Closed admlko closed 1 month ago
Hi @admlko,
Thanks for writing in. Does this still happen if you explicitly curl index.html
, via curl http://localhost/index.html
?
Hi @thinkst-daniel,
Thank you for chiming in! :)
Does this still happen if you explicitly curl index.html, via curl http://localhost/index.html?
Your hunch was correct, calling URL with /index.html path shows up in the log file and triggers an alert.
Oh great! Glad to hear it's working.
But shouldn't calling the root of web server trigger the alert anyway? I mean, the server responds?
That's a good question @admlko. So in this case it is a deliberate design choice. The reason why it only triggers on /index.html
is because we only want alerts to fire if someone crosses certain boundaries. The idea is that legitimate users may accidentally connect to the web server, but only once they enter details and try to login does it become malicious.
If you still want alerts to trigger from requests hitting root however, then you can make the following tweak to the http module code:
diff --git a/opencanary/modules/http.py b/opencanary/modules/http.py
index 1917ba6..0d1b469 100644
--- a/opencanary/modules/http.py
+++ b/opencanary/modules/http.py
@@ -175,7 +175,7 @@ class CanaryHTTP(CanaryService):
root = StaticNoDirListing(self.staticdir)
root.createErrorPages(self)
root.putChild(b"", RedirectCustomHeaders(b"/index.html", factory=self))
- root.putChild(b"index.html", page)
+ root.putChild(b"", page)
wrapped = EncodingResourceWrapper(root, [GzipEncoderFactory()])
site = Site(wrapped)
return internet.TCPServer(self.port, site, interface=self.listen_addr)
Describe the bug HTTP/S logs won't show up in logfile but does show up in Docker container stdout. Webhook alert won't get triggered. Telnet seems to work just fine and triggers webhook alert.
To Reproduce Steps to reproduce the behavior:
thinkst/opencanary:latest
-image/root/
-directory (bind mounted)curl -vv http://localhost
/var/tmp/opencanary.log
, Webhook alert doesnt' get triggered.curl -vv telnet://localhost:23
/var/tmp/opencanary.log
and Webhook alert triggers.Expected behavior Log lines appearing in /var/tmp/opencanary.log and webhook triggering.
Additional context Configuration file contents: