Linux
Linux Installation Video
Please refer to the video below for Linux - Nginx installation.
Linux Installation Directory Structure
/usr/local/deepfinder
├── bin // Executable program path
│ ├── agent
│ ├── scanfile
│ ├── starter
│ ├── uninstall.sh
│ └── updater
├── certs // PEM key path for SSL communication
│ └── deepfinder.pem
├── conf // Configuration file path
│ ├── config.xml
│ ├── file_md5.xml
│ └── web.xml // Created when installed with WAS-specific script
├── lib // Library path
│ ├── libfilter.so
│ ├── mod_deepfinder20.so
│ ├── mod_deepfinder22.so
│ ├── mod_deepfinder24.so
│ └── DfFilter.jar // Created when installed with WAS-specific script
├── log // Agent, filter log path
│ └── … .log
├── nginx // Nginx proxy path, created when installed with Nginx-specific script
│ ├── …
│ └── …
├── policy // Policy file path
│ ├── policy.db
│ └── PREIP
│ ├── 100.xml
│ └── … .xml
└── tmp // Debug file creation path
└── …
Danger
When installing the DeepFinder Agent, the Web Server or WAS must be running for the installation to proceed correctly.
Apache Agent Installation
1) Download Installation File
Download the DeepFinder Agent installation file from the Repository.
[root@localhost ~]# wget download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz
2) Extract File
Extract the downloaded installation file.
[root@localhost ~]# tar xvfz DeepFinder.tar.gz
3) Check Installation Script
Enter the extracted directory and run the installation script.
[root@localhost ~]# cd DeepFinder
// Apache Install -> setup.sh
[root@localhost DeepFinder]# ./setup.sh
USAGE1 : ./setup.sh SERVER_IP AGENT_ID [ssl] [install_path]
USAGE2 : ./setup.sh SERVER_IP AUTH_KEY [ssl] [install_path]
// Default protocol tcp
// Default Path /usr/local/deepfinder
4) Run Script
Verify the information required for installation (Manager Server IP, Company/Domain Group Auth Info) and proceed with the installation.
[root@localhost DeepFinder]# ./setup.sh 1.1.1.1 611dd4300b91412e89xxxxxxxxxxx
************************************
SERVER IP : 1.1.1.1
AGENT ID : 611dd4300b91412e89xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SYSTEM KERNEL : 4.4
CHECK OS : Linux
CHECK LINUX : Amazon Linux
CHECK SELinux : Disabled
CHECK OS BIT : x86_64 (64 bit)
DeepFinder install path : /usr/local/deepfinder
Starting DeepFinder Agent [ OK ]
- Finished DeepFinder WAF Install
************************************
When the installation is completed successfully, a completion message is displayed, and the web service is automatically updated without interruption.
5) Filter Configuration
Info
After installation is complete, check if the following filter syntax has been inserted at the bottom of httpd.conf.
If it has not been inserted, insert the module information appropriate for your Apache version and then perform an Apache graceful restart to complete the web server filter application.
#Apache 2.0 LoadModule deepfinder_module /usr/local/deepfinder/lib/mod_deepfinder20.so
#Apache 2.2 LoadModule deepfinder_module /usr/local/deepfinder/lib/mod_deepfinder22.so
#Apache 2.4 LoadModule deepfinder_module /usr/local/deepfinder/lib/mod_deepfinder24.so
ex) Example of httpd.conf file with DeepFinder filter syntax inserted
[root@ip-172-26-3-39 ~]# tail /etc/httpd/conf/httpd.conf
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
LoadModule deepfinder_module /usr/local/deepfinder/lib/mod_deepfinder24.soNginx Agent Installation
1) Download Installation File
Download the DeepFinder Agent installation file from the Repository.
[root@localhost ~]# wget download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz
2) Extract File
Extract the downloaded installation file.
[root@localhost ~]# tar xvfz DeepFinder.tar.gz
3) Check Installation Script
Enter the extracted directory and run the installation script.
