Thursday, February 5, 2009

Hardening PHP (Protecting your PHP from Flaws)

There are rumors going on out there that PHP has some pitfalls. This could lead up to some security risk most especially if you have a PHP application dealing with the outside world. To avoid this, some nice guys out there developed a 'guardian angel' for PHP. The guardian angel I am referring into is the suhosin. Yes suhosin is a korean word which mean 'guardian angel'. It is a PHP extension the secures PHP from its pitfalls or vulnerability.

I will discuss here on how to have this cool stuff on your PHP settings.

1. First download the suhosin signature key. Goto /usr/src then issue this command

# wget http://www.hardened-php.net/hardened-php-signature-key.asc

2. Import it into the GNU Privacy Guard

# gpg --import < hardened-php-signature-key.asc

3. Download the suhosin source

# wget http://download.suhosin.org/suhosin-0.9.27.tgz

4. Unpack the package

# tar xvzf suhosin-0.9.27.tgz

5. cd suhosin-0.9.27

6. After getting into the suhosin directory, issue the following

# phpize
# ./configure
# make
# make install

7. The library suhosin.so is most likely installed on /usr/src/suhosin-0.9.27/modules or it can be on /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so

8. copy the suhosin.so to /usr/local/lib/php/extensions that is if you have installed php from source. Check other resources if you did not.

# cp /usr/src/suhosin-0.9.27/modules/suhosin.so /usr/local/lib/php/extensions

9. Open the php.ini

# vi /usr/local/lib/php.ini

10. Set the following parameters on php.ini

extension_dir = "/usr/local/lib/php/extensions/"

extension=suhosin.so

11. save it then restart apache

12. You should now see the suhosin among the enabled extension on your PHP. Check on the phpinfo for this.

Hope you find these info useful. Cheers, Thanks and God Bless!!!!

No comments: