[ Thanks to Falko
Timme for this link. ]
“This tutorial shows how to harden PHP5 with Suhosin on
a CentOS 5.4 server. From the Suhosin project page: “Suhosin is an
advanced protection system for PHP installations that was designed
to protect servers and users from known and unknown flaws in PHP
applications and the PHP core. Suhosin comes in two independent
parts, that can be used separately or in combination. The first
part is a small patch against the PHP core, that implements a few
low-level protections against bufferoverflows or format string
vulnerabilities and the second part is a powerful PHP extension
that implements all the other protections.”“1 Preliminary Note
“I have tested this on a CentOS 5.4 server with the IP address
192.168.0.100.“I will install both Suhosin parts in this tutorial, the Suhosin
patch (for which we need to recompile PHP5) and the Suhosin PHP
extension. To see what Suhosin can do, please refer to
http://www.hardened-php.net/suhosin/a_feature_list.html. The
features of the Suhosin patch are listed under Engine Protection
(only with patch); all the other features come with the Suhosin
extension.”