github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-06-28 16:41:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12 from openappsec/updated-readme

Browse Source 
Update README.md
This commit is contained in:
orianelou 2023-12-11 17:57:19 +02:00 committed by GitHub
commit 491a6fc830
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@ -5,7 +5,7 @@
## About ## About
open-appsec is a machine learning security engine that preemptively and automatically prevent threats against Web Application & APIs. open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs.
<strong>open-appsec Attachments</strong> connect between processes that provide HTTP data and the <strong>open-appsec Agent</strong> security logic. <strong>open-appsec Attachments</strong> connect between processes that provide HTTP data and the <strong>open-appsec Agent</strong> security logic.
@ -13,11 +13,11 @@ An attachment gets HTTP data (URL, Header, Body, Response) from a hosting proces
To deal with potential issues where the HTTP Transaction handler process is not responding, the Attachment implements a retry mechanism and configurable fail-open/fail-close mechanism. To deal with potential issues where the HTTP Transaction handler process is not responding, the Attachment implements a retry mechanism and configurable fail-open/fail-close mechanism.
This repository will host Attachment for different platforms. The first one is the open-appsec attachment for NGINX, implemented as a standard NGINX dynamically loadable module (plugin). This repository will host Attachments for different platforms. The first one is the open-appsec attachment for NGINX, implemented as a standard NGINX dynamically loadable module (plugin).
## open-appsec NGINX attachment compilation instructions ## open-appsec NGINX attachment compilation instructions
*We Provide an Example for compilation instructions on alpine, the attachment can be complied on other environments that match the environment hosting nginx, yet compilation instructions could need adjustments* *We provide an example for compilation instructions on Alpine, the attachment can be comiplied on other environments that match the environment hosting nginx, yet compilation instructions could need adjustment*
The attachment can be compiled to support an existing nginx server or an nginx/ingress-nginxdocker. The attachment can be compiled to support an existing nginx server or an nginx/ingress-nginxdocker.
@ -37,7 +37,7 @@ Before compiling, ensure the latest development versions of the following librar
$ apk add pcre-dev libxml2-dev zlib-dev openssl-dev geoip-dev linux-headers python3 $ apk add pcre-dev libxml2-dev zlib-dev openssl-dev geoip-dev linux-headers python3
``` ```
### Compiling the attachment code for an existing nginx server ### Compiling the attachment code for an existing NGINX server
On your existing nginx server: On your existing nginx server:
1. Run command to extract nginx compilation flags to a file 1. Run command to extract nginx compilation flags to a file
@ -45,26 +45,29 @@ On your existing nginx server:
```bash ```bash
$ nginx -V &> /tmp/nginx.ver $ nginx -V &> /tmp/nginx.ver
``` ```
On your compilation environment: On your compilation environment:
1. Clone this repository 1. Clone this repository
2. Copy the file created on your nginx server (the previous section) to your compilation environment to the path /tmp/nginx.ver 2. Copy the file created on your nginx server (the previous section) to your compilation environment to the path /tmp/nginx.ver
3. Run Configuration script 3. Run Configuration script
4. Run CMake command 4. Run CMake command
5. Run make command 5. Run make command
6. Run make package command
7. install
```bash ```bash
$ git clone https://github.com/openappsec/attachment.git $ git clone https://github.com/openappsec/attachment.git
$ cd attachment
$ ./attachments/nginx/ngx_module/nginx_version_configuration.sh --conf /tmp/nginx.ver build_out $ ./attachments/nginx/ngx_module/nginx_version_configuration.sh --conf /tmp/nginx.ver build_out
$ cmake -DCMAKE_INSTALL_PREFIX=build_out . $ cmake -DCMAKE_INSTALL_PREFIX=build_out .
$ make install $ make install
$ make package
``` ```
#### NGINX plugin associated libraries #### NGINX plugin-associated libraries
The NGINX plugin uses these libraries: shmem_ipc, compression_utils, and nginx_attachment_util. The NGINX plugin uses these libraries: shmem_ipc, compression_utils, and nginx_attachment_util.
They can be found under the `lib` directory in the `<output path>` given to the CMake. They can be found under the `lib` directory in the `<output path>` given to the CMake.
#### Deploying the attachment on an existing nginx server #### Deploying the attachment on an existing NGINX server
1. Copy the associated libraries to /usr/lib on your existing nginx server 1. Copy the associated libraries to /usr/lib on your existing nginx server
2. Copy the nginx attachment file lib/libngx_module.so to the following path on your existing nginx server: /usr/lib/nginx/modules/ 2. Copy the nginx attachment file lib/libngx_module.so to the following path on your existing nginx server: /usr/lib/nginx/modules/
@ -83,15 +86,16 @@ This step requires Docker to be installed on your compilation environment
```bash ```bash
$ git clone https://github.com/openappsec/attachment.git $ git clone https://github.com/openappsec/attachment.git
$ cd attachment
$ ./attachments/nginx/ngx_module/nginx_version_configuration.sh --docker <input docker image> build_out $ ./attachments/nginx/ngx_module/nginx_version_configuration.sh --docker <input docker image> build_out
$ cmake -DCMAKE_INSTALL_PREFIX=build_out -DOUTPUT_DOCKER_IMAGE=<output docker image> . $ cmake -DCMAKE_INSTALL_PREFIX=build_out -DOUTPUT_DOCKER_IMAGE=<output docker image> .
$ make install $ make install
$ make docker $ make docker
``` ```
Later on, you can push the image to your own registry and use it as needed. Later on, you can push the image to your registry and use it as needed.
For deployment on docker you can deploy it using the same docker command you used before with regular nginx container, just make sure to add the parameter `--ipc=host`. For deployment on docker you can deploy it using the same docker command you used before with a regular nginx container, just make sure to add the parameter `--ipc=host`.
## License ## License