Skip to content

Setup LogonTracer with SSL

Jump to bottom
Shusei Tomonaga edited this page Nov 13, 2023 · 2 revisions

1. Install Docker Compose
2. Clone LogonTracer Github repository
3. Customize docker-compose.yml
4. Create Compose Network
5. Get Your SSL Certificate
6. Start Docker Compose
7. Accessing the Web GUI
8. Note

LogonTracer does not encrypt communications by default settings. If you want to encrypt communication, please use Docker Compose which Nginx.

Docker Composeのインストール

Install Docker Compose

If you do not have Docker Compose, please check this page and install it.

Clone LogonTracer github repository

$ git clone https://github.com/JPCERTCC/LogonTracer.git
$ cd LogonTracer\docker-compose-with-nginx

Customize docker-compose.yml

Modify docker-compose.yml if needed.

Set the IP Address of Server

If you use other than localhost, change to IP address etc.

environment:
  - LTHOSTNAME=localhost

Performance Tuning for Neo4j

Performance tuning of Neo4j (used memory size) may improve the performance of LogonTracer.

- NEO4J_dbms_memory_heap_max__size=4G
- NEO4J_dbms_memory_heap_initial__size=2G
- NEO4j_dbms_memory_pagecache_size=20G

See more details: Neo4j Web

Create Compose Network

$ docker network create neo4j-network

Get Your SSL Certificate

The following describes how to create a self-signed SSL certificate. If you can buy an SSL certificate, consider other options.

Command for creating a self-signed SSL certificate

$ openssl req -new -days 365 -x509 -nodes -keyout server.key -out server.crt

Set Your SSL Certificate

$ cp server.key LogonTracer/docker-compose-with-nginx/nginx/
$ cp server.crt LogonTracer/docker-compose-with-nginx/nginx/
$ cp server.key LogonTracer/docker-compose-with-nginx/neo4j/certificates/bolt/
$ cp server.crt LogonTracer/docker-compose-with-nginx/neo4j/certificates/bolt/

Start Docker Compose

$ docker compose build
$ docker compose up -d

Accessing the Web GUI

Access https://[LogonTracer_Server]/ via Web browser. Please make sure to enable JavaScript on your browser.

Login

Login with the default account (neo4j:password) from the Web GUI.
Login GUI

Note

If you are using a self-signed SSL certificate, it will be rejected by your web browser. Please set your web browser to allow SSL certificates as HTTPS.

  • Import self-signed SSL certificate for Web browser.

    or

  • Allow SSL certificate from web browser warning messages.

    1. Access to https://[LogonTracer_Server]/ and allow the SSL certificate.

    2. Access to https://[LogonTracer_Server]:7678/ and allow the SSL certificate.

Manual

  1. Home
  2. How to Install
    1. for Linux
    2. for OS X
  3. How to Use
    1. Start LogonTracer
    2. Accessing the Web GUI
    3. Import EVTX
    4. Search and visualize the event log
    5. Importance rank of accounts and hosts
    6. Timeline
    7. User Management
    8. Case Management
  4. Combining LogonTracer with Elasticsearch
  5. Jump start with Docker
  6. Setup with Docker Compose
  7. Setup with SSL
  8. Configuration
  9. Important Notes

マニュアル(日本語)

  1. ホーム
  2. インストール
    1. Linux
    2. OS X
  3. 使用方法
    1. LogonTracerの起動
    2. Web GUIへアクセス
    3. EVTXのインポート
    4. イベントログの検索と可視化
    5. アカウントとホストの重要度
    6. タイムライン
    7. ユーザ管理
    8. ケース管理
  4. Elasticsearchとの連携
  5. Dockerイメージの使い方
  6. Docker Composeの使い方
  7. 通信の暗号化
  8. 設定情報
  9. 注意
Clone this wiki locally