php ModSecurity Suhosin两个安全的更新操作

Step of installation for ModSecurity
1. Download yum repo and install the mod security using yum
# wget -q -O – http://www.atomicorp.com/installers/atomic.sh | sh
# yum install mod_security
 
2. Download the mod security rules and apply it. 
# cd /etc/httpd/modsecurity.d && wget http://downloads.prometheus-group.com/delayed/rules/modsec-2.5-free-latest.tar.gz
# tar –xvvzf modsec-2.5-free-latest.tar.gz

3. Removed unwanted rules/
# cd /etc/httpd/modsecurity.d && rm -Rf 00_asl_rbl.conf 00_asl_whitelist.conf
4. Restart apache service
#/etc/init.d/httpd restart

Step of installation for Suhosin:
1. Download suhosin and install it
#cd /usr/local/
#wget http://www.hardened-php.net/suhosin/_media/suhosin-0.9.18.tgz
#tar -zxvf suhosin-0.9.18.tgz
#cd suhosin-0.9.18
#phpize
#./configure
#make && make install
2. Adding a load directive to php.ini 
#extension=suhosin.so
3. Restart apache service 
#/etc/init.d/httpd restart

动态安装suhosin(动态安装,不需要重新编译php):
yum -y install gcc gcc+
wget http://download.suhosin.org/suhosin-0.9.31.tgz
 tar zxvf suhosin-0.9.31.tgz
cd suhosin-0.9.31
phpize
./configure –with-php-config=/usr/local/php/bin/php-config
./configure
make
make install
vi /etc/php.ini  添加如下几行
extension=suhosin.so
[suhosin]
suhosin.get.max_value_length = 5120
重启apache
service httpd restart
安装成功后,phpinfo会显示如下:
This server is protected with the Suhosin Extension 0.9.31

Copyright (c) 2006-2007 Hardened-PHP Project
Copyright (c) 2007-2010 SektionEins GmbH

《php ModSecurity Suhosin两个安全的更新操作》有1个想法

评论已关闭。