Nemesida WAF modules and auxiliary components updating guide.

Nemesida WAF components updating
To keep the Nemesida WAF components up to date, it is recommended to install updates in a timely manner. In addition to the system environment, auxiliary pip dependencies are required for the components to work.

Components update from the repository installed in the system by package manager (apt, yum or other). Before updating the components, we recommend reading the list of changes in corresponding section.

Backup

Before updating the components, it is recommended to back up the files of the following components:

  • Filtering node:
    /etc/nginx/nwaf/ca.crt
    /etc/nginx/nwaf/conf/global/nwaf.conf
    /etc/nginx/nwaf/conf/global/search-bots.conf
    /etc/nginx/nwaf/conf/global/db/
    /etc/nginx/nwaf/conf/nginx/
    /etc/nginx/nwaf/conf/openapi/*.json
    /etc/nginx/nwaf/ml/*.json
    
  • Nemesida AI MLC
    /opt/mlc/mlc.conf
    /opt/mlc/conf/*.conf
    /opt/mlc/ca.crt
    /opt/mlc/ml/*.json
    /opt/mlc/ml/*.db
    
  • Nemesida WAF API
    /var/www/nw-api/settings.py
    
  • Nemesida WAF Cabinet
    /var/www/app/cabinet/settings.py
    
  • Nemesida WAF Scanner
    /opt/nws/main.conf
    /opt/nws/conf/*.conf
    /opt/nws/sys/ca.crt
    

OS and environment updating

Debian, UbuntuRHEL
# apt update && apt upgrade -y
RHEL 8 and derivatives
# dnf update && dnf upgrade -y
RHEL 9 and derivatives
# dnf update && dnf upgrade -y

Nginx updating

The dynamic module connects to a specific version of Nginx, so when updating the web server to the current version (for example, when updating the Nginx version from 1.22.1 to 1.26.0), reinstalling the package nwaf-dyn is required. To update, you need:

Debian, UbuntuRHEL
Remove package nwaf-dyn:

# apt remove nwaf-dyn-1.22

Upgrade Nginx:

# apt update
# apt install nginx

Install the package nwaf-dyn according to the installed version of Nginx:

# apt install nwaf-dyn-1.26

where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.26 – the version intended for the installed version of Nginx 1.26.0

Remove package nwaf-dyn:

# dnf remove nwaf-dyn-1.22

Upgrade Nginx:

# dnf update
# dnf install nginx

Install the package nwaf-dyn according to the installed version of Nginx:

# dnf install nwaf-dyn-1.26

where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.26 – the version intended for the installed version of Nginx 1.26.0

Pip dependencies updating

  • Filtering node:

    # /usr/share/nwaf/venv/pip_update.sh
    
  • Nemesida AI MLC:

    # /usr/share/nwaf/venv/pip_update.sh
    
  • Nemesida WAF API:

    # /var/www/nw-api/pip_update.sh
    
  • Nemesida WAF Cabinet:

    # /var/www/app/pip_update.sh
    
  • Nemesida WAF Scanner:

    # /opt/nws/pip_update.sh
    

It is recommended to restart server and check the component’s status after updating:

  • Filtering node:

    # systemctl status nginx rabbitmq-server memcached nwaf_update mla_main api_firewall
    
  • Nemesida AI MLC:

    # systemctl status mlc_main rabbitmq-server memcached
    
  • Nemesida WAF API:

    # systemctl status nw-api rldscupd nginx memcached
    
  • Nemesida WAF Cabinet:

    # systemctl status cabinet cabinet_ipinfo cabinet_attack_notification cabinet_cleaning_db cabinet_rule_update nginx memcached
    
  • Nemesida WAF Scanner:

    # systemctl status nws
    

Correction of errors in the components operation

If there are errors in operation, it is recommended to return to the Python3 versions of the pip dependencies included in the distributive as follows:

  • Nemesida WAF API:

    # /var/www/nw-api/venv/bin/python3 -m pip install --no-cache-dir -r /var/www/nw-api/requirements.txt
    
  • Nemesida WAF Cabinet:

    # /var/www/app/venv/bin/python3 -m pip install --no-cache-dir -r /var/www/app/requirements.txt
    
  • Nemesida WAF Scanner:

    # /opt/nws/venv/bin/python3 -m pip install --no-cache-dir -r /opt/nws/requirements.txt
    
  • Updating Nemesida WAF components on legacy OS

    For some components of Nemesida WAF, support for legacy OS has been completed (Debian 10, Ubuntu 16.04, etc.), so the current versions of packages for these OS are no longer available. We always recommend installing the latest version of the Nemesida WAF packages, which require compatible operating systems to install. If Nemesida WAF is installed on unsupported OS versions, then follow these steps to update:

    Debian, UbuntuRHEL
    1. Back up files for the following components:

    • For filtering node:
      /etc/nginx/nwaf/ca.crt
      /etc/nginx/nwaf/conf/global/nwaf.conf
      /etc/nginx/nwaf/conf/global/search-bots.conf
      /etc/nginx/nwaf/conf/global/db/
      /etc/nginx/nwaf/conf/nginx/
      /etc/nginx/nwaf/conf/openapi/*.json
      /etc/nginx/nwaf/ml/*.json
      
    • For Nemesida AI MLC
      /opt/mlc/mlc.conf
      /opt/mlc/conf/*.conf
      /opt/mlc/ca.crt
      /opt/mlc/ml/*.json
      /opt/mlc/ml/*.db
      
    • For Nemesida WAF API
      /var/www/nw-api/settings.py
      
    • For Nemesida WAF Cabinet
      /var/www/app/cabinet/settings.py
      
    • For Nemesida WAF Scanner
      /opt/nws/main.conf
      /opt/nws/conf/*.conf
      /opt/nws/sys/ca.crt
      

    2. Delete the installed Nemesida WAF package and the virtual environment directory (if used):

    • For filtering node:
      # apt remove nwaf-dyn-1.2x
      # rm -rf /usr/share/nwaf/venv/
      

      where 1.2x is the version of the installed package.

    • For Nemesida AI MLC
      # apt remove nwaf-mlc
      # rm -rf /usr/share/nwaf/venv/
      
    • For Nemesida WAF API
      # apt remove nwaf-api
      # rm -rf /var/www/nw-api/venv
      
    • For Nemesida WAF Cabinet
      # apt remove nwaf-cabinet
      # rm -rf /var/www/app/venv
      
    • For Nemesida WAF Scanner
      # apt remove nwaf-scanner
      # rm -rf /opt/nws/venv/
      

    3. Clear the contents of the file /etc/apt/sources.list.d/NemesidaWAF.list with information about the Nemesida WAF repositories;

    4. Perform a complete system update in accordance with the instructions for updating the OS and environment;

    5. Add information about the Nemesida WAF repository in accordance with the OS version;

    6. Install the necessary Nemesida WAF package in accordance with guide.

    1. Back up files for the following components:

    • For filtering node:
      /etc/nginx/nwaf/ca.crt
      /etc/nginx/nwaf/conf/global/nwaf.conf
      /etc/nginx/nwaf/conf/global/search-bots.conf
      /etc/nginx/nwaf/conf/global/db/
      /etc/nginx/nwaf/conf/nginx/
      /etc/nginx/nwaf/conf/openapi/*.json
      /etc/nginx/nwaf/ml/*.json
      
    • For Nemesida AI MLC
      /opt/mlc/mlc.conf
      /opt/mlc/conf/*.conf
      /opt/mlc/ca.crt
      /opt/mlc/ml/*.json
      /opt/mlc/ml/*.db
      
    • For Nemesida WAF API
      /var/www/nw-api/settings.py
      
    • For Nemesida WAF Cabinet
      /var/www/app/cabinet/settings.py
      
    • For Nemesida WAF Scanner
      /opt/nws/main.conf
      /opt/nws/conf/*.conf
      /opt/nws/sys/ca.crt
      

    2. Delete the installed Nemesida WAF package and the virtual environment directory (if used):

    RHEL 8 and derivatives
    • For filtering node:
      # dnf remove nwaf-dyn-1.2x
      # rm -rf /usr/share/nwaf/venv/
      

      where 1.2x is the version of the installed package.

    • For Nemesida AI MLC
      # dnf remove nwaf-mlc
      # rm -rf /usr/share/nwaf/venv/
      
    • For Nemesida WAF API
      # dnf remove nwaf-api
      # rm -rf /var/www/nw-api/venv
      
    • For Nemesida WAF Cabinet
      # dnf remove nwaf-cabinet
      # rm -rf /var/www/app/venv
      
    • For Nemesida WAF Scanner
      # dnf remove nwaf-scanner
      # rm -rf /opt/nws/venv/
      
    RHEL 9 and derivatives
    • For filtering node:
      # dnf remove nwaf-dyn-1.2x
      # rm -rf /usr/share/nwaf/venv/
      

      where 1.2x is the version of the installed package.

    • For Nemesida AI MLC
      # dnf remove nwaf-mlc
      # rm -rf /usr/share/nwaf/venv/
      
    • For Nemesida WAF API
      # dnf remove nwaf-api
      # rm -rf /var/www/nw-api/venv
      
    • For Nemesida WAF Cabinet
      # dnf remove nwaf-cabinet
      # rm -rf /var/www/app/venv
      
    • For Nemesida WAF Scanner
      # dnf remove nwaf-scanner
      # rm -rf /opt/nws/venv/
      

    3. Clear the contents of the file /etc/yum.repos.d/NemesidaWAF.list with information about the Nemesida WAF repositories;

    4. Perform a complete system update in accordance with the instructions for updating the OS and environment;

    5. Add information about the Nemesida WAF repository in accordance with the OS version;

    6. Install the necessary Nemesida WAF package in accordance with guide.