Nemesida WAF modules and auxiliary components updating guide.
Components update from the repository installed in the system by package manager (apt, yum or other). Before updating the components, we recommend reading the list of changes in corresponding section.
Backup
Before updating the components, it is recommended to back up the files of the following components:
- Filtering node:
/etc/nginx/nwaf/ca.crt /etc/nginx/nwaf/conf/global/nwaf.conf /etc/nginx/nwaf/conf/global/search-bots.conf /etc/nginx/nwaf/conf/global/db/ /etc/nginx/nwaf/conf/nginx/ /etc/nginx/nwaf/conf/openapi/*.json /etc/nginx/nwaf/ml/*.json
- Nemesida AI MLC
/opt/mlc/mlc.conf /opt/mlc/ca.crt /opt/mlc/ml/*.json /opt/mlc/ml/*.db
- Nemesida WAF API
/var/www/nw-api/settings.py
- Nemesida WAF Cabinet
/var/www/app/cabinet/settings.py
- Nemesida WAF Scanner
/opt/nws/main.conf /opt/nws/conf/*.conf /opt/nws/sys/ca.crt
OS and environment updating
# apt update && apt upgrade -y
# freebsd-update fetch # freebsd-update install # pkg upgrade
There is no mechanism for automatic updating of components of Nemesida WAF, therefore, to update packages, you must manually download them from repository.
Nginx updating
The dynamic module connects to a specific version of Nginx, so when updating the web server to the current version (for example, when updating the Nginx version from 1.22.1 to 1.24.0), reinstalling the package nwaf-dyn is required. To update, you need:
-
Remove package
nwaf-dyn:# apt remove nwaf-dyn-1.22
-
Upgrade Nginx:
# apt update # apt install nginx
-
Install the package
nwaf-dynaccording to the installed version of Nginx:# apt install nwaf-dyn-1.24
where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0
where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0
-
Remove package
nwaf-dyn:# pkg delete nwaf-dyn-1.22
-
Upgrade Nginx:
# freebsd-update fetch # pkg install nginx
-
Install the package
nwaf-dynaccording to the installed version of Nginx:# pkg install -y nwaf-dyn-1.24-5.1-1568.pkg
where 1.24 is the version of Nginx installed, and 5.1-1568 is the version of the nwaf-dyn package.
There is no mechanism for automatic updating of components of Nemesida WAF, therefore, to update packages, you must manually download them from repository.
where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0
PIP dependencies updating
-
Filtering node:
# /usr/share/nwaf/venv/pip_update.sh
-
Nemesida AI MLC:
# /usr/share/nwaf/venv/pip_update.sh
-
Nemesida WAF API:
# /var/www/nw-api/pip_update.sh
-
Nemesida WAF Cabinet:
# /var/www/app/pip_update.sh
-
Nemesida WAF Scanner:
# /opt/nws/pip_update.sh
It is recommended to restart server and check the component’s status after updating:
-
Filtering node:
# systemctl status nginx nwaf_update mla_main rabbitmq-server memcached
-
Nemesida AI MLC:
# systemctl status mlc_main rabbitmq-server memcached
-
Nemesida WAF API:
# systemctl status nw-api nginx memcached
-
Nemesida WAF Cabinet:
# systemctl status cabinet cabinet_ipinfo cabinet_attack_notification cabinet_cleaning_db cabinet_rule_update nginx memcached
-
Nemesida WAF Scanner:
# systemctl status nws
Correction of errors in the components operation
If there are errors in operation, it is recommended to return to the Python3 versions of the PIP dependencies included in the distributive as follows:
-
Nemesida WAF API:
# /var/www/nw-api/venv/bin/python3 -m pip install --no-cache-dir -r /var/www/nw-api/requirements.txt
-
Nemesida WAF Cabinet:
# /var/www/app/venv/bin/python3 -m pip install --no-cache-dir -r /var/www/app/requirements.txt
-
Nemesida WAF Scanner:
# /opt/nws/venv/bin/python3 -m pip install --no-cache-dir -r /opt/nws/requirements.txt