Nemesida WAF modules and auxiliary components updating guide.
Components update from the repository installed in the system by package manager (apt, yum or other). Before updating the components, we recommend reading the list of changes in corresponding section.
Backup
Before updating the components, it is recommended to back up the files of the following components:
- Filtering node:
/etc/nginx/nwaf/ca.crt /etc/nginx/nwaf/conf/global/nwaf.conf /etc/nginx/nwaf/conf/global/search-bots.conf /etc/nginx/nwaf/conf/global/db/ /etc/nginx/nwaf/conf/nginx/ /etc/nginx/nwaf/conf/openapi/*.json /etc/nginx/nwaf/ml/*.json
- Nemesida AI MLC
/opt/mlc/mlc.conf /opt/mlc/ca.crt /opt/mlc/ml/*.json /opt/mlc/ml/*.db
- Nemesida WAF API
/var/www/nw-api/settings.py
- Nemesida WAF Cabinet
/var/www/app/cabinet/settings.py
- Nemesida WAF Scanner
/opt/nws/main.conf /opt/nws/conf/*.conf /opt/nws/sys/ca.crt
OS and environment updating
# apt update && apt upgrade -y
# freebsd-update fetch # freebsd-update install # pkg upgrade
There is no mechanism for automatic updating of components of Nemesida WAF, therefore, to update packages, you must manually download them from repository.
Nginx updating
The dynamic module connects to a specific version of Nginx, so when updating the web server to the current version (for example, when updating the Nginx version from 1.22.1 to 1.24.0), reinstalling the package nwaf-dyn is required. To update, you need:
-
Remove package
nwaf-dyn:# apt remove nwaf-dyn-1.22
-
Upgrade Nginx:
# apt update # apt install nginx
-
Install the package
nwaf-dynaccording to the installed version of Nginx:# apt install nwaf-dyn-1.24
where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0
where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0
-
Remove package
nwaf-dyn:# pkg delete nwaf-dyn-1.22
-
Upgrade Nginx:
# freebsd-update fetch # pkg install nginx
-
Install the package
nwaf-dynaccording to the installed version of Nginx:# pkg install -y nwaf-dyn-1.24-5.1-1568.pkg
where 1.24 is the version of Nginx installed, and 5.1-1568 is the version of the nwaf-dyn package.
There is no mechanism for automatic updating of components of Nemesida WAF, therefore, to update packages, you must manually download them from repository.
where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0
PIP dependencies updating
-
Filtering node:
# /usr/share/nwaf/venv/pip_update.sh
-
Nemesida AI MLC:
# /usr/share/nwaf/venv/pip_update.sh
-
Nemesida WAF API:
# /var/www/nw-api/pip_update.sh
-
Nemesida WAF Cabinet:
# /var/www/app/pip_update.sh
-
Nemesida WAF Scanner:
# /opt/nws/pip_update.sh
It is recommended to restart server and check the component’s status after updating:
-
Filtering node:
# systemctl status nginx rabbitmq-server memcached nwaf_update mla_main api_firewall
-
Nemesida AI MLC:
# systemctl status mlc_main rabbitmq-server memcached
-
Nemesida WAF API:
# systemctl status nw-api rldscupd nginx memcached
-
Nemesida WAF Cabinet:
# systemctl status cabinet cabinet_ipinfo cabinet_attack_notification cabinet_cleaning_db cabinet_rule_update nginx memcached
-
Nemesida WAF Scanner:
# systemctl status nws
Correction of errors in the components operation
If there are errors in operation, it is recommended to return to the Python3 versions of the PIP dependencies included in the distributive as follows:
-
Nemesida WAF API:
# /var/www/nw-api/venv/bin/python3 -m pip install --no-cache-dir -r /var/www/nw-api/requirements.txt
-
Nemesida WAF Cabinet:
# /var/www/app/venv/bin/python3 -m pip install --no-cache-dir -r /var/www/app/requirements.txt
-
Nemesida WAF Scanner:
# /opt/nws/venv/bin/python3 -m pip install --no-cache-dir -r /opt/nws/requirements.txt
- For filtering node:
/etc/nginx/nwaf/ca.crt /etc/nginx/nwaf/conf/global/nwaf.conf /etc/nginx/nwaf/conf/global/search-bots.conf /etc/nginx/nwaf/conf/global/db/ /etc/nginx/nwaf/conf/nginx/ /etc/nginx/nwaf/conf/openapi/*.json /etc/nginx/nwaf/ml/*.json
- For Nemesida AI MLC
/opt/mlc/mlc.conf /opt/mlc/ca.crt /opt/mlc/ml/*.json /opt/mlc/ml/*.db
- For Nemesida WAF API
/var/www/nw-api/settings.py
- For Nemesida WAF Cabinet
/var/www/app/cabinet/settings.py
- For Nemesida WAF Scanner
/opt/nws/main.conf /opt/nws/conf/*.conf /opt/nws/sys/ca.crt
- For filtering node:
# apt remove nwaf-dyn-1.2x # rm -rf /usr/share/nwaf/venv/
where
1.2xis the version of the installed package. - For Nemesida AI MLC
# apt remove nwaf-mlc # rm -rf /usr/share/nwaf/venv/
- For Nemesida WAF API
# apt remove nwaf-api # rm -rf /var/www/nw-api/venv
- For Nemesida WAF Cabinet
# apt remove nwaf-cabinet # rm -rf /var/www/app/venv
- For Nemesida WAF Scanner
# apt remove nwaf-scanner # rm -rf /opt/nws/venv/
- For filtering node:
/etc/nginx/nwaf/ca.crt /etc/nginx/nwaf/conf/global/nwaf.conf /etc/nginx/nwaf/conf/global/search-bots.conf /etc/nginx/nwaf/conf/global/db/ /etc/nginx/nwaf/conf/nginx/ /etc/nginx/nwaf/conf/openapi/*.json /etc/nginx/nwaf/ml/*.json
- For Nemesida AI MLC
/opt/mlc/mlc.conf /opt/mlc/ca.crt /opt/mlc/ml/*.json /opt/mlc/ml/*.db
- For Nemesida WAF API
/var/www/nw-api/settings.py
- For Nemesida WAF Cabinet
/var/www/app/cabinet/settings.py
- For Nemesida WAF Scanner
/opt/nws/main.conf /opt/nws/conf/*.conf /opt/nws/sys/ca.crt
Updating Nemesida WAF components on legacy OS
For some components of Nemesida WAF, support for legacy OS has been completed (Debian 10, Ubuntu 16.04, etc.), so the current versions of packages for these OS are no longer available. We always recommend installing the latest version of the Nemesida WAF packages, which require compatible operating systems to install. If Nemesida WAF is installed on unsupported OS versions, then follow these steps to update:
2. Delete the installed Nemesida WAF package and the virtual environment directory (if used):
3. Clear the contents of the file /etc/apt/sources.list.d/NemesidaWAF.list with information about the Nemesida WAF repositories;
4. Perform a complete system update in accordance with the instructions for updating the OS and environment;
5. Add information about the Nemesida WAF repository in accordance with the OS version;
6. Install the necessary Nemesida WAF package in accordance with guide.
2. Delete the installed Nemesida WAF package and the virtual environment directory (if used):
3. Clear the contents of the file /etc/yum.repos.d/NemesidaWAF.list with information about the Nemesida WAF repositories;
4. Perform a complete system update in accordance with the instructions for updating the OS and environment;
5. Add information about the Nemesida WAF repository in accordance with the OS version;
6. Install the necessary Nemesida WAF package in accordance with guide.