.max_traversal = 4
    suhosin.executor.disable_emodifier = Off
    suhosin.executor.allow_symlink = Off

    ; Misc Options
    suhosin.simulation = Off

    ;
    suhosin.apc_bug_workaround = Off
    suhosin.sql.bailout_on_error = Off
    suhosin.multiheader = Off
    suhosin.mail.protect = 1
    suhosin.memory_limit = 20

    ; Transparent Encryption Options
    suhosin.session.encrypt = On
    suhosin.session.cryptua = On
    suhosin.session.cryptdocroot = On
    suhosin.session.cryptraddr = 0
    suhosin.cookie.encrypt = On
    suhosin.cookie.cryptua = On
    suhosin.cookie.cryptraddr = 0

    ; Filtering Options
    suhosin.filter.action = 406
    suhosin.cookie.max_array_depth = 100
    suhosin.cookie.max_array_index_length = 64
    suhosin.cookie.max_name_length = 64
    suhosin.cookie.max_totalname_length = 256
    suhosin.cookie.max_value_length = 10000
    suhosin.cookie.max_vars = 100
    suhosin.cookie.disallow_nul = On
    suhosin.get.max_array_depth = 50
    suhosin.get.max_array_index_length = 64
    suhosin.get.max_name_length = 64
    suhosin.get.max_totalname_length = 256
    suhosin.get.max_value_length = 512
    suhosin.get.max_vars = 100
    suhosin.get.disallow_nul = On
    suhosin.post.max_array_depth = 100
    suhosin.post.max_array_index_length = 64
    suhosin.post.max_totalname_length = 256
    suhosin.post.max_value_length = 65000
    suhosin.post.max_vars = 200
    suhosin.post.disallow_nul = On
    suhosin.request.max_array_depth = 100
    suhosin.request.max_array_index_length = 64
    suhosin.request.max_totalname_length = 256
    suhosin.request.max_value_length = 65000
    suhosin.request.max_vars = 200
    suhosin.request.max_varname_length = 64
    suhosin.request.disallow_nul = On
    suhosin.upload.max_uploads = 25
    suhosin.upload.disallow_elf = On
    suhosin.upload.disallow_binary = Off
    suhosin.upload.remove_binary = Off
    suhosin.session.max_id_length = 128
    برای پیش رفت در علم آسانسوری وجود ندارد پله ها را باید پیاده رفت /./ همیشه این یادتان باشد که دست بالای دست بسیار است.
    يادمان باشد براي يك بار ايستادن صد ها بار افتاده ايم /./ بک آپ مهمترین رمز موفقیت هاستینگ /./ امنیت مطلق نیست.
    ارتباط مستقیم با من :
    Admin -{(@)}- WebHostingTalk . ir

  5. تعداد تشکر ها از Vahid به دلیل پست مفید


اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

موضوعات مشابه

  1. رو سروری ک suhosin نصب نیست ، خطای suhosin میگیرم !! :|
    توسط OmidX در انجمن سوالات و مشکلات
    پاسخ ها: 6
    آخرين نوشته: July 16th, 2014, 15:50
  2. خطای suhosin
    توسط reza63 در انجمن دايرکت ادمين DirectAdmin
    پاسخ ها: 9
    آخرين نوشته: May 16th, 2014, 00:02
  3. مشکل جدی با Suhosin
    توسط ertebat7 در انجمن سی پنل CPanel
    پاسخ ها: 3
    آخرين نوشته: August 25th, 2012, 10:55
  4. نصب suhosin
    توسط Arashdn در انجمن دايرکت ادمين DirectAdmin
    پاسخ ها: 7
    آخرين نوشته: October 28th, 2009, 16:13
  5. مشکل با suhosin
    توسط Arashdn در انجمن سی پنل CPanel
    پاسخ ها: 12
    آخرين نوشته: August 31st, 2009, 19:12

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •