Systems Security class project - system for security information and event management (SIEM).
- Download MongoDB from here and install it
- Create the mongod.cfg config file with the following contents (replacing paths) in
C:\Program Files\MongoDB\Server\3.6
:
systemLog:
destination: file
path: c:\...\mongodb\log\mongod.log
storage:
dbPath: c:\...\mongodb\data
- Create files and folders specified in the mongod.cfg file
- Start cmd with admin privileges and start MongoDB with:
"C:\Program Files\MongoDB\Server\3.6\bin\mongod.exe" --config "C:\Program Files\MongoDB\Server\3.6\mongod.cfg"
- Open a second cmd with admin privileges and run the following commands (replacing
<admin username>
and<admin password>
):
"C:\Program Files\MongoDB\Server\3.6\bin\mongo.exe"
use admin
db.createUser({user: <admin username>, pwd: <admin password>, roles: [{role: "userAdminAnyDatabase", db: "admin"}]})
exit
- Stop the first cmd and install MongoDB (that requires authentication) as a Windows service (uninstall first if already installed):
"C:\Program Files\MongoDB\Server\3.6\bin\mongod.exe" --config "C:\Program Files\MongoDB\Server\3.6\mongod.cfg" --auth --install
- Run MongoDB from the same cmd:
net start MongoDB
- Go back to that second cmd and start mongo shell again
- Authenticate as admin (replacing
<admin username>
and<admin password>
):
use admin
db.auth(<admin username>, <admin password>)
- Create database and its user (replacing
<dev username>
and<dev password>
):
use siemdb
db.createUser({user: <dev username>, pwd: <dev password>, roles: [{role: "readWrite", db: "siemdb"}]})
- Add the following system environment variables:
CODE10_SIEM_DB_DEV_USERNAME <dev username>
CODE10_SIEM_DB_DEV_PASSWORD <dev password>
- Open
etc/rsyslog.d/50-default.conf
- Paste this as the first two lines of the file:
$template SiemFormat, "%TIMESTAMP:1:24:date-rfc3339% | %hostname% | %source% | %procid% | %syslogfacility-text% | %syslogseverity-text% | %msg%\n"
$ActionFileDefaultTemplate SiemFormat
- Run
sudo service rsyslog restart
in terminal
- Add the following system environment variables:
CODE10_SIEM_CERT_SERVER_KEY_PASS <password>
CODE10_SIEM_CERT_CLIENT_KEY_PASS <password>
- Open Power Shell and run the script
.\ssl\ssl.ps1
.