Facebook
Twitter
U
UFHH01
Guest
Hi @AlL,
Global informations for this Plesk - contribution:
I noticed, that Plesk doesn't provide a decent solution/description/documentation on "How-to install suhosin" yet and unfortunately, there is no KB - article for this as well, which describes the installation and first configuration for this usefull PHP - extension on your server ( or for an additional Plesk - PHP - version ).
You can still find informations here:
Be sure that you have the following packages installed on your server, before you start:
Let's start with the installation:
First, you should create an installation folder, download and untar the PHP - extension:
Check for the latest official "suhosin" - module - release at
I choosed the actual version "0.9.38" ( NOT compatible with PHP 7 - versions! ):
Now, pls. move to the new folder:
Important:
The next steps depend on the fact, FOR WHICH PHP - VERSION you would like to compile and install the "suhosin" - module, so pls. choose the desired option and replace for example "X.X" with the correct number for your Plesk - PHP - version!
Next command to use for your vendor PHP - version:
For your Plesk - PHP - version:
Next command to use for your vendor PHP - version:
For your Plesk - PHP - version:
Next commands to use for your vendor PHP - version AND Plesk - PHP - versions:
Note: Pls. consider to have a look at the command line, when you perform the commands "./configure", "make" and "make install". If you experience issues/errors/issues here, you should first solve it, before you continue with the next step!
You are nearly done now!
The next step will tell your PHP - version, that a specific PHP - extension has to be loaded from a specific *.ini - file. Pls. make sure, that you use the correct path for your depending operating system:
Command to use for your vendor PHP - version:
Initial ( unique !!! ) modification, which you have to configure on your very own:
Pls. be aware, that the following examples are only EXAMPLES... you definetly should read:
... to inform yourself about possible configuration options.
Edit the *.ini - file and add some basic configurations:
ADD below "extension = suhosin.so":
Finally, if you use as well "PHP-FPM" on your domain, pls. restart your corresponding service:
If you desire to check your new PHP - configuration, use for example:
With my suggestion - steps, I added the configuration "suhosin.executor.disable_eval = On" ( pls. read more at: => Configuration ), which disables the usage of "eval" ( read more at: => http://php.net/manual/en/function.eval.php ) completely for the depending PHP - version. You are able to check the disabled usage now with an example PHP - test - file, with the content:
Place the PHP - test - file ( for example "test_eval.php" ) in your domain - specific document root and open the file with a browser - you will notice in your logs and with your browser, that the "eval" - function has been blocked.
( updated: 05.05.2017 )
Global informations for this Plesk - contribution:
I noticed, that Plesk doesn't provide a decent solution/description/documentation on "How-to install suhosin" yet and unfortunately, there is no KB - article for this as well, which describes the installation and first configuration for this usefull PHP - extension on your server ( or for an additional Plesk - PHP - version ).
You can still find informations here:
=> How to install php-suhosin module on Plesk server? ( KB - article 126416 )
=> What is Suhosin? Why Suhosin? ... inform yourself at : About | Suhosin
=> What is Suhosin? Why Suhosin? ... inform yourself at : About | Suhosin
Be sure that you have the following packages installed on your server, before you start:
"gcc", "libc-dev", "make", "autoconf", "automake", "libtool" and "bison"
On CentOS/RHEL - based - systems, you could use the example - command:
On Debian/Ubuntu - based systems, you would use the example - command:
yum group install "Development Tools"
or
yum groupinstall "Development Tools"
or
yum groupinstall "Development Tools"
On Debian/Ubuntu - based systems, you would use the example - command:
aptitude install build-essential zlib1g-dev libpcre3 libpcre3-dev unzip
Let's start with the installation:
First, you should create an installation folder, download and untar the PHP - extension:
Code:
mkdir -p /root/addons/PHP/suhosinCheck for the latest official "suhosin" - module - release at
=> Download
or/and
=> Releases · sektioneins/suhosin · GitHub
( For PHP 7, there are no actual releases yet, but you are able to use the actual "PRE-ALPHA" github version at: => GitHub - sektioneins/suhosin7: Suhosin Extension for PHP 7.x ... pls. check for official releases on a regular basis: => Releases · sektioneins/suhosin7 · GitHub )
or/and
=> Releases · sektioneins/suhosin · GitHub
( For PHP 7, there are no actual releases yet, but you are able to use the actual "PRE-ALPHA" github version at: => GitHub - sektioneins/suhosin7: Suhosin Extension for PHP 7.x ... pls. check for official releases on a regular basis: => Releases · sektioneins/suhosin7 · GitHub )
I choosed the actual version "0.9.38" ( NOT compatible with PHP 7 - versions! ):
Code:
cd /root/addons/PHP/suhosin
wget https://github.com/sektioneins/suhosin/archive/0.9.38.tar.gz
tar -xvf suhosin-0.9.38.tar.gzNow, pls. move to the new folder:
Code:
cd suhosin-0.9.38Important:
The next steps depend on the fact, FOR WHICH PHP - VERSION you would like to compile and install the "suhosin" - module, so pls. choose the desired option and replace for example "X.X" with the correct number for your Plesk - PHP - version!
