OpenCanary

Welcome to the OpenCanary guide.

Please note we have a wiki on Github with FAQ and Samba Setup help over here.

OpenCanary is a daemon that runs canary services, which trigger alerts when (ab) is used. The alerts can be sent to a variety of sources, including Syslog, emails, and a companion daemon opencanary-correlator.

This project is maintained by Thinkst Canary.

The Correlator coalesces multiple related events (eg. individual brute-force login attempts) into a single alert sent via email or SMS.

Getting Started

The first section will get you quickly up and running with canary services sending alerts.

• OpenCanary
• Configuration
• Correlator

Services

Try these out in the OpenCanary configs for more typical server personalities.

• Linux Web Server
• Windows Server
• MySQL Server
• MSSQL Server

Alerting

Getting Started walks through two different ways to configure alerting: logging directly to a file, and sending alerts to the Correlator for email and SMS alerts. Other possibilities are below:

• Email Alerts
  • Send to a Gmail address
  • Send with SMTP authentication
  • Environment Variables
• HPFeeds
  • Environment Variables
• HTTP Webhook Alerts

Upgrading

If you have a previous version of OpenCanary installed already, you can upgrade it easily.

Start by activating your virtual environment (env in the below example) that has your installed version of OpenCanary,

$ . env/bin/activate

Inside the virtualenv, you can upgrade your OpenCanary by,

$ pip install opencanary --upgrade

Please note that this will not wipe your existing OpenCanary config file. If you would like a new one (with the new settings), please regenerate the config file using,

$ opencanaryd --copyconfig

Indices and tables

• Index
• Module Index
• Search Page