[root@localhost ~]# cd DeepFinder
// Nginx Install -> nginx.sh
[root@localhost DeepFinder]# ./nginx.sh
USAGE1 : ./nginx.sh SERVER_IP AGENT_ID [ssl] [install_path]
USAGE2 : ./nginx.sh SERVER_IP AUTH_KEY [ssl] [install_path]
// Default protocol tcp
// Default Path /usr/local/deepfinder
4) Run Script
Install dependencies and then proceed with Agent installation by entering Manager information (Manager Server IP, Company/Domain Group Auth Info).
* For Redhat-based installation
[root@localhost ~]# yum install gcc make pcre-devel openssl-devel zlib-devel
- For Debian-based installation (For Docker application)
[root@localhost ~]# apt-get install gcc make libpcre3-dev libssl-dev zlib1g-dev libmagic1
# If libpcre3-dev cannot be installed, install libpcre2-dev
- For AWS Linux-based installation
[root@localhost ~]# yum install redhat-rpm-config
[root@localhost ~]# $DeepFinder/linux_x64/nginx/make_module
- Nginx Installation
[root@localhost DeepFinder]# ./nginx.sh 1.1.1.1 c8b34ff005611dd4300b9141xxxxx
************************************
SERVER IP : 1.1.1.1
AUTH KEY : c8b34ff005611dd4300b91412e89xxxxxxxxxxxxxxxxxxxxxxxxxxxx
SYSTEM KERNEL : 2.6
CHECK OS : Linux
CHECK LINUX : CentOS Linux
CHECK SELinux : Disabled
CHECK OS BIT : x86_64 (64 bit)
NGINX File Path : /usr/sbin/nginx
NGINX Version : 1.13.4
DeepFinder install path : /usr/local/deepfinder
Starting DeepFinder Agent [ OK ]
Install NGINX Module : Please wait a moment..
Add to nginx.conf & configtest : ok
NEXT STEP : Reload nginx
/usr/sbin/nginx -s reload
- Finished DeepFinder WAF Install
************************************
5) Insert Nginx Module
If the Nginx configuration file is not registered in Linux, the following message will appear.
In this case, refer to the STEPs below to insert the DeepFinder filter into the nginx.conf file and then Reload.
STEP 1: Add to nginx.conf
load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so;
STEP 2: Check nginx configtest
/usr/local/nginx/sbin/nginx -t
STEP 3: Reload nginx
/usr/local/nginx/sbin/nginx -s reload
************************************
[root@localhost DeepFinder]# cd [Nginx DIR]/conf
[root@localhost conf]# vi nginx.conf
1 #user nobody;
2 worker_processes 1;
3
4 #error_log logs/error.log;
5 #error_log logs/error.log notice;
6 #error_log logs/error.log info;
7
8 #pid logs/nginx.pid;
9
10 load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so;
11
12 events {
13 worker_connections 1024;
14 }
15
[root@localhost conf]# /usr/sbin/nginx -s reload
6) Nginx Service Update
Update the Nginx service using the reload option.
WAS Agent Installation
1) Download Installation File
Download the DeepFinder Agent installation file from the Repository.
[root@localhost ~]# wget download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz
2) Extract File
Extract the downloaded installation file.
[root@localhost ~]# tar xvfz DeepFinder.tar.gz
3) Check Installation Script
Enter the extracted directory and run the installation script appropriate for your WAS type.
| WAS Type | Tomcat | Jeus | Resin | Others (Weblogic, JBoss, Websphere, etc.) |
|---|---|---|---|---|
| Install Script | Tomcat.sh | Jeus.sh | Resin.sh | Agent.sh |
[root@localhost ~]# cd DeepFinder
// Tomcat Install -> tomcat.sh
[root@localhost DeepFinder]# ./tomcat.sh
USAGE : ./tomcat.sh SERVER_IP AUTH_KEY [ssl] [install_path]
// Default protocol tcp
// Default Path /usr/local/deepfinder
4) Run Script
Verify the information required for installation (Manager Server IP, Company/Domain Group Auth Info) and proceed with the installation.
