- Signature Update Repository 설치
wget -P /etc/yum.repos.d [<https://cs.nginx.com/static/files/app-protect-security-updates-7.repo>](<https://cs.nginx.com/static/files/app-protect-security-updates-7.repo>)
yum install app-protect-attack-signatures
- Signature Release Data 확인
- 최신 Signature Release Date확인 가능
yum --showduplicates list app-protect-attack-signatures
#app-protect-attack-signatures.x86_64 2022.03.15-1.el7.ngx app-protect-security-updates
#app-protect-attack-signatures.x86_64 2022.03.23-1.el7.ngx app-protect-security-updates
#app-protect-attack-signatures.x86_64 2022.03.31-1.el7.ngx app-protect-security-updates
#app-protect-attack-signatures.x86_64 2022.04.10-1.el7.ngx app-protect-security-updates
#app-protect-attack-signatures.x86_64 2022.04.21-1.el7.ngx app-protect-security-updates
#[10:51:23 root@ip-10-10-10-10 /home/ec2-user]$
[10:53:00 root@ip-10-10-10-10 /home/ec2-user]$ rpm -ql app-protect-attack-signatures.x86_64
/opt/app_protect/var/update_files/signatures
/opt/app_protect/var/update_files/signatures/signature_update.yaml
/opt/app_protect/var/update_files/signatures/signatures.bin.tgz
/opt/app_protect/var/update_files/signatures/version
[10:53:03 root@ip-10-10-10-10 /home/ec2-user]$
[10:58:16 root@ip-10-10-10-10 /home/ec2-user]$ rpm -qa | grep sig
app-protect-attack-signatures-2022.04.21-1.el7.ngx.x86_64
[10:58:16 root@ip-10-10-10-10 /home/ec2-user]$
[10:58:16 root@ip-10-10-10-10 /home/ec2-user]$ yum update app-protect-attach-signatures
- Signature update Log Check
vi /var/log/app_protect/import_export_policy.log
config_set_compiler|INFO|Sep 24 14:27:57.267|11239|,,Start: /opt/app_protect/bin/config_set_compiler --update-signatures
config_set_compiler|INFO|Sep 24 14:27:57.271|11239|F5::LockFactory::Base::lock,,config_set_compiler Line 72 is going to lock '/opt/app_protect/lock/config_set.lock'. (flock flags: '2', dont_block: '0').
config_set_compiler|INFO|Sep 24 14:27:57.271|11239|F5::LockFactory::Base::lock,,config_set_compiler Line 72 has locked '/opt/app_protect/lock/config_set.lock'. (Lock count: '1', Self count: '1')
config_set_compiler|DEBUG|Sep 24 14:27:57.272|11239|F5::ProcessHandler::init,,setting split_planes action to:[0]
config_set_compiler|INFO|Sep 24 14:27:57.272|11239|(eval),,Setting nice priority to 1
config_set_compiler|INFO|Sep 24 14:27:57.292|11239|F5::Log::Job::log_job_status,,{"component":"config_set","datetime":"2021-09-24T05:27:57.292Z","jobCreateDatetime":"2021-09-24T05:27:57.291Z","jobId":"53cfe876c08d3e51d4e49a5c27ceecb4","jobStatus":"started","operationId":"init"}
config_set_compiler|INFO|Sep 24 14:27:57.299|11239|F5::ConfigSet::handle_update,,Loading signatures revision 2021-09-14T13:05:01Z
config_set_compiler|INFO|Sep 24 14:27:57.299|11239|F5::ConfigSet::handle_update,,Loading signatures file /opt/app_protect/var/update_files/signatures/signatures.bin.tgz
config_set_compiler|INFO|Sep 24 14:28:31.795|11239|F5::Log::Job::log_job_status,,{"component":"config_set","datetime":"2021-09-24T05:28:31.795Z","jobCreateDatetime":"2021-09-24T05:27:57.291Z","jobId":"53cfe876c08d3e51d4e49a5c27ceecb4","jobStatus":"completed","operationId":"init"}
config_set_compiler|INFO|Sep 24 14:28:31.796|11239|,,Returning: {"user_signatures_packages":[],"attack_signatures_package":{"revision_datetime":"2021-09-14T13:05:01Z","version":"2021.09.14"},"completed_successfully":true,"threat_campaigns_package":{}}
config_set_compiler|INFO|Sep 24 14:28:31.797|11239|F5::LockFactory::Base::unlock,,F5::LockFactory::Base Line 131 is going to unlock '/opt/app_protect/lock/config_set.lock', which is owned by PID '11239'.
config_set_compiler|INFO|Sep 24 14:28:31.797|11239|F5::LockFactory::Base::unlock,,F5::LockFactory::Base Line 131 has unlocked '/opt/app_protect/lock/config_set.lock'. (Lock count: '0', Self count: '0')
~
