deepblue/mikrocata2selks
1
0
Fork 0
mirror of https://github.com/angolo40/mikrocata2selks.git synced 2025-05-12 00:17:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

First attemp - MultipleMkeorik

Browse Source
This commit is contained in:
root 2023-03-28 12:43:13 +02:00
parent 8afcf89078
commit d5448a8e14
4 changed files with 2214 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TZSPreplay@.service
View File

@ -5,6 +5,7 @@ Requires=network-online.target
[Service]
Type=simple
Environment="SCRIPT_ARGS=%I"
ExecStart=/bin/sh -c "/usr/local/bin/tzsp2pcap -f | /usr/local/bin/tcpreplay-edit --topspeed --mtu=$(cat /sys/class/net/%I/mtu) --mtu-trunc -i %I -"
Restart=always
RestartSec=3

113
easyinstall.sh
View File

@ -10,6 +10,8 @@ INSTALL_DUMMY_INTERFACE=true
INSTALL_MIKROCATA_SERVICE=true
INSTALL_SELKS=true
HOW_MANY_MIKROTIK=1 #Min 1 Mikrotik
### END EDIT SETTINGS
echo "--- Install required package ---"
@ -20,13 +22,15 @@ pip3 install pyinotify ujson requests librouteros
PATH_GIT_MIKROCATA=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
sed -i '/SELKS_CONTAINER_DATA_SURICATA_LOG=/c\SELKS_CONTAINER_DATA_SURICATA_LOG="'$PATH_SELKS'/docker/containers-data/suricata/logs/"' "$PATH_GIT_MIKROCATA/mikrocata.py"
docker -v
if [ $? -eq 128 ]; then
echo "--- Installing docker ---"
curl -fsSL https://get.docker.com/ | sh
else
echo "--- Docker already installed ---"
fi
HOW_MANY_MIKROTIK=$(( $HOW_MANY_MIKROTIK - 1 ))
#docker -v
#if [ $? -eq 128 ]; then
# echo "--- Installing docker ---"
# curl -fsSL https://get.docker.com/ | sh
#else
# echo "--- Docker already installed ---"
#fi
if $INSTALL_DUMMY_INTERFACE
then
@ -46,28 +50,58 @@ then
make
make install
echo "--- Creating interface ---"
cp $PATH_GIT_MIKROCATA/tzsp.netdev /etc/systemd/network/
cp $PATH_GIT_MIKROCATA/tzsp.network /etc/systemd/network/
num=0
while [ $num -le $HOW_MANY_MIKROTIK ]
do
echo "--- Creating interface ---"
cp $PATH_GIT_MIKROCATA/tzsp.netdev /etc/systemd/network/tzsp$num.netdev
cp $PATH_GIT_MIKROCATA/tzsp.network /etc/systemd/network/tzsp$num.network
cmd="tzsp$num"
sed -i "s/tzsp0/$cmd/g" /etc/systemd/network/tzsp$num.netdev
sed -i "s/tzsp*/$cmd/g" /etc/systemd/network/tzsp$num.network
cmd="25$num"
sed -i "s/254/$cmd/g" /etc/systemd/network/tzsp$num.network
num=$(( $num + 1 ))
done
systemctl enable systemd-networkd
systemctl restart systemd-networkd
echo "--- Create service for interface dummy ---"
cp $PATH_GIT_MIKROCATA/TZSPreplay@.service /etc/systemd/system/
systemctl enable --now TZSPreplay@tzsp0.service
port=37008
num=0
while [ $num -le $HOW_MANY_MIKROTIK ]
do
echo "--- Create service for interface dummy ---"
cp $PATH_GIT_MIKROCATA/TZSPreplay@.service /etc/systemd/system/TZSPreplay$port@.service
cmd="tzsp2pcap -p $port"
sed -i "s/tzsp2pcap/$cmd/g" /etc/systemd/system/TZSPreplay$port@.service
systemctl enable --now TZSPreplay$port@tzsp$num.service
echo $num
num=$(( $num + 1 ))
port=$(( $port + 1 ))
done
fi
if $INSTALL_MIKROCATA_SERVICE
then
echo "--- Installing Mikrocata and his service ---"
cp $PATH_GIT_MIKROCATA/mikrocata.py /usr/local/bin/
chmod +x /usr/local/bin/mikrocata.py
mkdir -p /var/lib/mikrocata
touch /var/lib/mikrocata/savelists.json
touch /var/lib/mikrocata/uptime.bookmark
touch /var/lib/mikrocata/ignore.conf
cp $PATH_GIT_MIKROCATA/mikrocata.service /etc/systemd/system/
systemctl enable --now mikrocata.service
num=0
while [ $num -le $HOW_MANY_MIKROTIK ]
do
echo "--- Installing Mikrocata and his service ---"
cp $PATH_GIT_MIKROCATA/mikrocata.py /usr/local/bin/mikrocataTZSP$num.py
chmod +x /usr/local/bin/mikrocataTZSP$num.py
sed -i "s/tzsp0/tzsp$num/g" /usr/local/bin/mikrocataTZSP$num.py
mkdir -p /var/lib/mikrocata
touch /var/lib/mikrocata/savelists-tzsp$num.json
touch /var/lib/mikrocata/uptime-tzsp$num.bookmark
touch /var/lib/mikrocata/ignore-tzsp$num.conf
cp $PATH_GIT_MIKROCATA/mikrocata.service /etc/systemd/system/mikrocataTZSP$num.service
cmd="mikrocataTZSP$num.py"
sed -i "s/mikrocata.py/$cmd/g" /etc/systemd/system/mikrocataTZSP$num.service
systemctl enable --now mikrocataTZSP$num.service
num=$(( $num + 1 ))
done
fi
if $INSTALL_SELKS
@ -76,20 +110,37 @@ then
git clone https://github.com/StamusNetworks/SELKS.git $PATH_SELKS
cd $PATH_SELKS/docker/
./easy-setup.sh --non-interactive -i tzsp0 --iA --restart-mode always --es-memory 6G
cp $PATH_GIT_MIKROCATA/mikrocata2selks.yaml $PATH_SELKS/docker/containers-data/suricata/etc/
docker-compose up -d
sleep 15
if "$( docker container inspect -f '{{.State.Running}}' suricata )" == "true"
then
num=0
cmd=""
cmd2=""
while [ $num -le $HOW_MANY_MIKROTIK ]
do
mkdir -p $PATH_SELKS/docker/containers-data/suricata-tzsp$num/etc
cp $PATH_GIT_MIKROCATA/mikrocata2selks.yaml $PATH_SELKS/docker/containers-data/suricata-tzsp$num/etc/
cmd="alerts-tzsp$num"
sed -i "s/alerts/$cmd/g" $PATH_SELKS/docker/containers-data/suricata-tzsp$num/etc/mikrocata2selks.yaml
cp $PATH_GIT_MIKROCATA/suricata.yaml $PATH_SELKS/docker/containers-data/suricata-tzsp$num/etc/
echo "include: mikrocata2selks.yaml" >> $PATH_SELKS/docker/containers-data/suricata-tzsp$num/etc/suricata.yaml
cp $PATH_GIT_MIKROCATA/suricata.yaml $PATH_SELKS/docker/containers-data/suricata/etc/
echo "include: mikrocata2selks.yaml" >> $PATH_SELKS/docker/containers-data/suricata/etc/suricata.yaml
docker restart suricata
fi
cmd2="$cmd2 -i tzsp$num"
num=$(( $num + 1 ))
done
echo "$cmd2"
./easy-setup.sh --non-interactive $cmd2 --iA --restart-mode always --es-memory 6G
docker-compose up -d
fi
echo "--- INSTALL COMPLETED ---"
echo "--- "
echo "--- "
echo "--- Edit '/usr/local/bin/mikrocata.py' with your info and then reload service with 'systemctl restart mikrocata.service'"
while [ $num -le $HOW_MANY_MIKROTIK ]
do
echo "--- Edit '/usr/local/bin/mikrocataTZSP$num.py' with your info and then reload service with 'systemctl restart mikrocatamikrocataTZSP$num.service'"
done
echo "--- Remember to configure Mikrotik"
echo "--- "

