Install open-appsec for Linux
The fastest and easiest way to deploy and configure open-appsec is using an interactive CLI tool which will guide you through the most commonly required customizations.
Prerequisites
wget
command-line tool installed on your linux machine
Installation
Download the installer for Linux using these commands:
You can show the installer version and available options by running the following command to show the help info:
This interactive installer provides 2 alternative modes for automatic vs. manual installation:
Mode 1: Automatic installation of open-appsec and adding attachment (plugin) to NGINX/Kong
In this mode open-appsec will automatically installed with all required components and the attachment will be added and activated in the existing configuration for NGINX/Kong.
The steps shown below for Mode 2 are the exact steps which are also performed when running the automatic installation.
Optional open-appsec installer parameters
--token
allows connecting directly to SaaS management, to get the token please follow the instructions here.--prevent
will set the default rule in the default policy file toprevent-learn
instead ofdetect-learn
, but the recommendation is to keepdetect-learn
as the default rule.
Mode 2: Download of software components and presenting manual installation instructions
In this mode all required components based on your NGINX/Kong version, OS version, Platform will be downloaded to your machine and instructions are presented for manual installation.
Optionally you can add a --tmpdir <path>
option to specify an alternative path for the downloaded software components (default path is /tmp/openappsec/ )
Once the download has finished, follow these steps for manual installation:
Step 1: Deploying the attachment on an existing alpine NGINX/Kong server
Copy the associated libraries as shown in the output for Step 1 with commands similar to this:
Copy the nginx attachment file as shown in the output for Step 1 with command similar to this:
Load the attachment on your NGINX by adding the following line to your
nginx.conf
, usually located here:/etc/nginx/ load_module /usr/lib/nginx/modules/libngx_module.so;
Step 2: Installing open-appsec agent
Run the following commands:
Step 3 Validate configuration
Run the following command to validate the nginx configuration:
You should see an output confirming that the syntax is "ok" similar to this:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart the NGINX service so that the updated nginx configuration is applied and the open-appsec attachment module is loaded:
Congratulations, you successfully installed and activated open-appsec to your existing NGINX/Kong installation.
For Production usage you might want to switch from using the Basic to the more accurate Advanced Machine Learning model, as described here:
Now you might want to have a look at our interactive CLI tool:
pageUsing the open-appsec-ctl ToolLast updated