Using CTE with a Neo4j Database
This document describes how to integrate CTE with a Neo4j Database.
Test Environment
-
CTE Agent: 7.3.0 and 7.4.0
-
CipherTrust Manager: 2.10.0
-
OS: Ubuntu 20.04
-
Neo4j version: 4.1.12
-
File System: XFS and EXT4
Steps
To integrate CTE with a Neo4j database, install and register the CTE Agent, configure the Client Settings, and create appropriate GuardPoints.
Install and Register the CTE Agent
-
Install the CTE Agent on the client machine where the Neo4j Database is installed and configured.
-
Register the CTE Agent with the CipherTrust Manager.
Refer to CTE - Agent Quick Start Guide for details.
Configure the Client Settings
Add the following paths to the client settings:
| Privilege | Path to Binary |
|---|---|
| authenticator_euid | /usr/bin/neo4j |
| authenticator_euid | /usr/bin/java |
| authenticator_euid | /usr/share/neo4j/bin |
| authenticator_euid | /usr/bin/ls |
| authenticator_euid | /usr/bin/bash |
Refere to Client Settingsfor details.
Create the GuardPoints
Perform the following steps on the CTE client:
-
On the CTE client, stop the Neo4j Database.
-
On the CipherTrust Manager, create a GuardPoint. While creating the GuardPoint:
-
Enter the Paths
/var/log/neo4j,/etc/neo4j,/usr/share/neo4j/bin,/var/lib/neo4j/data,/var/lib/neo4j/certificates,/var/lib/neo4j/plugins, and/var/lib/neo4j/import. -
Select the Policy Type as Standard.
-
Create a User Set with users
neo4jandroot, and give them the permissions to perform all Actions and Effects. The default access is No Access.
Refer to Creating GuardPointsfor details.
-
-
Once the policy is enabled, start the Neo4j Database.
