Nemesida AI MLC | Nemesida WAF

Not used in Nemesida WAF Community Edition.

Before installing Nemesida WAF components, add repository information to the system:

# apt install apt-transport-https gnupg2 curl

# echo "deb https://nemesida-security.com/repo/nw/debian bullseye non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# curl -s https://nemesida-security.com/repo/nw/gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/trusted.gpg --import
# chmod 644 /etc/apt/trusted.gpg.d/trusted.gpg
# apt update && apt upgrade

# echo "deb https://nemesida-security.com/repo/nw/debian bookworm nwaf" > /etc/apt/sources.list.d/NemesidaWAF.list
# curl -s https://nemesida-security.com/repo/nw/gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/trusted.gpg --import
# chmod 644 /etc/apt/trusted.gpg.d/trusted.gpg
# apt update && apt upgrade

# apt install apt-transport-https gnupg2 curl

# echo "deb [arch=amd64] https://nemesida-security.com/repo/nw/ubuntu focal non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# wget -O- https://nemesida-security.com/repo/nw/gpg.key | apt-key add -
# apt update && apt upgrade

# echo "deb [arch=amd64] https://nemesida-security.com/repo/nw/ubuntu jammy non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# curl -s https://nemesida-security.com/repo/nw/gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/trusted.gpg --import
# chmod 644 /etc/apt/trusted.gpg.d/trusted.gpg 
# apt update && apt upgrade

# rpm -Uvh https://nemesida-security.com/repo/nw/centos/nwaf-release-centos-7-1-6.noarch.rpm
# yum update
# yum install epel-release

# rpm -Uvh https://nemesida-security.com/repo/nw/centos/nwaf-release-centos-8-1-6.noarch.rpm
# dnf update
# dnf install epel-release

# rpm -Uvh https://nemesida-security.com/repo/nw/centos/nwaf-release-centos-9-1-6.noarch.rpm
# dnf update
# dnf install epel-release

The Nemesida AI module consists of Nemesida AI MLA modules (is included in the installation package of the Nemesida WAF module) and Nemesida AI MLC, whose interaction is possible in normal mode (modules operate on the same server) and mode “dot-multipoint” (the Nemesida AI MLC module operates on a dedicated server).

Python pip packages
For machine learning modules to work correctly, it is necessary to use unified versions of Python3 pip packages on servers with Nemesida AI MLA and Nemesida AI MLC installed.

During analyse requests against their schema matching in OpenAPI format, all integer data formats are treated as type integer.

Installation

# apt install python3 python3-venv python3-pip python3-dev python3-setuptools libc6-dev rabbitmq-server gcc memcached

# apt install python3 python3-venv python3-pip python3-dev python3-setuptools libc6-dev rabbitmq-server gcc memcached

# apt install nwaf-mlc

# apt install python3 python3-venv python3-pip python3-dev python3-setuptools libc6-dev rabbitmq-server gcc memcached

# apt install python3 python3-venv python3-pip python3-dev python3-setuptools libc6-dev rabbitmq-server gcc memcached

# apt install nwaf-mlc

# yum update
# yum install centos-release-scl
# yum install rh-python38 rh-python38-python-pip rh-python38-python-devel rh-python38-python-setuptools gcc rabbitmq-server memcached
# yum install nwaf-mlc

[rabbitmq_erlang]
name = rabbitmq_erlang
baseurl = https://packagecloud.io/rabbitmq/erlang/el/8/$basearch
repo_gpgcheck = 0
gpgcheck = 0
enabled = 1

[rabbitmq_server]
name = rabbitmq_server
baseurl = https://packagecloud.io/rabbitmq/rabbitmq-server/el/8/$basearch
repo_gpgcheck = 0
gpgcheck = 0
enabled = 1

# dnf update
# dnf install rabbitmq-server

# systemctl enable rabbitmq-server
# service rabbitmq-server restart
# service rabbitmq-server status

# dnf install gcc python39 python39-devel python39-setuptools python39-pip memcached
# dnf install nwaf-mlc

# dnf install dnf-utils
# dnf install centos-release-rabbitmq-38
# dnf install rabbitmq-server

# systemctl enable rabbitmq-server
# service rabbitmq-server restart
# service rabbitmq-server status

# dnf install gcc python3 python3-devel python3-setuptools python3-pip memcached
# dnf install nwaf-mlc

Pre-setup

For the correct operation of the Nemesida AI MLC module, a connection to the RabbitMQ installed on the filtering node is required. To do this, follow these steps on the server with the filtering node:

1. Allow access to RabbitMQ via the Nginx web server. To do this, add the appropriate entries to the /etc/nginx/nginx.conf file:

stream {
    server {
        listen 5673;
        proxy_pass 127.0.0.1:5672;
        allow x.x.x.x;
        deny all;
    }
}

where x.x.x.x — the IP address of the server where Nemesida AI MLC is installed.

2. Restart Nginx:

# nginx -t && service nginx reload

3. Allow access from the server on which the Nemesida AI MLC module is installed to the server with a filtering node on port 5673 (TCP).

Initial setup

After installing the module, it is necessary to make the initial configuration. The configuration file /opt/mlc/mlc.conf contains a list of available parameters of the Nemesida AI MLC module, which cannot be configured using Nemesida WAF Cabinet or API.

nwaf_license_key = 1234567890

sys_proxy=http://proxy.example.com:3128

sys_proxy=http://<user>:<password>@proxy.example.com:3128

api_proxy=http://proxy.example.com:3128

api_proxy=http://<user>:<password>@proxy.example.com:3128

rmq_host = guest:guest@192.168.0.1:5673 guest:guest@192.168.0.2:5673

rmq_host = ssl://guest:guest@example.com:5673

rmq_host_local = guest:guest@127.0.0.1

After making changes, restart the server or restart the service and check its operation:

# systemctl restart mlc_main rabbitmq-server memcached
# systemctl status mlc_main rabbitmq-server memcached

After the initial configuration of the module, you must check for errors in the component operation event logs /var/log/nwaf/mlc.log.

Managing settings using WebApp and API

To manage the settings of the Nemesida AI MLC settings, use Nemesida WAF Cabinet or API.

Additional information

For the component to work correctly, the following files and directories are located on the server:

• /opt/mlc/mlc.conf – configuration file that allows you to perform the initial configuration of the component;
• /opt/mlc/ml/ – the directory that contains:
  • all the behavioral models created by Nemesida AI MLC (files .ml);
  • training samples for the time of creating a behavioral model (files .db);
  • backups of the training sample used for retraining the behavioral model (backup directory);
  • requests (file mt.json), exported via the Nemesida WAF Cabinet;
  • files used by Nemesida AI MLC for automatic generation of specifications in the OpenAPI format (files openapi_*.json).

Filtering node

1. Allow access to RabbitMQ via the Nginx web server. To do this, add the appropriate entries to the /etc/nginx/nginx.conf file:

stream {
    server {
        listen 5673;
        proxy_pass 127.0.0.1:5672;
        allow x.x.x.x;
        deny all;
    }
}

where x.x.x.x — the IP address of the server where Nemesida AI MLC is installed.

2. Restart Nginx:

# nginx -t && service nginx reload

3. Allow access from the server on which the Nemesida AI MLC module is installed to the server with a filtering node on port 5673 (TCP).

Nemesida AI MLC

1. Move the /opt/mlc/mlc.conf file to the /opt/mlc/conf directory, rename it (for example, server-1.conf) and update the settings, including the connection settings to the RabbitMQ server located on the filtering node:

...
rmq_host = guest:guest@x.x.x.x:5673
...

or (if more than 1 filtering nodes is used in the virtual cluster Nemesida WAF):

...
rmq_host = guest:guest@x.x.x.x:5673 guest:guest@y.y.y.y:5673
...

where x.x.x.x/y.y.y.y are the IP addresses of the filtering nodes.

2. Restart the service:

# systemctl restart mlc_main
# systemctl status mlc_main

After configuration, you must check the error information contained in the component’s event logs for each server, for example: /var/log/nwaf/server-1/mlc.log.