Next command to use for your vendor PHP - version:
Code:
phpizeFor your Plesk - PHP - version:
Code:
/opt/plesk/php/X.X/bin/phpizeNext command to use for your vendor PHP - version:
Code:
./configure --with-php-config=/usr/bin/php-configFor your Plesk - PHP - version:
Code:
./configure --with-php-config=/opt/plesk/php/X.X/bin/php-configNext commands to use for your vendor PHP - version AND Plesk - PHP - versions:
Code:
make
make installNote: Pls. consider to have a look at the command line, when you perform the commands "./configure", "make" and "make install". If you experience issues/errors/issues here, you should first solve it, before you continue with the next step!
You are nearly done now!
The next step will tell your PHP - version, that a specific PHP - extension has to be loaded from a specific *.ini - file. Pls. make sure, that you use the correct path for your depending operating system:
Command to use for your vendor PHP - version:
Code:
echo "extension = suhosin.so" > /etc/php5/mods-available/suhosin.iniFor your Plesk - PHP - version:
Code:
echo "extension = suhosin.so" > /opt/plesk/php/X.X/etc/php.d/suhosin.iniInitial ( unique !!! ) modification, which you have to configure on your very own:
Pls. be aware, that the following examples are only EXAMPLES... you definetly should read:
... to inform yourself about possible configuration options.
Edit the *.ini - file and add some basic configurations:
Code:
vi /etc/php5/mods-available/suhosin.ini
Code:
##### START - OWN-MODIFICATIONS #####
suhosin.executor.func.blacklist = assert,unserialize,exec,popen,proc_open,passthru,shell_exec,system,hail,parse_str,mt_srand
#suhosin.executor.eval.whitelist =
suhosin.executor.disable_eval = On
##### END - OWN-MODIFICATIONS #####Finally, if you use as well "PHP-FPM" on your domain, pls. restart your corresponding service:
service php5-fpm restart
or for Plesk - PHP - versions:
service plesk-phpXX-fpm restart
or for Plesk - PHP - versions:
service plesk-phpXX-fpm restart
If you desire to check your new PHP - configuration, use for example:
php -v
or
/opt/plesk/php/X.X/bin/php -v
... which should respond now for example with:
or
/opt/plesk/php/X.X/bin/php -v
... which should respond now for example with:
Code:
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v6.0.5, Copyright (c) 2002-2016, by ionCube Ltd.
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
with Xdebug v2.2.3, Copyright (c) 2002-2013, by Derick Rethans
with Suhosin v0.9.38, Copyright (c) 2007-2015, by SektionEins GmbHWith my suggestion - steps, I added the configuration "suhosin.executor.disable_eval = On" ( pls. read more at: => Configuration ), which disables the usage of "eval" ( read more at: => http://php.net/manual/en/function.eval.php ) completely for the depending PHP - version. You are able to check the disabled usage now with an example PHP - test - file, with the content:
Code:
<?php
$string = 'cup';
$name = 'coffee';
$str = 'This is a $string with my $name in it.';
echo $str. "\n";
eval("\$str = \"$str\";");
echo $str. "\n";
?>
Code:
...
PHP Fatal error: SUHOSIN - Use of eval is forbidden by configuration in /var/www/vhosts/YOUR-DOMAIN.COM/httpdocs/test_eval.php(6) : eval()'d code on line 1
PHP message: PHP Stack trace:
PHP message: PHP 1. {main}() /var/www/vhosts/YOUR-DOMAIN.COM/httpdocs/test_eval.php:0" while reading response header from upstream, client: XXX.XXX.XXX.XXX, server: YOUR-DOMAIN.COM, request: "GET /test_eval.php HTTP/2.0", upstream: "fastcgi://unix:///var/www/vhosts/system/YOUR-DOMAIN.COM/php-fpm.sock:", host: "www.YOUR-DOMAIN.COM"
...If you experience any issues/errors/problems, pls. don't forget to include depending - log - files, add your operating system and consider to explain in detail, at which step of the "How-To" you experienced the issue/error/problem.
( updated: 05.05.2017 )
Last edited by a moderator:
