What is the recommended was to start opencanary when the system starts ? #73
Comments
|
I did a blog post ages ago where I'd installed OpenCanary on a RaspberryPi. It's a little bit outdated now and I should update it, but it should still work. I created a systemd service which I saved into You will obviously need to update the paths to wherever you have installed OpenCanary and then start it with The other thing that occurs to me is that you mention ssh and smb. You need root access to start those services (because they use low port numbers) so I'd check whatever way you are starting it, the user it runs as has root access. |
|
Thank you :) Any thoughts on why - I have tried smbd with and without requiring a pw and it makes no difference ? Thanks again for your reply |
|
Hi think I’ve solved this, the python invitoment must be placed in the root user home directory, and the service run as root, once set up as below (opencanary.service) [Unit] [Service] [Install] |
|
Hey @ajhubs, Thanks so much for this contribution. I am sure many people will be looking for something like this. Ill mark it down to be added to the wiki for folks to find easily. |
|
I'm running mine out of /opt/canaries When I start it manually, it works as it should. When I try to add a service, it either starts then immediately shuts down or it repeatedly starts and stops. Any ideas of how to track down what is causing the SIGTERM? (opencanary.service) [Unit] [Service] [Install] (syslog) Sep 18 03:17:15 canary opencanaryd: [-] Loading /opt/canaries/env/bin/opencanary.tac... |
|
Awesome, thanks for the writeup. @HybridAU I was wondering how to do this same thing and came across this thread which helped out. |
|
@sevenlayersinc I'm having the same issue. |
|
@sevenlayersinc - I'm having the same issue (I also saw your blog post). I was able to get mine to run using |
|
@loganmarchione try resetting the 'monitored' protocols back to FTP only. (that's the default when you initially install OpenCanary) |
|
@Houdini7 Unfortunately this was on a new install with a new config file |
|
Hey folks, I'll take a look at this this week and let you know. Sorry for the delay |
|
Hey folks, So i got the following systemd file to work; let me know if it works for you. where |
|
It seems to work.. It started the service and it doesn't loop. sudo systemctl status opencanary.service ● opencanary.service - OpenCanary HoneyPot Aug 31 20:07:37 #### opencanaryd[696]: [-] Stopping factory <opencanary.modules.ssh.HoneyPotSSHFactory instance |
|
@jayjb - Also working for me, thanks! It successfully starts, stops, and works on reboot. Can this be added to the documentation and/or README? |
|
Hmmm... I went a simple option on Ubuntu 18.04 and I use a small script called start_canary.sh and then I ran Seems to work ok? |
|
@OzGav the only issue there is if the service dies, you can't restart it. I believe you can tell systemd to start a crashed service with |
OK I assume you mean automatically; watchdog style? |
|
Let me chime in to add my experience, which is similar to @loganmarchione 's one. [Unit]
Description=OpenCanary
After=syslog.target network.target
[Service]
User=root
Restart=always
RemainAfterExit=yes
ExecStart=/root/env/bin/opencanaryd --start
ExecStop=/root/env/bin/opencanaryd --stop
[Install]
WantedBy=multi-user.targetI'm no Another gotcha to be aware of for some service is name resolution error: Sep 26 12:48:52 NotAHoneyPot opencanaryd[448]: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='hooks.slack.com', port=443): Max retries exceeded with url: /services/foo/bar/foobar (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0xffffa9661dd8>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
Sep 26 12:48:52 NotAHoneyPot opencanaryd[448]: Failed to load application: HTTPSConnectionPool(host='hooks.slack.com', port=443): Max retries exceeded with url: /services/foo/bar/foobar (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0xffffa9661dd8>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))Here I believe the daemon tries to resolve webhook's URL for Slack before name resolution kicks in. This problem should be alleviated by Tuning the wait time between each retry and the number of retry are other solutions. |
|
I'm having trouble getting opencanary to start properly at boot on Ubuntu 20.04. I've spent quite a while trying to figure this out, but this is a really weird problem. My systemd service file looks like this. My virtualenv is The really screwy thing is that the service starts, but doesn't complete its startup until a user logs in on the console. Logging in remotely via SSH doesn't cause the service startup to proceed, but logging in locally on the console causes the service to finish initializing. It doesn't seem to matter which user logs in, be it root or an unprivileged user. For example, post-reboot, before logging in on console, checking service state over SSH -- it claims to be started here, and there are opencanary processes running, but they aren't actually listening on any service ports; I currently only have mysql enabled for testing purposes. Post-reboot, after logging in on console: Note the application-level timestamps of these two lines, in particular: It gets to the point of "Loading /usr/local/bin/opencanary/bin/opencanary.tac...", and does not proceed further until a user logs in on the console, which I did almost 2 minutes later, at which point the service completes its startup. I've never seen anything like this. Does anyone have any ideas about what might be going on, here? I've tried loading the service with an |
|
Um, as a follow-up to my previous post, I think I found a completely nonsensical workaround. I don't understand why this seems to work. I changed my service This doesn't make any sense, but enabling The log messages end up going to syslog and the log file, so the This seems to suggest maybe there's something going wrong w/ Twisted? I have v19.10.0 installed. |
|
Thank you, emperortomato. This worked for me, the service starts up quickly and is pretty nimble with stops and starts, but I am a little concerned about how quickly the log file created for twistd is filling up and rolling over. I've been running for less than an hour and already have 4 1M rolled-over log files. Are you seeing this as well? |
|
Hmm, I only seem to be seeing massive log spew on startup; after that it's pretty quiet. |
|
Okay, I'll check again after it's been running to see if it is still hyperactive. The good news is that it doesn't seem to be particularly valuable info, so I can run a cron job to periodically delete the files if needed. |
|
I've done exactly the same setup on 4 vms, and seeing the same thing across all of them. My setup is Ubuntu server 18.04.5 LTS fully patched, so python 2.7 and twistd 20.3.0. I'm going to build a server 20.0.4 vm today to test as well. |
|
Hi @jvedman, I suspect you seeing all that because you included |
|
Hi @emperortomato,
Instead of the |
|
This tested working for me on my RPi-4, thanks
|
|
Closing this thread a solution that has worked. It may need changes on different OSes (or tweaks): Please note that |
This doesn't seem to work on Debian 11. Indeed, I'm not sure how it ever worked properly - if systemd is parsing the unit file properly then In this case, we only want to pass a single |
Also works with Fedora 34 |
|
FYI, on Ubuntu 22,
And then everything worked as expected. I.e.: |
I have tried starting the canary at boot via crontab and also by creating a service, I get the emails stating the deamons have all started and the canary is running, but some don’t work I.e. ssh smb. etc, but they do work if I start opencanary manually ?
What is the recommended way to start the canary at boot ?
Thanks
The text was updated successfully, but these errors were encountered: