Container
Docker
- The Docker environment follows the same installation method as the on-premise environment.
http://download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz
1) Accessing the Container
- To install DeepFinder within Docker, the Container must be running. Identify the running Container ID and access the Docker interior to proceed.
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9b28e84231 b541f09 "/bin/sh" 19 hours ago Up 1 hours 0.0.0.0:82->82/tcp great_it
[root@localhost ~]# docker exec –it 9b28e84231 /bin/bash
2) Downloading the Installation File
- Download the DeepFinder Agent installation file from the DeepFinder Repository using utilities such as
wgetorcurl.
2-1) Ubuntu OS
/ # sudo apt-get install -y wget gcc make libpcre3-dev libssl-dev zlib1g-dev libmagic1
# If libpcre3-dev cannot be installed, install libpcre2-dev
/ # wget http://download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz
2-2) Alpine OS
If the installation environment is Alpine OS, you must install compilation tools and development libraries in advance.
/ # apk add wget libstdc++ libgcc libmagic libproc
/ # wget http://download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz
- If external internet access is not available within Docker, download the DeepFinder Agent installation package locally and copy it into the Docker container to proceed.
[root@localhost ~]# wget http://download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz
[root@localhost ~]# docker cp 9b28e84231:/usr/local/src ./DeepFinder.tar.gz
3) Decompressing the File
Decompress the downloaded installation file.
/ # tar xvfz DeepFinder.tar.gz
4) Agent Installation
4-1) Apache Installation
- When installing on Alpine Linux OS, install compilation tools and development libraries.
[root@localhost ~]# apk add libstdc++ libgcc libmagic libproc
/ # cd DeepFinder
root@162243d:/usr/local/src/DeepFinder# ./setup.sh 1.1.1.1 611dd4300b91412e89xxxxxxxx
SERVER IP : 1.1.1.1
AGENT ID : 611dd4300b91412e89xxxxxxxx
SYSTEM KERNEL : 5.15
CHECK OS : Linux
CHECK LINUX : Ubuntu Linux
CHECK OS BIT : x86_64 (64 bit)
DeepFinder install path : /usr/local/deepfinder
* Starting DeepFinder Agent [ OK ]
## Check Apache Conf : LoadModule deepfinder_module /usr/local/deepfinder/lib/mod_deepfinder24.so
- Finished DeepFinder WAF Install
***************************************************************
Note
If the 'HTTPD Not found' message appears as shown below, proceed with the installation using the agent.sh script.
After installing via agent.sh, insert the module information corresponding to the Apache version into the Apache configuration file, and perform an apache graceful to complete the web server filter application.
#9b28e846a231:/usr/local/src/DeepFinder# ./setup.sh 1.1.1.1 611dd4300b91412e89xxxxxxxx
SERVER IP : 1.1.1.1
AGENT ID : 611dd4300b91412e89xxxxxxxx
SYSTEM KERNEL : 5.15
CHECK OS : Linux
CHECK LINUX : Alpine Linux
HTTPD Not found
------------------------------------------------------------
1. Execute agent.sh script
root@162243d14c3b:/usr/local/src/DeepFinder# ./agent.sh 1.1.1.1 123xxxxxxx
Agent only - DeepFinder Intall Start
SERVER IP : 1.1.1.1
AUTH KEY : 123xxxxxxx
SYSTEM KERNEL : 5.15
CHECK OS : Linux
CHECK LINUX : Ubuntu Linux
CHECK OS BIT : x86_64 (64 bit)
DeepFinder install path : /usr/local/deepfinder
* Starting DeepFinder Agent [ OK ]
- Finished DeepFinder WAF Install
2. Insert DeepFinder Module into Apache
#9b28e846a231:/usr/local/DeepFinder# vi /etc/apache2/httpd.conf
....
#EnableMMAP off
#EnableSendfile on
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
# Insert DeepFinder Module
LoadModule deepfinder_module /usr/local/deepfinder/lib/mod_deepfinder24.so
------------------------------------------------------------
3. Perform Apache graceful
#9b28e846a231:/usr/local/src/DeepFinder# /usr/sbin/apachectl -k graceful
4-2) Nginx Installation
- For Nginx, external libraries required for Nginx compilation are needed because module compilation is necessary.
- If external internet is unavailable, install all the tools below during the image build process.
- For Debian-based installations (Ubuntu, etc.)
[root@localhost ~]# apt-get install wget gcc make libpcre3-dev libssl-dev zlib1g-dev libmagic1
- For Alpine Linux OS installations
[root@localhost ~]# apk add libstdc++ libgcc libmagic libproc
- For Redhat-based installations
[root@localhost ~]# yum install –y wget gcc make pcre-devel openssl-devel zlib-devel
- For AWS Linux-based installations
[root@localhost ~]# yum install redhat-rpm-config
[root@localhost ~]# $DeepFinder/linux_x64/nginx/make_module
1. Execute nginx installation script
root@162243d:/usr/local/DeepFinder# ./nginx.sh 1.1.1.1 123xxxxxxx
NGINX - DeepFinder Install Start
SERVER IP : 1.1.1.1
AUTH KEY : 123xxxxxxx
SYSTEM KERNEL : 5.15
CHECK OS : Linux
CHECK LINUX : Ubuntu Linux
CHECK OS BIT : x86_64 (64 bit)
NGINX File Path : /usr/sbin/nginx
NGINX Version : 1.18.0 (Ubuntu)
DeepFinder install path : /usr/local/deepfinder
* Starting DeepFinder Agent [ OK ]
Install NGINX Module : Please wait a moment..