[root@localhost DeepFinder]# ./tomcat.sh 1.1.1.1 ecd69098a3a6f2077cf5ffe6cxxxx
************************************
SERVER IP : 1.1.1.1
AUTH KEY : ecd69098a3a6f2077cf5ffe6ceb3f298dd59a4bab6d243f774afe538c518
SYSTEM KERNEL : 2.6
CHECK OS : Linux
CHECK LINUX : CentOS Linux
CHECK SELinux : Disabled
CHECK OS BIT : x86_64 (64 bit)
DeepFinder install path : /usr/local/deepfinder
Starting DeepFinder Agent [ OK ]
## Copy DfFilter.jar & Add WAS Conf file
cp /usr/local/deepfinder/lib/DfFilter.jar [Tomcat_DIR]/lib
vi [Tomcat_DIR]/conf/web.xml
<filter>
<filter-name>DfFilter</filter-name>
<filter-class>com.df.filter.DfFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>DfFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<servlet>
<description></description>
<display-name>DfError</display-name>
<servlet-name>DfError</servlet-name>
<servlet-class>com.df.servlet.DfError</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DfError</servlet-name>
<url-pattern>/DfError</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>DfDeny</display-name>
<servlet-name>DfDeny</servlet-name>
<servlet-class>com.df.servlet.DfDeny</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DfDeny</servlet-name>
<url-pattern>/DfDeny</url-pattern>
</servlet-mapping>
- Finished DeepFinder WAF Install
************************************
5) Copy DfFilter Library
Copy DfFilter.jar from the lib directory of the DeepFinder installation path (/usr/local/deepfinder/lib) to the WAS lib path.
[root@df /]# cp /usr/local/Deepfinder/lib/DfFilter.jar [Tomcat_DIR]/lib
Note
For WAS versions lower than Tomcat 7, modify the web.xml file in the conf directory as follows.
Insert the content of /usr/local/deepfinder/conf/web.xml between the <web-app> tags in web.xml.
For the web.xml script, please refer to WAS Filter Script.
* Tomcat – Insert Filter in web.xml
[root@localhost ~]# cd [Tomcat_DIR]/conf
[root@localhost conf]# cp web.xml web.xml.bak
[root@localhost conf]# vi web.xml
* Jeus – Insert Filter in webcommon.xml
Jeus - When multiple Servlets are used during WAS installation, the DeepFinder filter must be inserted into the
webcommon.xml file of each servlet. After inserting the filter, please verify that the WAF is working normally for each Servlet. If the screen is not displayed properly after application, please adjust res_type.[root@df ~]# cd [Jeus_DIR]/config/servlet/webcommon.xml
[root@df conf]# cp webcommon.xml webcommon.xml.bak
[root@df conf]# vi webcommon.xml
* Resin – Insert into app-default.xml and copy DfFliter.jar library
For Weblogic, JBoss, WebSphere, and GlassFish WAS,
DfFilter.jar must be added to each project (war file).[root@localhost ~]# cd [Tomcat_DIR]/conf
[root@localhost conf]# cp web.xml web.xml.bak
[root@localhost conf]# vi web.xml
When applying to WebSphere, please modify
wastype="WEBSPHERE" in the Agent's config.xml.6) Update Tomcat
Restart Tomcat.
[root@localhost ~]# %Tomcat PATH%/bin/shutdown.sh
[root@localhost ~]# %Tomcat PATH%/bin/startup.sh
Jeus Agent Installation
1) Download Installation File
Download the DeepFinder Agent installation file from the Repository.
[root@localhost ~]# wget download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz
2) Extract File
Extract the downloaded installation file.
[root@localhost ~]# tar xvfz DeepFinder.tar.gz
3) Check Installation Script
Enter the extracted directory and run the installation script.
