Ubuntu PHP hardening with Suhosin

Ubuntu includes the php suhosin patches….

Install suhosin extension

aptitude install php5-suhosin

/etc/php5/{apache2,cli,cgi}/php.ini

; suhosin parameters
suhosin.executor.include.max_traversal = 4
suhosin.executor.disable_eval = On
suhosin.executor.disable_emodifier = On
suhosin.mail.protect = 2
suhosin.sql.bailout_on_error = On

Restart apache

service apache2 restart

Sometimes it could be necessary to set suhosin.session.encrypt to off for some login scripts.

Leave a Reply

Your email address will not be published. Required fields are marked *