Skip to content

msumpter/docker-naxsi-waf-with-ui

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

docker-naxsi-waf-with-ui

About cutting-edge branch

This docker image is intented to test and understand nxapi/nxtool, the new lerning tool for naxsi logs that attempts to perform the following :

  • Events import : Importing naxsi events into an elasticsearch database
  • Whitelist generation : Generate whitelists, from templates rather than from purely statistical aspects
  • Events management : Allow tagging of events into database to exclude them from wl gen process
  • Reporting : Display information about current DB content

The image is built from source, using nginx 1.7.9 and naxsi master branch.

Elasticsearch isn't provided as part of this docker container, but but you can get official images by running:

docker run --name my-elastic \
           -d elasticsearch:1.3.7

Keep in mind that data saved to this server won't be persisted between restarts, if you want to do so, follow the official docs

If your elasticsearch is in another host, you must pass the variable ```ELASTICSEARCH_HOST`` to docker.

Naxsi in launched in learning mode, and logs are feed to elasticsearch every five seconds in a non ideal way, due to issues found while using the methods provided to get live logs from nginx to nxtool/nxapi.

Run this image with:

docker run --env PROXY_REDIRECT_IP=10.0.0.1 \
           --link my-elastic:elasticsearch \
          -p 80:80 -p 8080:8080 \
          -d scollazo/naxsi-waf-with-ui:devel

Use your web, so the database get some data, and then, go to http://your_host_ip:8080 to see the reports using kibana.

If you find problems, or want to run the nxtool utility to query the database you can get a shell by running:

docker run --env PROXY_REDIRECT_IP=10.0.0.1 \
           --link my-elastic:elasticsearch \
           -p 80:80 -p 8080:8080 \
           --rm scollazo/naxsi-waf-with-ui:devel /bin/bash

You will need to run in this shell the command /entrypoint.sh debug, as some configuration values are set by this script.

About

Ubuntu based naxsi web application firewall

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 37.8%
  • Shell 31.2%
  • Nginx 31.0%