Way to not log password? about opencanary HOT 8 CLOSED

Hey @citnadxela,

This is a great idea. You are more then welcome to open a pull request. If you are looking for a place to start, there are two options here:

You could try blanket mask the password in the logger.py. You will see a sanitizeLog method which you could use to check for a password (probably in logdata['logdata']).

The other option is to manually patch the actual module. For example, as in your above log, we could take the HTTP module, and blank out the section where we grab the password out of the request.

Please let me know if you need anymore advice (or sound boarding)

from opencanary.

Blanking out the section in the HTTP module works. Thanks. While we're on topic, do you know a way in which I can hide the IP's of certain hosts that access the the nas page?

from opencanary.

hey @citnadxela,

Im glad you got that working. In terms of hiding certain IP addresses that access the NAS page, you could implement your own whitelist in the HTTP module.

You would create a list of IPs (that you want whitelisted), and in the HTTP module's render_GET and render_POST methods, you could check request.getRequestHostname() against your IP whitelist. If the IP is present, skip logging, else continue to alert.

I hope this helps. Please let me know.

from opencanary.

Hey @thinkst ,

Couple more questions & I think I should be satisfied in testing opencanary.

How exactly do I use the SQL interface? How/what in the config am I supposed to include/edit?
After editing the config to make the honeypot enable/look like SQL, how do I access it to see how it would look to attackers? (For example, I input the IP into a browser to see the Synology page, I input the IP into RDP to see the Windows Server login window, how would I go about seeing the SQL interface?) If you can help wi/ this last part, it'd be appreciated. Thanks @thinkst . Everything you have said so far has been working.

from opencanary.

Hey @citnadxela,

In the config, you would include
"mysql.enabled":true, "mysql.banner": "5.5.43-0ubuntu0.14.04.1", "mysql.port": 3306,
You may change the port and banner to some other believable values, but these are the defaults.

So to test that the mysql service is running, you can use the commandline tool,
mysql -h $OPENCANARY_IP -u user --password=pass
which will attempt to connect to a mysql server at that address (using the default mysql port which is 3306).

Thanks for taking the time to be so thorough with opencanary. Please let me know if this information helps (and if not, we can get debugging to make sure it is all working for you).

from opencanary.

I also want to use opencanary as a Windows file share. When I access the server name in Windows Explorer, I see the Documents folder where I assume the 2 files:

2016-Tender-Summary.pdf
passwords.docx

are located. However, when I try to access the folder it's prompting that Windows can't access.
Lastly, how would I make opencanary start as a service?
Apologies for the redundant questions, but almost there.

from opencanary.

Hi @citnadxela,

Sorry for delay.

With the regards to using OpenCanary as a Windows File share, we only monitor SMB File Shares that have been created (i.e. OpenCanary won't create its own file share but monitor the logs produced by the Windows File Share). This allows it to check whether files have been accessed or not and report on this.

In order to get this working, you will need to setup a Samba File Share. Once you have that, you can then change the smb prefixed values in the OpenCanary config file to the appropriate values. (Please let me know how this goes!).

With regards to starting OpenCanary as a service, the usual opencanaryd --start starts OpenCanary as a background daemon. If you want OpenCanary to start as a service on boot (or something like that), you would need to add sudo /path/to/virtualenv/bin/twistd -noy /path/to/opencanary/bin/opencanary.tac to which ever service file you have setup to run on boot.

from opencanary.

Closing this due to inactivity. Please reopen if you have any related queries.

from opencanary.