Community discussions

 
plisken
Forum Guru
Forum Guru
Topic Author
Posts: 2409
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Can a script be created if a wrong login name is used

Thu Aug 08, 2019 7:23 pm

Can a script be created if a wrong login name is used to place the IP address in the address list and then be blocked into the firewall?
For example, superuser is the correct name. All the rest is wrong and must by blocked

Thanks
 
pe1chl
Forum Guru
Forum Guru
Posts: 5722
Joined: Mon Jun 08, 2015 12:09 pm

Re: Can a script be created if a wrong login name is used

Thu Aug 08, 2019 7:50 pm

It is possible to write a script that reads recent log entries from memory, analyzes them and takes action.
When you schedule that script to run regularly, it could do what you want.
 
plisken
Forum Guru
Forum Guru
Topic Author
Posts: 2409
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: Can a script be created if a wrong login name is used

Thu Aug 08, 2019 8:11 pm

I found something like this on this forum but i want edit this to is used a wrong username.

:local loglist [:toarray [/log find time>([/system clock get time] - 1m) message~"critical login failurel"]]
:foreach i in=$loglist do={
:local logMessage [/log get $i message]
:local ip [:pick $logMessage 0 [:find $logMessage " "]]
/ip firewall address-list add address=$ip list=LOGIN_FAILURE timeout=30d
:log info message="script=LOGIN_FAILURE src_ip=$ip"
}
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1296
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Can a script be created if a wrong login name is used

Thu Aug 08, 2019 8:22 pm

This is the message you get when using wrong username or password:
system,error,critical MikroTik: login failure for user per from 192.168.88.10 via winbox
Give me some minute and I will fix a script. But take care, this can block your self from entering the system.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
plisken
Forum Guru
Forum Guru
Topic Author
Posts: 2409
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: Can a script be created if a wrong login name is used

Thu Aug 08, 2019 8:33 pm

Hello Jotne, thanks for your effort, i appresiate that.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1296
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Can a script be created if a wrong login name is used

Thu Aug 08, 2019 8:44 pm

This should do:
Schedule it to run every 5 min.
It will then add the IP for the user with wrong username or password to address list Wrong_User for 24 hour.
# Created Jotne 2019 v1.0
#
# Add user who tries wrong user or password to address-list


# Find all "login failure" error last 5 min
:local loglist [:toarray [/log find  time>([/system clock get time] - 5m) message~"login failure"]]
5
# for all error do
:foreach i in=$loglist do={

# find message
	:local logMessage [/log get $i message]
# find ip
	:local ip [:pick $logMessage ([:find $logMessage "from"]+5) [:find $logMessage " via"]]
# Add ip to accesslist	
	/ip firewall address-list add address=$ip list=Wrong_User timeout=24h
	}
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
plisken
Forum Guru
Forum Guru
Topic Author
Posts: 2409
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: Can a script be created if a wrong login name is used

Thu Aug 08, 2019 10:27 pm

You are great Jotne, you are a great help for me and many others.

Thanks a lot

Who is online

Users browsing this forum: No registered users and 2 guests