Projects STRLCPY LogonTracer Commits 388520d7
🤬
  • ■ ■ ■ ■ ■ ■
    docker-compose-with-nginx/LogonTracer/build/Dockerfile
     1 +FROM python:3.7.8-slim-buster
     2 + 
     3 +RUN set -ex \
     4 + \
     5 + && savedAptMark="$(apt-mark showmanual)" \
     6 + && apt-get update \
     7 + && apt-get install -y --no-install-recommends git \
     8 + dpkg-dev \
     9 + gcc \
     10 + libssl-dev \
     11 + make
     12 + 
     13 +## LogonTracer install
     14 +WORKDIR /usr/local/src
     15 + 
     16 +RUN git clone https://github.com/JPCERTCC/LogonTracer.git \
     17 + && mv LogonTracer-Private LogonTracer \
     18 + && chmod 777 LogonTracer \
     19 + && chmod 777 LogonTracer/static \
     20 + && cd LogonTracer \
     21 + && pip install cython \
     22 + && pip install numpy \
     23 + && pip install scipy \
     24 + && pip install statsmodels \
     25 + && pip install -r requirements.txt \
     26 + && sed -i 's/\" -s \" + NEO4J_SERVER/\" -s neo4j\"/g' logontracer.py \
     27 + && sed -i 's/+ NEO4J_SERVER +/+ \"neo4j\" +/g' logontracer.py \
     28 + && sed -i 's/host=NEO4J_SERVER/host=\"neo4j\"/g' logontracer.py
     29 + 
     30 +## Create setup file
     31 +WORKDIR /usr/local/src
     32 + 
     33 +RUN echo "#!/bin/bash" > run.sh \
     34 + && echo "sleep 60" >> run.sh \
     35 + && echo "cd /usr/local/src/LogonTracer" >> run.sh \
     36 + && echo "python logontracer.py -r -o 8080 -u neo4j -p password -s \${LTHOSTNAME}" >> run.sh \
     37 + && chmod 755 run.sh
     38 + 
     39 +EXPOSE 8080
     40 + 
     41 +CMD ["/usr/local/src/run.sh"]
     42 + 
  • ■ ■ ■ ■ ■ ■
    docker-compose-with-nginx/README.md
     1 +# LogonTracer with SSL
     2 + 
     3 + Enable SSL communication with LogonTracer and nginx.
     4 + 
     5 + Please check the wiki for more details.
     6 + https://github.com/JPCERTCC/LogonTracer/wiki/setup-LogonTracer-with-SSL
     7 + 
     8 +## Usage
     9 +### Download LogonTracer
     10 + 
     11 + ```shell
     12 + $ git clone https://github.com/JPCERTCC/LogonTracer.git
     13 + ```
     14 + 
     15 +### Get Your SSL Certificate
     16 + 
     17 +The following describes how to create a self-signed SSL certificate. If you can buy an SSL certificate, consider other options.
     18 + 
     19 +#### Command for creating a self-signed SSL certificate
     20 + 
     21 + ```shell
     22 + $ openssl req -new -days 365 -x509 -nodes -keyout server.key -out server.crt
     23 + ```
     24 + 
     25 +### Set Your SSL Certificate
     26 + 
     27 + ```shell
     28 + $ cp server.key LogonTracer/docker-compose-with-nginx/nginx/
     29 + $ cp server.crt LogonTracer/docker-compose-with-nginx/nginx/
     30 + $ cp server.key LogonTracer/docker-compose-with-nginx/neo4j/certificates/bolt/
     31 + $ cp server.crt LogonTracer/docker-compose-with-nginx/neo4j/certificates/bolt/
     32 + ```
     33 + 
     34 +### Docker Build and Start
     35 + 
     36 + ```shell
     37 + $ cd LogonTracer/docker-compose-with-nginx/
     38 + $ docker-compose build
     39 + $ docker-compose up -d
     40 + ```
     41 + 
     42 +### Accessing the Web GUI
     43 + 
     44 +Access **https://[LogonTracer_Server]/** via Web browser. Please make sure to enable JavaScript on your browser.
     45 + 
     46 +#### Note
     47 + 
     48 +If you are using a self-signed SSL certificate, it will be rejected by your web browser. Please set your web browser to allow SSL certificates as HTTPS.
     49 + 
     50 +* Import self-signed SSL certificate for Web browser.
     51 + 
     52 + `or`
     53 + 
     54 +* Allow SSL certificate from web browser warning messages.
     55 + 
     56 + 1. Access to **https://[LogonTracer_Server]/** and allow the SSL certificate.
     57 + 
     58 + 2. Access to **https://[LogonTracer_Server]:7678/** and allow the SSL certificate.
     59 + 
  • ■ ■ ■ ■ ■ ■
    docker-compose-with-nginx/docker-compose.yml
     1 +version: "3"
     2 +services:
     3 + neo4j:
     4 + container_name: neo4j
     5 + # image: neo4j:4.4.14-enterprise
     6 + image: neo4j:4.4.14
     7 + volumes:
     8 + - ./neo4j/certificates:/var/lib/neo4j/certificates
     9 + # Using volumes slows down the container.
