蜜罐opencanary"/>
基于openEuler22.03LTS SP1容器安装开源蜜罐opencanary
现在网络运行越来越复杂,渗透、挂马、攻击、数据窃取事件层出不穷,保障内网安全形势异常严峻。在内网中部署蜜罐进行异常行为监测是一个有效的技术手段。开源的opencanary基于python开发,是一个较好的免费蜜罐软件。为了保障主机安全,建议以容器形式部署。本文即是通过openEuler22.03LTS SP1容器安装开源蜜罐opencanary的一个实践。
一、准备openEuler22.03LTS SP1容器环境
下载镜像
在主机上直接pull即可
[root@localhost tmp]# docker pull openeuler/openeuler:22.03-lts-sp1
22.03-lts-sp1: Pulling from openeuler/openeulerDigest: sha256:0ca0f215a0f9142c6b46fdedbc1f9f4c23a191e7f2e50bed33eff19d5ac2a158
Status: Downloaded newer image for openeuler/openeuler:22.03-lts-sp1
[root@localhost tmp]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
openeuler/openeuler 22.03-lts-sp1 d9bff1b2db49 7 weeks ago 191MB
启动容器并检查环境版本
[root@localhost tmp]# docker run -itd --name opencanary openeuler/openeuler:22.03-lts-sp1
95e68d39ed8fcb9a9b8dc78cbe3dbaafe0f1fcaeec3148b86b1f5b781a04b046
[root@localhost tmp]# docker exec -it opencanary /bin/bashWelcome to 5.10.0-60.18.0.50.oe2203.x86_64System information as of time: Fri Feb 17 23:38:17 UTC 2023System load: 0.00
Processes: 6
Memory used: 15.3%
Swap used: 1.4%
Usage On: 33%
Users online: 0[root@95e68d39ed8f /]# cat /etc/os-release
NAME="openEuler"
VERSION="22.03 (LTS-SP1)"
ID="openEuler"
VERSION_ID="22.03"
PRETTY_NAME="openEuler 22.03 (LTS-SP1)"
ANSI_COLOR="0;31"
二、安装opencanary
安装pip
当前python版本3.9.9,试装opencanary提示没有pip3,需安装
[root@95e68d39ed8f /]# python3 --version
Python 3.9.9
[root@95e68d39ed8f /]# pip3 install opencanary
bash: pip3: command not found
[root@95e68d39ed8f /]# dnf install python-pip
Last metadata expiration check: 0:01:38 ago on Fri Feb 17 23:39:22 2023.
Dependencies resolved.
=============================================================================================Package Architecture Version Repository Size
=============================================================================================
Installing:python3-pip noarch 21.3.1-2.oe2203sp1 OS 2.2 M
Installing dependencies:python3-setuptools noarch 59.4.0-4.oe2203sp1 OS 898 kTransaction Summary
=============================================================================================
Install 2 PackagesTotal download size: 3.1 M
Installed size: 14 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): python3-setuptools-59.4.0-4.oe2203sp1.noarch.rpm 2.0 MB/s | 898 kB 00:00
(2/2): python3-pip-21.3.1-2.oe2203sp1.noarch.rpm 4.5 MB/s | 2.2 MB 00:00
---------------------------------------------------------------------------------------------
Total 6.2 MB/s | 3.1 MB 00:00
retrieving repo key for OS unencrypted from .03-LTS-SP1/OS/x86_64/RPM-GPG-KEY-openEuler
OS 20 kB/s | 3.0 kB 00:00
Importing GPG key 0xB675600B:Userid : "openeuler <openeuler@compass-ci>"Fingerprint: 8AA1 6BF9 F2CA 5244 010D CA96 3B47 7C60 B675 600BFrom : .03-LTS-SP1/OS/x86_64/RPM-GPG-KEY-openEuler
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionPreparing : 1/1 Installing : python3-setuptools-59.4.0-4.oe2203sp1.noarch 1/2 Installing : python3-pip-21.3.1-2.oe2203sp1.noarch 2/2 Running scriptlet: python3-pip-21.3.1-2.oe2203sp1.noarch 2/2 Verifying : python3-pip-21.3.1-2.oe2203sp1.noarch 1/2 Verifying : python3-setuptools-59.4.0-4.oe2203sp1.noarch 2/2 Installed:python3-pip-21.3.1-2.oe2203sp1.noarch python3-setuptools-59.4.0-4.oe2203sp1.noarch Complete!
