OpenCanary¶
Welcome to the OpenCanary guide.
OpenCanary is a daemon that runs canary services, which trigger alerts when (ab)used. The alerts can be sent to a variety of sources, including syslog, emails and a companion daemon opencanary-correlator.
The Correlator coalesces multiple related events (eg. individual brute-force login attempts) into a single alert sent via email or SMS.
Getting Started¶
The first section will get you quickly up and running with canary services sending alerts.
Services¶
Try these out in the OpenCanary configs for more typical server personalities.
Alerting¶
Getting Started walks through two different ways to configure alerting: logging directly to a file, and sending alerts to the Correlator for email and SMS alerts. Other possibilities are below:
Upgrading¶
If you have a previous version of OpenCanary installed already, you can upgrade it easily.
Start by activating your virtual evnironment (env in the below example) that has your installed version of OpenCanary,
$ . env/bin/activate
Inside the virtualenv, you can upgrape your OpenCanary by,
$ pip install opencanary --upgrade
Please note that this will not wipe your existing OpenCanary config file. If you would like a new one (with the new settings), please regenerate the config file using,
$ opencanaryd --copyconfig