Update README.md

update Readme
2025-05-12 08:27:22 +00:00 · 2024-06-19 09:40:38 +02:00 · 2024-06-19 09:40:38 +02:00 · f90aecb0bb
commit f90aecb0bb
parent c5baafe1db
1 changed files with 65 additions and 64 deletions
--- a/README.md
+++ b/README.md
@ -8,116 +8,117 @@
 ## 📋 Introduction
-This repository is designed to simplify the installation process for the IDS/IPS Suricata for packet analysis from Mikrotik devices.
+This repository is designed to simplify the installation process for the IDS/IPS Suricata for packet analysis from Mikrotik devices. The script is compatible with latest SELKS 10.
 **Minimum Requirements:**
 - 4 CPU cores
 - 10 GB of free RAM
- Minimum 10 GB of free disk space (actual disk occupation will mainly depend of the number of rules and the amount of traffic on the network - 200GB+ SSD grade recommended).
+- Minimum 10 GB of free disk space (actual disk usage will mainly depend on the number of rules and the amount of traffic on the network - 200GB+ SSD grade recommended).
 ## 🚀 Installation
-## 🚀 Install
+1. Set up a fresh Debian 12 installation on a dedicated machine (server or VM).
-
+2. Log in as root.
- Setup a fresh Debian 12 install on a dedicated machine (server or vm)
+3. Install Git: `apt install git`.
- Login as root
+4. Clone this repository: `git clone https://github.com/angolo40/mikrocata2selks.git`.
- Install git with 'apt install git'
+5. Edit `easyinstall.sh` with the path where to install SELKS and the number of Mikrotik devices to handle.
- Clone this git repo 'git clone https://github.com/angolo40/mikrocata2selks.git'
+6. Run `./easyinstall.sh`.
- Edit easyinstall.sh with path where to install SELKS and how many Mikrotik to handle
+7. Wait....
- Run './easyinstall.sh'
+8. Once finished, edit `/usr/local/bin/mikrocataTZSP0.py` with your Mikrotik and Telegram parameters, then reload the service with `systemctl restart mikrocataTZSP0.service`.
- Once finished edit /usr/local/bin/mikrocataTZSP0.py with your Mikrotik and Telegram parameters and then reload service with 'systemctl restart mikrocataTZSP0.service'
+9. Configure your Mikrotik devices.
 - Configure Mikrotik
 ## 📡 Mikrotik Setup
- /tool/sniffer/set filter-stream=yes streaming-enabled=yes streaming-server=[DEBIANIP]:37008
+1. Enable sniffer:
- /tool/sniffer/start
+    ```sh
- /ip/firewall/raw/add action=drop chain=prerouting comment="IPS-drop_in_bad_traffic" src-address-list=Suricata
+    /tool/sniffer/set filter-stream=yes streaming-enabled=yes streaming-server=[YOURDEBIANIP]:37008
- /ip/firewall/raw/add action=drop chain=prerouting comment="IPS-drop_out_bad_traffic" dst-address-list=Suricata
+    /tool/sniffer/start
-  
+    ```
-Enabling Mikrotik API:
+2. Add firewall rules:
- /ip/service/set api-ssl address=[DEBIANIP] enabled=yes
+    ```sh
-  
+    /ip/firewall/raw/add action=drop chain=prerouting comment="IPS-drop_in_bad_traffic" src-address-list=Suricata
-Add Mikrocata user in Mikrotik:
+    /ip/firewall/raw/add action=drop chain=prerouting comment="IPS-drop_out_bad_traffic" dst-address-list=Suricata
-  /user/add name=mikrocata2selks password=xxxxxxxxxxxxx group=full (change password)
+    ```
 3. Enable Mikrotik API:
    ```sh
    /ip/service/set api-ssl address=[DEBIANIP] enabled=yes
    ```
 4. Add Mikrocata user in Mikrotik:
    ```sh
    /user/add name=mikrocata2selks password=xxxxxxxxxxxxx group=full (change password)
    ```
 ## 🛠️ Handling Multiple Mikrotik Devices
-## 🛠️ Handle Multiple Mikrotik Devices
+For each additional Mikrotik device, a dedicated dummy interface and mikrocata service will be created. 
- Setting more than 1 Mikrotik it will create for each device a dedicated dummy interface and dedicated mikrocata service.
+- Example configuration:
- Example:
+    - For Mikrotik0: `tzsp0` interface on port `37008` and `/usr/local/bin/mikrocataTZSP0.py`.
