Create a Security Honey Pot with OpenCanary and a Raspberry Pi 3 (Updated 2021)

Create a Security Honey Pot with OpenCanary and a Raspberry Pi 3 (Updated 2021)

I’ve created an updated version of my original Raspberry Pi 3 Honey Pot tutorial after I discovered it does work with newer versions of the Linux operating systems.

After banging my ahead against a lot of combinations of OS versions, configurations, depedancy issues and configuration issues, I finally got a simple working walkthrough from start to finish.  Enjoy and if you have any issues, please post in the comments!

Raspberry PI 3 logoLike the original tutorial, this is based a Raspberry PI 3 but should work just as well for a [easyazon_link keywords=”Raspberry PI 2″ locale=”US” tag=”bobmckay-20″]Raspberry PI 2[/easyazon_link] (I used the headless version of Raspbian to keep it light) or the [easyazon_link keywords=”Raspberry PI 4″ locale=”US” tag=”bobmckay-20″]Raspberry PI 4[/easyazon_link].

I always liked the idea of a cost-effective honey pot that could be dropped on to a physical network with the minimum of fuss.  As [easyazon_link keywords=”Raspberry Pis” locale=”US” tag=”bobmckay-20″]Raspberry Pi 3s[/easyazon_link] are cheap, ubiquitous and well-supported it seemed a no-brainer.  Combine this with a [easyazon_link keywords=”raspberry pi case” locale=”US” tag=”bobmckay-20″]a case[/easyazon_link], a [easyazon_link keywords=”32GB sd-card” locale=”US” tag=”bobmckay-20″]32GB sd-card[/easyazon_link]
and the OpenCanary software and you have a great little solution for minimal spend.

OpenCanary, for those that don’t know, is the open source version of the Thinkst Canary honeypot.

OS Installation

I’m very happy to say that since my last tutorial, the dependancy and Python issues seem to have been resolved with Raspian, allowing us to use the native OS for the device.

As mentioned above, I opted for the “Lite” (headless) version which means it comes with no desktop or gui interface – its command line only.   I did this because I wanted the best performance from the device, no unnecessary applications/services and OpenCanary is entirely command line anyway.

Finally, OpenCanary’s own installation steps suggest running OpenCanary in a virtual container.  Given that its unlikely I’m going to be using my Raspberry Pi for an additional workload, I install directly to keep things simple.

Prepare the SD card

Download and run the [easyazon_link keywords=”Raspberry PI” locale=”US” tag=”bobmckay-20″]Raspberry PI[/easyazon_link] Imager software available here: https://www.raspberrypi.org/downloads/

Insert your SD card in to your reader

On the Raspberry PI Imager, select the Raspberry PI OS (other) option from the Operating System menu

Select Raspberry Pi OS Lite (32-bit)

Select your SD card (double check, personally I tend to remove any other flash drives or SD cards just in case!)

Click Write

Click Yes to confirm you understand all data on the SD card will be destroyed

This will take a while so go grab a cup of tea (and biscuits if you have them)

 

Enable SSH

By default, SSH is disabled on Raspberry PI devices so if you are going to be configuring this remotely, you must turn this on first.

The easiest way to do this is while you still have the SD card in your computer after formatting it.

Simply open the partition called “boot” in Windows Explorer (or equivalent) and create an empty file there with a filename of either ssh or ssh.txt.

When your Raspberry PI boots up, if it finds either of those files, it enables the SSH service (and deletes the files).

Logging in

The default username/password for Raspbian is pi/raspberry.

Updating the OS

Run a full update of Raspbian (this can take a while):

sudo apt-get update && sudo apt-get upgrade -y

Hide Your Pi

Given that the whole idea of a honey pot is to make it look like a tasty target to attackers, having it clearly show up as a Raspberry PI when they do a network scan is going to be a bit of a giveaway.  Typically this IDing is done from the MAC address of the network adapter and the hostname the device identifies itself using, fortunately these are reasonably easy to change.

