Naxsi web interface

[dim...@gmail.com]

Hello!
I am starting using nginx and i'd like to use naxsi as WAF but i don't know how to configure and run naxsi.
I woud like to use also naxsi web interface but i don't know how to acces it. who can help me?

[Harry Tuttle]

http://code.google.com/p/naxsi/wiki


hope, it helps!



2012/10/25 <dim...@gmail.com>:

[zahian]

i have already read it but i can't find where can i acces to the naxsi web interface.
i went to this adress http://localhost:8081 and it ask me to enter username and password but i don't know what username and password is it.

[Harry Tuttle]

look into naxsi-ui.conf

2012/10/25 zahian <dim...@gmail.com>:

[zahian]

this is write on my naxsi-ui.conf:
[mysql]
username=naxsi_ui
password=a
hostname=localhost
dbname=naxsi_ui

[nx_extract]
username=naxsi_ui
password=a
port = 8081
rules_path=/etc/nginx/naxsi.rules

[nx_intercept]
port = 8080
 and when i try to connext on http://localhost:8081 i use the username and password naxsi_ui/a in the location [nx-extract] but it doesn't show any thing.

[Harry Tuttle]

> and when i try to connext on http://localhost:8081 i use the username and
> password naxsi_ui/a in the location [nx-extract] but it doesn't show any
> thing.

you access http://localhost:8081 directly, no reverse proxying included?

do you have the following configured for nx_extract - part of naxsi-ui.conf:
log_path = nx_extract.log

if not, please do so and check the logs for a stracktrace when accessing the
ui. or you can start nx_extract.py and let it log to stdout/console

[Andrianambinintsoa Dimby]

this is my naxi-ui.conf: 

[mysql]

username=naxsi_ui

password=a

hostname=localhost

dbname=naxsi_ui

[nx_extract]

port = 8081

rules_path=/etc/nginx/naxsi.rules

log_path=/var/log/nginx/nx_extract.log

[nx_intercept]

port= 8080

 but wheb i run it; nothing hapens it says unable to connect. and on the log file there is nothing.

i don't know how to start nx_extract.py.

[Harry Tuttle]

> but wheb i run it; nothing hapens it says unable to connect. and on the log
> file there is nothing.
> i don't know how to start nx_extract.py.

what says: netstat -pltn | grep pyth ?



Usage : python nx_extract -c /path/to/conf/file [-o] [-s] [-p] [-r] [-h]
[-o --output]
Do not daemonize, output whitelists on stdout and exit.
[-s --status]
Do not daemonize, display exceptions count on stdout and exit.
[-p --pages-hit NUMBER]
Specify pages hit limit for -o option. Defaults to 10.
[-r --rules-hit NUMBER]
Specify rules hit limit for -o option. Defaults to 10.
[-n : Don't demonize]

[Andrianambinintsoa Dimby]

ok! so first of all i run the command:

root@stg-dsci:~# service nginx-naxsi-ui status

 * nginx-naxsi-ui_extract is running

 * nginx-naxsi-ui_intercept is running

root@stg-dsci:~# netstat -natpul|grep pyth

tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      2035/python

tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      2040/python

root@stg-dsci:~#

then i stopped nginx-naxsi-ui service and try those commands:

root@stg-dsci:/usr/share/nginx-naxsi/naxsi-ui# python nx_extract.py /etc/nginx/naxsi-ui.conf

and when i try to acces to the localhost:8081 it logs this error 

Unhandled error in Deferred:

Unhandled Error

Traceback (most recent call last):

  File "/usr/lib/python2.7/threading.py", line 525, in __bootstrap

    self.__bootstrap_inner()

  File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner

    self.run()

  File "/usr/lib/python2.7/threading.py", line 505, in run

    self.__target(*self.__args, **self.__kwargs)

--- <exception caught here> ---

  File "/usr/lib/python2.7/dist-packages/twisted/python/threadpool.py", line 167, in _worker

    result = context.call(ctx, function, *args, **kwargs)

  File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext

    return self.currentContext().callWithContext(ctx, func, *args, **kw)

  File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext

    return func(*args,**kw)

  File "nx_extract.py", line 253, in handle_request

    helpmsg = helpmsg.replace('__STATS__', self.ex.generate_stats())

  File "nx_extract.py", line 143, in generate_stats

    self.cursor.execute("select count(distinct md5) as uniq_exception from exception")

  File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 174, in execute

    self.errorhandler(self, exc, value)

  File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler

    raise errorclass, errorvalue

_mysql_exceptions.ProgrammingError: (1146, "Table 'naxsi_ui.exception' doesn't exist")

and this is the result of netstat!

root@stg-dsci:~# netstat -natpul|grep pyth

tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      3279/python

root@stg-dsci:~#

[Andrianambinintsoa Dimby]

when i look at the databases naxsi_ui there is nothing there. neither tables nor columns.

[bui]

Hello,

Seems that your database is not created, suggesting you didn't run nx_intercept properly.

Did you try live learning or learning from logs ?

In order to be able to extract whitelists etc. from learning mode, you need to configure it properly :

 - Either by configuration nginx+naxsi in learning mode with your /RequestDenied location pointing to nx_intercept daemon (with a proxy_pass)

 - Or by learning directly from log files

Please see wiki.

[Andrianambinintsoa Dimby]

i have already follow the instruction on the  http://code.google.com/p/naxsi/ but they do not say how to fill the databases naxsi_ui

these are my configurations:

root@stg-dsci:/etc/nginx# ls

conf.d          koi-utf  mime.types        naxsi.rules      naxsi-ui.conf  proxy_params  sites-available  uwsgi_params

fastcgi_params  koi-win  naxsi_core.rules  naxsi_rules.tmp  nginx.conf     scgi_params   sites-enabled    win-utf

root@stg-dsci:/etc/nginx# vim nginx.conf

user www-data;

worker_processes 4;

pid /var/run/nginx.pid;

        error_log /var/log/nginx/error.log;

events {

        worker_connections 768;

        multi_accept on;

}

http {

        sendfile on;

        tcp_nopush on;

        tcp_nodelay on;

        keepalive_timeout 65;

        types_hash_max_size 2048;

        server_names_hash_bucket_size 64;

        access_log /var/log/nginx/access.log;

        include /etc/nginx/mime.types;

        default_type application/octet-stream;

        gzip_disable "msie6";

        include /etc/nginx/naxsi_core.rules;

        include /etc/nginx/sites-enabled/*;

}

root@stg-dsci:/etc/nginx# more sites-enabled/default

server {

        listen   80; ## listen for ipv4; this line is default and implied

        root /usr/share/nginx/www;

        index index.html index.htm;

        server_name www.stg-dsci.mg;

        location / {

                try_files $uri $uri/ /index.html;

                include /etc/nginx/naxsi.rules;

        }

        location /doc/ {

                alias /usr/share/doc/;

                autoindex on;

                allow 192.168.1.65;

                deny all;

        }

        location /RequestDenied {

                return 404;

                proxy_pass http://192.168.1.65:8082;

        }

        error_page 404 /404.html;

        error_page 500 502 503 504 /50x.html;

        location = /50x.html {

                root /usr/share/nginx/www;

        }

and the default configuration for naxsi.rules

root@stg-dsci:/etc/nginx# more naxsi.rules

# Sample rules file for default vhost.

LearningMode;

SecRulesEnabled;

#SecRulesDisabled;

DeniedUrl "/RequestDenied";

include "/tmp/naxsi_rules.tmp";

## check rules

CheckRule "$SQL >= 8" BLOCK;

CheckRule "$RFI >= 8" BLOCK;

CheckRule "$TRAVERSAL >= 4" BLOCK;

CheckRule "$EVADE >= 4" BLOCK;

CheckRule "$XSS >= 8" BLOCK;

root@stg-dsci:/etc/nginx#

 

and on the /tmp/naxsi_rules.tmp the is nothing.

[bui]

Hi,

i have already follow the instruction on the  http://code.google.com/p/naxsi/ but they do not say how to fill the databases naxsi_ui

Yes it does. Please see : https://code.google.com/p/naxsi/wiki/Howto#Installing_nginx_+_naxsi

If you do not fill the DB, there will be no whitelists / statistics generated.

 

root@stg-dsci:/etc/nginx# more sites-enabled/default

server {

        listen   80; ## listen for ipv4; this line is default and implied

        root /usr/share/nginx/www;

        index index.html index.htm;

        server_name www.stg-dsci.mg;

        location / {

                try_files $uri $uri/ /index.html;

                include /etc/nginx/naxsi.rules;

        }

        location /doc/ {

                alias /usr/share/doc/;

                autoindex on;

                allow 192.168.1.65;

                deny all;

        }

        location /RequestDenied {

                return 404;

                proxy_pass http://192.168.1.65:8082;

        }

Having proxy_pass and return in your /RequestDenied location is pointless.

Remove return 404 if you are in learning mode.

 

and on the /tmp/naxsi_rules.tmp the is nothing.

Yes, because you did not perform learning.

[Andrianambinintsoa Dimby]

ok so i will remove the return 404 and leave the proxy_pass on the configuration.

and then how can i performe the learning mode ?

[bui]

run naxsi, browse your website.

Quickly you will see exceptions appear in your database that you can then use to generate whitelists

[Andrianambinintsoa Dimby]

euh, my nginx and naxsi is already running but when i check my website at http://localhost or http://192.168.1.65 nothing happens it just says "welcom to nginx"

and on the logs fiiles i just have the acces log. 

[bui]

please remove naxsi configuration and check that your setup is correct without naxsi.

[Andrianambinintsoa Dimby]

when i remove the naxsi configuration, the nginx works well.

i have reome the line include /etc/nginx/naxsi_core.rules on the nginx.conf

and the line include /etc/nginx/naxsi.rules on the sites-enabled/default

and there is no change.

[Andrianambinintsoa Dimby]

i downloaded the latest version of nx_intercept.py and nx_extract.py

i run the nx_extract.py 

and when i acces to the localhost:8081 it says Unable to open index template, please check your setup.

and i hve the file index.tpl at naxsi-ui-data/

[minje...@gmail.com]

How to see naxsi by web interface?

 

 

[minje...@gmail.com]

how error repeat

[Antonin Le Faucheux]

Hello seems you are using a deprecated version of Naxsi.

See: https://github.com/nbs-system/naxsi

> --
> You received this message because you are subscribed to the Google Groups
> "naxsi-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to naxsi-discus...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



--
Antonin LE FAUCHEUX