Deploy LogRhythm in a FIPS-Enabled Domain
Complete the Prerequisites
Before deploying LogRhythm in a FIPS-enabled domain, complete the following prerequisites. If your deployment does not adhere to any of the requirements, contact LogRhythm Support.
- Perform the LogRhythm Database installation prior to joining the server to the domain.
- Complete the LogRhythm Software Install Wizard steps prior to joining the server to the domain.
- Select or create a domain user or service account to be used as a LogRhythm Global Administrator.
In High Availability or Disaster Recovery deployments, perform the steps in this guide on both the primary and the secondary servers.
Note the following:
- The initial configuration of LogRhythm will occur in one of two places:
- Connected to the network and not joined to the domain
- Connected to the network, joined to an organizational unit in the domain that doesn't inherit the GPO enabling FIPS.
- Local server administrator accounts are temporarily allowed.
FIPS and Integrated Security must be enabled for the same LogRhythm components. For more information, see Integrated Security.
Integrated Security must be configured prior to FIPS.
- The initial configuration of LogRhythm will occur with MS SQL Server in SQL and Windows Authentication Mode enabled.
Stop LogRhythm Services and Set to Manual Startup with PowerShell
Open a PowerShell console as the administrator and enter the following commands:
CODEGet-Service -DisplayName “LogRhythm*” | Stop-Service
CODEGet-Service -DisplayName “LogRhythm*” | Set-Service -StartupType Manual
Grant the LogRhythm Server Local Administrator Access to SQL Server
- Sign in to SQL Server as sa.
- Create a new login for the local server administrator account.
- Ensure that the account has sysadmin access.
Validate Local Administrator SQL Server Access
- Sign in to SQL server as the local admin account.
- Under Logins, right-click the <Server\LocalAdmin> account.
- Verify that the sysadmin role is selected.
Put Windows into FIPS Mode
- Log on to Windows as a Windows system administrator.
- Click Start, Control Panel, and Administrative Tools.
- Click Local Security Policy.
The Local Security Settings window appears. - In the navigation pane, click Local Policies, and then click Security Options.
- In the right-side pane, double-click System cryptography: Use FIPS–compliant algorithms for encryption, hashing, and signing.
- In the dialog box that appears, click Enabled, and then click Apply.
- Click OK.
- Close the Local Security Settings window.
- Restart the computer for the change to take affect.