Installs Thinkst OpenCanary and configures options.
- hosts: canaries
roles:
- role: ansible-role-opencanary
vars:
opencanary_version: master
install_source: github
portscan_enabled: "true"
ssh_enabled: "true"
ssh_port: 2222
- hosts: canaries
roles:
- role: ansible-role-opencanary
vars:
opencanary_version: 0.9.0
portscan_enabled: "true"
mssql_enabled: "true"
smb_enabled: "true"
samba_share: "E$"
- hosts: canaries
roles:
- role: ansible-role-opencanary
vars:
opencanary_version: 0.9.0
ip_ignorelist:
- 192.168.1.54/24
- 192.168.1.154/24
portscan_enabled: "true"
mssql_enabled: "true"
smb_enabled: "true"
samba_share: "E$"
| Name | Default Value | Description |
|---|---|---|
opencanary_install_dir |
/opt/opencanary | Install directory for opencanary virtual environment. |
opencanary_version |
latest | Specifies the version of OpenCanary to install from PyPi.org/GitHub Tag/Branch. |
install_source |
pypi | Specifies where to get the install from PyPi.org or GitHub. |
github_src_dir |
/opt/opencanary_src | Directory to clone git repo to and build src. |
device_node_id |
opencanary-{{ ansible-hostname }} | OpenCanary device node id. |
ip_ignorelist |
N/A | Ansible list of IP addresses using CIDR notation. |
logtype_ignorelist |
N/A | Space delimited list of log codetypes to ignore. |
git_enabled |
false | Enable git canary. |
git_port |
9418 | Port for git canary. |
ftp_enabled |
false | Enable ftp canary. |
ftp_port |
21 | Port for ftp canary. |
ftp_banner |
FTP Server Ready | Banner for ftp canary. |
http_banner |
Apache/2.2.22 (Ubuntu) | Banner for http canary. |
http_enabled |
false | Enable http canary. |
http_port |
80 | Port for http canary. |
http_skin |
basicLogin | Skin to use for http canary. (basicLogin, nasLogin) |
http_customskin_folder |
N/A | Folder to copy to HTTP skin folder. Place in same directory as playbook or specify path relatic to playbook. |
https_enabled |
false | Enable https canary. |
https_port |
443 | Port for https canary. |
https_skin |
basicLogin | Skin to use for https canary. |
https_certificate |
N/A | Certificate for https canary. |
https_key |
N/A | Key for certificate for https canary. |
httpproxy_enabled |
false | Enable http proxy canary. |
httpproxy_port |
8080 | Port for http proxy canary. |
httpproxy_skin |
ms-isa | Skin to use for http proxy canary. (snort, ms-isa) |
llmnr_enabled |
false | Enable LLMNR listener. |
llmnr_query_interval |
60 | How often to broadcast the LLMNR query (in seconds) |
llmnr_query_splay |
5 | Splay time to add randomness to the broadcast (in seconds) |
llmnr_hostname |
{{ ansible_hostname }} | Canary LLMNR Hostame. |
llmnr_port |
5353 | LLMNR Port. |
logger_syslog_address |
N/A | Syslog address/domain name to send logs. |
logger_syslog_port |
514 | Port to use for syslog logging. |
logger_file_filename |
/var/log/opencanary.log | File path/name of local log. |
smtp_mailhost |
N/A | Mail server to use. |
smtp_port |
25 | SMTP port to mail server. |
smtp_from_addr |
N/A | From address. |
smtp_to_addr |
N/A | To Address. |
smtp_subject |
OpenCanary Alert | Email subject. |
slack_webhook_url |
N/A | Incoming Slack Webhook URL for Slack Alerts. |
teams_webhook_url |
N/A | Incoming Teams Webhook URL for Teams Alerts. |
webhook_url |
N/A | Generic Webhook URL. |
webhook_method |
POST | HTTP method to use (GET, POST, PUT). |
webhook_data |
'{"message": "%(message)s"}' | Data to be sent to webhook. |
webhook_status_code |