安装opencanary
初次试装
[root@95e68d39ed8f /]# pip install opencanary
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip install --user` instead.
Collecting opencanaryDownloading opencanary-0.7.1-py3-none-any.whl (3.0 MB)|████████████████████████████████| 3.0 MB 1.1 MB/s
Collecting bcrypt==3.1.7Downloading bcrypt-3.1.7-cp34-abi3-manylinux1_x86_64.whl (56 kB)|████████████████████████████████| 56 kB 1.1 MB/s
Collecting Jinja2==3.0.1Downloading Jinja2-3.0.1-py3-none-any.whl (133 kB)|████████████████████████████████| 133 kB 34.7 MB/s
Collecting fpdf==1.7.2Downloading fpdf-1.7.2.tar.gz (39 kB)Preparing metadata (setup.py) ... done
Collecting cryptography==3.0Downloading cryptography-3.0-cp35-abi3-manylinux2010_x86_64.whl (2.7 MB)|████████████████████████████████| 2.7 MB 25.9 MB/s
Collecting Twisted==19.10.0Downloading Twisted-19.10.0.tar.bz2 (3.1 MB)|████████████████████████████████| 3.1 MB 90.4 MB/s Preparing metadata (setup.py) ... done
Collecting pyasn1==0.4.5Downloading pyasn1-0.4.5-py2.py3-none-any.whl (73 kB)|████████████████████████████████| 73 kB 918 kB/s
...creating build/temp.linux-x86_64-3.9/src/twistedcreating build/temp.linux-x86_64-3.9/src/twisted/testgcc -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -D_GNU_SOURCE -fPIC -fwrapv -D_GNU_SOURCE -fPIC -fwrapv -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -D_GNU_SOURCE -fPIC -fwrapv -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -D_GNU_SOURCE -fPIC -fwrapv -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -fPIC -I/usr/include/python3.9 -c src/twisted/test/raiser.c -o build/temp.linux-x86_64-3.9/src/twisted/test/raiser.oerror: command 'gcc' failed: No such file or directory----------------------------------------
ERROR: Command errored out with exit status 1: /usr/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-22ks5g51/twisted_b0da5433e75f4d1ebe95818e3de5a448/setup.py'"'"'; __file__='"'"'/tmp/pip-install-22ks5g51/twisted_b0da5433e75f4d1ebe95818e3de5a448/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-kguk3005/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.9/Twisted Check the logs for full command output.
报错“error: command 'gcc' failed: No such file or directory”差gcc命令,安装gcc
[root@95e68d39ed8f /]# dnf install gcc
Last metadata expiration check: 0:05:28 ago on Fri Feb 17 23:39:22 2023.
Dependencies resolved.
====================================================================================================================================================================Package Architecture Version Repository Size
====================================================================================================================================================================
Installing:gcc x86_64 10.3.1-20.oe2203sp1 update 29 M
Upgrading:libgcc x86_64 10.3.1-20.oe2203sp1 update 75 klibgomp x86_64 10.3.1-20.oe2203sp1 update 229 k
Installing dependencies:binutils x86_64 2.37-14.oe2203sp1 OS 5.4 Mcpp x86_64 10.3.1-20.oe2203sp1 update 9.0 Mglibc-devel x86_64 2.34-105.oe2203sp1 OS 1.8 Mkernel-headers x86_64 5.10.0-136.17.0.93.oe2203sp1 update 1.8 Mlibmpc x86_64 1.2.0-3.oe2203sp1 OS 58 klibxcrypt-devel x86_64 4.4.26-4.oe2203sp1 OS 107 k
...
Installed:binutils-2.37-14.oe2203sp1.x86_64 cpp-10.3.1-20.oe2203sp1.x86_64 gcc-10.3.1-20.oe2203sp1.x86_64 glibc-devel-2.34-105.oe2203sp1.x86_64 kernel-headers-5.10.0-136.17.0.93.oe2203sp1.x86_64 libmpc-1.2.0-3.oe2203sp1.x86_64 libxcrypt-devel-4.4.26-4.oe2203sp1.x86_64 Complete!
再次试装
[root@localhost network-scripts]# pip3 install opencanary
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.
Collecting opencanaryDownloading opencanary-0.7.1-py3-none-any.whl (3.0 MB)|████████████████████████████████| 3.0 MB 1.1 MB/s
Collecting hpfeeds==3.0.0Downloading hpfeeds-3.0.0-py2.py3-none-any.whl (66 kB)|████████████████████████████████| 66 kB 1.6 MB/s
Collecting pyasn1==0.4.5Downloading pyasn1-0.4.5-py2.py3-none-any.whl (73 kB)|████████████████████████████████| 73 kB 970 kB/s
...creating build/temp.linux-x86_64-3.9/src/twisted/testgcc -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -D_GNU_SOURCE -fPIC -fwrapv -D_GNU_SOURCE -fPIC -fwrapv -fstack-protector-strong -D_GNU_SOURCE -fPIC -fwrapv -fstack-protector-strong -D_GNU_SOURCE -fPIC -fwrapv -fstack-protector-strong -fPIC -I/usr/include/python3.9 -c src/twisted/test/raiser.c -o build/temp.linux-x86_64-3.9/src/twisted/test/raiser.osrc/twisted/test/raiser.c:4:10: 致命错误:Python.h:没有那个文件或目录4 | #include "Python.h"| ^~~~~~~~~~编译中断。error: command '/usr/bin/gcc' failed with exit code 1----------------------------------------
ERROR: Command errored out with exit status 1: /usr/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-nraxvkd3/twisted_eb0b8cf7f0a24557848b712a8ea99570/setup.py'"'"'; __file__='"'"'/tmp/pip-install-nraxvkd3/twisted_eb0b8cf7f0a24557848b712a8ea99570/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-ylibzq8y/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.9/Twisted Check the logs for full command output.
再次报错“致命错误:Python.h:没有那个文件或目录”,需要安装python-devel包:
[root@localhost network-scripts]# yum install python3-devel
OS 3.0 MB/s | 3.8 kB 00:00
salt 2.0 MB/s | 2.9 kB 00:00
Dependencies resolved.
=========================================================================================================================================================Package Architecture Version Repository Size
=========================================================================================================================================================
Installing:python3-devel x86_64 3.9.9-7.oe2203 OS 12 M
Installing dependencies:python3-rpm-generators noarch 9-2.oe2203 OS 24 ktk x86_64 1:8.6.10-2.oe2203 OS 1.1 M...
Installed:python3-devel-3.9.9-7.oe2203.x86_64 python3-rpm-generators-9-2.oe2203.noarch tk-1:8.6.10-2.oe2203.x86_64 Complete!
再次试装
[root@95e68d39ed8f /]# pip install opencanary
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip install --user` instead.
Collecting opencanaryUsing cached opencanary-0.7.1-py3-none-any.whl (3.0 MB)
Collecting simplejson==3.16.0Using cached simplejson-3.16.0.tar.gz (81 kB)Preparing metadata (setup.py) ... done
Collecting pyasn1==0.4.5Using cached pyasn1-0.4.5-py2.py3-none-any.whl (73 kB)
Requirement already satisfied: cryptography==3.0 in /usr/local/lib64/python3.9/site-packages (from opencanary) (3.0)
Requirement already satisfied: setuptools==44.0.0 in /usr/local/lib/python3.9/site-packages (from opencanary) (44.0.0)
Collecting Jinja2==3.0.1Using cached Jinja2-3.0.1-py3-none-any.whl (133 kB)
Collecting fpdf==1.7.2Using cached fpdf-1.7.2.tar.gz (39 kB)Preparing metadata (setup.py) ... done
Collecting ntlmlib==0.72Using cached ntlmlib-0.72.tar.gz (22 kB)Preparing metadata (setup.py) ... done
Collecting PyPDF2==1.26.0Using cached PyPDF2-1.26.0.tar.gz (77 kB)Preparing metadata (setup.py) ... done
Collecting hpfeeds==3.0.0Using cached hpfeeds-3.0.0-py2.py3-none-any.whl (66 kB)
Collecting passlib==1.7.1Using cached passlib-1.7.1-py2.py3-none-any.whl (498 kB)
Requirement already satisfied: zope.interface==5.0.0 in /usr/local/lib64/python3.9/site-packages (from opencanary) (5.0.0)
Collecting requests==2.21.0Using cached requests-2.21.0-py2.py3-none-any.whl (57 kB)
