Nemesida WAF Signtest module installation and setup guide.
1. Install and set packages:
Install and set DBMS PostgreSQL:
# apt install postgresql # su - postgres -c "psql -c \"CREATE DATABASE signtest;\"" # su - postgres -c "psql -c \"CREATE ROLE signtest PASSWORD 'YOUR_PASSWORD';\"" # su - postgres -c "psql -c \"GRANT ALL ON DATABASE signtest to signtest;\"" # su - postgres -c "psql -c \"ALTER ROLE "signtest" WITH LOGIN;;\""
Connect the repository:
# apt install apt-transport-https
Install the packages:
# wget -O- https://repository.pentestit.ru/nw/gpg.key | apt-key add - # apt update && apt upgrade # apt install python3 python3-pip python3-venv python3-dev nginx memcached build-essential libpcre3-dev gcc postgresql-server-dev-all # apt install nwaf-st
Install and set DBMS PostgreSQL:
# apt install postgresql # su - postgres -c "psql -c \"CREATE DATABASE signtest;\"" # su - postgres -c "psql -c \"CREATE ROLE signtest PASSWORD 'YOUR_PASSWORD';\"" # su - postgres -c "psql -c \"GRANT ALL ON DATABASE signtest to signtest;\"" # su - postgres -c "psql -c \"ALTER ROLE "signtest" WITH LOGIN;;\""
# apt install apt-transport-httpsInstall Nemesida WAF Signtest:
# apt install nwaf-st
Install and set DBMS PostgreSQL:
# rpm -Uvh https://repository.pentestit.ru/nw/centos/nwaf-release-centos-7-1-6.noarch.rpm # rpm -Uvh https://yum.postgresql.org/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm # rpm -Uvh https://nginx.org/packages/rhel/7/noarch/RPMS/nginx-release-rhel-7-0.el7.ngx.noarch.rpm # yum install postgresql11-server # /usr/pgsql-11/bin/postgresql-11-setup initdb # sed -i "s|host all all 127.0.0.1/32 ident|host all all 127.0.0.1/32 md5|" /var/lib/pgsql/11/data/pg_hba.conf # sed -i "s|host all all ::1/128 ident|host all all ::1/128 md5|" /var/lib/pgsql/11/data/pg_hba.conf # systemctl start postgresql-11.service # systemctl enable postgresql-11.service # su - postgres -c "psql -c \"CREATE DATABASE signtest;\"" # su - postgres -c "psql -c \"CREATE ROLE signtest PASSWORD 'YOUR_PASSWORD';\"" # su - postgres -c "psql -c \"GRANT ALL ON DATABASE signtest to signtest;\"" # su - postgres -c "psql -c \"ALTER ROLE "signtest" WITH LOGIN;;\""
Install Nemesida WAF Signtest:
# rpm -Uvh https://repository.pentestit.ru/nw/centos/nwaf-release-centos-7-1-6.noarch.rpm # yum install python36 python36-devel nginx memcached pcre pcre-devel gcc postgresql11-devel # yum install nwaf-st
2. Make changes to the file /var/www/signtest/settings.py
3. After changing make migrations:
# cd /var/www/signtest/app/ && . venv/bin/activate && python3 manage.py migrate && deactivate
4. Activate the virtual host:
# mv /etc/nginx/conf.d/signtest.conf.disabled /etc/nginx/conf.d/signtest.conf # nginx -t && service nginx reload
5. Make server’s reboot or services’ restart and check their work:
# systemctl restart signtest_ipinfo signtest_rlupd signtest_web signtest_api # systemctl status signtest_ipinfo signtest_rlupd signtest_web signtest_api
6. For authorization you should create user by command
# cd /var/www/signtest/app/ && . venv/bin/activate && python3 manage.py createsuperuser
For possibility of password reset you should enter Email
To integrate Nemesida WAF Signtest with Nemesida WAF software follow these steps:
1. On the server with installed Nemesida WAF module change the configure file /etc/nginx/nwaf/mla.conf , bring the parameter to the form:
st_uri = http://localhost:8088/nw/st/
2. On the server with installed Nemesida AI MLC module change the configure file /opt/mlc/mlc.conf, bring the parameter to the form:
st_uri = http://localhost:8088/nw/st/
3. After making changes, you must restart the services or restart the server.
localhost:8088is the address and port of the server where the Nemesida WAF Signtest module is installed.
There are following events, which were got from API and machine learning module on the main page:
BT 11 — the request was detected by signature method as an attack, but according to the Nemesida AI module’s decision was unblocked.
BT 12 — the request was blocked by Nemesida AI module and wasn’t detected as an attack by signature method.
BT 13 — the request was blocked by Nemesida AI module and signature method.
Exported events correct the Nemesida AI operation process:
- after the export «False Negative» events will be taken into account as examples of illegitimate request during the current and next training. If the training was finished before the export, it is necessary to make retraining;
- after the export «False Positive» events are taken into account for the current models and the models which will be trained in the future.
If you delete some events, it is necessary to make models’ retraining.
The main page
All events from Nemesida AI are rendered on the main page («Attack») for the next processing.
The search field is available for requests’ filtering. It allows to select requests using occurrence of word(s) and using special operators.
 |
Delete of the tagged records (or all records, if no record was chosen). |
 |
Tables switching («Attack», «False Positive», «False Negative»). |
 |
File-status indicator of the file «rules.bin». |
 |
Request export into the table. |
 |
Delete request. |
 |
Request contain editing with next export into the table. |
 |
Display of extended information about the request. |
 |
Checking the request using signature method. |