在debian10 安裝 docker 以及 Logon Tracer

-
Logon Tracer是一款可以產生關連性圖表的事件檢視器
曾在BlackHat 2018 大會上出現過
操作上相當簡單
話不多說 裝起來!

sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"
   
sudo apt-get update     
sudo apt-get install docker-ce docker-ce-cli containerd.io
之後就可以把Logon Tracer拉過來啦~

docker pull jpcertcc/docker-logontracer
docker run --detach --publish=7474:7474 --publish=7687:7687 --publish=8080:8080 -e LTHOSTNAME=<你的IP> jpcertcc/docker-logontracer
記得 在啟動時<你的IP>千萬不要是0.0.0.0 不然有可能會出現你上傳完LOG 畫面還是空白的窘境
我的環境是192.168.107.14 那<你的IP>這個部分就要是192.168.107.14

留言

張貼留言

這個網誌中的熱門文章

centos7 架設 snort IDS (版本2.9.13)

-
[我這邊用root] yum update cd ~ yum install -y gcc flex bison zlib libpcap pcre libdnet tcpdump yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install -y libnghttp2 yum install -y zlib-devel libpcap-devel pcre-devel libdnet-devel openssl-devel libnghttp2-devel luajit-devel wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz wget https://www.snort.org/downloads/snort/snort-2.9.13.tar.gz tar xvzf daq-2.0.6.tar.gz cd daq-2.0.6 ./configure && make && sudo make install cd .. tar xvzf snort-2.9.13.tar.gz cd snort-2.9.13 ./configure --enable-sourcefire && make && sudo make install [這邊會有點久 要等一下] ldconfig ln -s /usr/local/bin/snort /usr/sbin/snort groupadd snort useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort sudo mkdir -p /etc/snort/rules sudo mkdir /var/log/snort sudo mkdir /usr/local/lib/snort_dynamicrules sudo chmod -R 5775 /etc/snort sudo chmod -R 5775 /var/log/snort sudo chm
閱讀完整內容