suhosin

一共有兩個組件, 分別是

  - PHP patch (bufferoverflows or format string vulnerabilities)
 - PHP extension

Features

Logging
Filtering
 action on violation
 automatic banning of uploaded ELF executables
 limits on REQUEST variables or separated by type
 Filters ASCIIZ characters f

Session Protection
Transparent encryption of session data
Protection against overlong session identifiers

Runtime Protection
 Transparent Cookie Encryption

Engine Protection
    Protects Destructors of Zend Hashtables
    Protects Destructors of Zend Linked-Lists

Install

apt-get install php5-suhosin

效能上會有 8.84% 左右的下降

Plain     Plain + EXT        Patched      Patched + EXT
12.239          12.391        12.882      13.322

主頁:

http://www.hardened-php.net/suhosin/

設定檔

# S_ALL     511
suhosin.log.syslog=511

# default: LOG_USER    = 9 (user.*   -/var/log/user.log)
suhosin.log.syslog.facility=9

# LOG_INFO = 5
# Default: LOG_ALERT = 1
suhosin.log.syslog.priority = 5

max_vars

當有問題時, 會見到:

Aug 30 15:04:42 myserver suhosin[6071]: ALERT - configured POST variable limit exceeded - dropped variable 'checked[]' (attacker 'X.X.X.X', file '/path/index.php')

修改:

suhosin.request.max_vars = 1000
suhosin.post.max_vars = 1000

Remark

PHP 5.5 本身有 max_vars 了

max_input_vars = 30000

log:

[Tue Sep 08 16:26:56 2015] [error] [client x.x.x.x] PHP Warning:  Unknown: Input variables exceeded 1000.