SuPHP Install and security fixing

Issues related to applications and software problems

SuPHP Install and security fixing

Postby agriz » 2011/11/27 15:05:35

Hi

SuPHP says "It provides security, because the PHP scripts are not run with the rights of the webserver's user."

In security wise : I have only root user now. How do i create an normal linux user and assign SuPHP to that user group?

How do i install SuPHP?

yum install suphp is returning no package found in centos 6

Thanks
agriz
 
Posts: 174
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Postby w3bservice » 2011/11/27 15:45:34

rebuild this package

could not upload zip !

Sorry.

[img]http://www.w3bservice.de/images/compu-ente/Bildschirmfoto-402.png[/img]

Here the package

suPHP src.rpm
w3bservice
 
Posts: 29
Joined: 2008/04/20 21:01:10

Re: SuPHP Install and security fixing

Postby agriz » 2011/11/27 18:18:13

Can i install it using yum?
How to configure it to work with apache (httpd) ?

Thanks
agriz
 
Posts: 174
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Postby agriz » 2011/11/27 19:34:32

I got the file from suphp.org using wget
I have extracted the tar in tmp

I am not able to configure it
Can you help in installing and configuring it with httpd?

Thanks
agriz
 
Posts: 174
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Postby w3bservice » 2011/11/27 21:55:27

you can get the binary rpm from my server

mod_suphp-0.7.1-2.el6.i686.rpm

Perfectserver ISP-Config 3 CentOS 6

My rpm install with yum localinstall mod_suphp-0.7.1-2.el6.i686.rpm --nogpgcheck and yum is resolving the depencies.
w3bservice
 
Posts: 29
Joined: 2008/04/20 21:01:10

Re: SuPHP Install and security fixing

Postby agriz » 2011/11/28 08:15:51

I am sorry. I didn't get properly. I am a newbie. I just wanted to secure the server.
Perfect Server is using ISPCONFIG. I haven't planned to use any cpanel

Just ftp and phpmyadmin is enough for me.

Is there any tutorial where i can find the installation and configuration of SuPhp?

Thanks
agriz
 
Posts: 174
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Postby agriz » 2011/11/28 16:36:44

I just installed suphp.
But after restarting apache (service httpd restart)

I got the following error.

Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.d/suphp.conf: Cannot load /etc/httpd/modules/mod_suphp.so into server: /etc/httpd/modules/mod_suphp.so: cannot open shared object file: No such file or directory

How to fix this?
agriz
 
Posts: 174
Joined: 2011/11/19 15:17:40

Re: SuPHP Install and security fixing

Postby TrevorH » 2011/11/28 16:41:33

What architecture are you using? The link that was posted was to an i686 RPM and /etc/httpd/modules is a symlink to ../../usr/lib64/httpd/modules on my 64 bit system so would not work. If you have a 64 bit install then you will need a 64 bit RPM to match it.
User avatar
TrevorH
Forum Moderator
 
Posts: 9158
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SuPHP Install and security fixing

Postby agriz » 2011/11/29 05:49:57

Please note that mod_suphp was developped for Apache 1.3.2x and Apache
2.0.x. It might not work with other version.

I am using httpd 2.2.x

This is what i have done so far.
It will be great if you can guide me from this.

Code: Select all
wget http://www.suphp.org/download/suphp-0.7.1.tar.gz

Code: Select all
tar -xzvf suphp-0.7.1.tar.gz

Code: Select all
cd suphp-0.7.1

Code: Select all
./configure --prefix=/usr/ --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache \
  --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes

Code: Select all
make && make install


Then, I added two config files in the following directory.

Code: Select all
/etc/httpd/conf.d/suphp.conf

Code: Select all
LoadModule suphp_module modules/mod_suphp.so


Code: Select all
/etc/suphp.conf

Code: Select all
[global] ;Path to logfile logfile=/var/log/httpd/suphp.log
;Loglevel loglevel=info
;User Apache is running as webserver_user=apache
;Path all scripts have to be in docroot=/
;Path to chroot() to before executing script ;chroot=/mychroot
; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true
;Send minor error messages to browser errors_to_browser=false
;PATH environment variable env_path=/bin:/usr/bin
;Umask to set, specify in octal notation umask=0077
; Minimum UID min_uid=100
; Minimum GID min_gid=100 [handlers]
;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts x-suphp-cgi="execute:!self"


This is all what i have done.

Code: Select all
grep ^User /etc/httpd/conf/httpd.conf

Code: Select all
User apache


Code: Select all
ps -o user,cmd -p $(pidof httpd)

USER CMD root /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd apache /usr/sbin/httpd


All your help is appreciated. I am going to use it in live server.
Thanks
[Moderator edit: Attempt to fix ridiculously long lines and restore formatting lost due to use of brain-damaged code widget.]
agriz
 
Posts: 174
Joined: 2011/11/19 15:17:40

SuPHP Install and security fixing

Postby pschaff » 2011/11/30 18:45:06

I can't make sense of what you have done, but RPMforge repo has mod_suphp-0.7.1-1.el6.rf.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Next

Return to CentOS 6 - Software Support

Who is online

Users browsing this forum: markkuk and 11 guests