Merge pull request #101 from AikidoSec/more-forge

Forge extensive instructions
AikidoSec · Dec 13, 2024 · 587b177 · 587b177
2 parents 25294af + 82c3fec
commit 587b177
Showing 1 changed file with 62 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Zen, your in-app firewall for peace of mind – at runtime.
 
 Zen is an embedded Web Application Firewall that autonomously protects your PHP apps against common and critical attacks.
 
-Zen protects your PHP apps by preventing user input containing dangerous strings, thus protecting agains attacks like SQL injection. It runs on the same server as your PHP app for simple [installation](#Installation) and zero maintenance.
+Zen protects your PHP apps by preventing user input containing dangerous strings, thus protecting agains attacks like SQL injection. It runs on the same server as your PHP app for simple [install](#Install) and zero maintenance.
 
 ## Features
 
@@ -23,15 +23,15 @@ Zen operates autonomously on the same server as your PHP app to:
 * ✅ Rate limit specific API endpoints by IP or by user
 * ✅ Allow you to block specific users manually
 
-## Installation
+## Install
 
 Zen for PHP comes as a single package that needs to be installed on the system to be protected.
 Prerequisites:
 * Ensure you have sudo privileges on your system.
 * Check that you have a supported PHP version installed (PHP version >= 7.3 and test up to 8.3).
 * Make sure to use the appropriate commands for your system or cloud provider.
 
-### Manual installation
+### Manual install
 
 #### For Red Hat-based Systems (RHEL, CentOS, Fedora)
 
@@ -75,11 +75,50 @@ files:
 
 2. Go to `AWS EB enviroment -> Configuration -> Updates, monitoring, and logging -> Edit` and add the desired environment variables like: AIKIDO_TOKEN
 
-#### Forge
+#### Forge (recipe)
+1. Go to `[server_name] -> [site_name] -> Enviroment` and add the desired environment variables like: AIKIDO_TOKEN
+2. Go to "Recipes".
+3. Based on the running OS, use the [Manual install](#Manual-install) commands to create a new recipe called "Install Aikido Firewall" and select "root" as user. Example for Debian-based systems:
+```
+cd /tmp
+
+# Install commands from the "Manual install" section below, based on your OS
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.0.99/aikido-php-firewall.x86_64.deb
+dpkg -i -E ./aikido-php-firewall.x86_64.deb
+
+# Restarting the php services in order to load the Aikido PHP Firewall
+for service in $(systemctl list-units | grep php | awk '{print $1}'); do
+    sudo systemctl restart $service
+done
+```
+4. Based on the running OS, use the [Manual uninstall](#Manual-uninstall) commands to create a new recipe called "Uninstall Aikido Firewall" and select "root" as user. Example for Debian-based systems:
+```
+# Install commands from the "Manual uninstall" section below, based on your OS
+dpkg --purge aikido-php-firewall
 
-1. Use ssh to connect to the Forge server that you want to be protected by Aikido and, based on the running OS, execute the install commands from the [Manual installation](#Manual-installation) section.
-2. Go to `[server_name] -> [site_name] -> Enviroment` and add the desired environment variables like: AIKIDO_TOKEN
-3. Deploy the site to apply the changes.
+# Restarting the php services in order to load the Aikido PHP Firewall
+for service in $(systemctl list-units | grep php | awk '{print $1}'); do
+    sudo systemctl restart $service
+done
+```
+5. Run the created recipes to install / uninstall the Aikido PHP Firewall.
+
+#### Forge (ssh)
+1. Go to `[server_name] -> [site_name] -> Enviroment` and add the desired environment variables like: AIKIDO_TOKEN
+2. Use ssh to connect to the Forge server that you want to be protected by Aikido and, based on the running OS, execute the install commands from the [Manual install](#Manual-install) section.
+3. Go to `[server_name] -> [site_name] -> Restart` and click `Restart PHP <version>`.
+
+#### Fly.io (flyctl)
+1. In your repo, run `fly launch`.
+2. Add the desired environment variables, by running `fly secrets set AIKIDO_TOKEN=AIK_RUNTIME...`.
+3. Go to `./.fly/scripts` folder and create the `aikido.sh` file with the [Manual install](#Manual-install) commands:
+```
+#!/usr/bin/env bash
+cd /tmp
+curl -L -O https://github.com/AikidoSec/firewall-php/releases/download/v1.0.99/aikido-php-firewall.x86_64.deb
+dpkg -i -E ./aikido-php-firewall.x86_64.deb
+```
+4. Run `fly deploy`.
 
 ## Supported libraries and frameworks
 
@@ -171,6 +210,22 @@ The benchmarking times displayed in this readme are computed with PHP 8.1 on the
 | Request With User Setting | 1.2230 | 1.4430 | 0.2200 ms |
 | Request Simple | 1.2370 | 1.3730 | 0.1360 ms |
 
+## Uninstall
+
+### Manual uninstall
+
+#### For Red Hat-based Systems (RHEL, CentOS, Fedora)
+
+```
+rpm -e aikido-php-firewall
+```
+
+#### For Debian-based Systems (Debian, Ubuntu)
+
+```
+dpkg --purge aikido-php-firewall
+```
+
 ## Bug bounty program
 
 Our bug bounty program is public and can be found by all registered Intigriti users at: https://app.intigriti.com/researcher/programs/aikido/aikidoruntime