Expanding the OpenCanary

Making the OpenCanary look more like a NAS

in one of my previous posts I provided a guide to deploying the Thinkst OpenCanary on a Raspberry Pi. This seems to be the most popular post so far, so I think it’s worth adding a few follow up articles. If you haven’t already read that, then I suggest that’s a good place to start.

This one will be focused on adding more ports to the OpenCanary so that it looks more interesting to anyone on your network. In particular I was looking to make it look more like a real Synology NAS.

Finding what’s needed

To see what the difference was, I used the Fing app on my phone and checked the two systems to see what the differences were.

PortSynologyOpenCanaryUse
21NoYesFTP
22YesYesSSH
80YesYesHTTP
139YesNoNetbios
443YesNoHTTPS
445YesNoSamba/SMB
548YesNoAFP
873YesNoRsync
3389NoYesMS terminal services
5000NoYesUPNP
50001YesNoUnknown

As you can see there are quite a few differences which would lead any intruder into being suspicious of the OpenCanary.

  • FTP – This can be on with the OpenCanary as the FTP port can be enabled on a standard Synology (I just don’t use it on my one)
  • Netbios – This one is important as it does need to look like a network server.
  • HTTPS – Again this is very important as most servers are running HTTPS now
  • Samba – along with Netbios this makes the server look like a NAS
  • AFP – optional here as my Synology has this turned on, but it’s not needed.
  • Rsync – another optional one, I use it as I run backups between 2 Synology systems
  • Terminal services – this should really be turned off as it’s not likely to be on a Synology
  • UPNP – also probably turn this off as unlikely to be on the Synology

As for the unknown one, once I do a bit more digging then I will update on this.

Removing Terminal Services and UPNP

So as for adding ports, the first we are going to do is to remove these ports.

This is a simple case of editing the opencanary.conf file.

Set the rdp.enabled flag to false

For the UPNP, you will find that this is not in the file, but there is a line on vnc.port which is set to 5000, and it is this that is making Fing think there is UPNP. As such, simply change the vnc.enabled to false.

Save the file and reboot the Pi.

Once it’s up and running you can rescan and see that these 2 ports are no longer showing.

Or rather not. In my case I still had RDP showing up, this however was due to a previous install of xrdp on the Pi. This was removed by the command:

sudo apt-get remove xrdp

reboot and this time it did disappear

Adding Samba and Netbios

Adding the network shares is a bit more useful and useful for other projects using a Pi. I used this article as a basis.

First we need to install Samba

sudo apt-get install samba samba-common-bin

Then create a share point on the Raspberry Pi

sudo mkdir -m 1777 /share

Now to set up the config file.

sudo nano /etc/samba/smb.conf

Here you set up the share along with various other settings. For simplicity here’s one ready to go. All you need to do on this one is to change the netbios name from MASTERSVR to the name you want it to show as. I recommend keeping this the same as the hostname of the machine as that matches what Synology (and just about everything else does).

If you created the share as anything other than /share then you will also need to update the relevant section in the [datashare] block (near the end of the file).

We can then setup the remote Samba password using:

sudo smbpasswd -a pi

Since this is not a real share (though you can use it if you want) I suggest setting this to something very different to your normal Pi password.

We can then (re)start samba using the command:

sudo /etc/init.d/samba restart

Last step is to add the configuration to the opencanary.conf file.

In this case we configure the smb.auditfile and smb.enabled elements as follows:

"smb.auditfile": "/var/log/samba-audit.log",
"smb.enabled": true,

If you looked at the smb config file you will note this auditfile matches the one specified there and this allows for more information to be passed to the OpenCanary.

Restart and rescan, should now show the Netbios and Samba/SMB ports available. Additionally you can use the Pi as a NAS for serving content.

Adding AFP

Apples protocol can be useful on mixed networks, and as it’s a supported protocol on the Synology it’s a good idea to add it.

First install netatalk as :

sudo apt install netatalk

Then configure the netatalk service

sudo nano /etc/netatalk/afp.conf

Add the following:

[ishare]
path = /apple/ishare
read only = true

Save and exit the editor

Make the share and set the access:

sudo mkdir /apple
sudo mkdir /apple/ishare
sudo chmod 744 /apple
sudo chmod 744 /apple/ishare

Enable the service:

sudo systemctl restart netatalk

restart and rescan to see the new port available.

Adding Rsync

Another simple protocol that makes it look more like a server.

Start by configurring the rsync server (daemon).

sudo nano /etc/rsyncd.conf

Add the following to (the probably empty/new) file:

motd file = /etc/rsyncd.motd
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock


[public]
path = /public
comment = public
uid = nobody
gid = nobody
read only = yes
list = yes
auth users = rsync1
secrets file = /etc/rsyncd.secrets

No need to restart, this one works almost immediatly.

HTTPS

I left this one to last for good reason, I got it working butt it’s not the cleanest config, but as it’s an important one I still think the config is worth it.

Apache2 should already be installed on the Pi so no need to (re)install. In fact I recommend not to reinstall as this may overwrite some of the opencanary config.

First we do need to create some self signed certificates:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt

Fill in what you like here, with only the FQDN needing to be set, for me I just used the servername here, but it should really be a full name.

Now copy the keys to their correct places:

sudo mv private.key /etc/ssl/private/
sudo mv certificate.crt /etc/ssl/certs/

Now we create a new website configuration file:

Download the example from here and rename it as SERVERNAME.conf with the SERVERNAME being the same as the FQDN you used in the certificates.

Edit the file to give the relevant serveradmin name. Then move the file to the correct location for Apache2.

sudo mv SERVERNAME.conf /etc/apache2/sites-available/SERVERNAME.conf

Make sure to replace the SERVERNAME with the name you gave in the FQDN for the certificates.

Now we enable it, but don’t access just yet:

sudo a2enmod ssl
sudo apache2ctl configtest
sudo systemctl restart apache2.service

Now we need to create the content. As we are making this look like the Synology we can use the template that OpenCanary already provide as NasLogin.

Create the link to the original NasLogin info:

sudo ln -s /home/pi/opencanary/build/lib.linux-armv7l-2.7/opencanary/modules/data/http/skin/nasLogin /var/naslogin2

All one line.

Now the somewhat messy bit as the Apache2 host doesn’t seem to want to use static elements in a “static” subdirectory. I am sure that’s a setting I just didn’t find it, but a workaround is to add some more links:

cd /etc/naslogin2
sudo ln -s static/css css
sudo ln -s static/fonts fonts
sudo ln -s static/img img
sudo ln -s static/js js

You can now enable the site and reload

sudo a2ensite SERVERNAME.conf
sudo systemctl reload apache2.service

You should now find HTTPS gives the same webpage as the original HTTP did.

That’s about it for today, we should now have an OpenCanary that looks a lot more like a Synology NAS than when we started.

More Colours

After yesterdays post, I had a bit of feedback asking if there would be other vendors colours (not just the Vallejo Game Colour range). The original post with how I got these charts can be found here. As I was able to get the RGB values from a few other ranges, I have now generatedContinue reading “More Colours”

Formatting in WordPress

This page is a test, but might help. I originally was using this page to help me to try out new layout styles and techniques. But it ended up having information which might be useful to others, so it’s published rather than being internal only. I would like to use the various plug-ins and inContinue reading “Formatting in WordPress”

Loading…

Something went wrong. Please refresh the page and/or try again.

Get new content delivered directly to your inbox.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: