4.1 KiB
4.1 KiB
Domain Login Monitoring System
Setup Instructions
pip install flask flask_sqlalchemy flask_bcrypt flask_login flask_wtf flask_bootstrap email-validator pyotp qrcode pillow
1. Generate SSL Certificate
First, generate a self-signed certificate using OpenSSL:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"
Testing the app functionality from terminal:
curl -k -X POST -H "Content-Type: application/json" -H "X-API-Key: 47959c6d5d8db64eb0ec3ad824ccbe82618632e2a58823d84aba92078da693fa" -d '{"EventType": "Test", "UserName": "Testuser", "ComputerName": "TEST-PC", "IPAddress": "192.168.1.100", "Timestamp": "2025-04-27 08:50:35 BST", "retry": 1}' https://localhost:5000/api/log_event
curl -k -X POST -H "Content-Type: application/json" -H "X-API-Key: 47959c6d5d8db64eb0ec3ad824ccbe82618632e2a58823d84aba92078da693fa" -d '{"EventType": "Test", "UserName": "Testuser", "ComputerName": "TEST-PC", "IPAddress": "192.168.1.100", "Timestamp": "2025-04-27 08:51:35Z"}' https://localhost:8000/api/log_event
2. PowerShell Script
Save this script as LogEvent.ps1:
function Send-LogData {
param (
[string]$EventType,
[string]$ApiKey # Add your API key here
)
# Get the user name and computer name
$UserName = $env:USERNAME
$ComputerName = $env:COMPUTERNAME
# Get the IP address of the default network interface
$IPAddress = Get-NetIPAddress -AddressFamily IPv4 | Where-Object {
$_.InterfaceAlias -match "Ethernet|Wi-Fi" -and $_.IPAddress -ne "127.0.0.1"
} | Select-Object -ExpandProperty IPAddress -First 1
# Get the current timestamp in ISO format
$Timestamp = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
# Prepare the log data
$LogData = @{
EventType = $EventType
UserName = $UserName
ComputerName = $ComputerName
IPAddress = $IPAddress
Timestamp = $Timestamp
}
# Convert the log data to JSON
$LogJson = $LogData | ConvertTo-Json
# Send the log data using Invoke-RestMethod
try {
$response = Invoke-RestMethod -Uri "https://yourserver.com:5000/log_event" `
-Method Post `
-Body $LogJson `
-Headers @{
"Content-Type" = "application/json"
"X-API-Key" = $ApiKey
} `
-SkipCertificateCheck
Write-Host "Log sent successfully: $EventType"
}
catch {
Write-Error "Failed to send log: $_"
}
}
3. Task Scheduler Setup
Create Tasks for Each Event:
User Sign-In:
- Open Task Scheduler
- Click Create Task
- Name the task (e.g., "Log User Sign-In")
- Go to the Triggers tab and click New
- Select On an event
- Set Log to Security and Source to Microsoft-Windows-Security-Auditing
- Set Event ID to 4624 (successful logon)
- Go to the Actions tab and click New
- Set Action to Start a program
- Set Program/script to powershell.exe
- Set Add arguments to:
-File "C:\Path\To\LogEvent.ps1" -EventType "Sign-In" -ApiKey "YOUR_API_KEY_HERE"
PC Lock:
Same as above but:
- Set Event ID to 4800 (workstation lock)
- Change EventType to "Lock"
User Sign-Out:
Same as above but:
- Set Event ID to 4647 (user initiated logoff)
- Change EventType to "Sign-Out"
4. Initial Setup
- Log in to the web interface using default credentials:
- Username: superadmin
- Password: adminsuper
- Email: superadmin@example.com
- Go to Admin Settings to generate an API key
- Update all task scheduler tasks with the generated API key
For compiling you would need pyinstall with optional upx
flask_app/
│
├── app.py
├── config.py
├── models.py
├── forms.py
├── templates/
│ ├── base.html
│ ├── login.html
│ ├── register.html
│ ├── dashboard.html
│ ├── logs.html
│ └── manage_users.html
├── static/
│ ├── css/
│ └── js/
└── database.db