This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Release with php 7 compatibility
#11
RE: Release with php 7 compatibility
Last Update : I pull the EulogySnowfall-fedora-php7 branch to my master

So use that one instead to download my last installer version.

https://raw.githubusercontent.com/Eulogy...install.sh

I also did a master pull request to sentora. They will be able to accept once tests are done.

I don't think that one will really move except if we find typo or late tests bugs.

I'm starting a new security branch for now.
Reply
Thanks given by:
#12
RE: Release with php 7 compatibility
As I can see until today:

https://github.com/sektioneins/suhosin7/releases

Suhosin 7 have no official releases.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:
#13
RE: Release with php 7 compatibility
Yeah I know, it's pre-alpha.

I just tried it out under php 7.0 distribution base (Ubuntu 16.04 and Fedora 25). I hoped to get something works, it was the case when I started to work on the project 2 weeks ago, but now probably something changed in the last php release.

However, if we want to evoluate and be compatible php 7, we need to find an alternative to Suhosin.

It's the reason why I'm working on a base security mod_security + fail2ban instead suhosin, at least for the php 7.x version.

We will continue to talk about that in the security discussion.

Eulogy
Reply
Thanks given by:
#14
RE: Release with php 7 compatibility
It actually surprises me how there aren't more projects like Suhosin available. It is a BIG World after all LOL
-TGates - Head of Support

SEARCH the Forums or read the DOCUMENTATION before posting!
Modules Maintained: 13 - Module Installs: 108k+

Find my support or modules helpful? Donate HERE
Get your domains using my affiliate link:
GoDaddy - Domains
Reply
Thanks given by:
#15
RE: Release with php 7 compatibility
Effectively, we don't have a lot of choice as open source web firewall. I'm working for a Canadian hosting company, and we use Mod_security as web firewall layer like 80% of current web hosting.

The avantage of Suhosin on Mod_security, it's because Suhosin do almost a great job without any painful setting and optimization. All you need to do, it's disable some functions and Suhosin does what remain. or almost. The problem with Suhosin, it's because the main developer looks to don't continu the project. At least we have low support and update. It's the reason why I'm working on a project base with Mod_security, fail2ban and the OWASP ModSecurity Core Rule Set. A scalables core rule set with possibility of cron update. All compatible with Fast-cgi, apache and php 7.x . I'm on right optimization and customisation for the Mod_sec rules for Sentora. I'm working on php 7.0.19 without Suhosin.

This is what we need for involve the security of Sentora on the next version :

- Taking off zsudo from the code architecture;
- Put all bases passwords encrypted in the mysql Database;
- Change Suhosin for a customized Mod_security for evolution and compatibility;
- Change the input for ssl.conf for the vhost;
- incorporate a module with Let's Encrypt for give the possibility to the users to install a Free SSL through the interface.

With these ameliorations, I think Sentora can gain in popularity. Because one of the biggest critic about Sentora, his about his security leak.

Eulogy.
Reply
Thanks given by:


Possibly Related Threads...
Thread Author Replies Views Last Post
1.0.4 release Me.B 17 2,504 Yesterday, 07:29 AM
Last Post: TGates

Forum Jump:


Users browsing this thread: 1 Guest(s)