Run the latest version of the naxsi WAF, with the ability to analyze the data set by using the searching/aggregation capabilities of Elasticseach and the visualization power of Kibana

This docker image is intented to test and understand nxapi/nxtool, the new lerning tool for naxsi logs that attempts to perform the following :

• Events import : Importing naxsi events into an elasticsearch database
• Whitelist generation : Generate whitelists, from templates rather than from purely statistical aspects
• Events management : Allow tagging of events into database to exclude them from wl gen process
• Reporting : Display information about current DB content

The image is built from source, using nginx 1.9.10 and naxsi master branch.

1. Install Docker.
2. Install Docker-compose.
3. Clone this repository
4. Edit the docker-compose.yml and set the BACKEND_IP to the server that will be protected by naxsi, and (optionally) KIBANA_PASSWORD if you want to protect access to dashboards. User is kibana

Start the stack using docker-compose:

$ docker-compose up

You can also choose to run it in background (detached mode):

$ docker-compose up -d

By default, the stack exposes the following ports:

• 80: Nginx with Naxsi, forwarding requests to BACKEND_IP
• 8080: Kibana web UI

Naxsi in launched in learning mode, and logs are feed to elasticsearch every five seconds in a non ideal way, due to issues found while using the methods provided to get live logs from nginx to nxtool/nxapi.

Use your web (browse http://your_host_ip) to populate the stack, and then go to http://your_host_ip:8080 to see the reports using kibana.

The data stored in elasticsearch is persisted in ./elasticsearch-data directory, and this can be changed in docker-compose.yml

If you find problems, or want to run the nxtool utility to query the database you can get a shell by running:

docker ps # Identify naxsi container id
docker exec -i -t <CONTAINER_ID> /bin/bash