Closed Jake3451 closed 1 year ago
Hi @Jake3451,
Those emails that are coming through are part of the boot up sequence to tell you which services are being started as part of the opencanary daemon. How are you starting your opencanary? Which version of Ubuntu are you using? Which services are you enabling?
Thanks
@jayjb Thanks for the prompt reply! Currently the OS is OS: Ubuntu 20.04.4. These are the commands that were used for enabling the services.
sudo systemctl enable opencanary.service sudo systemctl start opencanary.service systemctl status opencanary.service
These emails actually never stop, and will continue to send thousands, unless stopped. Sorry new to linux, if there are other things you are needing let me know. Thanks!
@Jake3451, thanks for the information. Would you mind telling me what the output for:
systemctl status opencanary.service
is after you have run sudo systemctl start opencanary.service
.
Sorry for the spamming; Im sure we will get to the bottom of this.
@jayjb
@jayjb Any ideas? Thanks for all of the help!
Hi @Jake3451,
Sorry for going silent. The screenshot you sent doesn't show anything too telling besides that line:
opencanary.service: Scheduled restart job, restart counter is at 8
. This leads me to think it may be starting up and shutting down constantly. We have actually seen this in the past with a bad service file.
journald
logs (mostly accessed via journalctl
) to check whether the service is going starting up and shutting down continuously. Closing issue due to lack of activity. Please re-open if you still have the same issue.
I have currently implemented an open canary server on Ubuntu. There is nothing in my config that should produce such an error as I have compared with another opencanary server that is working just fine. I am being spammed at least 200 emails every 5 minutes or so. Here is the email that comes through. They are reminaing the same on port 1, the only difference is that tag at the end starting with "Added Server from class....."
{"dst_host": "", "dst_port": -1, "local_time": "2022-06-28 18:55:08.133485", "local_time_adjusted": "2022-06-28 18:55:08.133536", "logdata": {"msg": {"logdata": "Added service from class CanarySIP in opencanary.modules.sip to fake"}}, "logtype": 1001, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2022-06-28 18:55:08.133530"}
Also another here
{"dst_host": "", "dst_port": -1, "local_time": "2022-06-28 18:55:05.326133", "local_time_adjusted": "2022-06-28 18:55:05.326176", "logdata": {"msg": {"logdata": "Added service from class CanarySSH in opencanary.modules.ssh to fake"}}, "logtype": 1001, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2022-06-28 18:55:05.326171"}
Do I need to exclude the local host? Set to false? Thanks.