このページは、まだ日本語ではご利用いただけません。翻訳中です。
Contact 3rd party for support: This plugin is developed, tested, and maintained by Noname Security
The Noname Traffic Source plugin (also known as nonamesecurity
) lets you tune
how the Noname machine learning engine receives the Kong API traffic data to inspect.
How it works
All integrations require you to create an integration profile in Noname. Nearly all integrations require you to have administration access to the systems with which you want to integrate. The simplest integrations require you to record some kind of credentials or access key from the remote system to enter into Noname while creating the profile. This enables Noname to receive information from, or perform actions on, the remote system. For example, an action could be fetching a log file, or to initiating a block based on an incident created in Noname.
The Noname Security Kong plugin is available as a LuaRocks module. The Noname Security install and configuration documentation explains how to log on to the Noname admin user interface, go to the Integrations section of the platform, begin the Kong integration wizard, and download the plugin that is used in the Dockerfile to create a custom docker image with the plugins preinstalled.
Prevention is enabled by default. To disable the prevention feature, review the official documentation.
If you already had a prevention integration configured and would like to migrate to this new integration, see the upgrade guide in the official documentation.
Performance benchmarks
You can find the performance benchmarks for Kong with Noname here:
Kong Gateway Enterprise 2.8.1.1 with Noname 3.1
How to install
The Noname Traffic Source plugin for Kong
The Noname Security Kong plugin is available as a LuaRocks module.
The Noname Security install and configuration documentation explains how set up a custom Docker image with the both plugins preinstalled, using the Noname admin user interface.
Create the integration profile
Configure the integration profile in Noname and download the plugin:
- In the Noname UI, navigate to Settings > Integrations > Traffic Sources.
- Select Add Integration and select the Kong tile to create an integration profile.
- Download the Zip file, and copy it to your Kong machine, then select Next.
- Provide an alias for the integration.
- Select Finish to save the integration.
Install the LuaRocks module and set up Kong
- In your Kong machine CLI shell, navigate to the location of the copied zip file and unzip the file.
-
Run the following command to install the plugin:
luarocks install nonamesecurity.rockspec
-
Update the Kong
plugins
configuration, either throughkong.conf
(/etc/kong/kong.conf
by default) or via an environment variable.Open the file, find the
plugins
parameter, and addnonamesecurity
. For example:plugins = bundled,nonamesecurity # Comma-separated list of plugins this node # should load. By default, only plugins # bundled in official distributions are # loaded via the `bundled` keyword.
-
After the Lua module is installed, restart Kong:
kong restart
Install via a Dockerfile
If you have a Docker-based system, see the following example Dockerfile for installing the Noname Security plugin:
FROM kong/kong-gateway:3.4
USER root
RUN \apt-get update && \apt-get install unzip -y
WORKDIR /usr/kong/noname
RUN apt update && apt-get install -y build-essential git curl unzip
RUN bash -c 'mkdir -pv {nonamesecurity}'
COPY ./noname-security-kong-policy.zip nonamesecurity/noname-security-kong-policy.zip
RUN unzip nonamesecurity/noname-security-kong-policy.zip -d nonamesecurity && rm nonamesecurity/noname-security-kong-policy.zip
RUN cd nonamesecurity && luarocks make
USER kong
Enable the plugin
You can enable the nonamesecurity
plugin globally, on a service, or on a route.
You can check that the plugin was installed with the following request:
curl -s http://localhost:8001
Under the available_on_server
section in the response, look for the plugin nonamesecurity
.