Comment on HoneyWire: Open-source, zero-agent cyber canaries for your homelab (Thinkst/OpenCanary alternative)
andreicscs@lemmy.world 21 hours agoI see, i get your feelings about GitHub, i checked out your post and it really is an annoying problem, I’ll see what i can do for you and others who can’t access GitHub. For now anyone who has trouble accessing GitHub, please feel free to either reach out right here on this post, or via email at info@honeywire.dev.
As for the issue, it would be great if you could provide a little more information about your deployment. Did you use the setup wizard, or did you go with a manual deployment? What does your compose file look like? (It will be located at /opt/honeywire/sensors/honeywire-compose.yml if you used the setup wizard).
The setup wizard is built to prevent you from applying a conflicting config to the node, so this is either a bug with the wizard’s environment checks, or a manual deployment that happened to use conflicting ports.
The containers crashing and only showing logs from the last start is definitely interesting behavior. My best guess until I see the config and deployment type is that the Docker daemon hit a fatal error on the port collision panicked and kept restarting the containers, forcing the previous logs to clear as well.
Alfredolin@sopuli.xyz 21 hours ago
Yes I used the wizard, which is very neat. Yeah, during the setup, all occupied ports are listed, including the one which was already occupied but nevertheless got used by one of the tcp tarpit decoys.
Now I just moved that decoys port (just did +1, I hope that doesn’t matter) from the UI which correctly changed the honeywire-compose.yml file. Now it seems to be running properly, and firedrill triggers the notifications.
I think you are right on the compose up crash upon port occupied.
andreicscs@lemmy.world 20 hours ago
Thank you so much for the additional info, since you used the wizard this shouldn’t have happened at all. Did the wizard itself recommend the occupied port during the initial environment discovery, or did you deploy the sensor config from the hub and then run ‘honeywire apply’ ? i will definitely try to replicate this edge case, if it’s a recurring logic issue I’ll push out a hotfix as soon as I can.
bumping up the port won’t cause any issues at all!, it is what the wizard should have done once it realized the port was already in use. You can run the decoys on any ports you want as long as they are not already bound to that host. I’m glad to hear everything else worked as intended and that the Firedrill successfully triggered your notifications
Your feedback was very helpful!
Alfredolin@sopuli.xyz 19 hours ago
The hub is running as follow:
That way I had to change as less as possible and just setup a quick reverse proxy. I 100% followed the steps from the README.md in Github for the quick start guide, so this was all wizard and
honeywire apply. 3306 was the already occupied port, occupied by a native program, not a container.andreicscs@lemmy.world 18 hours ago
That explains it, i still find it weird that the hub was crashing too, but the issue is now solved either way. I just released a hotfix for the sensor. I also released a hotfix for the hub to polish deployment UX and fix a minor issue with sensor updates, i recommend you run ‘docker compose up -d --pull always hub’ to update the hub and, you should be able to update the sensor from the hub if you haven’t already.
Thanks for the help!