For the purposes of this tutorial, we are going to disguise the Raspberry PI as a [easyazon_link keywords=”Synology NAS” locale=”US” tag=”bobmckay-20″]Synology NAS[/easyazon_link] so we’ll need a MAC address from the pool used by Synology, a good searchable resource for manufacturer MAC addresses can be found here.

Taking one of the [easyazon_link keywords=”Synology” locale=”US” tag=”bobmckay-20″]Synology NAS[/easyazon_link] prefixes – 001132 – we need to add additional hexadecimal values to make it a proper length and we need to puncturate it with colons to be the proper format.  Doing this, 001132 becomes:

00:11:32:B3:4D:F5

We’ll be using nano to edit a lot of configuration files, if you’re not familiar with it, check this tutorial: https://linuxize.com/post/how-to-use-nano-text-editor/

Now we have a [easyazon_link keywords=”Synology NAS” locale=”US” tag=”bobmckay-20″]Synology NAS[/easyazon_link] MAC address, let’s tell our Raspberry PI to identify itself using that:

sudo nano /boot/cmdline.txt

When nano loads, you will need to paste “smsc95xx.macaddr=” appended with your new MAC address, at the end of the string of text in the cmdline.txt file, adding a simple space to the end of what is already in there (so our additional text doesn’t touch the previous value).  Using my example, I’ll therefore be adding smsc95xx.macaddr=00:11:32:B3:4D:F5 to the end of the file, resulting in the file reading:

console=serial0,115200 console=tty1 root=PARTUUID=96f1abd5-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait smsc95xx.macaddr=00:11:32:B3:4D:F5

Next, lets update the hostname, enter:

sudo nano /etc/hosts

Now replace the entry next to 127.0.1.1 (raspberrypi) to your servername.  Think about what a real server might be called, such as FILESERVER or BACKUPSERVER.

Now enter:

sudo nano /etc/hostname

And change the raspberrypi value with the same servername from the previous step.

Now reboot your device, remember when it reboots it will likely have a different IP address because your DHCP server won’t recognise it (due to the new mac address) so will issue a new IP:

sudo reboot -n

OpenCanary Installation

Install GIT

As we’ll be using GIT to clone the OpenCanary repository, let’s install it first:

sudo apt install git -y

Install Cryptography prerequisites

To avoid cryptography errors during the OpenCanary installation, be sure to install the Cryptography 3.0 prerequisites – this caused me a lot of headaches as I expected to the OpenCanary installer to handle Python dependancies:

sudo apt-get install build-essential libssl-dev libffi-dev python-dev -y

Install pip for Python 3:

sudo apt-get install python3-pip -y

Upgrade python setuptools using pip:

sudo pip3 install –upgrade setuptools

Install OpenCanary

Clone and Setup OpenCanary:

git clone https://github.com/thinkst/opencanary
cd opencanary
sudo python3 setup.py install

if you recieve segmentation errors (such as “segmentation fault (core dumped”) at the end of the canary install, reboot and run the above command again.

Install network add-ons

Install pcapy and scapy:

sudo pip3 install scapy pcapy

Fix opencanary.tac

As noted in the github issue here, post installation sometimes there is an error resulting from the opencanary.tac file not being in the expected location, we need to manually copy it (note the script folder ‘scripts-3.7’ may change in future versions of OpenCanary as the preferred Python version changes)

sudo cp ./build/scripts-3.7/opencanary.tac /usr/local/bin/opencanary.tac

Next, run the following command to create a sample config file to your canary for you to edit:

opencanaryd --copyconfig

You should see a message saying something like:

 A sample config file is ready (/etc/opencanaryd/opencanary.conf)

