thinkst / opencanary

Modular and decentralised honeypot
http://opencanary.org
BSD 3-Clause "New" or "Revised" License
2.31k stars 360 forks source link

Access to SMB file causing Unhandled error in opencanaryd #171

Closed redstang33 closed 2 years ago

redstang33 commented 2 years ago

Using opencanary on a Raspberry Pi. I have configured SMB using the information on the wiki. Running opencanaryd --dev and then accessing a file I get this error message:

2022-02-12T11:51:04+0000 [-] Unhandled Error Traceback (most recent call last): File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/python/log.py", line 103, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/python/log.py", line 86, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/python/context.py", line 122, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/python/context.py", line 85, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite why = selectable.doRead() File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/internet/inotify.py", line 249, in doRead fdesc.readFromFD(self._fd, self._doRead) File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/internet/fdesc.py", line 94, in readFromFD callback(output) File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/internet/inotify.py", line 276, in _doRead iwp._notify(path, mask) File "/home/pi/opencanary/env/lib/python3.9/site-packages/twisted/internet/inotify.py", line 150, in _notify callback(self, filepath, events) File "/home/pi/opencanary/env/lib/python3.9/site-packages/opencanary/modules/__init__.py", line 169, in onChange self.processAuditLines() File "/home/pi/opencanary/env/lib/python3.9/site-packages/opencanary/modules/__init__.py", line 161, in processAuditLines self.handleLines(lines=lines) File "/home/pi/opencanary/env/lib/python3.9/site-packages/opencanary/modules/samba.py", line 39, in handleLines path = data[13] builtins.IndexError: list index out of range

I noticed that my /var/log/samba-audit.log looks like this: Feb 12 11:51:04 fileserver smbd_audit: |10.1.1.2|10.1.1.188|10.1.1.2|financials|SRV01|SMB3_11|Vista|2022/02/12 11:51:04|NT AUTHORITY|pread_recv|ok|/media/financials/salaries.xlsx

Seems that the %U doesn't log any guest user accessing the file. I tried to replace that with another field though so that something would generate but I still got that same error.

HybridAU commented 2 years ago

Hi @redstang33 thanks for your bug report, I think this is the same issue as #161 and there is already a pull request to fix it so hopefully it should be fixed soon :slightly_smiling_face:.

jayjb commented 2 years ago

Sorry for the delay folks! I've merged it! 🤘