Comment on HoneyWire: Open-source, zero-agent cyber canaries for your homelab (Thinkst/OpenCanary alternative)
andreicscs@lemmy.world 1 day agoHi thanks for the report! What’s with github not accepting issues ?
Could you provide details about the environment you are deploying in and what your honeywire-compose.yml file generated by the hub looks like?
I’d love to look into your specific edge case it would be awesome if you could provide info that would help me debug it
Alfredolin@sopuli.xyz 1 day ago
It doesn’t matter if Github is more convenient, I, for example, am straight banned from it with no possibility to sign-up. (Issue with arkoselabs not working from my ip/device, which is required to complete captcha for signup, and the support is non existent, see [this post](edit coming).
Ok, issue is clear: tcp-tarpit is trying to use an already occupied port. I was not sure how to check the containers log, your command was correct.
Yes, I was trying to deploy everything on the same machine as starter.
I found that I could change the port from the hub, under fleet management, now it seems to work.
I still don’t get why the hub stopped working though. Cpntainer log is only showing from the last start.
andreicscs@lemmy.world 21 hours ago
I see, i get your feelings about GitHub, i checked out your post and it really is an annoying problem, I’ll see what i can do for you and others who can’t access GitHub. For now anyone who has trouble accessing GitHub, please feel free to either reach out right here on this post, or via email at info@honeywire.dev.
As for the issue, it would be great if you could provide a little more information about your deployment. Did you use the setup wizard, or did you go with a manual deployment? What does your compose file look like? (It will be located at /opt/honeywire/sensors/honeywire-compose.yml if you used the setup wizard).
The setup wizard is built to prevent you from applying a conflicting config to the node, so this is either a bug with the wizard’s environment checks, or a manual deployment that happened to use conflicting ports.
The containers crashing and only showing logs from the last start is definitely interesting behavior. My best guess until I see the config and deployment type is that the Docker daemon hit a fatal error on the port collision panicked and kept restarting the containers, forcing the previous logs to clear as well.
Alfredolin@sopuli.xyz 21 hours ago
Yes I used the wizard, which is very neat. Yeah, during the setup, all occupied ports are listed, including the one which was already occupied but nevertheless got used by one of the tcp tarpit decoys.
Now I just moved that decoys port (just did +1, I hope that doesn’t matter) from the UI which correctly changed the honeywire-compose.yml file. Now it seems to be running properly, and firedrill triggers the notifications.
I think you are right on the compose up crash upon port occupied.
andreicscs@lemmy.world 20 hours ago
Thank you so much for the additional info, since you used the wizard this shouldn’t have happened at all. Did the wizard itself recommend the occupied port during the initial environment discovery, or did you deploy the sensor config from the hub and then run ‘honeywire apply’ ? i will definitely try to replicate this edge case, if it’s a recurring logic issue I’ll push out a hotfix as soon as I can.
bumping up the port won’t cause any issues at all!, it is what the wizard should have done once it realized the port was already in use. You can run the decoys on any ports you want as long as they are not already bound to that host. I’m glad to hear everything else worked as intended and that the Firedrill successfully triggered your notifications
Your feedback was very helpful!