OpenCanary

Welcome to the OpenCanary guide.

OpenCanary is a daemon that runs canary services, which trigger alerts when (ab)used. The alerts can be sent to a variety of sources, including syslog, emails and a companion daemon opencanary-correlator.

The Correlator coalesces multiple related events (eg. individual brute-force login attempts) into a single alert sent via email or SMS.

Getting Started

The first section will get you quickly up and running with canary services sending alerts.

Services

Try these out in the OpenCanary configs for more typical server personalities.

Alerting

Getting Started walks through two different ways to configure alerting: logging directly to a file, and sending alerts to the Correlator for email and SMS alerts. Other possibilities are below:

Upgrading

If you have a previous version of OpenCanary installed already, you can upgrade it easily.

Start by activating your virtual evnironment (env in the below example) that has your installed version of OpenCanary,

$ . env/bin/activate

Inside the virtualenv, you can upgrape your OpenCanary by,

$ pip install opencanary --upgrade

Please note that this will not wipe your existing OpenCanary config file. If you would like a new one (with the new settings), please regenerate the config file using,

$ opencanaryd --copyconfig

Indices and tables