Awesome
Role Description
Installs Thinkst OpenCanary and configures options.
Example Playbooks
Install from Github Branch
- hosts: canaries
roles:
- role: ansible-role-opencanary
vars:
opencanary_version: master
install_source: github
portscan_enabled: "true"
ssh_enabled: "true"
ssh_port: 2222
Install from PyPi.Org
- hosts: canaries
roles:
- role: ansible-role-opencanary
vars:
opencanary_version: 0.9.0
portscan_enabled: "true"
mssql_enabled: "true"
smb_enabled: "true"
samba_share: "E$"
Install from PyPi.Org and ignore IP's
- hosts: canaries
roles:
- role: ansible-role-opencanary
vars:
opencanary_version: 0.9.0
ip_ignorelist:
- 192.168.1.54/24
- 192.168.1.154/24
portscan_enabled: "true"
mssql_enabled: "true"
smb_enabled: "true"
samba_share: "E$"
Role Variables
| Name | Default Value | Description |
|---|---|---|
opencanary_install_dir | /opt/opencanary | Install directory for opencanary virtual environment. |
opencanary_version | latest | Specifies the version of OpenCanary to install from PyPi.org/GitHub Tag/Branch. |
install_source | pypi | Specifies where to get the install from PyPi.org or GitHub. |
github_src_dir | /opt/opencanary_src | Directory to clone git repo to and build src. |
device_node_id | opencanary-{{ ansible-hostname }} | OpenCanary device node id. |
ip_ignorelist | N/A | Ansible list of IP addresses using CIDR notation. |
logtype_ignorelist | N/A | Space delimited list of log codetypes to ignore. |
git_enabled | false | Enable git canary. |
git_port | 9418 | Port for git canary. |
ftp_enabled | false | Enable ftp canary. |
ftp_port | 21 | Port for ftp canary. |
ftp_banner | FTP Server Ready | Banner for ftp canary. |
http_banner | Apache/2.2.22 (Ubuntu) | Banner for http canary. |
http_enabled | false | Enable http canary. |
http_port | 80 | Port for http canary. |
http_skin | basicLogin | Skin to use for http canary. (basicLogin, nasLogin) |
http_customskin_folder | N/A | Folder to copy to HTTP skin folder. Place in same directory as playbook or specify path relatic to playbook. |
https_enabled | false | Enable https canary. |
https_port | 443 | Port for https canary. |
https_skin | basicLogin | Skin to use for https canary. |
https_certificate | N/A | Certificate for https canary. |
https_key | N/A | Key for certificate for https canary. |
httpproxy_enabled | false | Enable http proxy canary. |
httpproxy_port | 8080 | Port for http proxy canary. |
httpproxy_skin | ms-isa | Skin to use for http proxy canary. (snort, ms-isa) |
llmnr_enabled | false | Enable LLMNR listener. |
llmnr_query_interval | 60 | How often to broadcast the LLMNR query (in seconds) |
llmnr_query_splay | 5 | Splay time to add randomness to the broadcast (in seconds) |
llmnr_hostname | {{ ansible_hostname }} | Canary LLMNR Hostame. |
llmnr_port | 5353 | LLMNR Port. |
logger_syslog_address | N/A | Syslog address/domain name to send logs. |
logger_syslog_port | 514 | Port to use for syslog logging. |
logger_file_filename | /var/log/opencanary.log | File path/name of local log. |
smtp_mailhost | N/A | Mail server to use. |
smtp_port | 25 | SMTP port to mail server. |
smtp_from_addr | N/A | From address. |
smtp_to_addr | N/A | To Address. |
smtp_subject | OpenCanary Alert | Email subject. |
slack_webhook_url | N/A | Incoming Slack Webhook URL for Slack Alerts. |
teams_webhook_url | N/A | Incoming Teams Webhook URL for Teams Alerts. |
webhook_url | N/A | Generic Webhook URL. |
webhook_method | POST | HTTP method to use (GET, POST, PUT). |
webhook_data | '{"message": "%(message)s"}' | Data to be sent to webhook. |
