Added more info about this repo

README.md

@@ -12,10 +12,10 @@ This repo intend to semplify installation of IDS/IPS Suricata for packet analyzi
 It uses latest docker repo from SELKS (Suricata, ELK Stack) and mikrocata.
 
 ## Function
-- Install Docker and Docker compose
+- Install Docker and Docker Compose
 - Install Python
-- Download SELKS repo
-- Download mikrocata repo
+- Download and install SELKS repo --> https://github.com/StamusNetworks/SELKS
+- Download and install mikrocata repo
 - Install TZSP interface
 - Notification over Telegram when IP is blocked
 
@@ -27,10 +27,13 @@ It uses latest docker repo from SELKS (Suricata, ELK Stack) and mikrocata.
 
 ## Usage
 
-- Download this git repo 
-- Edit easyinstall.sh with your parameters
-- Edit microcata.py with your parameters
-- Remember to enable packet sniffer on Mikrotik
+- Setup a fresh Debian 11 install on a dedicated machine (or server or vm)
+- Login as root
+- Download this git repo
+- Edit easyinstall.sh with path where to install SELKS
+- Run ./easyinstall.sh
+- Once finished edit /usr/local/bin/mikrocata.py with your Mikrotik and Telegram parameters and then reload service with 'systemctl restart mikrocata.service'
+- Remember to enable packet sniffer on Mikrotik 
 - Enable blocking rule on Mikrotik
 
 ## Author

easyinstall.sh

@@ -1,20 +1,24 @@
 #!/bin/bash
 
-# Edit these settings:
+### START EDIT SETTINGS
 
-PATH_SELKS=/home/user/SELKS/
-PATH_GIT_MIKROCATA=/home/user/mikrocata2selks
+# Path where to install SELKS files
+PATH_SELKS=$HOME/SELKS
 
 # SETUP CONFIG SCRIPT
 INSTALL_DUMMY_INTERFACE=true
 INSTALL_MIKROCATA_SERVICE=true
 INSTALL_SELKS=true
 
+### END EDIT SETTINGS
+
 echo "--- Install required package ---"
 
 apt-get install ca-certificates curl wget unzip  gnupg  lsb-release build-essential python3-pip git htop libpcap-dev -y
 pip3 install pyinotify ujson requests librouteros
 
+PATH_GIT_MIKROCATA=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+sed -i '/SELKS_CONTAINER_DATA_SURICATA_LOG=/c\SELKS_CONTAINER_DATA_SURICATA_LOG='$PATH_SELKS'/docker/containers-data/suricata/logs/' "$PATH_GIT_MIKROCATA/mikrocata.py"
 
 docker -v
 if [ $? -eq 128 ]; then
@@ -89,7 +93,7 @@ then
 fi
 
 
-echo "--- INSTALLER COMPLETED ---"
+echo "--- INSTALL COMPLETED ---"
 echo "--- "
 echo "--- "
 echo "--- Edit '/usr/local/bin/mikrocata.py' with your info and then reload service with 'systemctl restart mikrocata.service'"

mikrocata.py

@@ -25,28 +25,34 @@ from librouteros.query import Key
 import requests
 
 # ------------------------------------------------------------------------------
-# Edit these settings:
-
-SELKS_CONTAINER_DATA_SURICATA_LOG="/home/user/SELKS/docker/containers-data/suricata/logs/"
+################# START EDIT SETTINGS
 
+#Set Mikrotik login information
 USERNAME = "mikrocata2selks"
 PASSWORD = "password"
 ROUTER_IP = "192.168.0.1"
 TIMEOUT = "1d"
 PORT = 8729  # api-ssl port
-FILEPATH = os.path.abspath(SELKS_CONTAINER_DATA_SURICATA_LOG + "alerts.json")
 BLOCK_LIST_NAME = "Suricata"
+
+#Set Telegram information
+enable_telegram = False
 TELEGRAM_TOKEN = "TOKEN"
 TELEGRAM_CHATID = "CHATID"
-enable_telegram = False
 
-# You can add your WAN IP, so it doesn't get mistakenly blocked.
-# (don't leave empty string)
+# You can add your WAN IP, so it doesn't get mistakenly blocked (don't leave empty string)
 WAN_IP = "yourpublicip"
 LOCAL_IP_PREFIX = "192.168."
 WHITELIST_IPS = (WAN_IP, LOCAL_IP_PREFIX, "127.0.0.1", "1.1.1.1", "8.8.8.8")
 COMMENT_TIME_FORMAT = "%-d %b %Y %H:%M:%S.%f"  # See datetime strftime formats.
 
+################# END EDIT SETTINGS
+# ------------------------------------------------------------------------------
+
+# Suricata log file
+SELKS_CONTAINER_DATA_SURICATA_LOG=
+FILEPATH = os.path.abspath(SELKS_CONTAINER_DATA_SURICATA_LOG + "alerts.json")
+
 # Save Mikrotik address lists to a file and reload them on Mikrotik reboot.
 # You can add additional list(s), e.g. [BLOCK_LIST_NAME, "blocklist1", "list2"]
 SAVE_LISTS = [BLOCK_LIST_NAME]
@@ -66,7 +72,6 @@ IGNORE_LIST_LOCATION = os.path.abspath("/var/lib/mikrocata/ignore.conf")
 # Just for testing purposes, i.e. not good for systemd service.
 ADD_ON_START = False
 
-# ------------------------------------------------------------------------------
 # global vars
 last_pos = 0
 api = None