Using Dockerised OpenCanary

Limitations

Currently dockerised OpenCanary does not support portscan. This is because portscan requires iptables.

Pre-requisites

• Docker to be installed
• Docker Compose to be installed
• Clone the OpenCanary repo: git clone https://github.com/thinkst/opencanary

Using our Docker OpenCanary image

1. Navigate into the cloned OpenCanary repo.

Building and running your own Docker OpenCanary image (with only docker)

1. Navigate into the cloned OpenCanary repo.
2. To build a Docker image
   • based on the most current code in the repository:

   docker build -t opencanary -f Dockerfile.latest .

   • based on what has been released in Pypi, run:

   docker build -t opencanary -f Dockerfile.stable .

3. Edit the data/.opencanary.conf file to enable, disable or customize the services that will run.
4. To run the newly created docker image, run the following. Keep in mind you will need to expose the ports that your Docker OpenCanary will expect traffic on. Below we are exposing ports 80 and 21.

   $ docker run --rm --detach -p 21:21 -p 80:80 -v "${PWD}/data/.opencanary.conf":"/root/.opencanary.conf" --name opencanary opencanary

5. (Optional) If you planning on running Samba, you will need to allow the Docker OpenCanary process to read the "smb.auditfile" value (found in your opencanary.conf). You can do this by adding: -v /path/to/auditfile:/path/to/auditfile.

Miscellaneous Docker OpenCanary commands

• To view the logs using docker, run

  docker logs opencanary

• To view the logs using docker compose, run

  docker compose logs

• To stop the container using docker, run

  docker stop opencanary

• To stop the container using docker compose, run

  docker compose down