--2023-12-06 04:33:57-- http://nginx.org/download/nginx-1.18.0.tar.gz
Resolving nginx.org (nginx.org)... 3.125.197.172, 2a05:d014:edb:5704::6, ...
Connecting to nginx.org (nginx.org)|3.125.197.172|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1039530 (1015K) [application/octet-stream]
Saving to: 'nginx-1.18.0.tar.gz'
nginx-1.18.0.tar.gz 100%[=============================>] 1015K 686KB/s in 1.5s
2023-12-06 04:33:59 (686 KB/s) - 'nginx-1.18.0.tar.gz' saved [1039530/1039530]
Add to nginx.conf & configtest : ok
NEXT STEP : Reload nginx
/usr/sbin/nginx -s reload
- Finished DeepFinder WAF Install
------------------------------------------------------------
2. Reload nginx process
root@162243d:/usr/local/DeepFinder# /usr/sbin/nginx -s reload
Note
If the Agent installation does not proceed seamlessly as shown below, proceed with the installation using the agent.sh script.
After installing via agent.sh, execute the Nginx module installation file to complete the filter application.
1. Execute agent.sh script
root@162243d14c3b:/usr/local/src/DeepFinder# ./agent.sh 1.1.1.1 123xxxxxxx
Agent only - DeepFinder Intall Start
SERVER IP : 1.1.1.1
AUTH KEY : 123xxxxxxx
SYSTEM KERNEL : 5.15
CHECK OS : Linux
CHECK LINUX : Ubuntu Linux
CHECK OS BIT : x86_64 (64 bit)
DeepFinder install path : /usr/local/deepfinder
* Starting DeepFinder Agent [ OK ]
- Finished DeepFinder WAF Install
2. Execute nginx module installation file
#9b28e846a231:/usr/local/src/DeepFinder# ./linux_x64/nginx/make_module
# If nginx cannot be found, specify the path to the nginx executable
#9b28e846a231:/usr/local/src/DeepFinder# ./linux_x64/nginx/make_module /usr/sbin/nginx
--2023-12-06 05:22:49-- http://nginx.org/download/nginx-1.18.0.tar.gz
Resolving nginx.org (nginx.org)... 52.58.199.22, 3.125.197.172, 2a05:d014:edb:5704::6, ...
Connecting to nginx.org (nginx.org)|52.58.199.22|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1039530 (1015K) [application/octet-stream]
Saving to: 'nginx-1.18.0.tar.gz'
nginx-1.18.0.tar.gz 100%[==================================>] 1015K 572KB/s in 1.8s
2023-12-06 05:22:51 (572 KB/s) - 'nginx-1.18.0.tar.gz' saved [1039530/1039530]
Add to nginx.conf & configtest : ok
NEXT STEP : Reload nginx
/usr/sbin/nginx -s reload
------------------------------------------------------------
3. Reload nginx process
root@162243d:/usr/local/DeepFinder# /usr/sbin/nginx -s reload
5) Verification of Installation
- Check if the Agent process is running normally.
# root@162243d14c3b:~# ps -ef |grep deepfinder
root 5651 1 0 04:33 ? 00:00:00 /usr/local/deepfinder/bin/starter
root 13543 5651 0 05:42 ? 00:00:00 /usr/local/deepfinder/bin/agent
- If the starter and agent processes are not running, manually execute the processes.
root@162243d14c3b:~# /usr/local/deepfinder/bin/starter
root@162243d14c3b:~# ps -ef |grep deepfinder
root 5651 1 0 04:35 ? 00:00:00 /usr/local/deepfinder/bin/starter
root 13543 5651 0 04:36 ? 00:00:00 /usr/local/deepfinder/bin/agent
- Check the agent status in the Manager.
- Check the agent logs in the container.
