search

thinkst / opencanary

Modular and decentralised honeypot
http://opencanary.org
BSD 3-Clause "New" or "Revised" License
2.28k stars 357 forks source link

Scripts to build from source (platform agnostic) and bootstrap a macOS launchctl service daemon #215

Closed michelcrypt4d4mus closed 1 year ago

michelcrypt4d4mus commented 1 year ago

These are two scripts I created when I was setting up OpenCanary as a macOS launchctl service; figured they might be worth sharing. If not feel free to close the PR. They're both in a build_scripts/ dir though i'm happy to move them (or make whatever other tweaks).

build_opencanary.sh

bash script to build opencanary and its prerequisites from source. Follows the instructions in the README with special handling for macOS/homebrew setups. Platform agnostic^1 though non macOS systems may need to configure the compile flags.

Script STDOUT Output

$ ./build_scripts/build_opencanary.sh 
Build log will be written to '/Users/uzer/repos/opencanary/build_scripts/build.log'...
macOS detected...
m1 detected...
Found openssl@1.1 at '/opt/homebrew/opt/openssl@1.1'
    LDFLAGS set to '-L/opt/homebrew/opt/openssl@1.1/lib'
    CPPFLAGS set to '-I/opt/homebrew/opt/openssl@1.1/include'
    ARCHFLAGS set to '-arch arm64'
Using current repo at '/Users/uzer/repos/opencanary'
    (Set OPENCANARY_BUILD_FULL_CLEAN=true to start from a fresh git checkout)
Using current virtualenv in '/Users/uzer/repos/opencanary/env'
    (Set OPENCANARY_BUILD_FRESH_VENV=true to rebuild a new virtualenv)
Activating virtual env in subshell...
Installing cryptography package...
Building...
Installing built package 'dist/opencanary-0.7.1.tar.gz'...
Install complete.

IMPORTANT: virtualenv is NOT active!
To activate the virtualenv now and in the future:

    . '/Users/uzer/repos/opencanary/env/bin/activate'

generate_macOS_launchctl_service_files.py

Python script to generate a .plist file and opencanary.conf to enable launchctl to manage opencanaryd as a system daemon. The script writes tmp files to a launchctl/ dir off the repo root. One of the generated files is a bootstrap script that actually sets up the service. It must be run with sudo separately after this script because only root can setup LaunchDaemons on macOS.

--help output

$ ./build_scripts/generate_macOS_launchctl_service_files.py --help
usage: generate_macOS_launchctl_service_files.py [-h] [--service-name NAME]
                                                 [--log-output-dir DIR]
                                                 [--canary {git,ftp,http,httpproxy,portscan,smb,mysql,ssh,redis,rdp,sip,snmp,ntp,tftp,tcpbanner,telnet,mssql,vnc}]

Generate .plist, opencanary.conf, and scripts to bootstrap opencanary as a launchctl
daemon.

options:
  -h, --help            show this help message and exit
  --service-name NAME   string you would like launchctl to use as the name of the
                        opencanary service (default: com.thinkst.opencanary)
  --log-output-dir DIR  opencanary will write its logs to files in DIR when the
                        service is running (default:
                        /Users/uzer/repos/opencanary/log)
  --canary {git,ftp,http,httpproxy,portscan,smb,mysql,ssh,redis,rdp,sip,snmp,ntp,tftp,tcpbanner,telnet,mssql,vnc}
                        enable canary service in the generated opencanary.conf file
                        (can be supplied more than once) (default: None)

Script STDOUT Output

$ ./build_scripts/generate_macOS_launchctl_service_files.py --canary ssh
Creating '/Users/uzer/repos/opencanary/launchctl'...
Creating '/Users/uzer/repos/opencanary/log'...
Generated files...

    Service definition: ./launchctl/com.thinkst.opencanary.plist
       Launcher script: ./launchctl/launch_com.thinkst.opencanary.sh
      Bootstrap script: ./launchctl/install_service_com.thinkst.opencanary.sh
        Bootout script: ./launchctl/uninstall_service_com.thinkst.opencanary.sh

                Config: ./launchctl/opencanary.conf
      Enabled canaries: ssh

To install as a system service run:
    'sudo ./launchctl/install_service_com.thinkst.opencanary.sh'

Generated Service .plist File

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnvironmentVariables</key>
    <dict>
        <key>PATH</key>
        <string>/Users/uzer/repos/opencanary/env/bin:/opt/homebrew
/bin:/usr/bin:/bin</string>
        <key>VIRTUAL_ENV</key>
        <string>/Users/uzer/repos/opencanary/env</string>
    </dict>
    <key>KeepAlive</key>
    <true/>
    <key>Label</key>
    <string>com.thinkst.opencanary</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Users/uzer/repos/opencanary/launchctl/launch_com.thinkst.opencanary.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/Users/uzer/repos/opencanary/log/opencanary.out.log</string>
    <key>StandardOutPath</key>
    <string>/Users/uzer/repos/opencanary/log/opencanary.err.log</string>
    <key>WorkingDirectory</key>
    <string>/Users/uzer/repos/opencanary/env/bin</string>
</dict>
</plist>

Generated Bootstrap Script

set -e
chown root '/Users/uzer/repos/opencanary/launchctl/launch_com.thinkst.opencanary.sh'
mkdir -p '/etc/opencanaryd'
cp '/Users/uzer/repos/opencanary/launchctl/opencanary.conf' /etc/opencanaryd/opencanary.conf
cp '/Users/uzer/repos/opencanary/launchctl/com.thinkst.opencanary.plist' /Library/LaunchDaemons
launchctl bootstrap system '/Library/LaunchDaemons/com.thinkst.opencanary.plist'
jayjb commented 1 year ago

Hi @michelcrypt4d4mus,

These are really cool. Thank you so much for sharing them. I am pondering where we should put them. I like the idea of a build_scripts directory.

Also we always are so happy to have folks contributing, please can you email me at jay [at] thinkst [dot] com.