Collecting Twisted==19.10.0Using cached Twisted-19.10.0.tar.bz2 (3.1 MB)Preparing metadata (setup.py) ... done
Collecting bcrypt==3.1.7Using cached bcrypt-3.1.7-cp34-abi3-manylinux1_x86_64.whl (56 kB)
Requirement already satisfied: cffi>=1.1 in /usr/local/lib64/python3.9/site-packages (from bcrypt==3.1.7->opencanary) (1.15.1)
Requirement already satisfied: six>=1.4.1 in /usr/local/lib/python3.9/site-packages (from bcrypt==3.1.7->opencanary) (1.16.0)
Requirement already satisfied: MarkupSafe>=2.0 in /usr/local/lib64/python3.9/site-packages (from Jinja2==3.0.1->opencanary) (2.1.2)
Requirement already satisfied: ordereddict in /usr/local/lib/python3.9/site-packages (from ntlmlib==0.72->opencanary) (1.1)
Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/local/lib/python3.9/site-packages (from requests==2.21.0->opencanary) (1.24.3)
Requirement already satisfied: idna<2.9,>=2.5 in /usr/local/lib/python3.9/site-packages (from requests==2.21.0->opencanary) (2.8)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/local/lib/python3.9/site-packages (from requests==2.21.0->opencanary) (3.0.4)
Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.9/site-packages (from requests==2.21.0->opencanary) (2022.12.7)
Requirement already satisfied: constantly>=15.1 in /usr/local/lib/python3.9/site-packages (from Twisted==19.10.0->opencanary) (15.1.0)
Requirement already satisfied: incremental>=16.10.1 in /usr/local/lib/python3.9/site-packages (from Twisted==19.10.0->opencanary) (22.10.0)
Requirement already satisfied: Automat>=0.3.0 in /usr/local/lib/python3.9/site-packages (from Twisted==19.10.0->opencanary) (22.10.0)
Requirement already satisfied: hyperlink>=17.1.1 in /usr/local/lib/python3.9/site-packages (from Twisted==19.10.0->opencanary) (21.0.0)
Requirement already satisfied: PyHamcrest>=1.9.0 in /usr/local/lib/python3.9/site-packages (from Twisted==19.10.0->opencanary) (2.0.4)
Requirement already satisfied: attrs>=17.4.0 in /usr/local/lib/python3.9/site-packages (from Twisted==19.10.0->opencanary) (22.2.0)
Requirement already satisfied: pycparser in /usr/local/lib/python3.9/site-packages (from cffi>=1.1->bcrypt==3.1.7->opencanary) (2.21)
Using legacy 'setup.py install' for fpdf, since package 'wheel' is not installed.
Using legacy 'setup.py install' for ntlmlib, since package 'wheel' is not installed.
Using legacy 'setup.py install' for PyPDF2, since package 'wheel' is not installed.
Using legacy 'setup.py install' for simplejson, since package 'wheel' is not installed.
Using legacy 'setup.py install' for Twisted, since package 'wheel' is not installed.
Installing collected packages: Twisted, simplejson, requests, PyPDF2, pyasn1, passlib, ntlmlib, Jinja2, hpfeeds, fpdf, bcrypt, opencanaryRunning setup.py install for Twisted ... doneRunning setup.py install for simplejson ... doneRunning setup.py install for PyPDF2 ... doneRunning setup.py install for ntlmlib ... doneRunning setup.py install for fpdf ... done
Successfully installed Jinja2-3.0.1 PyPDF2-1.26.0 Twisted-19.10.0 bcrypt-3.1.7 fpdf-1.7.2 hpfeeds-3.0.0 ntlmlib-0.72 opencanary-0.7.1 passlib-1.7.1 pyasn1-0.4.5 requests-2.21.0 simplejson-3.16.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead:
看到Successfully,即安装成功
三、检查安装结果
查看命令生成位置
[root@95e68d39ed8f /]# which opencanaryd
/usr/local/bin/opencanaryd
初始化配置文件
[root@95e68d39ed8f /]# opencanaryd --copyconfig
which: no python in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
[*] A sample config file is ready /etc/opencanaryd/opencanary.conf[*] Edit your configuration, then launch with "opencanaryd --start"
[root@95e68d39ed8f /]# cat /etc/opencanaryd/opencanary.conf