Then finally, run canary with the following:

opencanaryd --start

You should see a message similar to the following:

pi@mckaydc1:~/opencanary $ opencanaryd --start
** We hope you enjoy using OpenCanary. For more open source Canary goodness, head over to canarytokens.org. **
[-] Failed to open opencanary.conf for reading ([Errno 2] No such file or directory: 'opencanary.conf')
[-] Failed to open /root/.opencanary.conf for reading ([Errno 2] No such file or directory: '/root/.opencanary.conf')
[-] Using config file: /etc/opencanaryd/opencanary.conf
{"dst_host": "", "dst_port": -1, "local_time": "2021-09-27 13:47:06.273029", "local_time_adjusted": "2021-09-27 14:47:06.273214", "logdata": {"msg": {"logdata": "Added service from class CanaryFTP in opencanary.modules.ftp to fake"}}, "logtype": 1001, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2021-09-27 13:47:06.273173"}
{"dst_host": "", "dst_port": -1, "local_time": "2021-09-27 13:47:07.446767", "local_time_adjusted": "2021-09-27 14:47:07.447119", "logdata": {"msg": {"logdata": "Canary running!!!"}}, "logtype": 1001, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2021-09-27 13:47:07.447045"}

Note the error that says “No such file or directory” – for some reason, despite OpenCanary itself copying a configuration file to the location /etc/opencanaryd/opencanary.conf, it still checks for one at /root/.opencanary.conf first.  If it doesn’t find one at /root/.opencanary.conf, it displays the above error and then moves on to the copy located at /etc/opencanaryd/opencanary.conf.

Obviously, if you want to prevent this annoyance, simply copy the config file to /root/.opencanary.conf and use that one to configure your honey pot.

Change the SSH Port

If you want to leave SSH running on your honey pot for remote configuration, its probably a good idea to move it to a different port as its an immediate target for attack.  To change the ssh port to something else, do:

sudo nano /etc/ssh/sshd_config

In the nano editor that appears, delete the hash in front of the port 22 line and change the port to something else.  So this:

#Port 22

should become this:

Port 65522

Reboot the device for the change to take effect:

sudo reboot now

 Configuration

As mentioned in the confirmation above, the configuration options for OpenCanary are stored in the file located at: /etc/opencanaryd/opencanary.conf.

I’ve put a  sample configuration for masquerading as a Synology NAS at the very bottom of this article.

To edit it, use your editor of choice, I use Nano:

nano /etc/opencanaryd/opencanary.conf

In here you can find multiple options for turning services on and off

Install Samba

If you want your OpenCanary honey pot to mimic a windows fileserver, we’ll need to enable the SMB protocal (samba):

sudo apt install samba samba-common-bin

At one point you will be presented with an ASCII GUI interface asking “Modify smb.conf to use WINS settings from DHCP?“, answer no.

Rename the smb configuration file (so we can always rollback to the original):

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf_backup

Create a new configuration file:

sudo nano  /etc/samba/smb.conf

Paste a configuration for SMB, I use something like the following:

[global]
workgroup = OFFICVLAN
server string = Synology Backup
netbios name = SYNOLOGY
dns proxy = no
log file = /var/log/samba/log.all
log level = 0
vfs object = full_audit
full_audit:prefix = %U|%I|%i|%m|%S|%L|%R|%a|%T|%D
full_audit:success = pread
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = notice
max log size = 100
panic action = /usr/share/samba/panic-action %d
#samba 4
server role = standalone server
#samba 3
#security = user
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = no
map to guest = bad user
usershare allow guests = yes
[myshare]
comment = Local Backup
path = /home/backups
guest ok = yes
read only = yes
browseable = yes

There is currently a quirk of the OpenCanary where SMB printer sharing can self-trigger alerts, resulting in something like the following alert (notice the source and destination IP are both 127.0.0.1):

{"dst_host": "127.0.0.1", "dst_port": "631", "local_time": "2021-09-28 10:45:24.628126", "local_time_adjusted": "2021-09-28 11:45:24.628358", "logdata": {"DF": "", "ID": "29354", "IN": "lo", "LEN": "60", "MAC": "00:00:00:00:00:00:00:00:00:00:00:00:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "SYN": "", "TOS": "0x00", "TTL": "64", "URGP": "0", "WINDOW": "65495"}, "logtype": 5001, "node_id": "opencanary-1", "src_host": "127.0.0.1", "src_port": "57366", "utc_time": "2021-09-28 10:45:24.628289"}

