Comments (8)
Hey @citnadxela,
This is a great idea. You are more then welcome to open a pull request. If you are looking for a place to start, there are two options here:
You could try blanket mask the password in the logger.py
. You will see a sanitizeLog
method which you could use to check for a password (probably in logdata['logdata']
).
The other option is to manually patch the actual module. For example, as in your above log, we could take the HTTP module, and blank out the section where we grab the password out of the request.
Please let me know if you need anymore advice (or sound boarding)
from opencanary.
Blanking out the section in the HTTP module works. Thanks. While we're on topic, do you know a way in which I can hide the IP's of certain hosts that access the the nas page?
from opencanary.
hey @citnadxela,
Im glad you got that working. In terms of hiding certain IP addresses that access the NAS page, you could implement your own whitelist in the HTTP module.
You would create a list of IPs (that you want whitelisted), and in the HTTP module's render_GET
and render_POST
methods, you could check request.getRequestHostname()
against your IP whitelist. If the IP is present, skip logging, else continue to alert.
I hope this helps. Please let me know.
from opencanary.
Hey @thinkst ,
Couple more questions & I think I should be satisfied in testing opencanary.
How exactly do I use the SQL interface? How/what in the config am I supposed to include/edit?
After editing the config to make the honeypot enable/look like SQL, how do I access it to see how it would look to attackers? (For example, I input the IP into a browser to see the Synology page, I input the IP into RDP to see the Windows Server login window, how would I go about seeing the SQL interface?) If you can help wi/ this last part, it'd be appreciated. Thanks @thinkst . Everything you have said so far has been working.
from opencanary.
Hey @citnadxela,
In the config, you would include
"mysql.enabled":true, "mysql.banner": "5.5.43-0ubuntu0.14.04.1", "mysql.port": 3306,
You may change the port and banner to some other believable values, but these are the defaults.
So to test that the mysql service is running, you can use the commandline tool,
mysql -h $OPENCANARY_IP -u user --password=pass
which will attempt to connect to a mysql server at that address (using the default mysql port which is 3306).
Thanks for taking the time to be so thorough with opencanary. Please let me know if this information helps (and if not, we can get debugging to make sure it is all working for you).
from opencanary.
I also want to use opencanary as a Windows file share. When I access the server name in Windows Explorer, I see the Documents folder where I assume the 2 files:
2016-Tender-Summary.pdf
passwords.docx
are located. However, when I try to access the folder it's prompting that Windows can't access.
Lastly, how would I make opencanary start as a service?
Apologies for the redundant questions, but almost there.
from opencanary.
Hi @citnadxela,
Sorry for delay.
With the regards to using OpenCanary as a Windows File share, we only monitor SMB File Shares that have been created (i.e. OpenCanary won't create its own file share but monitor the logs produced by the Windows File Share). This allows it to check whether files have been accessed or not and report on this.
In order to get this working, you will need to setup a Samba File Share. Once you have that, you can then change the smb
prefixed values in the OpenCanary config file to the appropriate values. (Please let me know how this goes!).
With regards to starting OpenCanary as a service, the usual opencanaryd --start
starts OpenCanary as a background daemon. If you want OpenCanary to start as a service on boot (or something like that), you would need to add sudo /path/to/virtualenv/bin/twistd -noy /path/to/opencanary/bin/opencanary.tac
to which ever service file you have setup to run on boot.
from opencanary.
Closing this due to inactivity. Please reopen if you have any related queries.
from opencanary.
Related Issues (20)
- not receiving mails please help HOT 7
- Where can I find good howto docs to get portscan working or RDP in opencanary HOT 4
- Why was the RDP module removed? HOT 4
- Please update OpenCanary at PIP HOT 3
- How to get modules to run with my own writing HOT 5
- Issue with the portscan feature, when running in docker. HOT 2
- error: command '/usr/bin/x86_64-linux-gnu-gcc' failed with exit code 1 HOT 3
- Missing quotes to "verify": False ? HOT 2
- question: Where to see the login( credentials) details? HOT 2
- Ubuntu - Autostart Service in Python Virtual Enviroment HOT 4
- SQLFactory does not log any activity HOT 1
- syslog utc timestamp data fields HOT 1
- New web Skin
- Opencanary send out alarms days after event HOT 4
- How can I downgrade RDP. py in version 0.9.0, as I would like it to be in version 0.4 of the Python 2.7 environment? HOT 3
- Feature Request: RDP full authentication flow HOT 1
- Splunk not ingesting opencanary.log HOT 2
- [BUG] Putty and Powershell ssh client not able to recognize this fake ssh service HOT 4
- [BUG] v0.91 Seems to have problem with Telnet (Tested on Ubuntu 20.04 and 22.04) HOT 3
- [BUG] v0.90 seems to log SSH as a port-scanning even with port-scanning disabled. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opencanary.