Welcome to the OpenCanary guide.
Please note we have a wiki on Github with FAQ and Samba Setup help over here.
OpenCanary is a daemon that runs canary services, which trigger alerts when (ab) is used. The alerts can be sent to a variety of sources, including Syslog, emails, and a companion daemon opencanary-correlator.
This project is maintained by Thinkst Canary.
The Correlator coalesces multiple related events (eg. individual brute-force login attempts) into a single alert sent via email or SMS.
The first section will get you quickly up and running with canary services sending alerts.
Try these out in the OpenCanary configs for more typical server personalities.
Getting Started walks through two different ways to configure alerting: logging directly to a file, and sending alerts to the Correlator for email and SMS alerts. Other possibilities are below:
If you have a previous version of OpenCanary installed already, you can upgrade it easily.
Start by activating your virtual environment (env in the below example) that has your installed version of OpenCanary,
$ . env/bin/activate
Inside the virtualenv, you can upgrade your OpenCanary by,
$ pip install opencanary --upgrade
Please note that this will not wipe your existing OpenCanary config file. If you would like a new one (with the new settings), please regenerate the config file using,
$ opencanaryd --copyconfig