At the time of writing, this can be solved by installing CUPS (Common UNIX Printing System) though this is likely to be resolved in future versions of OpenCanary.  To install CUPS:

sudo apt install cups

Email Notifications

One of the most common means of getting notifications from a remote OpenCanary is via email, the configuration for which is in the /etc/opencanaryd/opencanary.conf file.  This  uses the format below (add this to the handlers section):

"SMTP": {
"class": "logging.handlers.SMTPHandler",
"mailhost": ["smtp.gmail.com", 587],
"fromaddr": "[email protected]",
"toaddrs" : ["[email protected]"],
"subject" : "OpenCanary Alert at home!",
"credentials" : ["[email protected]", "YOURAPPLICATIONPASSWORD"],
"secure" : []
}

At the time of writing, both Office 365 and Gmail require the use of an application password for SMTP connections (Gmail instructions here, Office 365 instructions here).

Summary

Once completed, you can try logging in to services on the devices IP address (ftp, http, etc.) or use a network scanner (i simply used fing on my phone) to do a network scan and a port scan of the device.

Any of these should then trigger alerts based on your “handler” options (mine currently sends to email and writes to a log file.

Making it Autostart

In order to have OpenCanary service automatically start on boot up, we need to create a systemd file for it:

sudo nano /etc/systemd/system/opencanary.service

Then give it a configuration:

[Unit]
Description=OpenCanary
After=syslog.target
After=network.target

[Service]
User=root
Restart=always
WorkingDirectory=/home/pi/opencanary
ExecStart=/home/pi/opencanary/bin/opencanaryd --dev

[Install]
WantedBy=multi-user.target

Now we need to enable the service:

sudo systemctl enable opencanary.service
sudo systemctl start opencanary.service

We can check the service status by running:

systemctl status opencanary.service

Sample Configuration 1: Synology NAS

By popular demand, I’ve posted my full Synology NAS configuration here and will post others if I created them:

{
"device.node_id": "opencanary-1",
"ip.ignorelist": [ ],
"git.enabled": false,
"git.port" : 9418,
"ftp.enabled": true,
"ftp.port": 21,
"ftp.banner": "FTP server ready",
"http.banner": "Apache/2.2.22 (Ubuntu)",
"http.enabled": true,
"http.port": 80,
"http.skin": "nasLogin",
"httpproxy.enabled" : false,
"httpproxy.port": 8080,
"httpproxy.skin": "squid",
"logger": {
"class": "PyLogger",
"kwargs": {
"formatters": {
"plain": {
"format": "%(message)s"
},
"syslog_rfc": {
"format": "opencanaryd[%(process)-5s:%(thread)d]: %(name)s %(levelname)-5s %(message)s"
}
},
"handlers": {
"console": {
"class": "logging.StreamHandler",
"stream": "ext://sys.stdout"
},
"file": {
"class": "logging.FileHandler",
"filename": "/var/tmp/opencanary.log"
},
"SMTP": {
"class": "logging.handlers.SMTPHandler",
"mailhost": ["smtp.gmail.com", 587],
"fromaddr": "[email protected]",
"toaddrs" : ["[email protected]"],
"subject" : "OpenCanary Alert",
"credentials" : ["[email protected]", "ruysdsdasddfdyexf"],
"secure" : []
}
}
}
},
"portscan.enabled": true,
"portscan.ignore_localhost": false,
"portscan.logfile":"/var/log/kern.log",
"portscan.synrate": 5,
"portscan.nmaposrate": 5,
"portscan.lorate": 3,
"smb.auditfile": "/var/log/samba/log.all",
"smb.enabled": true,
"mysql.enabled": false,
"mysql.port": 3306,
"mysql.banner": "5.5.43-0ubuntu0.14.04.1",
"ssh.enabled": false,
"ssh.port": 22,
"ssh.version": "SSH-2.0-OpenSSH_5.1p1 Debian-4",
"redis.enabled": false,
"redis.port": 6379,
"rdp.enabled": false,
"rdp.port": 3389,
"sip.enabled": false,
"sip.port": 5060,
"snmp.enabled": false,
"snmp.port": 161,
"ntp.enabled": false,
"ntp.port": 123,
"tftp.enabled": false,
"tftp.port": 69,
"tcpbanner.maxnum":10,
"tcpbanner.enabled": false,
"tcpbanner_1.enabled": false,
"tcpbanner_1.port": 8001,
"tcpbanner_1.datareceivedbanner": "",
"tcpbanner_1.initbanner": "",
"tcpbanner_1.alertstring.enabled": false,
"tcpbanner_1.alertstring": "",
"tcpbanner_1.keep_alive.enabled": false,
"tcpbanner_1.keep_alive_secret": "",
"tcpbanner_1.keep_alive_probes": 11,
"tcpbanner_1.keep_alive_interval":300,
"tcpbanner_1.keep_alive_idle": 300,
"telnet.enabled": false,
"telnet.port": 23,
"telnet.banner": "",
"telnet.honeycreds": [
{
"username": "admin",
"password": "$pbkdf2-sha512$12020$bG1NaX3xvjdGyBlj7R22Xw$dGrmBqqWa1okTCpN4QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7SASvnQr8.LTzqTm6awC8Kj/aGKvwA"
},
{
"username": "admin",
"password": "admin1"
}
],
"mssql.enabled": false,
"mssql.version": "2012",
"mssql.port":1433,
"vnc.enabled": false,
"vnc.port":5000
}
Bob McKay

