Page 1 of 2
SuPHP Install and security fixing
Posted: 2011/11/27 15:05:35
by agriz
Hi
SuPHP says "It provides security, because the PHP scripts are not run with the rights of the webserver's user."
In security wise : I have only root user now. How do i create an normal linux user and assign SuPHP to that user group?
How do i install SuPHP?
yum install suphp is returning no package found in centos 6
Thanks
Re: SuPHP Install and security fixing
Posted: 2011/11/27 15:45:34
by w3bservice
rebuild this package
could not upload zip !
Sorry.
[img]http://www.w3bservice.de/images/compu-ente/Bildschirmfoto-402.png[/img]
Here the package
[url=http://www.w3bservice.de/images/compu-ente/src-rpm-mod_suPHP.zip]suPHP src.rpm[/url]
Re: SuPHP Install and security fixing
Posted: 2011/11/27 18:18:13
by agriz
Can i install it using yum?
How to configure it to work with apache (httpd) ?
Thanks
Re: SuPHP Install and security fixing
Posted: 2011/11/27 19:34:32
by agriz
I got the file from suphp.org using wget
I have extracted the tar in tmp
I am not able to configure it
Can you help in installing and configuring it with httpd?
Thanks
Re: SuPHP Install and security fixing
Posted: 2011/11/27 21:55:27
by w3bservice
you can get the binary rpm from my server
[url=http://www.w3bservice.de/images/compu-ente/mod_suphp-0.7.1-2.el6.i686.rpm]mod_suphp-0.7.1-2.el6.i686.rpm[/url]
[url=http://www.howtoforge.com/perfect-server-centos-6.0-x86_64-ispconfig-3]Perfectserver ISP-Config 3 CentOS 6[/url]
My rpm install with yum localinstall mod_suphp-0.7.1-2.el6.i686.rpm --nogpgcheck and yum is resolving the depencies.
Re: SuPHP Install and security fixing
Posted: 2011/11/28 08:15:51
by agriz
I am sorry. I didn't get properly. I am a newbie. I just wanted to secure the server.
Perfect Server is using ISPCONFIG. I haven't planned to use any cpanel
Just ftp and phpmyadmin is enough for me.
Is there any tutorial where i can find the installation and configuration of SuPhp?
Thanks
Re: SuPHP Install and security fixing
Posted: 2011/11/28 16:36:44
by agriz
I just installed suphp.
But after restarting apache (service httpd restart)
I got the following error.
Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.d/suphp.conf: Cannot load /etc/httpd/modules/mod_suphp.so into server: /etc/httpd/modules/mod_suphp.so: cannot open shared object file: No such file or directory
How to fix this?
Re: SuPHP Install and security fixing
Posted: 2011/11/28 16:41:33
by TrevorH
What architecture are you using? The link that was posted was to an i686 RPM and /etc/httpd/modules is a symlink to ../../usr/lib64/httpd/modules on my 64 bit system so would not work. If you have a 64 bit install then you will need a 64 bit RPM to match it.
Re: SuPHP Install and security fixing
Posted: 2011/11/29 05:49:57
by agriz
Please note that mod_suphp was developped for Apache 1.3.2x and Apache
2.0.x. It might not work with other version.
I am using httpd 2.2.x
This is what i have done so far.
It will be great if you can guide me from this.
[code]wget http://www.suphp.org/download/suphp-0.7.1.tar.gz[/code]
[code]tar -xzvf suphp-0.7.1.tar.gz[/code]
[code]cd suphp-0.7.1[/code]
[code]./configure --prefix=/usr/ --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache \
--with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes[/code]
[code]make && make install[/code]
Then, I added two config files in the following directory.
[code]/etc/httpd/conf.d/suphp.conf[/code]
[code]LoadModule suphp_module modules/mod_suphp.so[/code]
[code]/etc/suphp.conf[/code]
[code]
[global] ;Path to logfile logfile=/var/log/httpd/suphp.log
;Loglevel loglevel=info
;User Apache is running as webserver_user=apache
;Path all scripts have to be in docroot=/
;Path to chroot() to before executing script ;chroot=/mychroot
; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true
;Send minor error messages to browser errors_to_browser=false
;PATH environment variable env_path=/bin:/usr/bin
;Umask to set, specify in octal notation umask=0077
; Minimum UID min_uid=100
; Minimum GID min_gid=100 [handlers]
;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts x-suphp-cgi="execute:!self"[/code]
This is all what i have done.
[code]grep ^User /etc/httpd/conf/httpd.conf[/code]
[code]User apache[/code]
[code]ps -o user,cmd -p $(pidof httpd)[/code]
[quote]USER CMD root /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd[/quote]
All your help is appreciated. I am going to use it in live server.
Thanks
[Moderator edit: Attempt to fix ridiculously long lines and restore formatting lost due to use of brain-damaged [i]code[/i] widget.]
SuPHP Install and security fixing
Posted: 2011/11/30 18:45:06
by pschaff
I can't make sense of what you have done, but [url=http://wiki.centos.org/AdditionalResources/Repositories/RPMForge]RPMforge repo[/url] has mod_suphp-0.7.1-1.el6.rf.