Comment on HoneyWire: Open-source, zero-agent cyber canaries for your homelab (Thinkst/OpenCanary alternative)
Alfredolin@sopuli.xyz 1 day agoIt doesn’t matter if Github is more convenient, I, for example, am straight banned from it with no possibility to sign-up. (Issue with arkoselabs not working from my ip/device, which is required to complete captcha for signup, and the support is non existent, see [this post](edit coming).
Ok, issue is clear: tcp-tarpit is trying to use an already occupied port. I was not sure how to check the containers log, your command was correct.
Yes, I was trying to deploy everything on the same machine as starter.
I found that I could change the port from the hub, under fleet management, now it seems to work.
I still don’t get why the hub stopped working though. Cpntainer log is only showing from the last start.
andreicscs@lemmy.world 20 hours ago
I see, i get your feelings about GitHub, i checked out your post and it really is an annoying problem, I’ll see what i can do for you and others who can’t access GitHub. For now anyone who has trouble accessing GitHub, please feel free to either reach out right here on this post, or via email at info@honeywire.dev.
As for the issue, it would be great if you could provide a little more information about your deployment. Did you use the setup wizard, or did you go with a manual deployment? What does your compose file look like? (It will be located at /opt/honeywire/sensors/honeywire-compose.yml if you used the setup wizard).
The setup wizard is built to prevent you from applying a conflicting config to the node, so this is either a bug with the wizard’s environment checks, or a manual deployment that happened to use conflicting ports.
The containers crashing and only showing logs from the last start is definitely interesting behavior. My best guess until I see the config and deployment type is that the Docker daemon hit a fatal error on the port collision panicked and kept restarting the containers, forcing the previous logs to clear as well.
Alfredolin@sopuli.xyz 19 hours ago
Yes I used the wizard, which is very neat. Yeah, during the setup, all occupied ports are listed, including the one which was already occupied but nevertheless got used by one of the tcp tarpit decoys.
Now I just moved that decoys port (just did +1, I hope that doesn’t matter) from the UI which correctly changed the honeywire-compose.yml file. Now it seems to be running properly, and firedrill triggers the notifications.
I think you are right on the compose up crash upon port occupied.
andreicscs@lemmy.world 19 hours ago
Thank you so much for the additional info, since you used the wizard this shouldn’t have happened at all. Did the wizard itself recommend the occupied port during the initial environment discovery, or did you deploy the sensor config from the hub and then run ‘honeywire apply’ ? i will definitely try to replicate this edge case, if it’s a recurring logic issue I’ll push out a hotfix as soon as I can.
bumping up the port won’t cause any issues at all!, it is what the wizard should have done once it realized the port was already in use. You can run the decoys on any ports you want as long as they are not already bound to that host. I’m glad to hear everything else worked as intended and that the Firedrill successfully triggered your notifications
Your feedback was very helpful!
Alfredolin@sopuli.xyz 18 hours ago
The hub is running as follow:
That way I had to change as less as possible and just setup a quick reverse proxy. I 100% followed the steps from the README.md in Github for the quick start guide, so this was all wizard and
honeywire apply. 3306 was the already occupied port, occupied by a native program, not a container.