{"device.node_id": "opencanary-1","ip.ignorelist": [ ],"git.enabled": false,"git.port" : 9418,"ftp.enabled": true,"ftp.port": 21,"ftp.banner": "FTP server ready","http.banner": "Apache/2.2.22 (Ubuntu)","http.enabled": false,"http.port": 80,"http.skin": "nasLogin","httpproxy.enabled" : false,"httpproxy.port": 8080,"httpproxy.skin": "squid","logger": {"class": "PyLogger","kwargs": {"formatters": {"plain": {"format": "%(message)s"},"syslog_rfc": {"format": "opencanaryd[%(process)-5s:%(thread)d]: %(name)s %(levelname)-5s %(message)s"}},"handlers": {"console": {"class": "logging.StreamHandler","stream": "ext://sys.stdout"},"file": {"class": "logging.FileHandler","filename": "/var/tmp/opencanary.log"}}}},"portscan.enabled": false,"portscan.ignore_localhost": false,"portscan.logfile":"/var/log/kern.log","portscan.synrate": 5,"portscan.nmaposrate": 5,"portscan.lorate": 3,"smb.auditfile": "/var/log/samba-audit.log","smb.enabled": false,"mysql.enabled": false,"mysql.port": 3306,"mysql.banner": "5.5.43-0ubuntu0.14.04.1","ssh.enabled": false,"ssh.port": 22,"ssh.version": "SSH-2.0-OpenSSH_5.1p1 Debian-4","redis.enabled": false,"redis.port": 6379,"rdp.enabled": false,"rdp.port": 3389,"sip.enabled": false,"sip.port": 5060,"snmp.enabled": false,"snmp.port": 161,"ntp.enabled": false,"ntp.port": 123,"tftp.enabled": false,"tftp.port": 69,"tcpbanner.maxnum":10,"tcpbanner.enabled": false,"tcpbanner_1.enabled": false,"tcpbanner_1.port": 8001,"tcpbanner_1.datareceivedbanner": "","tcpbanner_1.initbanner": "","tcpbanner_1.alertstring.enabled": false,"tcpbanner_1.alertstring": "","tcpbanner_1.keep_alive.enabled": false,"tcpbanner_1.keep_alive_secret": "","tcpbanner_1.keep_alive_probes": 11,"tcpbanner_1.keep_alive_interval":300,"tcpbanner_1.keep_alive_idle": 300,"telnet.enabled": false,"telnet.port": 23,"telnet.banner": "","telnet.honeycreds": [{"username": "admin","password": "$pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA"},{"username": "admin","password": "admin1"}],"mssql.enabled": false,"mssql.version": "2012","mssql.port":1433,"vnc.enabled": false,"vnc.port":5000
}
尝试运行
[root@95e68d39ed8f /]# opencanaryd --start
** We hope you enjoy using OpenCanary. For more open source Canary goodness, head over to canarytokens. **
[-] Failed to open opencanary.conf for reading ([Errno 2] No such file or directory: 'opencanary.conf')
[-] Failed to open /root/.opencanary.conf for reading ([Errno 2] No such file or directory: '/root/.opencanary.conf')
[-] Using config file: /etc/opencanaryd/opencanary.conf
{"dst_host": "", "dst_port": -1, "local_time": "2023-02-17 23:55:35.020436", "local_time_adjusted": "2023-02-17 23:55:35.020481", "logdata": {"msg": {"logdata": "Added service from class CanaryFTP in opencanary.modules.ftp to fake"}}, "logtype": 1001, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2023-02-17 23:55:35.020474"}
{"dst_host": "", "dst_port": -1, "local_time": "2023-02-17 23:55:35.020727", "local_time_adjusted": "2023-02-17 23:55:35.020747", "logdata": {"msg": {"logdata": "Canary running!!!"}}, "logtype": 1001, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2023-02-17 23:55:35.020742"}
可见程序运行正常。
四、打包生成新镜像
[root@localhost dockerfile]# docker commit -m "opencanary on openeuler 20230218" -a "daijianbing" 95e68d39ed8f opencanary:0.7.1
sha256:9431e418b83135e12be3f84c25f7a107d4cef537e1c9605ab3e53ed41fcab994
[root@localhost dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
opencanary 0.7.1 9431e418b831 7 seconds ago 611MB
openeuler/openeuler 22.03-lts-sp1 d9bff1b2db49 7 weeks ago 191MB
[root@localhost dockerfile]# docker save -o opencanary-0.7.1.tar opencanary:0.7.1
保存下来的opencanary-0.7.1.tar本地文件即可分发到内网生产环境中了。
更多推荐
基于openEuler22.03LTS SP1容器安装开源蜜罐opencanary
发布评论