Nemesida WAF modules and auxiliary components updating guide.

Nemesida WAF components updating
To keep the Nemesida WAF components up to date, it is recommended to install updates in a timely manner. In addition to the system environment, auxiliary PIP dependencies are required for the components to work.

Components update from the repository installed in the system by package manager (apt, yum or other). Before updating the components, we recommend reading the list of changes in corresponding section.

Backup

Before updating the components, it is recommended to back up the files of the following components:

  • Filtering node:
    /etc/nginx/nwaf/ca.crt
    /etc/nginx/nwaf/conf/global/nwaf.conf
    /etc/nginx/nwaf/conf/global/search-bots.conf
    /etc/nginx/nwaf/conf/global/db/
    /etc/nginx/nwaf/conf/nginx/
    /etc/nginx/nwaf/conf/openapi/*.json
    /etc/nginx/nwaf/ml/*.json
    
  • Nemesida AI MLC
    /opt/mlc/mlc.conf
    /opt/mlc/ca.crt
    /opt/mlc/ml/*.json
    /opt/mlc/ml/*.db
    
  • Nemesida WAF API
    /var/www/nw-api/settings.py
    
  • Nemesida WAF Cabinet
    /var/www/app/cabinet/settings.py
    
  • Nemesida WAF Scanner
    /opt/nws/main.conf
    /opt/nws/conf/*.conf
    /opt/nws/sys/ca.crt
    

OS and environment updating

Debian, UbuntuCentOSFreeBSD 12/13
# apt update && apt upgrade -y
CentOS 7
# yum update && yum upgrade -y
CentOS 8/9 Stream
# dnf update && dnf upgrade -y
# freebsd-update fetch
# freebsd-update install
# pkg upgrade

There is no mechanism for automatic updating of components of Nemesida WAF, therefore, to update packages, you must manually download them from repository.

Nginx updating

The dynamic module connects to a specific version of Nginx, so when updating the web server to the current version (for example, when updating the Nginx version from 1.22.1 to 1.24.0), reinstalling the package nwaf-dyn is required. To update, you need:

Debian, UbuntuCentOSFreeBSD 12/13
  • Remove package nwaf-dyn:

    # apt remove nwaf-dyn-1.22
  • Upgrade Nginx:

    # apt update
    # apt install nginx
    
  • Install the package nwaf-dyn according to the installed version of Nginx:

    # apt install nwaf-dyn-1.24

where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0

CentOS 7
  • Remove package nwaf-dyn:

    # yum remove nwaf-dyn-1.22
  • Upgrade Nginx:

    # yum update
    # yum install nginx
    
  • Install the package nwaf-dyn according to the installed version of Nginx:

    # yum install nwaf-dyn-1.24
CentOS 8/9 Stream
  • Remove package nwaf-dyn:

    # dnf remove nwaf-dyn-1.22
  • Upgrade Nginx:

    # dnf update
    # dnf install nginx
    
  • Install the package nwaf-dyn according to the installed version of Nginx:

    # dnf install nwaf-dyn-1.24

where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0

  • Remove package nwaf-dyn:

    # pkg delete nwaf-dyn-1.22
    
  • Upgrade Nginx:

    # freebsd-update fetch
    # pkg install nginx
    
  • Install the package nwaf-dyn according to the installed version of Nginx:

    # pkg install -y nwaf-dyn-1.24-5.1-1568.pkg
    
  • where 1.24 is the version of Nginx installed, and 5.1-1568 is the version of the nwaf-dyn package.

There is no mechanism for automatic updating of components of Nemesida WAF, therefore, to update packages, you must manually download them from repository.

where 1.22 is the version of the package intended for the previously installed Nginx 1.22, and 1.24 – the version intended for the installed version of Nginx 1.24.0

PIP dependencies updating

  • Filtering node:

    # /usr/share/nwaf/venv/pip_update.sh
    
  • Nemesida AI MLC:

    # /usr/share/nwaf/venv/pip_update.sh
    
  • Nemesida WAF API:

    # /var/www/nw-api/pip_update.sh
    
  • Nemesida WAF Cabinet:

    # /var/www/app/pip_update.sh
    
  • Nemesida WAF Scanner:

    # /opt/nws/pip_update.sh
    

It is recommended to restart server and check the component’s status after updating:

  • Filtering node:

    # systemctl status nginx nwaf_update mla_main rabbitmq-server memcached
    
  • Nemesida AI MLC:

    # systemctl status mlc_main rabbitmq-server memcached
    
  • Nemesida WAF API:

    # systemctl status nw-api nginx memcached
    
  • Nemesida WAF Cabinet:

    # systemctl status cabinet cabinet_ipinfo cabinet_attack_notification cabinet_cleaning_db cabinet_rule_update nginx memcached
    
  • Nemesida WAF Scanner:

    # systemctl status nws
    

Correction of errors in the components operation

If there are errors in operation, it is recommended to return to the Python3 versions of the PIP dependencies included in the distributive as follows:

  • Nemesida WAF API:

    # /var/www/nw-api/venv/bin/python3 -m pip install --no-cache-dir -r /var/www/nw-api/requirements.txt
    
  • Nemesida WAF Cabinet:

    # /var/www/app/venv/bin/python3 -m pip install --no-cache-dir -r /var/www/app/requirements.txt
    
  • Nemesida WAF Scanner:

    # /opt/nws/venv/bin/python3 -m pip install --no-cache-dir -r /opt/nws/requirements.txt