WebsiteManagement PortalPlaygroundGitHub

Install open-appsec for Linux

The fastest and easiest way to deploy and configure open-appsec is using an interactive CLI tool which will guide you through the most commonly required customizations.

Prerequisites

  • Linux machine with:

    • A supported OS and NGINX, Kong, or APISIX version. A list of all supported/pre-compiled attachments for NGINX per supported OS versions is available here. In case your versions are not supported yet, you can also build the code yourself, see here.

    • Root permissions

  • wget command-line tool installed on your linux machine

Installation

Download the installer for Linux using these commands:

wget https://downloads.openappsec.io/open-appsec-install && chmod +x open-appsec-install

You can show the installer version and available options by running the following command to show the help info:

./open-appsec-install -h

This interactive installer provides 2 alternative modes for automatic vs. manual installation:

Mode 1: Automatic installation of open-appsec and adding attachment (plugin) to NGINX/Kong/APISIX

In this mode open-appsec will automatically installed with all required components and the attachment will be added and activated in the existing configuration for NGINX/Kong.

./open-appsec-install --auto

The steps shown below for Mode 2 are the exact steps which are also performed when running the automatic installation.

Optional open-appsec installer parameters

  • --token allows connecting directly to SaaS management, to get the token please follow the instructions here.

  • --prevent will set the default rule in the default policy file to prevent-learn instead of detect-learn, but the recommendation is to keep detect-learn as the default rule.

Mode 2: Download of software components and presenting manual installation instructions

In this mode all required components based on your NGINX, Kong or APISIX version, OS version, Platform will be downloaded to your machine and instructions are presented for manual installation.

./open-appsec-install --download

Optionally you can add a --tmpdir <path> option to specify an alternative path for the downloaded software components (default path is /tmp/openappsec/ )

Once the download has finished, follow these steps for manual installation:

Step 1: Deploying the attachment on an existing alpine NGINX/Kong server

  • Copy the associated libraries as shown in the output of the script

  • Copy the nginx attachment file as shown in the output for Step 1

  • Load the attachment on your NGINX by adding the following line to your nginx.conf

Step 2: Installing open-appsec agent

  • Run the following commands:

/tmp/open-appsec/openappsec/install-cp-nano-agent.sh --install --hybrid_mode
/tmp/open-appsec/openappsec/install-cp-nano-service-http-transaction-handler.sh --install
/tmp/open-appsec/openappsec/install-cp-nano-attachment-registration-manager.sh --install

Step 3 Validate configuration

  • Run the following command to validate the nginx configuration:

nginx -t

You should see an output confirming that the syntax is "ok" similar to this: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

  • Restart the NGINX service so that the updated nginx configuration is applied and the open-appsec attachment module is loaded: 

service nginx restart

Congratulations, you successfully installed and activated open-appsec to your existing NGINX, Kong or APISIX installation.

For Production usage you might want to switch from using the Basic to the more accurate Advanced Machine Learning model, as described here:

Using the Advanced Machine Learning Model

Now you might want to have a look at our interactive CLI tool:

Using the open-appsec-ctl Tool

PreviousStart With LinuxNextUsing the open-appsec-ctl Tool

Last updated