SuPHP Install and security fixing

Issues related to applications and software problems
agriz
Posts: 267
Joined: 2011/11/19 15:17:40

SuPHP Install and security fixing

Post by agriz » 2011/11/27 15:05:35

Hi

SuPHP says "It provides security, because the PHP scripts are not run with the rights of the webserver's user."

In security wise : I have only root user now. How do i create an normal linux user and assign SuPHP to that user group?

How do i install SuPHP?

yum install suphp is returning no package found in centos 6

Thanks

w3bservice
Posts: 29
Joined: 2008/04/20 21:01:10
Contact:

Re: SuPHP Install and security fixing

Post by w3bservice » 2011/11/27 15:45:34

rebuild this package

could not upload zip !

Sorry.

[img]http://www.w3bservice.de/images/compu-ente/Bildschirmfoto-402.png[/img]

Here the package

[url=http://www.w3bservice.de/images/compu-ente/src-rpm-mod_suPHP.zip]suPHP src.rpm[/url]

agriz
Posts: 267
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Post by agriz » 2011/11/27 18:18:13

Can i install it using yum?
How to configure it to work with apache (httpd) ?

Thanks

agriz
Posts: 267
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Post by agriz » 2011/11/27 19:34:32

I got the file from suphp.org using wget
I have extracted the tar in tmp

I am not able to configure it
Can you help in installing and configuring it with httpd?

Thanks

w3bservice
Posts: 29
Joined: 2008/04/20 21:01:10
Contact:

Re: SuPHP Install and security fixing

Post by w3bservice » 2011/11/27 21:55:27

you can get the binary rpm from my server

[url=http://www.w3bservice.de/images/compu-ente/mod_suphp-0.7.1-2.el6.i686.rpm]mod_suphp-0.7.1-2.el6.i686.rpm[/url]

[url=http://www.howtoforge.com/perfect-server-centos-6.0-x86_64-ispconfig-3]Perfectserver ISP-Config 3 CentOS 6[/url]

My rpm install with yum localinstall mod_suphp-0.7.1-2.el6.i686.rpm --nogpgcheck and yum is resolving the depencies.

agriz
Posts: 267
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Post by agriz » 2011/11/28 08:15:51

I am sorry. I didn't get properly. I am a newbie. I just wanted to secure the server.
Perfect Server is using ISPCONFIG. I haven't planned to use any cpanel

Just ftp and phpmyadmin is enough for me.

Is there any tutorial where i can find the installation and configuration of SuPhp?

Thanks

agriz
Posts: 267
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Post by agriz » 2011/11/28 16:36:44

I just installed suphp.
But after restarting apache (service httpd restart)

I got the following error.

Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.d/suphp.conf: Cannot load /etc/httpd/modules/mod_suphp.so into server: /etc/httpd/modules/mod_suphp.so: cannot open shared object file: No such file or directory

How to fix this?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SuPHP Install and security fixing

Post by TrevorH » 2011/11/28 16:41:33

What architecture are you using? The link that was posted was to an i686 RPM and /etc/httpd/modules is a symlink to ../../usr/lib64/httpd/modules on my 64 bit system so would not work. If you have a 64 bit install then you will need a 64 bit RPM to match it.

agriz
Posts: 267
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Post by agriz » 2011/11/29 05:49:57

Please note that mod_suphp was developped for Apache 1.3.2x and Apache
2.0.x. It might not work with other version.

I am using httpd 2.2.x

This is what i have done so far.
It will be great if you can guide me from this.

[code]wget http://www.suphp.org/download/suphp-0.7.1.tar.gz[/code]
[code]tar -xzvf suphp-0.7.1.tar.gz[/code]
[code]cd suphp-0.7.1[/code]
[code]./configure --prefix=/usr/ --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache \
--with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes[/code]
[code]make && make install[/code]

Then, I added two config files in the following directory.

[code]/etc/httpd/conf.d/suphp.conf[/code]
[code]LoadModule suphp_module modules/mod_suphp.so[/code]

[code]/etc/suphp.conf[/code]
[code]
[global] ;Path to logfile logfile=/var/log/httpd/suphp.log
;Loglevel loglevel=info
;User Apache is running as webserver_user=apache
;Path all scripts have to be in docroot=/
;Path to chroot() to before executing script ;chroot=/mychroot
; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true
;Send minor error messages to browser errors_to_browser=false
;PATH environment variable env_path=/bin:/usr/bin
;Umask to set, specify in octal notation umask=0077
; Minimum UID min_uid=100
; Minimum GID min_gid=100 [handlers]
;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts x-suphp-cgi="execute:!self"[/code]

This is all what i have done.

[code]grep ^User /etc/httpd/conf/httpd.conf[/code]
[code]User apache[/code]

[code]ps -o user,cmd -p $(pidof httpd)[/code]
[quote]USER CMD root /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd[/quote]

All your help is appreciated. I am going to use it in live server.
Thanks
[Moderator edit: Attempt to fix ridiculously long lines and restore formatting lost due to use of brain-damaged [i]code[/i] widget.]

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

SuPHP Install and security fixing

Post by pschaff » 2011/11/30 18:45:06

I can't make sense of what you have done, but [url=http://wiki.centos.org/AdditionalResources/Repositories/RPMForge]RPMforge repo[/url] has mod_suphp-0.7.1-1.el6.rf.

Post Reply