OpenCanary daemon
Project description
OpenCanary
Thinkst Applied Research
Overview
OpenCanary is a daemon that runs several canary versions of services that alerts when a service is (ab)used. It's a low interaction honeypot intended to be run on internal networks.
Prerequisites
- Python 2.7+
- [Optional] Samba module needs a working installation of samba
Install
Installation on Ubuntu:
$ sudo apt-get install python-dev python-pip python-virtualenv
$ virtualenv env/
$ . env/bin/activate
$ pip install patron-it-opencanary[rdp,snmp,remote_logging] # rdp, snmp and remote_logging are optional extras
Ubuntu users installing rdpy should run the following before installing OpenCanary:
$ sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev
Installation OS X needs an extra step, as multiple OpenSSL versions may exist which confounds the python libraries using to it.
$ virtualenv env/
$ . env/bin/activate
Macports users should then run:
$ sudo port install openssl
$ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/opt/local/lib" CFLAGS="-I/opt/local/include" pip install cryptography
Alternatively homebrew users run:
$ brew install openssl
$ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/usr/local/opt/openssl/lib" CFLAGS="-I/usr/local/opt/openssl/include" pip install cryptography
Now installation can run as usual:
$ pip install patron-it-opencanary[rdp,snmp]
To install from source, instead of running pip do the following:
$ git clone https://github.com/thinkst/opencanary
$ cd opencanary
$ pip install .
If you are looking to get OpenCanary working on OpenBSD, take a look at https://github.com/8com/opencanary.
Run
OpenCanary is started by running:
$ . env/bin/activate
$ opencanaryd --start
On the first run, instructions are printed that will get to a working config.
Samba Setup (optional)
The Samba OpenCanary module monitors a log file produced by the Samba full_audit VFS module. Setup relies on:
- Having Samba installed.
- A modified Samba config file, to write file events to syslog's LOCAL7 facility.
- A modified syslog file, to output LOCAL7 to a samba-audit.log file.
As template Samba config, modify the following and install it to the right location (often /etc/samba/smb.conf). The lines you'll likely want to change are:
- path
- workgroup
- server string
- netbios name
- [myshare]
- comment
[global]
workgroup = WORKGROUP
server string = blah
netbios name = SRV01
dns proxy = no
log file = /var/log/samba/log.all
log level = 0
syslog only = yes
syslog = 0
vfs object = full_audit
full_audit:prefix = %U|%I|%i|%m|%S|%L|%R|%a|%T|%D
full_audit:success = pread
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = notice
max log size = 100
panic action = /usr/share/samba/panic-action %d
#samba 4
server role = standalone server
#samba 3
#security = user
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = no
map to guest = bad user
usershare allow guests = yes
[myshare]
comment = All the stuff!
path = /home/demo/share
guest ok = yes
read only = yes
browseable = yes
#vfs object = audit
Configure syslog to write the Samba logs out to the file that OpenCanary monitors. With rsyslog, adding these two lines to /etc/rsyslog will do that:
$FileCreateMode 0644
local7.* /var/log/samba-audit.log
For other syslog implementations similar lines might work.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for patron-it-opencanary-0.7.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | c4f975850b00ac9e7395f34eb5282f67a09afa895d91e06e0ce040aacd49e54d |
|
MD5 | a63bd8637be7307ea862aadd8bc98ae8 |
|
BLAKE2b-256 | 973cf99870c3a95b10d43e36b1f5351902f99feaabf90a9bf07eae83580be7ab |
Hashes for patron_it_opencanary-0.7.1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | aa29eb50198726fecbf2d77f2329be5e251e29b692336b21dbe1595b5368e4b3 |
|
MD5 | 2388e54a642641b4c1839833ba30eb29 |
|
BLAKE2b-256 | f8e42f7118c6d61c515e24f59d3390fb9eb1f09adfb0e2740854703702dec93f |