CentOS / RHEL 6: Install Suhosin PHP Advanced Protection System

Suhosin is an open source patch for PHP. How do I install suhosin under CentOS / Red Hat Enterprise Linux server running on my IBM server?

Tutorial details
Difficulty	Intermediate (rss)
Root privileges	Yes
Requirements	EPEL repo
Estimated completion time	N/A

Suhosin patch is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

Installation

First, turn on EPEL repo and type the following yum command to install the same:
# yum install php-suhosin
Sample outputs:

Loaded plugins: product-id, protectbase, rhnplugin
0 packages excluded due to repository protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php-suhosin.x86_64 0:0.9.29-2.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
===============================================================================
 Package             Arch           Version                 Repository    Size
===============================================================================
Installing:
 php-suhosin         x86_64         0.9.29-2.el6            epel          73 k
 
Transaction Summary
===============================================================================
Install       1 Package(s)
 
Total download size: 73 k
Installed size: 187 k
Is this ok [y/N]: y
Downloading Packages:
php-suhosin-0.9.29-2.el6.x86_64.rpm                     |  73 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : php-suhosin-0.9.29-2.el6.x86_64                             1/1
Installed products updated.
  Verifying  : php-suhosin-0.9.29-2.el6.x86_64                             1/1
 
Installed:
  php-suhosin.x86_64 0:0.9.29-2.el6
 
Complete!
 

Configuration

You need to edit /etc/php.d/suhosin.ini, enter:
# vi /etc/php.d/suhosin.ini
For most users the Suhosin will work out of the box without any change to the default configuration needed. However, you may need to make changes as per your setup. See this page for more information.

Restart the web server

Type the following command to restart Apache 2:
# service httpd restart
Lighttpd user type the following command:
# service lighttpd restart
Nginx user type the following command:
# service nginx restart

Test your setup

Type the following command
$ php -v
Sample outputs:

PHP 5.3.3 (cli) (built: Jun 25 2012 04:41:23)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

You can also use phpinfo():

 
<?php
phpinfo();
?>
 

Sample output: