Jump to content

Search the Community

Showing results for tags 'Suhosin'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General Stuff
    • Site News
    • Linux News
    • General Chat
    • Off Topic
    • Suggestion Box
    • Featured Content
  • Linux Noob
    • Just Starting Linux
    • Kernel Related
    • How Do I?
    • Tips and Tricks
    • Network Problems
    • Xorg Problems
    • Wine
  • Linux Server Administration
    • LAMP
    • DNS and DHCP
    • FTP Server
    • SMTP
    • Remote Access
    • Security and Firewalls
  • Distro Noob
    • Fedora
    • Redhat
    • Mandriva
    • Linspire
    • Gentoo
    • Knoppix
    • Slackware
    • Debian
    • SUSE
    • Ubuntu
    • PCLinuxOS
    • CentOS
    • Scientific Linux
  • Windows Noob
    • Tips and Tricks
    • Security
    • Spyware
    • How Do I?
    • Windows XP
    • Vista
    • Virtual Server
  • Screenshots
  • Game Noob

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Distribution

Found 1 result

  1. I'm working on recreating (and enhancing) my minimal LAMP server configuration on CentOS 6 for my web server. I use Apache and MySQL from the CentOS repos, but prefer to compile my own PHP to stay up-to-date with each new stable release of PHP as soon as it is available. I also like to add support for eAccelerator (a memory cache and bytecode cache for PHP, speeds up execution of PHP scripts considerably) and will add support for the Suhosin security patch and extension for PHP. I'm also moving towards using SELinux in enforcing mode with this new CentOS 6 server for enhanced security. I hope in this post to document my setup for this -- Apache, MySQL and the latest PHP from source, as well as eAcceleration and Suhosin, all SELinux compliant. This setup is not yet finished and this post should not therefore be used 'blindly' as a guide for a production server. I'm still testing this setup in a private, closed environment! I have also not gone through this guide start-to-finish to test that it is complete. Since this is an adaptation of my personal guide, which contains specific details of my setup that aren't relevant to a general audience, I have not verified that this particular write-up actually works. Filenames for download links may change as new versions are released. Check all software versions to make sure outdated versions are not being installed. Bear in mind, therefore, that this guide is a work in progress. Install Pre-requisite Packages Begin by ensuring the Development Tools are installed, to faciliate compiling our own PHP and extensions. # yum groupinstall 'Development Tools' Now install the prerequisites: # yum install httpd mysql-server httpd-devel libxml2-devel libcurl-devel libjpeg-devel ImageMagick-devel libpng-devel gmp-devel mysql-devel libtool-ltdl-devel MCrypt must be installed manually (I don't want to use third-party yum repos). Download latest from http://mcrypt.sourceforge.net/. $ tar xjvf libmcrypt-2.5.8.tar.bz2 $ cd libmcrypt-2.5.8 $ ./configure $ make $ su -c "make install" MySQL desperately needs a root password set. $ mysqladmin -u root password newrootpassword Also configure Apache to your specifications. I will omit that configuration here, as much of it is specific to my setup and not relevant to a general audience. Download Suhosin Patch Assumes the Suhosin GPG key has already been securely imported, for verifying the integrity of the patch and extension. $ wget http://download.suhosin.org/suhosin-patch-5.3.7-0.9.10.patch.gz $ wget http://download.suhosin.org/suhosin-patch-5.3.7-0.9.10.patch.gz.sig $ gpg --verify suhosin-patch-5.3.7-0.9.10.patch.gz.sig $ gunzip suhosin-patch-5.3.7-0.9.10.patch.gz PHP 5.3.7 with Suhosin Patch Download latest PHP from http://www.php.net. $ tar xjvf php-5.3.7.tar.bz2 $ cd php-5.3.7 $ patch -p 1 -i ../suhosin-patch-5.3.7-0.9.10.patch $ './configure' '--with-mysqli' '--with-mysql' '--enable-bcmath' '--enable-mbstring' '--with-gmp' '--with-curl' '--with-gd' '--with-freetype' '--with-apxs2=/usr/sbin/apxs' '--with-zlib' '--with-mcrypt' '--with-jpeg-dir' '--with-png-dir' '--with-gif-dir' $ make $ make test $ su -c "make install" $ su -c "chcon -t textrel_shlib_t '/usr/lib/httpd/modules/libphp5.so'" $ su -c "/sbin/service httpd restart" PHP configuration to /usr/local/lib/php.ini. # /usr/bin/chcon -t etc_t /usr/local/lib/php.ini Suhosin Extension $ wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz $ wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz.sig $ gpg --verify suhosin-0.9.32.1.tar.gz.sig $ tar xzvf suhosin-0.9.32.1.tar.gz $ cd suhosin-0.9.32.1 $ phpize $ ./configure $ make $ su -c "make install" $ su -c "cp modules/suhosin.so /usr/local/lib/php/extensions" $ su -c "chcon -t textrel_shlib_t '/usr/local/lib/php/extensions/suhosin.so'" Enable extension in PHP.ini: extension="suhosin.so" Restart Apache: # service httpd restart Use a PHPInfo page to verify Suhosin Patch and Suhosin Extension are working. eAccelerator Download page appears to be down as of 2011-08-21. $ tar xjvf eaccelerator-0.9.6.1.tar.bz2 $ cd eaccelerator-0.9.6.1 $ phpize $ ./configure $ make $ su -c "make install" $ su -c "cp modules/eaccelerator.so /usr/local/lib/php/extensions" $ su -c "mkdir /var/cache/eaccelerator" $ su -c "chown apache /var/cache/eaccelerator" $ su -c "/etc/init.d/httpd restart" $ su -c "chcon -t textrel_shlib_t '/usr/local/lib/php/extensions/eaccelerator.so'" Configure eAccelerator settings in PHP.ini: extension="eaccelerator.so" eaccelerator.shm_size="128" ; 128 MB of memcaching, lower on low-memory machines eaccelerator.cache_dir="/var/cache/eaccelerator" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="0" eaccelerator.shm_prune_period="0" eaccelerator.shm_only="0" eaccelerator.compress="1" eaccelerator.compress_level="9" eaccelerator.log_file="/var/log/eaccelerator.log" Set up dirs: # mkdir /var/cache/eaccelerator # chown apache /var/cache/eaccelerator # touch /var/log/eaccelerator.log # chown apache /var/log/eaccelerator.log TODO: SELinux contexts for /var/cache/eaccelerator and /var/log/eaccelerator.log? Restart Apache: # service httpd restart Verify eAccelerator with a PHPInfo page.
×
×
  • Create New...