deepblue/mikrocata2selks
1
0
Fork 0
mirror of https://github.com/angolo40/mikrocata2selks.git synced 2025-05-11 16:07:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
47 Commits 2 Branches 2 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
root 3b42038fcb First attemp - MultipleMikrotik
2023-03-28 14:09:37 +02:00
easyinstall.sh
First attemp - MultipleMikrotik
2023-03-28 13:48:52 +02:00
LICENSE
initial commit
2022-11-23 14:04:57 +01:00
mikrocata2selks.yaml
initial commit
2022-11-23 14:04:57 +01:00
mikrocata.py
First attemp - MultipleMikrotik
2023-03-28 14:09:37 +02:00
mikrocata.service
initial commit
2022-11-23 14:04:57 +01:00
README.md
Update README.md
2023-03-02 10:03:53 +01:00
suricata.yaml
First attemp - MultipleMkeorik
2023-03-28 12:43:13 +02:00
tzsp.netdev
initial commit
2022-11-23 14:04:57 +01:00
tzsp.network
initial commit
2022-11-23 14:04:57 +01:00
TZSPreplay@.service
First attemp - MultipleMkeorik
2023-03-28 12:43:13 +02:00

README.md

Welcome to Mikrocata2SELKS 👋

Version License: MIT

Script for auto-install Selks and mikrocata on Debian 11

Introduction

This repo intend to semplify installation of IDS/IPS Suricata for packet analyzing coming from Mikrotik. It uses latest docker repo from SELKS (Suricata, ELK Stack) and mikrocata.

Minimum working setup:

  • 2 cores
  • 10 GB of free RAM
  • minimum 10 GB of free disk space (actual disk occupation will mainly depend of the number of rules and the amount of traffic on the network). 200GB+ SSD grade is recommended.

Functions

  • Install Docker and Docker Compose
  • Install Python
  • Download and install SELKS repo (https://github.com/StamusNetworks/SELKS)
  • Download and install Mikrocata
  • Install TZSP interface
  • Notification over Telegram when ip is blocked

Install

./easyinstall.sh

Usage

  • Setup a fresh Debian 11 install on a dedicated machine (server or vm)
  • Login as root
  • Download this git repo
  • Edit easyinstall.sh with path where to install SELKS
  • Run ./easyinstall.sh
  • Once finished edit /usr/local/bin/mikrocata.py with your Mikrotik and Telegram parameters and then reload service with 'systemctl restart mikrocata.service'
  • Configure Mikrotik

Mikrotik setup

  • /tool sniffer set filter-stream=yes streaming-enabled=yes streaming-server=xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx is your Debian ip addr)

  • /tool sniffer start

  • /ip/firewall/raw/add action=drop chain=prerouting comment="IPS-drop_in_bad_traffic" src-address-list=Suricata

  • /ip/firewall/raw/add action=drop chain=prerouting comment="IPS-drop_out_bad_traffic" dst-address-list=Suricata

Enabling Mikrotik API

  • /ip service set api-ssl address=xxx.xxx.xxx.xxx enabled=yes (xxx.xxx.xxx.xxx is your Debian ip addr)

Add Mikrotik User

  • /user/add name=mikrocata2selks password=xxxxxxxxxxxxx group=full (change password)

Author

👤 Giuseppe Trifilio

🤝 Contributing

  • Contributions, issues and feature requests are welcome!
    Feel free to check issues page.

Show your support

  • Give a if this project helped you!
  • BTC: bc1qga68pwf49sfhdd9nj96m8e2s65ypjegtx8lafj
  • BNB: 0x720b2b3e4436ec7064d54598BAd113e5293fF691

This README was generated with ❤️ by readme-md-generator

Description
Mikrotik + Selks (Suricata) + Telegram + TZSP on Debian 12
Readme GPL-3.0 375 KiB
Languages
Python 83.9%
Shell 16.1%