OpenCanary

Getting Started

To get started create a virtual environment to play in:

$ virtualenv env
$ . env/bin/activate

Inside the virtualenv, install OpenCanary following the instructions in the README.

OpenCanary ships with a default config, which we’ll copy and edit to get started. The config is a single JSON dictionary.

$ opencanaryd --copyconfig
$ $EDITOR ~/.opencanary.conf

In the config file we’ll change device.node_id which must be unique for each instance of opencanaryd, and we’ll configure logger to log alerts to a file.

{
    "device.node_id": "Your-very-own-unique-name",
    [...]
     "logger": {
         "class" : "PyLogger",
         "kwargs" : {
             "handlers": {
                 "file": {
                     "class": "logging.FileHandler",
                     "filename": "/var/tmp/opencanary.log"
                     }
              }
         }
    }
   [...]
}

With that in place, we can run the daemon, and test that it logs a failed FTP login attempt to the log file.

$ opencanaryd --start
[...]
$ ftp localhost
[...]
$ cat /var/tmp/opencanary.log
[...]
{"dst_host": "127.0.0.1", "dst_port": 21, "local_time": "2015-07-20 13:38:21.281259", "logdata": {"PASSWORD": "default", "USERNAME": "admin"}, "logtype": 2000, "node_id": "opencanary-0", "src_host": "127.0.0.1", "src_port": 49635}

Troubleshooting

The tool JQ can be used to check that the config file is well-formed JSON.

$ jq . ~/.opencanary.conf

Run opencanaryd in the foreground to see more error messages.

$ sudo env/bin/twistd -noy env/bin/opencanary.tac