Closed jantonio1099 closed 1 year ago
theidiotyouyellat
commented
1 year ago I also noticed this behavior in CentOS 8 Stream OpenCanary 0.7.1 from PyPi but did not notice on Ubuntu 20.04 OpenCanary 0.7.1 from PyPi or Ubuntu 22.04 OpenCanary 0.8.0 from GitHub Release.
jayjb
commented
1 year ago Hi @jantonio1099,
Thanks for reporting this. Would you mind letting me know what OS you are running? And what version?
jantonio1099
commented
1 year ago This is what I am running
Distributor ID: Ubuntu Description: Ubuntu 22.04.1 LTS Release: 22.04 Codename: jammy
jayjb
commented
1 year ago Hi @jantonio1099,
I've looked through the code again and the handleLines function you mention in the portscan.py module, looks for the lines in /var/log/kern.log by default. It can, however, be changed in the configuration using the 'portscan.logfile' key. Have you, by any chance, changed that value?
Would you also mind telling me what version of iptables you are running? I suspect the version may have changed what its logging looks like.
jayjb
commented
1 year ago Hi @jantonio1099,
We have a fix coming in for this. iptables has been deprecated for nftables which doesnt work. The quick fix at the moment is that we will use the iptables-legacy. Please reopen the issue if you still have the problem after the new version is released.
Not sure if this is considered normal behavior or not. From what I can tell, the handleLines function in portscan.py is not being triggered when an event captured via IPtables rules is activated. The log entries are captured in Kern.log and syslog but nothing is posted to the opencanary log which from my understanding suggests the handleLines function is not be fired.
Not sure if there is a setting in the opencanary.conf file that would control this, can't seem to find anything obvious in the code that would suggest this, but I suspect I am missing something. All other opencanary modules are working as expected and logging to the opencanary log as anticipated.
Any information or guidance would be appreciated.