16
mikrocata.py
View File

@ -16,6 +16,8 @@ import requests
# ------------------------------------------------------------------------------
################# START EDIT SETTINGS
LISTEN_INTERFACE=("tzsp0")
#Set Mikrotik login information
USERNAME = "mikrocata2selks"
PASSWORD = "password"
@ -42,7 +44,7 @@ SEVERITY=("1","2")
# ------------------------------------------------------------------------------
# Suricata log file
SELKS_CONTAINER_DATA_SURICATA_LOG=
SELKS_CONTAINER_DATA_SURICATA_LOG="/root/SELKS/docker/containers-data/suricata/logs/"
FILEPATH = os.path.abspath(SELKS_CONTAINER_DATA_SURICATA_LOG + "alerts.json")
# Save Mikrotik address lists to a file and reload them on Mikrotik reboot.
@ -50,13 +52,13 @@ FILEPATH = os.path.abspath(SELKS_CONTAINER_DATA_SURICATA_LOG + "alerts.json")
SAVE_LISTS = [BLOCK_LIST_NAME]
# (!) Make sure you have privileges (!)
SAVE_LISTS_LOCATION = os.path.abspath("/var/lib/mikrocata/savelists.json")
SAVE_LISTS_LOCATION = os.path.abspath("/var/lib/mikrocata/savelists-tzsp0.json")
# Location for Mikrotik's uptime. (needed for re-adding lists after reboot)
UPTIME_BOOKMARK = os.path.abspath("/var/lib/mikrocata/uptime.bookmark")
UPTIME_BOOKMARK = os.path.abspath("/var/lib/mikrocata/uptime-tzsp0.bookmark")
# Ignored rules file location - check ignore.conf for syntax.
IGNORE_LIST_LOCATION = os.path.abspath("/var/lib/mikrocata/ignore.conf")
IGNORE_LIST_LOCATION = os.path.abspath("/var/lib/mikrocata/ignore-tzsp0.conf")
# Add all alerts from alerts.json on start?
# Setting this to True will start reading alerts.json from beginning
@ -134,7 +136,11 @@ def add_to_tik(alerts):
# Remove duplicate src_ips.
for event in {item['src_ip']: item for item in alerts}.values():
if str(event["alert"]["severity"]) not in SEVERITY:
if str(event["alert"]["severity"]) not in SEVERITY:
print("pass severity: " + str(event["alert"]["severity"]))
break
if str(event["in_iface"]) not in LISTEN_INTERFACE:
break
if not in_ignore_list(ignore_list, event):

2120
suricata.yaml Normal file
View File

File diff suppressed because it is too large Load Diff