About Bob McKay

Bob is a Founder of Seguro Ltd, a full time father and husband, part-time tinkerer-with-wires, coder, Muay Thai practitioner, builder and cook. Big fan of equality, tolerance and co-existence.

Disclosure Policy

17 comments on «Create a Security Honey Pot with OpenCanary and a Raspberry Pi 3 (Updated 2021)»

  1. hank says:

    Hi
    after a very long install process, this totally crapped out.

    1. Bob McKay says:

      Hi Hank,
      Any details? Mine is still going strong with no problems (even after a bunch of power outages kept killing it).

  2. Scott says:

    Bob,

    Have you tried the install recently? Following your guide, I get the following when trying to issue the opencanaryd –copyconfig:

    Traceback (most recent call last):
    File “”, line 1, in
    ImportError: No module named pkg_resources
    cp: cannot stat ”: No such file or directory
    [*] A sample config file is ready /etc/opencanaryd/opencanary.conf

    [*] Edit your configuration, then launch with “opencanaryd –start”
    Python 3.9 and setuptools version 44.0.0

    Any assistance would be appreciated.

    1. Bob McKay says:

      Hi Scott,

      I’m afraid my last deployment has been running fine for so long it’s been at least 9 months since I last tried it and some of the elements may have changed. I seem to remember that error may have something to do with pip.

      I’ll try and make some time to try and replicate the problem but if you do find a fix, please post as it will likely help others!

      Thanks

      Bob

    2. Sam says:

      I had a very similar Problem but managed to solve it through moving the settinig.json
      From */opencanary/opencanary/data to */opencanary and naming it opencanary.conf

      Maybe that helps you.

      * YourPath

      1. Bob McKay says:

        Thanks for posting that Sam! I plan on redoing this tutorial with all the recent release/packages to make sure it’s all still working so may well need that!

  3. Kevin says:

    Hey Bob,

    Great motivating article!

    Props for including the Mac address change. I did it through netplan + reboot because boot.txt wasn’t in my Ubuntu 20 x64 installation.

    After running OpenCanary I got a bug saying cannot import name ‘soft_unicode’ from ‘markupsafe’ which I fixed by installing an older version of markupsafe (python -m pip install markupsafe==2.0.1).

    Thanks and good luck to whatever you’re doing!

