The installation and setup guide of Nemesida WAF API module, which is intended for receiving information about attacks and identified vulnerabilities.
The domain name example.com and subdomains in the guide is used as an example.
Nemesida WAF API is intended to transfer information from the Nemesida WAF modules (blocked requests, detected vulnerabilities, operation status of machine learning module) to the PostgreSQL database for subsequent integration with different services, such as Nemesida WAF Cabinet, SIEM class systems, etc.
To install Nemesida WAF API, you must perform the following steps:
1. Allow access to https://nemesida-security.com
.
2. Install the module:
# apt install apt-transport-https
# wget -O- https://repository.pentestit.ru/nw/gpg.key | apt-key add - # apt update && apt upgrade # apt install python3-pip python3-dev python3-venv nginx postgresql-server-dev-all memcached # apt install nwaf-api
Installation of niginx will be done automatically with the creation of a virtual host in the /etc/nginx/conf.d/
directory. Upon completion of the installation, rename the virtual host configuration file nwaf-api.conf.disabledin nwaf-api.conf
and restart nginx
.
For security it is recommended to allow requests to Nemesida WAF API from servers with Nemesida WAF, Nemesida AI and Nemesida WAF Scanner only.
Install and configure the PostgreSQL:
# apt install postgresql
Create database, user and password to connect Nemesida WAF API module:
# su - postgres -c "psql -c \"CREATE DATABASE waf;\"" # su - postgres -c "psql -c \"CREATE ROLE nw_api PASSWORD 'YOUR_PASSWORD';\"" # su - postgres -c "psql -c \"GRANT ALL ON DATABASE waf to nw_api;\"" # su - postgres -c "psql -c \"ALTER ROLE nw_api WITH LOGIN;\""
Create database, user and password to connect Nemesida WAF Cabinet module:
# su - postgres -c "psql -c \"CREATE DATABASE cabinet;\"" # su - postgres -c "psql -c \"CREATE ROLE nw_cabinet PASSWORD 'YOUR_PASSWORD';\"" # su - postgres -c "psql -c \"GRANT ALL ON DATABASE cabinet to nw_cabinet;\"" # su - postgres -c "psql -c \"ALTER ROLE nw_cabinet WITH LOGIN;\""
# apt install apt-transport-https
# apt install nwaf-api
Installation of niginx will be done automatically with the creation of a virtual host in the /etc/nginx/conf.d/
directory. Upon completion of the installation, rename the virtual host configuration file nwaf-api.conf.disabledin nwaf-api.conf
and restart nginx
.
For security it is recommended to allow requests to Nemesida WAF API from servers with Nemesida WAF, Nemesida AI and Nemesida WAF Scanner only.
Install and configure the PostgreSQL:
# apt install postgresql
Create database, user and password to connect Nemesida WAF API module:
# su - postgres -c "psql -c \"CREATE DATABASE waf;\"" # su - postgres -c "psql -c \"CREATE ROLE nw_api PASSWORD 'YOUR_PASSWORD';\"" # su - postgres -c "psql -c \"GRANT ALL ON DATABASE waf to nw_api;\"" # su - postgres -c "psql -c \"ALTER ROLE nw_api WITH LOGIN;\""
Create database, user and password to connect Nemesida WAF Cabinet module:
# su - postgres -c "psql -c \"CREATE DATABASE cabinet;\"" # su - postgres -c "psql -c \"CREATE ROLE nw_cabinet PASSWORD 'YOUR_PASSWORD';\"" # su - postgres -c "psql -c \"GRANT ALL ON DATABASE cabinet to nw_cabinet;\"" # su - postgres -c "psql -c \"ALTER ROLE nw_cabinet WITH LOGIN;\""
# setenforce 0
then bring the file /etc/selinux/config
to the form:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
3. Allow access:
– to the server https://nemesida-security.com
;
– to the server Memcached 127.0.0.1:11211
;
– to the server with PostgreSQL.
4. Create a database structure:
# cat /var/www/nw-api/api.sql | su postgres -c "psql waf"
Make the necessary changes to the /var/www/nw-api/settings.py
file to connect to the PostgreSQL, where:
DB_HOST
– is the Database address;
DB_PASS
– is the nw_api user password specified in claim 1 for connecting to the Database;
PROXY
– proxy server address (if used) to connect to nemesida-secuirty.com.
5. Restart the server and test the module:
# systemctl status nw-api
1. On the server with the Nemesida WAF module installed, change the configuration file /etc/nginx/nwaf/conf/global/nwaf.conf
, bring the parameter to the form:
nwaf_api_conf host=http://nwaf-api.example.com:8080 ...
where nwaf-api.example.com:8080
is the address and port of the server where the Nemesida WAF API module is installed.
2. On the server with the Nemesida AI MLC module installed, change the configuration file /opt/mlc/mlc.conf
, bring the parameter to the form:
api_host = http://nwaf-api.example.com:8080/
3. After making changes, you must restart the services or restart the server.
Other information
During the Nemesida WAF API operation the information about errors is contained in the run-time journals of the module /var/log/uwsgi/app/*.log
.
Information about events entering the Nemesida WAF API module is placed in the waf
database in the attack
, ml
and scan_report
tables.
The rldscupd service
The rldscupd
service is designed to get missing anomaly descriptions from the nemesida-security.com
server.