Coder Social home page Coder Social logo

mott77 / opencanary Goto Github PK

View Code? Open in Web Editor NEW

This project forked from thinkst/opencanary

0.0 1.0 0.0 2.74 MB

Modular and decentralised honeypot

Home Page: http://opencanary.org

License: BSD 3-Clause "New" or "Revised" License

Python 70.71% Shell 1.27% HTML 7.81% CSS 19.66% JavaScript 0.54%

opencanary's Introduction

OpenCanary

Thinkst Applied Research

Overview

OpenCanary is a daemon that runs several canary versions of services that alerts when a service is (ab)used.

Prerequisites

  • Python 2.7
  • [Optional] SNMP requires the python library scapy
  • [Optional] RDP requires the python library rdpy
  • [Optional] Samba module needs a working installation of samba

Install

Installation on Ubuntu:

$ sudo apt-get install python-dev python-pip python-virtualenv
$ virtualenv venv/
$ . venv/bin/activate
$ pip install opencanary
$ pip install scapy pcapy # optional

Ubuntu users installing rdpy should run the following before installing OpenCanary:

$ sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev
$ pip install rdpy

Installation OS X needs an extra step, as multiple OpenSSL versions may exist which confounds the python libraries using to it.

$ virtualenv venv/
$ . venv/bin/activate

Macports users should then run:

$ sudo port install openssl
$ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/opt/local/lib" CFLAGS="-I/opt/local/include" pip install cryptography

Alternatively homebrew users run:

$ brew install openssl
$ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/usr/local/opt/openssl/lib" CFLAGS="-I/usr/local/opt/openssl/include" pip install cryptography

Now installation can run as usual:

$ pip install opencanary
$ pip install scapy pcapy # optional

To install from source, instead of running pip do the following:

$ git clone https://github.com/thinkst/opencanary
$ cd opencanary
$ python setup.py install

Run

OpenCanary is started by running:

$ sudo /path/to/venv/bin/opencanary --start

On the first run, instructions are printed that will get to a working config.

Samba Setup (optional)

The Samba OpenCanary module monitors a log file produced by the Samba full_audit VFS module. Setup relies on:

  • Having Samba installed.
  • A modified Samba config file, to write file events to syslog's LOCAL7 facility.
  • A modified syslog file, to output LOCAL7 to a samba-audit.log file.

As template Samba config, modify the following and install it to the right location (often /etc/samba/smb.conf). The lines you'll likely want to change are:

  • path
  • workgroup
  • server string
  • netbios name
  • [myshare]
  • comment
    [global]
       workgroup = WORKGROUP
       server string = blah
       netbios name = SRV01
       dns proxy = no
       log file = /var/log/samba/log.all
       log level = 0
       syslog only = yes
       syslog = 0
       vfs object = full_audit
       full_audit:prefix = %U|%I|%i|%m|%S|%L|%R|%a|%T|%D
       full_audit:success = pread
       full_audit:failure = none
       full_audit:facility = local7
       full_audit:priority = notice
       max log size = 100
       panic action = /usr/share/samba/panic-action %d

       #samba 4
       server role = standalone server

       #samba 3
       #security = user

       passdb backend = tdbsam
       obey pam restrictions = yes
       unix password sync = no
       map to guest = bad user
       usershare allow guests = yes
    [myshare]
       comment = All the stuff!
       path = /home/demo/share
       guest ok = yes
       read only = yes
       browseable = yes
       #vfs object = audit

Configure syslog to write the Samba logs out to the file that OpenCanary monitors. With rsyslog, adding these two lines to /etc/rsyslog will do that:

$FileCreateMode 0644
local7.*            /var/log/samba-audit.log

For other syslog implementations similar lines might work.

opencanary's People

Contributors

thinkst-az avatar thinkst-marco avatar aabed avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.