  4. Dan says:

    Hi Bob,
    thx for the nice writeup – still working through.
    Would suggest to format codebox “sudo pip3 install –upgrade setuptools”, and substitute “–upgrade” with two hyphens so that copy/paste code into terminal works.
    Thx
    Dan

  5. Jeff says:

    I get the following error after the ‘sudo pip3 install scapy pcapy’ command:

    ERROR: Command errored out with exit status 1:
    command: /usr/bin/python3 -c ‘import sys, setuptools, tokenize; sys.argv[0] = ‘”‘”‘/tmp/pip-install-0reobrli/pcapy_5cd09bf98f694db99bebfd583669bdf9/setup.py'”‘”‘; __file__='”‘”‘/tmp/pip-install-0reobrli/pcapy_5cd09bf98f694db99bebfd583669bdf9/setup.py'”‘”‘;f=getattr(tokenize, ‘”‘”‘open'”‘”‘, open)(__file__);code=f.read().replace(‘”‘”‘\r\n'”‘”‘, ‘”‘”‘\n'”‘”‘);f.close();exec(compile(code, __file__, ‘”‘”‘exec'”‘”‘))’ egg_info –egg-base /tmp/pip-pip-egg-info-1pph43hl
    cwd: /tmp/pip-install-0reobrli/pcapy_5cd09bf98f694db99bebfd583669bdf9/
    Complete output (6 lines):
    Traceback (most recent call last):
    File “”, line 1, in
    File “/tmp/pip-install-0reobrli/pcapy_5cd09bf98f694db99bebfd583669bdf9/setup.py”, line 45
    print ‘my_init_posix: changing LDSHARED =’,`g[‘LDSHARED’]`,
    ^
    SyntaxError: Missing parentheses in call to ‘print’. Did you mean print(‘my_init_posix: changing LDSHARED =’,`g[‘LDSHARED’]`, end=” “)?
    —————————————-
    WARNING: Discarding https://files.pythonhosted.org/packages/9c/8a/a177d39a20427d741b4e0c7bd163bc8bf1a4e0f17bc8ba0fb88865c4a1b1/pcapy-0.10.8.tar.gz#sha256=b0a3b97e84489f4f0cac82a8cdb2ccdbbd5279dc0b55d3ef4866f7df3e7d4bd3 (from https://pypi.org/simple/pcapy/). Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
    ERROR: Could not find a version that satisfies the requirement pcapy
    ERROR: No matching distribution found for pcapy

  6. Ted says:

    After enabling port scans, received a bunch of command not found errors for iptables. Installing it fixed the issue and port scans now report.

  7. Neil says:

    Thanks for the guide.

    I attempted this in December 2022.

    I was getting stuck on the step to Fix opencanary.tac, manually coping opencanary to the directory we need.

    The script number has indeed changed from 3.7 to 3.9 but I found more of the path had change too.

    I had success using the following

    sudo cp ./opencanary/build/scripts-3.9/opencanary.tac /usr/local/bin/opencanary.tac

    I found the location by going on to the Pi’s desktop and in file explorer searching for opencanary.tac then viewing it’s location.

    Hope that helps someone.

  8. Jim says:

    Followed this nice how-to, thank you! I would like to adjust when notifications are sent. I am not interested in the random scan of port 80 on the canary. However, I would like a notification if a login attempt is actually attempted. Restated: No alert for loading HTTP page, yes alert when log in is attempted (completed with attempted creds, etc. would be nice!
    Thoughts?

  9. Bernd says:

    Hi, can somebody please tell my the path of the fake index.html? I’d like to modify the page a little.
    Thanx in advance

  10. Stephan says:

    Here is my bash script to install opencanary

  11. Stephan says:

    #!/bin/bash

    # Get current hostname
    current_hostname=$(hostname)

    # Prompt user to confirm hostname change
    echo “Current hostname is $current_hostname. Are you sure you want to change it to xxx? (y/n)”
    read -r user_confirmation
    if [[ $user_confirmation != “y” ]]; then
    echo “Exiting script.”
    exit 1
    fi

    # Change hostname to xxx
    sudo hostnamectl set-hostname “synology”

    # Verify hostname change
    new_hostname=$(hostname)
    if [[ $new_hostname == “synology” ]]; then
    echo “Hostname successfully changed to synology.”
    else
    echo “Failed to change hostname.”
    fi

