Vulnerability Scanner Web Application

Shadowd – The Shadow Daemon Web Application Firewall Server

Shadow Daemon is a collection of tools to detect, record and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.

This is the main component that handles the analysis and storage of requests.

Installation

The easiest way to install the main component of Shadow Daemon – the background server – is to use the packet manager of your distribution or Docker.

Debian / Ubuntu

The package is still awaiting sponsorship, so it is not possible to install it with apt-get from the official repositories yet. Please download and install the deb package manually instead.

On Ubuntu you can also use PPA to install the package:

Red Hat / CentOS

The package is still awaiting sponsorship, so it is not possible to install it with yum from the official repositories yet. Please download and install the rpm package manually instead. For some of the dependencies you will need the EPEL repository (extra packages for enterprise linux).

Preparation
Use cmake to configure and prepare the project. It is a good idea to create a separate directory for this. A typical installation might look like this.

Compilation:
If cmake is successful it creates a makefile. Use it to compile and install the project.

Database:
Install and configure a database server. At the moment shadowd officially supports PostgreSQL and MySQL. Afterwards create a new user and database for shadowd and import the correct layout.

If you are using PostgreSQL you can use psql to import the layout.

If you are using MySQL you can use mysql to import the layout. The user requires the CREATE ROUTINE privilege.

Configuration:
The installer copies the configuration file to /etc/shadowd/shadowd.ini. The file is annotated and should be self-explanatory.

Download Shadowd

I started blogging around 2011 at #Ubuntupirates, #ProjectX and #pir8geek, I’m currently working as Network/Linux SysAdmin.

I’m a Linux,opensource advocate and interested in network security and InfoSec.

Leave a Reply