Hardening php on centos 5.x with suhosin

Submitted by sklav on Tue, 11/03/2009 - 13:18

Step 1: (adding the repo)

touch /etc/yum.repos.d/centos-testing.repo

paste the code below into the file we created above using your favourite text editor

[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
includepkgs=php-suhosin

Step 2: (Installing Suhosin patch on centos 5.x)

From the command line run the following command

yum install php-suhosin

Step 3: (Restart Apache web server)

service httpd restart (restarting apache so it re-reads the php.ini)

Step 4: ( Making sure suhosin is working)

To test that it is all working copy and paste the code below into a command prompt

echo "< ?php phpinfo(); ?>" > /var/www/html/phpinfo.php

After that is completed browse to your web page example http://your.ip.address/phpinfo.php or http://127.0.0.1/phpinfo.php

you should see a lot of information and in there if you search you will see suhosin related information.

Congratulations you now have a hardened php install and no complicated work or rebuilding of packages required.