webhook_status_code | 200 | HTTP status code that is expected for a success. |
webhook_ignore | N/A | List of strings that will not emit any log that contains the pattern. ie "192.0.2." |
portscan_enabled | false | Enable port scan canary. |
portscan_ignore_localhost | false | Disables portscan for localhost. |
portscan_logfile | /var/log/kern.log | Log file scanned by port scan canary. |
portscan_synrate | 5 | SYN rate for port scan canary. |
portscan_nmaposrate | 5 | Nmap OS rate for port scan canary. |
portscan_lorate | 3 | LO rate for port scan canary. |
portscan_ignore_ports | N/A | Comma separated list of ports to ignore. |
portscan_iptables_path | N/A | Path to iptables binary. |
smb_auditfile | /var/log/samba-audit.log | Samba log for samba canary to watch. |
smb_enabled | false | Enable samba canary. |
samba_workgroup | WORKGROUP | Samba workgroup name. |
samba_server_string | N/A | Samba server string. |
samba_netbios_name | {{ ansible_hostname }} | Netbios name for Samba server. |
samba_share | personal | Samba share name. |
samba_comment | Personal docs | Samba share comment. |
samba_path | /opt/{{ samab_share }} | Samba path that houses the share. |
mysql_enabled | false | Enable mysql canary. |
mysql_port | 3306 | Port to use for mysql canary. |
mysql_banner | 5.5.43-0ubuntu0.14.04.1 | Banner for mysql canary. |
ssh_enabled | false | Enable ssh canary. |
ssh_port | 22 | Port to use for ssh canary. |
ssh_banner | SSH-2.0-OpenSSH_5.1p1 Debian-4 | Banner for ssh canary. |
redis_enabled | false | Enable redis canary. |
redis_port | 6379 | Port to use for redis canary. |
rdp_enabled | false | Enable rdp canary. |
rdp_port | 3389 | Port to use for rdp canary. |
sip_enabled | false | Enable sip canary. |
sip_port | 5060 | Port to use for sip canary. |
snmp_enabled | false | Enable snmp canary. |
snmp_port | 161 | Port to use for snmp canary. |
ntp_enabled | false | Enable ntp canary. |
ntp_port | 123 | Port to use for ntp canary. |
tftp_enabled | false | Enable tftp canary. |
tftp_port | 69 | Port to use for tftp canary. |
tcpbanner_maxnum | 10 | Max number of connections to tcpbanner canary. |
tcpbanner_enabled | false | Enable tcpbanner canary. |
tcpbanner_1_enabled | false | Enable tcpbanner_1 canary. |
tcpbanner_1_port | 8001 | Port for tcpbanner_1 canary. |
tcpbanner_1_datareceivedbanner | N/A | Data received banner for tcpbanner_1 canary. |
tcpbanner_1_initbanner | N/A | Init banner for tcpbanner_1 canary. |
tcpbanner_1_alertstring_enabled | false | Enable alert string for tcpbanner_1 canary. |
tcpbanner_1_alertstring | N/A | Alert string for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_enabled | false | Enable keep alive for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_secret | N/A | Keep alive secret for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_probes | 11 | Keep alive probes for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_interval | 300 | Keep alive interval for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_idle | 300 | Keep alive idle for tcpbanner_1 canary. |
telnet_enabled | false | Enable telnet canary. |
telnet_port | 23 | Port to use for telnet canary. |
telnet_banner | N/A | Banner for telnet canary. |
mssql_enabled | false | Enable mssql canary. |
mssql_version | 2012 | Version of MSSQL to emulate with mssql canary. |
mssql_port | 1433 | Port to use for mssql canary. |
vnc_enabled | false | Enable vnc canary. |
vnc_port | 5000 | Port to use for vnc canary. |
License
MIT