Lazy learning

So you want to use Naxsi but you’re too lazy to analyze your nginx’s error log in order to write your own whitelists, and you’re definitely not brave enough to run a learning mode for a week. Relax, they’ve got something for you too. Rendez-vous in the Downloads area of Naxsi’s website and retrieve latest naxsi-ui archive. Within that tarball, you will only need 2 python scripts, nx_intercept.py and nx_extract.py. The first one will read and record all Naxsi matches from the error log, while the second will generate the whitelist. In order to make those scripts work, you will need python-twisted, which is available for pretty much every decent UNIX-like I’m aware of. Default configuration file, naxsi-ui.conf, will do the job as it is. Here’s a tiny piece of script which reads all of your log files, pass them to the nx_* scripts and will display all the associated whitelist rules to stdout:

Usage example:

This will read and analyze every log file matching /var/log/nginx/imil.net-error.log*, including gzipped ones.