Hardening php on centos 5.x with suhosin

Well after some reading and not being able to find any great documentation on the matter, I have decided to write up my own short and sweet howto on how to harden php on centos 5 without having to build the php from source.

Step 1: (adding the repo)

touch /etc/yum.repos.d/centos-testing.repo

paste the code below into the file we created above using your favourite text editor


[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
includepkgs=php-suhosin


Step 2: (Installing Suhosin patch on centos 5.x)

From the command line run the following command

yum install php-suhosin

Step 3: (Restart Apache web server)

service httpd restart (restarting apache so it re-reads the php.ini)

Step 4: ( Making sure suhosin is working)

To test that it is all working copy and paste the code below into a command prompt

echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

After that is completed browse to your web page example http://your.ip.address/phpinfo.php or http://127.0.0.1/phpinfo.php

you should see a lot of information and in there if you search you will see suhosin related information.

Congratulations you now have a hardened php install and no complicated work or rebuilding of packages required.