When I searched on Google for “suhosin debian etch”, I was looking for good tutorials & references to help me have a clear mind on what I was about to do. Patching is easy, but patching without knowing the (latest) side effects can drastically cripple whatever web applications already installed in those servers I have. Risky. I found this tutorial on HowToForge and thought that I can try test the tutorial on my Debby desktop first.

Ultimate fail! Eeek!

The Suhosin patch I downloaded didn’t work with Debian’s latest php5 source. I double checked again, and I found that the tutorial provided by HowToForge was outdated. They were referring to a php5 Debian build etch1, and the current build I have is etch11. Sigh.

So, if you’ve installed php5.2.0-8+etch11 (you can check the version by running phpinfo()) and you want to secure your PHP installation, here’s my super speed 3 step-to-a-hardon:

1. Get the Suhosin package: sudo apt-get install php5-suhosin. Install any dependacies required.
2. Restart your Apache webserver
3. Run phpinfo() again & voila! Fully hard on… errr… hardened PHP5.

Why did the earlier HowToForge tutorial doesn’t work? Apparently, Debian has heavily patched their php5 packages for ultimate security if you plan to live without Suhosin. I love Debby!

Now it’s time for Gentoo patching. A busy raya ahead, got to finish this quick!