[BUG] Issues after upgrading to Fedora 39

Question

[BUG] Issues after upgrading to Fedora 39

Closed this issue 6 months ago · 3 comments

Taomyn commented 6 months ago

There are issues getting OpenCanary to run again after upgrading to Fedora 39, in my case from Fedora 38

Since FC39 upgrades to Python 3.12 the previous install (using the Ubuntu method creating the "env") no longer runs.

To resolve this I performed the following:

Renamed the current "env" directory as backup - I use \etc\opencanary for all the settings and the service file which I leave alone
Ran
- virtualenv env/
- . env/bin/activate
- pip install --upgrade pip
- pip install scapy pcapyplus
- pip install opencanary
- opencanaryd --start

This still fails so

Ran
- pip install --upgrade setuptools
- pip install --upgrade urllib3
- pip install --upgrade six
- opencanaryd --start

The first time it ran it logged a few things about iptables, but after that they never appeared again:

{"dst_host": "", "dst_port": -1, "local_time": "2024-03-15 10:12:23.523468", "local_time_adjusted": "2024-03-15 11:12:23.523486", "logdata": {"msg": {"logdata": "Added service from class CanarySNMP in opencanary.modules.snmp to fake"}}, "logtype": 1001, "node_id": "frink-01", "src_host": "", "src_port": -1, "utc_time": "2024-03-15 10:12:23.523481"}
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
{"dst_host": "", "dst_port": -1, "local_time": "2024-03-15 10:12:23.708934", "local_time_adjusted": "2024-03-15 11:12:23.708958", "logdata": {"msg": {"logdata": "Ran startYourEngines on class CanaryPortscan in opencanary.modules.portscan"}}, "logtype": 1001, "node_id": "frink-01", "src_host": "", "src_port": -1, "utc_time": "2024-03-15 10:12:23.708953"}

I think everything is running as expected but I will try and do some more testing later

Answer 1 · 2024-03-15T12:45:21.000Z

Some extra things required for getting kern.log to work:

The rsyslog service was already present and running, but did not have kernel logging enabled
- Enable module(load="imklog" permitnonkernelfacility="on") but had to add the permitnonkernelfacility setting
- Enabled and set kern.* /var/log/kern.log

Answer 2 · 2024-03-18T10:13:10.000Z

I applied the latest version, 0.9.3 and everything is still working, thank-you

Answer 3 · 2024-03-18T10:24:42.000Z

I applied the latest version, 0.9.3 and everything is still working, thank-you

Hi @Taomyn

Thank you for brining this issue to our attention. As you've seen (I was going to reply in a bit - but you beat me to it), we've created a new release with the updated dependencies. Thank you for also testing the new release on your side, we appreciate it!