---
tags: ccdc
---
# OpenCanary
## Install
### Setup Docker
##### Debian
``` bash
apt install -y docker.io jq
```
### Docker Install - CD ISO
1. Attach iso to VM (Actions > Edit Settings > CD > Datastore ISO > docker.opencanary.iso)
2. Use the GUI to mount the CD Drive.
3. Open a root terminal in the CD Drive mount directory.
4. Run `docker load < *.tar`
Move the host ssh server port:
``` bash
nano /etc/ssh/sshd_config
```
Change the port line:
``` diff
- #Port 22
+ Port 65534
```
Restart the ssh server.
``` bash
service ssh restart
```
Start Docker container
``` bash
docker run -dit -p 21:21 -p 22:22 -p 23:23 -p 80:80 -p 3306:3306 --name opencanary-app opencanary
```
### Docker Install - Online
Get package from github:
``` bash
git clone https://github.com/trigat/Docker-OpenCanary.git && cd Docker-OpenCanary
```
Edit the enabled services with:
``` bash
nano conf/opencanary.conf
```
Use `ctrl+w` to search the config and make sure the following are all set to true:
`"ftp.enabled":`
`"http.enabled":`
`"mysql.enabled":`
`"ssh.enabled":`
`"telnet.enabled":`
Edit the Dockerfile with:
``` bash
nano Dockerfile
```
Change the first line:
``` diff
- FROM amd64/ubuntu:latest
+ FROM amd64/ubuntu:18.04
```
Remove these lines:
``` diff
- # use this if you want to use RDP for honeypot
- RUN pip install rdp
```
Save and close the file.
Move the host ssh server port:
``` bash
nano /etc/ssh/sshd_config
```
Change the port line:
``` diff
- #Port 22
+ Port 65534
```
Restart the ssh server.
``` bash
service ssh restart
```
Build Docker image and start container
``` bash
docker build --rm -t opencanary .
docker run -dit -p 21:21 -p 22:22 -p 23:23 -p 80:80 -p 3306:3306 --name opencanary-app opencanary
```
## Usage
### View the log
``` bash
docker exec -it opencanary-app bash -c 'cat /var/tmp/opencanary.log'
```
### Watch the log
``` bash
docker exec -it opencanary-app bash -c 'tail -f /var/tmp/opencanary.log'
```
### See Top Uniq attackers
``` bash
docker exec -it opencanary-app bash -c 'cat /var/tmp/opencanary.log' | jq ".src_host" | awk -F '"' '{print $2}' | grep . | sort | uniq -c | sort -n -k 1 -r
```
### See Top Uniq attackers by service attacked
``` bash
docker exec -it opencanary-app bash -c 'cat /var/tmp/opencanary.log' | jq '.src_host + " attacked port: " + (.dst_port|tostring)' | grep -v "\-1" | awk -F '"' '{print $2}' | sort | uniq -c | sort -n -k 1 -r
```
#### Watch it:
``` bash
watch "docker exec -it opencanary-app bash -c 'cat /var/tmp/opencanary.log' | jq '.src_host + \" attacked port: \" + (.dst_port|tostring)' | grep -v \"\-1\" | awk -F '\"' '{print $2}' | sort | uniq -c | sort -n -k 1 -r"
```
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet