Seven Layers delivers comprehensive, dependable, and cost-effective solutions tailored to our clients’ needs and budgets. We offer cutting edge defensive security strategies to provide you with the ability to protect key systems and information – and can pair those with traditional information technology services to keep your business up and running, so you can focus on the business that is important to you.

    We provide penetration testing services and vulnerability assessments for peace of mind, risk management, and regulatory compliance. And because your employees are often your first line of defense - or weakness – we offer employee education in computer security and corporate security policies.

    Our support services cover your full suite of end user desktops, in-house servers, cloud-based servers, and cloud services. This includes seamless support for employees in all locations, whether they are in corporate offices, or are remote users. We will manage and develop content management systems, customized software and web applications, as well as working with off the shelf applications.


    I attended a business gathering the other day and someone asked me who our ideal customer would be.  Our ideal customer is a small business owner that is concerned about cybersecurity, wants to do something about it, but doesn't know what to do. 

    The solutions we offer recognize that small businesses don't have endless dollars to throw at security.  With that in mind, I love Thinkst Canaries but $5000 for two of them immediately pushes up against that cost barrier.  As an alternative, we can use OpenCanary installed on some modest hardware and drive the cost down significantly.

    In your arsenal of goodies, canaries are useful because unlike most other devices on the network which have thresholds, canaries alert off of a single hit.  And for a good reason because there's no reasonable explanation why this box should be touched unless someone is up to no good.  

    I've seen a number of articles on how to install OpenCanary and this isn't much different except that I've installed it in /opt instead of a user or root directory.  I've also installed it as a service but I may edit this post in the near future because I've had some intermittent issues with the service staying alive.  And finally, there were some issues that arose from those other instructions and I've addressed them along the way.

    This is the brainless part:

    mkdir /opt/canaries
    cd /opt/canaries
    sudo apt-get install python-dev python-pip python-virtualenv
    virtualenv env/
    . env/bin/activate
    pip install opencanary

    The next two items are optional, scapy and pcapy.  I couldn't get the latter installed and I've yet to discover a problem from NOT having it.  The former can be installed with:

    pip install scapy

    sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev

    Something I've added:

    pip install pyasn1

    With Ubuntu 18, we have pyasn1 version 0.4.5 and this will take it to 0.4.7 which eliminates the error from this next item:

    pip install rdpy

    Without the upgrade to pyans1 0.4.7, we get an error stating that we need to be higher than 0.4.5 and lower than 0.5.0 (I think).

    cd /opt/canaries/env
    opencanaryd --copyconfig
    sudo mv ~/.opencanary.conf /root/
    sudo nano /root/.opencanary.conf

    When we open the config file, by default, FTP is enabled.  

    If you want to make this more attractive, you can change the banner to "vsftpd 2.3.4" which is the version with the backdoor but that might be too obvious.

    Searching through the config, you'll find other services set to false which you can set to true.  Be warned that you can't just indiscriminately set everything to true.  For setup and testing purposes, let's just leave it with FTP.  

    For email alerts, personally, I like the idea of removing this from the in house mail server and I don't like the idea of using Gmail.  In my setup here, I'm routing it through an outbound host that relays without credentials.  Lots of providers offering this type of service, this one charges $5/month.  In addition to relaying messages from the canaries, it can also relay messages from in house copiers.

    "SMTP": {
    "class": "logging.handlers.SMTPHandler",
    "mailhost": ["YOUR RELAY HOST", 25],
    "fromaddr": "YOUR FROM ADDRESS",
    "toaddrs" : ["YOUR TO ADDRESS"],
    "subject" : "OpenCanary Alert",
    "secure" : []

    Take note of the original formatting and also take note of the trailing comma.  You can drop SMTP in after file but then file must have the trailing comma and SMTP would no longer need it.

    At this point, we are set.  In order to start OpenCanary:

    opencanaryd --start

    If you've setup the SMTP functionality, you should receive an email from OpenCanary stating that it's been started.

    If we attempt to FTP:

    We should receive an email regarding the attempted login:

    While this is functional, it's less than ideal because if / when the server reboots, we need to manually start OpenCanary.  

    Setting it up as a service:

    sudo nano /etc/systemd/system/opencanary.service

    I've seen a couple of posts regarding setting OpenCanary up as a service and I've made a couple of mods to the service config:


    ExecStart=/opt/canaries/env/bin/opencanaryd --start


    Save the file, exit, then:

    sudo systemctl enable opencanary.service

    Assuming OpenCanary is still running from when we started it manually, we need to either reboot or stop it manually:

    opencanaryd --stop

    If you rebooted, it should start on its own.  If you stopped it manually, we can start the service:

    sudo service opencanary start

    That's a wrap.  You have your first canary!  Hopefully it never sings!!







    Cybersecurity solutions for small businesses.

    © 2021 Seven Layer Networks, Inc. | All rights reserved.