Skip to content

Instantly share code, notes, and snippets.

@jlamoree

jlamoree/this-is-the-way.md

Created January 3, 2021 22:19
Show Gist options
  • Save jlamoree/1b2c161a66c485df533df18eb2e15e22 to your computer and use it in GitHub Desktop.
Save jlamoree/1b2c161a66c485df533df18eb2e15e22 to your computer and use it in GitHub Desktop.
Download ZIP
OpenCanary on Raspberry Pi
Raw
this-is-the-way.md

OpenCanary on Raspberry Pi

Parts

Raspberry Pi 4 https://www.amazon.com/gp/product/B07TC2BK1X Argon One Pi 4 V2 kit https://www.amazon.com/gp/product/B07WP9P8VW SanDisk Max Endurance 32 Gb microSD card https://www.amazon.com/gp/product/B084CJLNM4

OS

Download Ubuntu Server 20.04.1 LTS 64-bit from https://ubuntu.com/download/raspberry-pi and burn it to a microSD card with Raspberry Pi Imager 1.3 from https://www.raspberrypi.org/blog/raspberry-pi-imager-imaging-utility/ using the Select Custom option.

Modify the MAC address

Mount the boot filesystem of the fresh microSD card and modify cmdline.txt to append something like smsc95xx.macaddr=00:4F:49:f0:00:01. This makes the NIC appear to be something from Realtek instead of Raspberry Pi. That should make the honeypot sweeter. Also, it'll give you the chance to setup a DHCP reservation in advance.

Booting Ubuntu Server

After first boot, the system will spend quite a while doing unattended upgrades. So, wait until it's finished:

watch -n 5 'ps -ef | grep [u]nattended'

The system will want a reboot, so give it a sudo shutdown -r now and then do the usual patching:

sudo apt update -y
sudo apt upgrade -y
sudo shutdown -r now

OpenCanary Installation

Add some Python stuff: sudo apt install -y python3-dev python3-pip python3-venv

Add some libraries and utilities: sudo apt install -y build-essential libssl-dev libffi-dev libpcap-dev net-tools

Reboot and rub a rabbit's foot.

As the user who will run OpenCanary, create a virtual environment: mkdir ~/opencanary; cd ~/opencanary; python3 -m venv env

Activate the environment and install the stuff:

source env/bin/activate
pip install wheel
pip install rdpy
pip install opencanary
pip install scapy pcapy

Create a template configuration: opencanaryd --copyconfig

Move ~/.opencanary.conf to ~/opencanary/opencanary.conf and edit the file. Try enabling the honeypot web server by setting http.enabled to true.

From the ~/opencanary directory, start starting the daemon: opencanaryd --start

The OpenCanary daemon should be listening for HTTP connections on TCP 80. Verify that python3 is listening: sudo netstat -tunlp -4

Try loading the juicy honeypot web page at http://opencanary/index.html and see a login screen.

Notifications

Edit the ~/opencanary/opencanary.conf file and inject the following into the logger.kwargs.handlers JSON path:

    "SMTP": {
        "class": "logging.handlers.SMTPHandler",
        "mailhost": ["your.mail.server", 587],
        "fromaddr": "opencanary@your.domain",
        "toaddrs": ["administrator@your.domain"],
        "subject": "OpenCanary Alert",
        "credentials": ["username", "password"],
        "secure": []
    }

Next Steps

Resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment