Nemesida WAF Scanner | Nemesida WAF

The installation and setup guide of Nemesida WAF Scanner module, which is intended to detect vulnerabilities in the protected web application.

Nemesida WAF Scanner setup

The Nemesida WAF Scanner module is designed to detect web vulnerabilities in protected web applications. For correct work of the Nemesida WAF Scanner module, you need to provide access to the web application bypassing the Nemesida WAF.

To get information about vulnerabilities, the Nemesida Vulnerability API is used, and information about detected vulnerabilities is transmitted to the Personal Account using the Nemesida WAF API. The information transmitted by Nemesida WAF Scanner when accessing the Nemesida Vulnerability API can be transferred to third-party vulnerability databases.

Module installation on the server:

DebianUbuntuCentOSDocker

# apt install apt-transport-https gnupg2 curl

Debian 10

# echo "deb https://nemesida-security.com/repo/nw/debian buster non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# wget -O- https://nemesida-security.com/repo/nw/gpg.key | apt-key add -
# apt update && apt upgrade

Debian 11

# echo "deb https://nemesida-security.com/repo/nw/debian bullseye non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# curl -s https://nemesida-security.com/repo/nw/gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/trusted.gpg --import
# chmod 644 /etc/apt/trusted.gpg.d/trusted.gpg
# apt update && apt upgrade

# apt install python3-pip python3-venv python3-dev postgresql-server-dev-all dmidecode
# apt install nwaf-scanner

The following PIP packages are additionally installed during module installation:
wheel beautifulsoup4 chardet psutil psycopg2 pyparsing PyYAML requests soupsieve termcolor

# apt install apt-transport-https gnupg2 curl

Ubuntu 20.04

# echo "deb [arch=amd64] https://nemesida-security.com/repo/nw/ubuntu focal non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# wget -O- https://nemesida-security.com/repo/nw/gpg.key | apt-key add -
# apt update && apt upgrade
# apt install python3-pip python3-venv python3-dev postgresql-server-dev-all dmidecode

Ubuntu 22.04

# echo "deb [arch=amd64] https://nemesida-security.com/repo/nw/ubuntu jammy non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# curl -s https://nemesida-security.com/repo/nw/gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/trusted.gpg --import
# chmod 644 /etc/apt/trusted.gpg.d/trusted.gpg 
# apt update && apt upgrade
# apt install python3-pip python3-venv python3-dev postgresql-server-dev-all dmidecode

# apt install nwaf-scanner

The following PIP packages are additionally installed during module installation:
wheel beautifulsoup4 chardet psutil psycopg2 pyparsing PyYAML requests soupsieve termcolor

Configure the SELinux policy or deactivate it with the command:

# setenforce 0

then bring the file /etc/selinux/config to the form:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

CentOS 8 Stream

Connect additional repositories and install the necessary dependencies:

# rpm -Uvh https://nemesida-security.com/repo/nw/centos/nwaf-release-centos-8-1-6.noarch.rpm
# dnf update
# dnf install python39 python39-pip gcc python39-devel postgresql-devel
# dnf install nwaf-scanner

CentOS 9 Stream

Connect additional repositories and install the necessary dependencies:

# rpm -Uvh https://nemesida-security.com/repo/nw/centos/nwaf-release-centos-9-1-6.noarch.rpm
# dnf update
# dnf install python3 python3-pip gcc python3-devel postgresql-devel
# dnf install nwaf-scanner

The following PIP packages are additionally installed during module installation:
wheel beautifulsoup4 chardet psutil psycopg2 pyparsing PyYAML requests soupsieve termcolor

Information about using Nemesida WAF in a Docker container is available in the corresponding section.

Add the necessary changes to the main configuration file /opt/nws/main.conf to set up the module.

main.conf settings

Default parameters

Parameter description

[main]

Main section.

nwaf_license_key

Parameter for specifying the license key of the Nemesida WAF Scanner module. In case the license key is not detected or is invalid, the module launch will end with the corresponding error.

sys_proxy

Configure of the proxy server address for accessing to nemesida-security.com:443 (checking of the license key, accessing with Nemesida Vulnerability API).

For example:

sys_proxy = http://proxy.example.com:3128

It is allowed to use authentication parameters when using a proxy server.

Example:

sys_proxy = http://<user>:<password>@proxy.example.com:3128

api_proxy

Configure of the proxy server address for accessing to Nemesida WAF API.

For example:

api_proxy = http://proxy.example.com:3128

It is allowed to use authentication parameters when using a proxy server.

Example:

api_proxy = http://<user>:<password>@proxy.example.com:3128

api_host

Configure of API address for sending the scanning results into Nemesida WAF API.

For example:

api_host = http://localhost:8080

verbose

The activation/deactivation parameter for displaying error information in to console.

[recheck]

Check vulnerabilities using Nemesida WAF Cabinet.

enable

The activation/deactivation parameter.

db_name
db_user
db_pass
db_host
db_port

Parameters of connecting to Nemesida WAF Cabinet database.

For setting scanning parameters in directory /opt/nws/conf/ create file(s) with extension conf. For every web application it is necessary to create individual configuration file.

Configuration file example.conf

Default parameters

Parameter description

[scan]

Main section.

target

Web application address.

For example:

target = example.com

target = example.com:85

ssl

Connection activation/deactivation with using SSL/TLS request to the web application.

For example:

ssl = false

scan_proxy

Proxy server address for requests to the web application.

For example:

scan_proxy = http://proxy.example.com:3128

It is allowed to use authentication parameters when using a proxy server.

Example:

scan_proxy = http://<user>:<password>@proxy.example.com:3128

[auth]

Authorization section.

auth_uri

Web application page address for the authorization. It’s allowed to use URI.

For example:

auth_uri = /login

auth_uri = https://example.com/login

Username and password for authorization.

For example:

login = your_login

password = your_password

If the web application uses non-standard names of username/password fields (for example, username and password), then the parameters login and password must be replaced with them.

For example:

username = your_login

password = your_password

Other information

During the Nemesida WAF Scanner operation the information about errors is contained in the run-time journal of the module /var/log/nwaf/nws.log.