- - for Mikrotik0 will create tzsp0 interface listening at 37008 port and /usr/local/bin/mikrocataTZSP0.py
+    - For Mikrotik1: `tzsp1` interface on port `37009` and `/usr/local/bin/mikrocataTZSP1.py`.
- - for Mikrotik1 will create tzsp1 interface listening at 37009 port and /usr/local/bin/mikrocataTZSP1.py
+    - For Mikrotik2: `tzsp2` interface on port `37010` and `/usr/local/bin/mikrocataTZSP2.py`.
- - for Mikrotik2 will create tzsp2 interface listening at 37010 port and /usr/local/bin/mikrocataTZSP2.py
+    
- - and so on...
+Edit each script with the specific Mikrotik values and enable the sniffer on each Mikrotik device to send data to the respective port.
 - - So you have to edit:
 - - /usr/local/bin/mikrocataTZSP0.py with specific Mikrotik0 value and enable sniffer on Mikrotik0 sending data to 37008 port.
 - - /usr/local/bin/mikrocataTZSP1.py with specific Mikrotik1 value and enable sniffer on Mikrotik1 sending data to 37009 port
 - - /usr/local/bin/mikrocataTZSP2.py with specific Mikrotik2 value and enable sniffer on Mikrotik2 sending data to 37010 port.
 - - and so on...
-
+## 💡 Features
 ## 💡 Functions
 - Installs Docker and Docker Compose.
 - Installs Python.
- Download and install SELKS repo (https://github.com/StamusNetworks/SELKS)
+- Downloads and installs SELKS repository (https://github.com/StamusNetworks/SELKS).
- Download and install Mikrocata
+- Downloads and installs Mikrocata.
 - Installs TZSP interface.
 - Enables notifications over Telegram when an IP is blocked.
 ## 🔄 Changelog
 ### 2.2.2
- Fixed telegram notification
+- Fixed telegram notification issue.
 ### 2.2.1
- Fixed bug causing microcata.py script crash during Suricata logrotate.
+- Fixed bug causing `mikrocata.py` script crash during Suricata logrotate.
 ### 2.2
- Migrated compatibility to Debian 12.
+- Added compatibility with Debian 12.
 ### 2.1
- Improved stability of the read_json function.(thanks to bekhzad-khamidullaev)
+- Improved stability of the `read_json` function (thanks to bekhzad-khamidullaev).
 ## 🔧 Troubleshooting
- Check if packets are coming to VM from mikrotik through dummy interface
+- Check if packets are arriving at the VM from Mikrotik through the dummy interface:
-```sh
+    ```sh
-tcpdump -i tzsp0
+    tcpdump -i tzsp0
-```
+    ```
- Check if mikrocata service and tzsp0 interface are up and running
+- Check if mikrocata service and tzsp0 interface are up and running:
-```sh
+    ```sh
-systemctl status mikrocataTZSP0.service
+    systemctl status mikrocataTZSP0.service
-systemctl status TZSPreplay37008@tzsp0.service
+    systemctl status TZSPreplay37008@tzsp0.service
-```
+    ```
- Check if suricata docker is up and running
+- Check if Suricata Docker container is up and running:
-```sh
+    ```sh
-docker logs -f suricata
+    docker logs -f suricata
-```
+    ```
 ## 📝 Notes
- default account of SELKS:
+- Default account for SELKS:
- - https://[DEBIANIP]
+    - URL: `https://[YOURDEBIANIP]`
- - Username: selks-user
+    - Username: `selks-user`
-  - Password: selks-user
+    - Password: `selks-user`
 ## 👤 Author
 **Giuseppe Trifilio**
 - [Website](https://github.com/angolo40/mikrocata2selks)
- [Github](https://github.com/angolo40)
+- [GitHub](https://github.com/angolo40)
 Inspired by [zzbe/mikrocata](https://github.com/zzbe/mikrocata).
 ## 🤝 Contributing
-Contributions, issues, and feature requests are welcome. Check the [issues page](https://github.com/angolo40/mikrocata2selks).
+Contributions, issues, and feature requests are welcome! Check the [issues page](https://github.com/angolo40/mikrocata2selks).
 ## 🌟 Show Your Support
 Give a ⭐️ if this project helped you!
 - **XMR**: `87LLkcvwm7JUZAVjusKsnwNRPfhegxe73X7X3mWXDPMnTBCb6JDFnspbN8qdKZA6StHXqnJxMp3VgRK7DcS2sgnW3wH7Xhw`