[root@localhost ~]# cd DeepFinder
// Jeus Install -> jeus.sh
[root@localhost DeepFinder]# ./jeus.sh
USAGE : ./jeus.sh SERVER_IP AUTH_KEY [ssl] [install_path]
// Default protocol tcp
// Default Path /usr/local/deepfinder
4) Run Script
Verify the information required for installation (Manager Server IP, Company/Domain Group Auth Info) and proceed with the installation.
[root@localhost DeepFinder]# ./jeus.sh 1.1.1.1 ecd69098a3a6f2077cf5ffe6xxxx
************************************
SERVER IP : 1.1.1.1
AUTH KEY : ecd69098a3a6f2077cf5ffe6ceb3f298dd59a4bab6d243f774afe538c518
SYSTEM KERNEL : 2.6
CHECK OS : Linux
CHECK LINUX : CentOS Linux
CHECK SELinux : Disabled
CHECK OS BIT : x86_64 (64 bit)
DeepFinder install path : /usr/local/deepfinder
Starting DeepFinder Agent [ OK ]
## Modify JEUS Conf file
vi $jeus7/webcommon.xml
<filter>
<filter-name>DfFilter</filter-name>
<filter-class>com.df.filter.DfFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>DfFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<servlet>
<description></description>
<display-name>DfError</display-name>
<servlet-name>DfError</servlet-name>
<servlet-class>com.df.servlet.DfError</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DfError</servlet-name>
<url-pattern>/DfError</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>DfDeny</display-name>
<servlet-name>DfDeny</servlet-name>
<servlet-class>com.df.servlet.DfDeny</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DfDeny</servlet-name>
<url-pattern>/DfDeny</url-pattern>
</servlet-mapping>
- Finished DeepFinder WAF Install
************************************
5) Copy DfFilter Library
Copy DfFilter.jar from the lib directory of the DeepFinder installation path (/usr/local/deepfinder/lib) to the Jeus lib/system path.
[root@localhost ~]# cd /usr/local/Deepfinder/lib
[root@localhost lib]# cp DfFilter.jar [JEUS_DIR]/lib/system
6) Insert Filter
Modify webcommon.xml in the conf directory of the Jeus installation path ([Jeus_DIR]/config/servlet/webcommon.xml) as follows.
※ In the case of Jeus WAS, since multiple Servlets can be used, the filter must be inserted into the webcommon.xml file of each servlet. After inserting the filter, please verify that the WAF is working normally for each Servlet.
[root@localhost ~]# cd [Jeus_DIR]/config/servlet/webcommon.xml
[root@localhost conf]# cp webcommon.xml webcommon.xml.bak
[root@localhost conf]# vi webcommon.xml
Input the Filter configuration syntax between the <web-app> tags in [Jeus_DIR]/config/servlet/webcommon.xml.
For the web.xml script, please refer to WAS Filter Script.
7) Update Jeus
Restart Jeus.
[root@localhost ~]# %Jeus PATH%/bin/jboot
[root@localhost ~]# %Jeus PATH%/bin/jdown
Check Linux Agent
Check Agent Connection
- Check Agent Process
Check if the Agent process is running normally using the PS command.
[root@localhost ~]# ps -ef | grep deepfinder
root 14632 1 0 Jun21 ? 00:00:01 /usr/local/deepfinder/bin/starter
root 14906 14632 0 Jun27 ? 00:11:15 /usr/local/deepfinder/bin/agent
root 17272 23916 0 01:08 pts/3 00:00:00 grep --color=auto deepfinder
- Check Agent Log
Check the Agent Log to review for any errors.
