-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Opencanary Get out https://github.com/thinkst/opencanary for details on this. Run the following for download and installation: sudo apt-get update && sudo apt-get upgrade -y sudo apt install git -y sudo apt-get install build-essential libssl-dev libffi-dev python-dev -y sudo apt-get install python3-pip -y git clone https://github.com/thinkst/opencanary cd opencanary sudo python3 setup.py install Now generate a config file. opencanaryd --copyconfig Now edit the new conf file: vim .opencanary.conf Make sure to keep proper JSON formatting or the OpenCanary service won't start. I used jq to validate that the JSON file is good to go! If there are issues it will help you quickly identify them. If you need more information around using or installing jq please visit https://stedolan.github.io/jq/download/ { "device.node_id": "opencanary-1", "ip.ignorelist": [ ], "git.enabled": false, "git.port" : 9418, "ftp.enabled": true, "ftp.port": 21, "ftp.banner": "FTP server ready", "http.banner": "Apache/2.2.22 (Ubuntu)", "http.enabled": false, "http.port": 80, "http.skin": "nasLogin", "http.skin.list": [ { "desc": "Plain HTML Login", "name": "basicLogin" }, { "desc": "Synology NAS Login", "name": "nasLogin" } ], "httpproxy.enabled" : false, "httpproxy.port": 8080, "httpproxy.skin": "squid", "httproxy.skin.list": [ { "desc": "Squid", "name": "squid" }, { "desc": "Microsoft ISA Server Web Proxy", "name": "ms-isa" } ], "logger": { "class": "PyLogger", "kwargs": { "formatters": { "plain": { "format": "%(message)s" }, "syslog_rfc": { "format": "opencanaryd[%(process)-5s:%(thread)d]: %(name)s %(levelname)-5s %(message)s" } }, "handlers": { "console": { "class": "logging.StreamHandler", "stream": "ext://sys.stdout" }, "file": { "class": "logging.FileHandler", "filename": "/var/tmp/opencanary.log" }, "syslog-unix": { "class": "logging.handlers.SysLogHandler", "formatter":"syslog_rfc", "address": [ "localhost", 514 ], "socktype": "ext://socket.SOCK_DGRAM" }, "json-tcp": { "class": "opencanary.logger.SocketJSONHandler", "host": "127.0.0.1", "port": 1514 }, "SMTP": { "class": "logging.handlers.SMTPHandler", "mailhost": ["smtp.yourserver.com", 25], "fromaddr": "[email protected]", "toaddrs" : ["[email protected]"], "subject" : "OpenCanary Alert", "credentials" : ["youraddress", "SecureStrongpass"], "secure" : [] }, "slack":{ "class":"opencanary.logger.SlackHandler", "webhook_url":"https://hooks.slack.com/services/..." }, "teams": { "class": "opencanary.logger.TeamsHandler", "webhook_url":"https://my-organisation.webhook.office.com/webhookb2/..." } } } }, "portscan.enabled": false, "portscan.logfile":"/var/log/kern.log", "portscan.synrate": 5, "portscan.nmaposrate": 5, "portscan.lorate": 3, "smb.auditfile": "/var/log/samba-audit.log", "smb.enabled": false, "mysql.enabled": false, "mysql.port": 3306, "mysql.banner": "5.5.43-0ubuntu0.14.04.1", "ssh.enabled": false, "ssh.port": 22, "ssh.version": "SSH-2.0-OpenSSH_5.1p1 Debian-4", "redis.enabled": false, "redis.port": 6379, "rdp.enabled": false, "rdp.port": 3389, "sip.enabled": false, "sip.port": 5060, "snmp.enabled": false, "snmp.port": 161, "ntp.enabled": false, "ntp.port": "123", "tftp.enabled": false, "tftp.port": 69, "tcpbanner.maxnum":10, "tcpbanner.enabled": false, "tcpbanner_1.enabled": false, "tcpbanner_1.port": 8001, "tcpbanner_1.datareceivedbanner": "", "tcpbanner_1.initbanner": "", "tcpbanner_1.alertstring.enabled": false, "tcpbanner_1.alertstring": "", "tcpbanner_1.keep_alive.enabled": false, "tcpbanner_1.keep_alive_secret": "", "tcpbanner_1.keep_alive_probes": 11, "tcpbanner_1.keep_alive_interval":300, "tcpbanner_1.keep_alive_idle": 300, "telnet.enabled": false, "telnet.port": "23", "telnet.banner": "", "telnet.honeycreds": [ { "username": "admin", "password": "$pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA" }, { "username": "admin", "password": "admin1" } ], "mssql.enabled": false, "mssql.version": "2012", "mssql.port":1433, "vnc.enabled": false, "vnc.port":5000 } $ . env/bin/activate $ opencanaryd --start If everything worked you should have some emails or slack messages alerting you to the startup of the services. Over time, depending on what you enabled, you will receive alerts for port scans, or other attempts. Please visit this document which covers in more detail OpenCanary, https://buildmedia.readthedocs.org/media/pdf/opencanary/latest/opencanary.pdf Slack channel for Opencanary Alerts, set up incoming webhooks. https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack