Ubuntu PHP hardening with Suhosin

Ubuntu includes the php suhosin patches….

Install suhosin extension

aptitude install php5-suhosin

/etc/php5/{apache2,cli,cgi}/php.ini

; suhosin parameters
suhosin.executor.include.max_traversal = 4
suhosin.executor.disable_eval = On
suhosin.executor.disable_emodifier = On
suhosin.mail.protect = 2
suhosin.sql.bailout_on_error = On

Restart apache

service apache2 restart

Sometimes it could be necessary to set suhosin.session.encrypt to off for some login scripts.

How to delete a command from the bash history / Hide an command from the bash history

Hide an command from the bash history:
Start a terminal and try

wget user:passwd@ftp.example.com/secret.tar.gz; kill -9 $$;

Now you can check your history 😉

How to delete a command from the bash history:
If you have already such an entry, you can use history to delete it.

history
# [...]
# 849 uname -a
# 850 wget user:passwd@ftp.example.com/secret.tar.gz
# 851 ping blog.devnu11.net
# [...]

Now you can delete your history with history -d 850 this line.

history -d 850

And see…

history
# [...]
# 849 uname -a
# 850 history
# 851 ping blog.devnu11.net
# [...]

Or simply add a blank before the command 😉

$  wget user:passwd@ftp.example.com/secret.tar.gz