200 | HTTP status code that is expected for a success. |
webhook_ignore |
N/A | List of strings that will not emit any log that contains the pattern. ie "192.0.2." |
portscan_enabled |
false | Enable port scan canary. |
portscan_ignore_localhost |
false | Disables portscan for localhost. |
portscan_logfile |
/var/log/kern.log | Log file scanned by port scan canary. |
portscan_synrate |
5 | SYN rate for port scan canary. |
portscan_nmaposrate |
5 | Nmap OS rate for port scan canary. |
portscan_lorate |
3 | LO rate for port scan canary. |
portscan_ignore_ports |
N/A | Comma separated list of ports to ignore. |
portscan_iptables_path |
N/A | Path to iptables binary. |
smb_auditfile |
/var/log/samba-audit.log | Samba log for samba canary to watch. |
smb_enabled |
false | Enable samba canary. |
samba_workgroup |
WORKGROUP | Samba workgroup name. |
samba_server_string |
N/A | Samba server string. |
samba_netbios_name |
{{ ansible_hostname }} | Netbios name for Samba server. |
samba_share |
personal | Samba share name. |
samba_comment |
Personal docs | Samba share comment. |
samba_path |
/opt/{{ samab_share }} | Samba path that houses the share. |
mysql_enabled |
false | Enable mysql canary. |
mysql_port |
3306 | Port to use for mysql canary. |
mysql_banner |
5.5.43-0ubuntu0.14.04.1 | Banner for mysql canary. |
ssh_enabled |
false | Enable ssh canary. |
ssh_port |
22 | Port to use for ssh canary. |
ssh_banner |
SSH-2.0-OpenSSH_5.1p1 Debian-4 | Banner for ssh canary. |
redis_enabled |
false | Enable redis canary. |
redis_port |
6379 | Port to use for redis canary. |
rdp_enabled |
false | Enable rdp canary. |
rdp_port |
3389 | Port to use for rdp canary. |
sip_enabled |
false | Enable sip canary. |
sip_port |
5060 | Port to use for sip canary. |
snmp_enabled |
false | Enable snmp canary. |
snmp_port |
161 | Port to use for snmp canary. |
ntp_enabled |
false | Enable ntp canary. |
ntp_port |
123 | Port to use for ntp canary. |
tftp_enabled |
false | Enable tftp canary. |
tftp_port |
69 | Port to use for tftp canary. |
tcpbanner_maxnum |
10 | Max number of connections to tcpbanner canary. |
tcpbanner_enabled |
false | Enable tcpbanner canary. |
tcpbanner_1_enabled |
false | Enable tcpbanner_1 canary. |
tcpbanner_1_port |
8001 | Port for tcpbanner_1 canary. |
tcpbanner_1_datareceivedbanner |
N/A | Data received banner for tcpbanner_1 canary. |
tcpbanner_1_initbanner |
N/A | Init banner for tcpbanner_1 canary. |
tcpbanner_1_alertstring_enabled |
false | Enable alert string for tcpbanner_1 canary. |
tcpbanner_1_alertstring |
N/A | Alert string for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_enabled |
false | Enable keep alive for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_secret |
N/A | Keep alive secret for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_probes |
11 | Keep alive probes for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_interval |
300 | Keep alive interval for tcpbanner_1 canary. |
tcpbanner_1_keep_alive_idle |
300 | Keep alive idle for tcpbanner_1 canary. |
telnet_enabled |
false | Enable telnet canary. |
telnet_port |
23 | Port to use for telnet canary. |
telnet_banner |
N/A | Banner for telnet canary. |
mssql_enabled |
false | Enable mssql canary. |
mssql_version |
2012 | Version of MSSQL to emulate with mssql canary. |
mssql_port |
1433 | Port to use for mssql canary. |
vnc_enabled |
false | Enable vnc canary. |
vnc_port |
5000 | Port to use for vnc canary. |
MIT