     10 + # - ./neo4j/data:/data
     11 + # - ./neo4j/logs:/logs
     12 + # - ./neo4j/conf:/conf
     13 + # Set when sync container and local time
     14 + # - /etc/localtime:/etc/localtime:ro
     15 + ports:
     16 + # - "7474:7474"
     17 + - "7687:7687"
     18 + environment:
     19 + - NEO4J_dbms_default__database=neo4j
     20 + - NEO4J_dbms_connector_bolt_listen__address=0.0.0.0:7687
     21 + - NEO4J_dbms_connector_http_listen__address=0.0.0.0:7474
     22 + - NEO4J_dbms_ssl_policy_bolt_enabled=true
     23 + - NEO4J_dbms_connector_bolt_tls__level=OPTIONAL
     24 + - NEO4J_dbms_ssl_policy_bolt_base__directory=/var/lib/neo4j/certificates/bolt
     25 + - NEO4J_dbms_ssl_policy_bolt_private__key=server.key
     26 + - NEO4J_dbms_ssl_policy_bolt_public__certificate=server.crt
     27 + # Performance tuning for JVM neo4j
     28 + # See more details: https://neo4j.com/developer/guide-performance-tuning/
     29 + # - NEO4J_dbms_memory_heap_max__size=4G
     30 + # - NEO4J_dbms_memory_heap_initial__size=2G
     31 + # - NEO4j_dbms_memory_pagecache_size=20G
     32 + # set default neo4j password
     33 + - NEO4J_AUTH=neo4j/password
     34 + # if you use neo4j enterprise
     35 + # - NEO4J_ACCEPT_LICENSE_AGREEMENT=yes
     36 + networks:
     37 + - neo4j-network
     38 + 
     39 + logontracer:
     40 + container_name: logontracer
     41 + build: ./LogonTracer/build
     42 + image: logontracer:latest
     43 + depends_on:
     44 + - neo4j
     45 + #volumes:
     46 + # Set when sync container and local time
     47 + # - /etc/localtime:/etc/localtime:ro
     48 + # ports:
     49 + # - "8080:8080"
     50 + environment:
     51 + - LTHOSTNAME=localhost
     52 + networks:
     53 + - neo4j-network
     54 + 
     55 + nginx:
     56 + container_name: nginx
     57 + image: nginx:latest
     58 + depends_on:
     59 + - neo4j
     60 + - logontracer
     61 + ports:
     62 + - "443:443"
     63 + - "80:80"
     64 + volumes:
     65 + - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
     66 + - ./nginx/server.crt:/usr/local/nginx/conf/server.crt
     67 + - ./nginx/server.key:/usr/local/nginx/conf/server.key
     68 + networks:
     69 + - neo4j-network
     70 + 
     71 +networks:
     72 + neo4j-network:
     73 + external: true
     74 + 
  • ■ ■ ■ ■ ■
    docker-compose-with-nginx/neo4j/certificates/bolt/revoked/.gitkeep
     1 + 
  • ■ ■ ■ ■ ■
    docker-compose-with-nginx/neo4j/certificates/bolt/trusted/.gitkeep
     1 + 
  • ■ ■ ■ ■ ■
    docker-compose-with-nginx/neo4j/conf/.gitkeep
     1 + 
  • ■ ■ ■ ■ ■
    docker-compose-with-nginx/neo4j/data/.gitkeep
     1 + 
  • ■ ■ ■ ■ ■
    docker-compose-with-nginx/neo4j/logs/.gitkeep
     1 + 
  • ■ ■ ■ ■ ■ ■
    docker-compose-with-nginx/nginx/default.conf
     1 +server {
     2 + listen 443 ssl;
     3 + 
     4 + client_max_body_size 20G;
     5 + 
     6 + ssl on;
     7 + ssl_certificate /usr/local/nginx/conf/server.crt;
     8 + ssl_certificate_key /usr/local/nginx/conf/server.key;
     9 + 
     10 + ssl_session_timeout 5m;
     11 + 
     12 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     13 + ssl_ciphers HIGH:!aNULL:!MD5;
     14 + ssl_prefer_server_ciphers on;
     15 + 
     16 + proxy_redirect off;
     17 + proxy_set_header HOST $host;
     18 + proxy_set_header X-Real-IP $remote_addr;
     19 + proxy_set_header X-Forwarded-Host $host;
     20 + proxy_set_header X-Forwarded-Server $host;
     21 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     22 + 
     23 + location / {
     24 + proxy_pass http://logontracer:8080/;
     25 + }
     26 +}
     27 + 
     28 +server {
     29 + listen 80;
     30 + return 301 https://$host$request_uri;
     31 +}
     32 + 
Please wait...
Page is in error, reload to recover