    # Run : sudo apt install git -y
    sudo apt install git -y

    # Install : sudo apt-get install build-essential libssl-dev libffi-dev python-dev -y
    sudo apt-get install build-essential libssl-dev libffi-dev python-dev -y

    # Install : sudo apt-get install python3-pip -y
    sudo apt-get install python3-pip -y

    #sudo pip3 install –upgrade setuptools
    sudo pip3 install –upgrade setuptools

    # Install opencanary
    git clone https://github.com/thinkst/opencanary
    cd opencanary
    sudo python3 setup.py install

    # Check for segmentation errors and reboot if necessary
    if [ $? -eq 139 ]; then
    echo “Segmentation error encountered. Rebooting and running script again.”
    reboot
    cd opencanary
    sudo python3 setup.py install
    fi

    # Install scapy and pcapy
    sudo pip3 install scapy pcapy

    # Get x from the highest folder name ./build/scripts-3.X
    x=$(ls -v build | tail -1 | awk -F’.’ ‘{print $NF}’)

    # Copy opencanary.tac to /usr/local/bin/opencanary.tac
    sudo cp “./build/scripts-$x/opencanary.tac” /usr/local/bin/opencanary.tac

    # Run opencanaryd –copyconfig
    opencanaryd –copyconfig

    # Check for “A sample config file is ready” message
    if [ $? -eq 0 ]; then
    echo “A sample config file is ready (/etc/opencanaryd/opencanary.conf)”
    else
    echo “Error encountered while copying config file. Exiting script.”
    exit 1
    fi

    # Run opencanaryd –start
    opencanaryd –start

    # Check for “No such file or directory” error and copy config file to /root/.opencanary.conf if necessary
    if [ $? -eq 2 ]; then
    echo “Error: No such file or directory. Copying config file to /root/.opencanary.conf.”
    sudo cp /etc/opencanaryd/opencanary.conf /root/.opencanary.conf
    fi

    # Install samba and samba-common-bin
    sudo apt install samba samba-common-bin -y

    # Backup smb.conf
    sudo mv /etc/samba/smb.conf /etc/samba/smb.conf_backup

    # Create /etc/samba/smb.conf
    sudo touch /etc/samba/smb.conf

    # Write configuration to /etc/samba/smb.conf
    sudo echo “[global]
    workgroup = OFFICVLAN
    server string = Synology Backup
    netbios name = SYNOLOGY
    dns proxy = no
    log file = /var/log/samba/log.all
    log level = 0
    vfs object = full_audit
    full_audit:prefix = %U|%I|%i|%m|%S|%L|%R|%a|%T|%D
    full_audit:success = pread
    full_audit:failure = none
    full_audit:facility = local7
    full_audit:priority = notice
    max log size = 100
    panic action = /usr/share/samba/panic-action %d
    #samba 4
    server role = standalone server
    #samba 3
    #security = user
    passdb backend = tdbsam
    obey pam restrictions = yes
    unix password sync = no
    map to guest = bad user
    usershare allow guests = yes
    [myshare]
    comment = Local Backup
    path = /home/backups
    guest ok = yes
    read only = yes
    browseable = yes”

    sudo apt install cups

  12. Bosse says:

    I get this error:
    ————————————————————————————
    opencanary.service – OpenCanary
    Loaded: loaded (/etc/systemd/system/opencanary.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Sun 2023-02-12 16:43:35 CET; 1s ago
    Process: 1600 ExecStart=/home/canary/opencanary/bin/opencanaryd –dev (code=exited, status=127)
    Main PID: 1600 (code=exited, status=127)
    CPU: 70ms
    ————————————————————————————
    Any suggestions?

  13. Sparks says:

    Hi after I run opencanaryd –start I get an error

    sudo: /usr/bin/twistd: command not found.

    I have tried running sudo pip3 install twisted – this did instal some extra packages but I am still getting the same error.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.