mirror of
https://github.com/angolo40/mikrocata2selks.git
synced 2025-05-12 00:17:21 +00:00
fix
This commit is contained in:
giuseppe
parent
79e42dd64a
commit
2405abf1e7
25
README.md
25
README.md
@ -11,13 +11,13 @@
|
||||
This repo intend to semplify installation of IDS/IPS Suricata for packet analyzing analyzing coming from Mikrotik.
|
||||
It uses latest docker repo from SELKS (Suricata, ELK Stack) and mikrocata.
|
||||
|
||||
## Function
|
||||
## Functions
|
||||
- Install Docker and Docker Compose
|
||||
- Install Python
|
||||
- Download and install SELKS repo --> https://github.com/StamusNetworks/SELKS
|
||||
- Download and install mikrocata repo
|
||||
- Download and install SELKS repo (https://github.com/StamusNetworks/SELKS)
|
||||
- Download and install Mikrocata
|
||||
- Install TZSP interface
|
||||
- Notification over Telegram when IP is blocked
|
||||
- Notification over Telegram when ip is blocked
|
||||
|
||||
## Install
|
||||
|
||||
@ -27,14 +27,25 @@ It uses latest docker repo from SELKS (Suricata, ELK Stack) and mikrocata.
|
||||
|
||||
## Usage
|
||||
|
||||
- Setup a fresh Debian 11 install on a dedicated machine (or server or vm)
|
||||
- Setup a fresh Debian 11 install on a dedicated machine (server or vm)
|
||||
- Login as root
|
||||
- Download this git repo
|
||||
- Edit easyinstall.sh with path where to install SELKS
|
||||
- Run ./easyinstall.sh
|
||||
- Once finished edit /usr/local/bin/mikrocata.py with your Mikrotik and Telegram parameters and then reload service with 'systemctl restart mikrocata.service'
|
||||
- Remember to enable packet sniffer on Mikrotik
|
||||
- Enable blocking rule on Mikrotik
|
||||
- Configure Mikrotik
|
||||
|
||||
## Mikrotik setup
|
||||
|
||||
- /tool sniffer set filter-stream=yes streaming-enabled=yes streaming-server=xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx is your Debian ip addr)
|
||||
- /tool sniffer start
|
||||
|
||||
- /ip/firewall/raw/add action=drop chain=prerouting comment="IPS-drop_in_bad_traffic" src-address-list=Suricata
|
||||
- /ip/firewall/raw/add action=drop chain=prerouting comment="IPS-drop_out_bad_traffic" dst-address-list=Suricata
|
||||
|
||||
Enabling Mikrotik API
|
||||
|
||||
- /ip service set api-ssl address=xxx.xxx.xxx.xxx enabled=yes (xxx.xxx.xxx.xxx is your Debian ip addr)
|
||||
|
||||
## Author
|
||||
|
||||
|
||||
@ -47,31 +47,24 @@ then
|
||||
make install
|
||||
|
||||
echo "--- Creating interface ---"
|
||||
|
||||
cp $PATH_GIT_MIKROCATA/tzsp.netdev /etc/systemd/network/
|
||||
cp $PATH_GIT_MIKROCATA/tzsp.network /etc/systemd/network/
|
||||
|
||||
echo "--- Enable interface ---"
|
||||
|
||||
systemctl enable systemd-networkd
|
||||
systemctl restart systemd-networkd
|
||||
|
||||
|
||||
echo "--- Create service for interface dummy ---"
|
||||
|
||||
cp $PATH_GIT_MIKROCATA/TZSPreplay@.service /etc/systemd/system/
|
||||
systemctl enable --now TZSPreplay@tzsp0.service
|
||||
|
||||
fi
|
||||
|
||||
|
||||
if $INSTALL_MIKROCATA_SERVICE
|
||||
then
|
||||
echo "--- Installing Mikrocata and his service ---"
|
||||
|
||||
cp $PATH_GIT_MIKROCATA/mikrocata.py /usr/local/bin/
|
||||
chmod +x /usr/local/bin/mikrocata.py
|
||||
|
||||
touch /var/lib/mikrocata/savelists.json
|
||||
touch /var/lib/mikrocata/uptime.bookmark
|
||||
touch /var/lib/mikrocata/ignore.conf
|
||||
cp $PATH_GIT_MIKROCATA/mikrocata.service /etc/systemd/system/
|
||||
systemctl enable --now mikrocata.service
|
||||
fi
|
||||
@ -81,21 +74,19 @@ then
|
||||
echo "--- Start SELKS Installer ---"
|
||||
|
||||
git clone https://github.com/StamusNetworks/SELKS.git $PATH_SELKS
|
||||
|
||||
cd $PATH_SELKS/docker/
|
||||
./easy-setup.sh --non-interactive -i tzsp0 --iA --restart-mode always --es-memory 6G
|
||||
|
||||
cp $PATH_GIT_MIKROCATA/mikrocata2selks.yaml $PATH_SELKS/docker/containers-data/suricata/etc/
|
||||
echo "include: mikrocata2selks.yaml" >> $PATH_SELKS/docker/containers-data/suricata/etc/suricata.yaml
|
||||
|
||||
# docker-compose down
|
||||
docker-compose up -d
|
||||
fi
|
||||
echo "include: mikrocata2selks.yaml" >> $PATH_SELKS/docker/containers-data/suricata/etc/suricata.yaml
|
||||
docker restart suricata
|
||||
|
||||
|
||||
fi
|
||||
|
||||
echo "--- INSTALL COMPLETED ---"
|
||||
echo "--- "
|
||||
echo "--- "
|
||||
echo "--- Edit '/usr/local/bin/mikrocata.py' with your info and then reload service with 'systemctl restart mikrocata.service'"
|
||||
echo "--- Remember to enable packetsniffer on Mikrotik to machine ip"
|
||||
echo "--- Remember to confiure Mikrotik"
|
||||
echo "--- "
|
||||
|
||||
11
mikrocata.py
11
mikrocata.py
@ -1,16 +1,5 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
#
|
||||
# Script for adding alerts from Suricata to Mikrotik routers.
|
||||
#
|
||||
# In suricata.yaml add another eve-log:
|
||||
# - eve-log:
|
||||
# enabled: yes
|
||||
# filetype: regular
|
||||
# filename: alerts.json
|
||||
# types:
|
||||
# - alert
|
||||
|
||||
import ssl
|
||||
import os
|
||||
import socket
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user