# cd /usr/local/deepfinder/log
# ls
agent.log filter.log
# cat agent.log
2023-11-06 15:09:42 [AGENT] Init ---------------------------
2023-11-06 15:09:42 Read AgentID 1010
2023-11-06 15:09:42 Connect Server [52.78.94.74:10012]
2023-11-06 15:09:42 Server Connected OK : 52.78.94.74
2023-11-06 15:09:42 Agent Start
2023-11-06 15:09:42 Recv Connect : : 10016 (TCP)
2023-11-06 15:09:42 [AGENT] Unique ID : 0a1426f5f2de
2023-11-06 15:09:42 Disconnect Server
2023-11-06 15:09:42 Connect Server [52.78.94.74:10016]
2023-11-06 15:09:42 Server Connected OK : 52.78.94.74
2023-11-06 15:09:42 Recv Connect : : 0 (TCP)
2023-11-06 15:09:42 [AGENT] Unique ID : 0a1426f5f2de
2023-11-06 15:09:42 ===== POLICY INSERT START =====
2023-11-06 15:09:42 AgentProperty [1010] [OK]
2023-11-06 15:09:42 LogTypeSeq [54] [OK]
2023-11-06 15:09:42 PatternGroupSeq [130] [OK]
2023-11-06 15:09:42 PatternSeq [496] [OK]
2023-11-06 15:09:42 CountryInfoSeq [252] [OK]
2023-11-06 15:09:42 IPInfoSeq [59] [OK]
2023-11-06 15:09:42 DomainPolicySeq [1] [OK]
2023-11-06 15:09:42 DomainPolicy [97]
2023-11-06 15:09:42 > DomainPolicy [97] : DomainSeq [0]
2023-11-06 15:09:42 > DomainPolicy [97] : BasePolicy
2023-11-06 15:09:42 > DomainPolicy [97] : LimitPolicy
2023-11-06 15:09:42 > DomainPolicy [97] : MethodPolicySeq [4]
2023-11-06 15:09:42 > DomainPolicy [97] : RequestUriPolicySeq [13]
2023-11-06 15:09:42 > DomainPolicy [97] : CookiePolicySeq [53]
2023-11-06 15:09:42 > DomainPolicy [97] : HeadNamePolicySeq [4]
2023-11-06 15:09:42 > DomainPolicy [97] : HeadValuePolicySeq [5]
2023-11-06 15:09:42 > DomainPolicy [97] : URLPolicySeq [1]
2023-11-06 15:09:42 > URLPolicy [97:1]
2023-11-06 15:09:42 >> URLPolicy [97:1] : URLBasePolicy
2023-11-06 15:09:42 >> URLPolicy [97:1] : ParamPatternPolicySeq [58]
2023-11-06 15:09:42 >> URLPolicy [97:1] : UploadPolicySeq [13]
2023-11-06 15:09:42 ===== POLICY INSERT END =====
2023-11-06 15:09:52 Filter Policy Update Status : OK
- If the connection is not seamless, check the Manager IP, authentication key, and firewall settings in
deepfinder/conf/config.xml.
# cat filter.log
2023-11-06 14:59:55 : [23606] LibFilter Start PID 23606
2023-11-06 14:59:55 : [23606] Filter Init OK
2023-11-06 14:59:55 : [23607] LibFilter Start PID 23607
2023-11-06 14:59:55 : [23607] Filter Init OK
- If this log is missing, restart the web service.
K8s
- In the case of K8s, services are deployed as container images, so DeepFinder must be included in the image.
- Start the image you want to install DeepFinder on with Docker, and proceed in the same way as the Docker installation guide.
1) Docker build
2) Run the container with Docker run
3) Install DeepFinder Agent
4) Create an image with Docker commit
5) Deploy the K8s image
When using a config map, register the DeepFinder module in the configuration file as follows.
cat nginx.conf
worker_processes auto;
pid /run/nginx.pid;
# deepfinder
load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so;
events {
worker_connections 1024;
}
....
Dockerfile Configuration
- If restarting the web server within Docker is not possible, or if you want to apply it via a Dockerfile, modify the Dockerfile as follows.
1. Dockerfile build
1.1. When including the Agent
1.1.1. Modify CMD or ENTRYPOINT to a script
-------start.sh----------
#!bin/bash
# deepfinder start
/usr/local/deepfinder/bin/starter
# apache start
set -e
# Apache gets grumpy about PID files pre-existing
rm -f /usr/local/apache2/logs/httpd.pid
exec httpd -DFOREGROUND "$@"
# nginx start
nginx -g "daemon off;"
# springboot start
java -jar demo.jar
-------start.sh----------
1.2. When not including the Agent
1.2.1. Run the container with Docker run
1.2.2. Install DeepFinder Agent
1.2.3. Create an image with Docker commit while the web server and agent processes are running
2. K8s Image Deployment
2.1. Add filter statement when using configmap
nginx.conf: |
worker_processes auto;
pid /run/nginx.pid;
# deepfinder
load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so;
events {
worker_connections 1024;
2.2. Add startup script to nginx.yaml
apiVersion: apps/v1
kind: Deployment
...
containers:
lifecycle:
postStart:
exec:
# Change & run Agent config file
#command: ["/bin/sh", "-c","/bin/sed -i 's/52.72.93.74/3.34.164.78/g' /usr/local/deepfinder/conf/config.xml && /bin/sed -i 's/701de8xxxxxx/17c0089a9xxxxxxx/g' /usr/local/deepfinder/conf/config.xml && /usr/sbin/service deepfinder restart"]
# Run Agent
command: ["/bin/sh", "/usr/sbin/service deepfinder start"]