On the HowTo Forge website, there's a new tutorial all set to walk you through hardening your PHP5 setup on Debian Etch/Ubuntu with the help of the Suhosin patch.
This tutorial shows how to harden PHP5 with Suhosin on Debian Etch and Ubuntu servers. [...] This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
They start with the initial install of Apache2 and PHP5 (via apt-get) to get the stage set. Building on that is simple - making another apt-get call to pull in the PHP binaries, a wget to grab the latest Suhosin patch, and you're just a few dpkg-buildpackage commands away from having a working setup. Check out the project's configuration page to get more details on tweaking the setup.