nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Need help with understanding and installation of nxapi and nxtool #610

Closed tejasvaidya01 closed 11 months ago

tejasvaidya01 commented 2 years ago

I have been trying to install nxtool and I found two different versions. Which one is latest/up-to-date and what is the difference between the two. As far I understand both of them can only support ES 5.x server and client. I am using Ubuntu 20.

  1. sudo apt-get install elasticsearch=5.6.16

naxsi/nxapi (https://github.com/nbs-system/naxsi/tree/master/nxapi)

  1. I was able to install it with python 2.7 and get it to work but python 3.8 gives error(Not supported yet?). Following are the steps I followed.
  2. sudo add-apt-repository universe
  3. curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
  4. sudo python2.7 get-pip.py
  5. pip2 install elasticsearch==5.5.3
  6. pip2 install geoip
  7. sudo python ./setup.py install
  8. ./nxtool.py -c nxapi.json --files=/var/log/nginx/error.log
  9. ./nxtool.py -c nxapi.json -x
  10. Works fine.

nxtool-ng and nxapi-ng (https://github.com/nbs-system/nxtool-ng which also installs https://github.com/nbs-system/nxapi-ng/)

  1. I have have tried installing it with python 2.7 and python 3.8
  2. pip2 install -r ./requirements-v5.txt
  3. pip2 install geoip
  4. pip2 install maxminddb-geolite2==2018.703
  5. Fails to install due to GeoIPCity.dat not available. Which probably requires some code modification as given here #455
  6. python nxtool.py --elastic-dest --flat-file /var/log/nginx/error.log Invalid database type GeoIP City Edition V6, Rev 1, expected GeoIP City Edition, Rev 1 Traceback (most recent call last): File "/home/test/nxtool-ng/nxtool/log_providers/flat_file.py", line 28, in __init__ ftype = mimetypes.guess_all_extensions(self.fname)[0] IndexError: list index out of range
    1. python nxtool.py --elastic-source --stats [This throws more errors]

Any help is appreciated. Thanks in advance.

wargio commented 2 years ago

nxapi is very broken. do not use it, create rules by hand, also do not use this repo at all for naxsi itself, use my personal one which is updated and tested.

tejasvaidya01 commented 2 years ago

Thanks for a quick reply.

  1. Maybe the documentation should be updated saying that nbs-system/naxsi is no longer up to date, it's really difficult for new users to understand what's going on here.
  2. I'll try out wargio/naxsi. (Where can I find installation doc for it?)
    1. Is it safe to use and are you planning to keep it up to date in future?
    2. Any specific timeline for bringing back nxapi with python3.8 and will it support latest version of ES and GeoIP? I am not an expert in python but I could help testing it.
  3. Could you suggest any open source alternatives for naxsi which are up to date?
wargio commented 2 years ago

My fork is the most up to date and tested. i have and i will keep naxsi up to date because there is no reason to no do that, maybe i will move it under its own project related user. i will re-introduce nxapi once i have time to work on it, but currently i think you can easily use logstash (like i do) to just parse the logs.