This tutorial shows how to harden PHP5 with Suhosin on Debian Etch and Ubuntu servers. [...] This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
They start with the initial install of Apache2 and PHP5 (via apt-get) to get the stage set. Building on that is simple - making another apt-get call to pull in the PHP binaries, a wget to grab the latest Suhosin patch, and you're just a few dpkg-buildpackage commands away from having a working setup. Check out the project's configuration page to get more details on tweaking the setup.