[root@localhost ~]# cd /usr/local/deepfinder/log
[root@localhost log]# cat agent.log
2020-03-27 5:02:29 [AGENT] Init ---------------------------
2020-03-27 5:02:29 Connect Server [15.164.139.121:10012]
2020-03-27 5:02:29 Server Connected OK
2020-03-27 5:02:29 Agent Start
2020-03-27 5:02:29 [AGENT] Unique ID : 0A0177316C60
2020-03-27 5:02:29 Connect Server [15.164.139.121:10013]
2020-03-27 5:02:29 Server Connected OK
2020-03-27 5:02:29 [AGENT] Unique ID : 0A0177316C60
2020-03-27 5:02:29 ===== POLICY INSERT START =====
2020-03-27 5:02:29 AgentProperty [20] [OK]
2020-03-27 5:02:29 LogTypeSeq [54] [OK]
2020-03-27 5:02:29 PatternGroupSeq [51] [OK]
2020-03-27 5:02:29 PatternSeq [266] [OK]
2020-03-27 5:02:29 CountryInfoSeq [252] [OK]
2020-03-27 5:02:29 DomainPolicySeq [1] [OK]
2020-03-27 5:02:29 DomainPolicy [27]
2020-03-27 5:02:29 > DomainPolicy [27] : DomainSeq [0]
2020-03-27 5:02:29 > DomainPolicy [27] : BasePolicy
2020-03-27 5:02:29 > DomainPolicy [27] : LimitPolicy
2020-03-27 5:02:29 > DomainPolicy [27] : MethodPolicySeq [4]
2020-03-27 5:02:29 > DomainPolicy [27] : RequestUriPolicySeq [7]
2020-03-27 5:02:29 > DomainPolicy [27] : CookiePolicySeq [10]
2020-03-27 5:02:29 > DomainPolicy [27] : HeadNamePolicySeq [4]
2020-03-27 5:02:29 > DomainPolicy [27] : HeadValuePolicySeq [5]
2020-03-27 5:02:29 > DomainPolicy [27] : URLPolicySeq [1]
2020-03-27 5:02:29 > URLPolicy [27:1]
2020-03-27 5:02:29 >> URLPolicy [27:1] : URLBasePolicy
2020-03-27 5:02:29 >> URLPolicy [27:1] : ParamPatternPolicySeq [27]
2020-03-27 5:02:29 >> URLPolicy [27:1] : UploadPolicySeq [13]
2020-03-27 5:02:29 ===== POLICY INSERT END =====
2020-03-27 5:02:39 Filter Policy Update Status : OK
- Check Connection Status
Check if communication between Manager and Agent is established using the NETSTAT command.
[root@localhost log]# netstat -atunp | grep 100
tcp 0 0 10.0.1.20:34203 52.79.17.21:10014 ESTABLISHED 14906/agent
- Check Manager Connection
Check if the agent registered on the manager server is connected normally (green light).
Check Module Settings
- Check Filter Log
Check the Filter Log to confirm that the web server loaded the module normally. The module is loaded when the web server starts.
[root@localhost ~]# tail -f /usr/local/deepfinder/log/filter.log
2020-04-01 00:02:16 : [4052] Filter Init OK
2020-04-01 06:12:02 : [4988] Filter Init OK
2020-04-02 00:01:56 : [3296] Filter Init OK
- Check Module Setting
Check if the module is configured in the web server.
[root@localhost ~]# ps -ef | grep httpd
apache 29515 31785 0 09:23 ? 00:00:00 /usr/sbin/httpd
apache 29516 31785 0 09:23 ? 00:00:00 /usr/sbin/httpd
apache 29522 31785 0 09:23 ? 00:00:00 /usr/sbin/httpd
[root@localhost ~]# tail -n1 /etc/httpd/conf/httpd.conf
LoadModule deepfinder_module /usr/local/deepfinder/lib/mod_deepfinder22.so
- Check Module Load
Check if the module is loaded in the web server process using the LSOF command.
[root@localhost ~]# ps -ef | grep httpd
apache 29515 31785 0 09:23 ? 00:00:00 /usr/sbin/httpd
apache 29516 31785 0 09:23 ? 00:00:00 /usr/sbin/httpd
apache 29522 31785 0 09:23 ? 00:00:00 /usr/sbin/httpd
[root@localhost log]# lsof -p 31785 | grep deepfinder
httpd 31785 root mem REG 202,1 9429 4056 /deepfinder/lib/mod_deepfinder22.so
- Check Manager Log
Generate a detection log and check it on the manager server.
