# OpenCanary

## Device preparation

1. Install OS [Armbian 11 Bullseye](https://download.csec.ba/tinkerboard/Armbian_11.img.xz). During installation process create user canary.

2. Update and upgrade
```bash
sudo apt update && sudo apt upgrade -y
```

3. Change SSH server port to be able to use Canary SSH on port 22
```bash
sudo nano /etc/ssh/sshd_config
Uncoment Port section and change port from 22 to 33
Restart SSH server:
şudo service sshd restart

Connect SSH using terminal with: ssh -l canary -p 33 'HostIP'
```

4. Download OpenCanary config file
```bash
wget https://download.csec.ba/tinkerboard/opencanary.conf
```

5. Install Python3
```bash
sudo apt install -y python3-dev python3-pip python3-venv
```

6. Install prerequisites
```bash
sudo apt install -y build-essential libssl-dev libffi-dev libpcap-dev net-tools
```

7. Install Rust
```bash
sudo apt install rustc -y
```

8. Instal Cargo
```bash
sudo apt install cargo -y
```

9. Disable build Rust
```bash
export CRYPTOGRAPHY_DONT_BUILD_RUST=1
```

10. Install dependencies
```bash
mkdir opencanary
cd opencanary
python3 -m venv env
source env/bin/activate
pip install wheel
#sudo install rdpy (not working in the latest release)
pip install opencanary
pip install scapy pcapy
```

11. Create config file and copy it to the path
```bash
opencanaryd --copyconfig
sudo cp /home/canary/opencanary.conf /etc/opencanaryd/opencanary.conf
sudo mv /home/canary/opencanary.conf /home/canary/opencanary/opencanary.conf
```

12. Create OpenCanary service
```bash
sudo nano /etc/systemd/system/opencanary.service

#Add following lines into it
[Unit]
Description=OpenCanary
After=syslog.target
After=network.target

[Service]
User=root
Type=simple
RemainAfterExit=yes
Restart=always
ExecStart=/home/canary/opencanary/env/bin/opencanaryd --start
ExecStop=/home/canary/opencanary/env/bin/opencanaryd --stop

[Install]
WantedBy=multi-user.target
```

13. Enable and start service
```bash
sudo systemctl enable opencanary && sudo systemctl start opencanary
```

- or symply download install script to avoid all manual work
```bash
wget https://download.csec.ba/tinkerboard/opencanary.sh
#Make it executable
sudo chmod +x opencanary.sh
#Execute script
sudo ./opencanary.sh

#One thing you have to do manually is to change SSH port as described in part 3.
```