mirror of
https://github.com/eworm-de/routeros-scripts.git
synced 2026-03-04 21:19:36 +00:00
Compare commits
11 commits
eb9960eaa9
...
31c0716d69
| Author | SHA1 | Date | |
|---|---|---|---|
|
31c0716d69 | ||
|
|
cf0607837c | ||
|
|
1de4bdb909 | ||
|
|
7c318e144f | ||
|
|
309d17e81a | ||
|
|
66764ed0b2 | ||
|
|
e694477fdc | ||
|
|
875ac9f7c3 | ||
|
|
49d3a448c6 | ||
|
|
9b2099e402 | ||
|
|
679583bbbf |
11 changed files with 57 additions and 89 deletions
|
|
@ -4,7 +4,7 @@ Initial commands
|
|||
[](https://github.com/eworm-de/routeros-scripts/stargazers)
|
||||
[](https://github.com/eworm-de/routeros-scripts/network)
|
||||
[](https://github.com/eworm-de/routeros-scripts/watchers)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://t.me/routeros_scripts)
|
||||
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
|
||||
|
||||
|
|
@ -26,7 +26,7 @@ Run the complete base installation:
|
|||
:if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \
|
||||
($CertSettings->"builtin-trust-store") ~ "fetch" || \
|
||||
($CertSettings->"builtin-trust-store") = "all") && \
|
||||
[[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={
|
||||
[ :len [ /certificate/builtin/find where common-name=$CertCommonName ] ] > 0)) do={
|
||||
:put "Importing certificate...";
|
||||
/tool/fetch ($BaseUrl . "certs/" . $CertFileName) dst-path=$CertFileName as-value;
|
||||
:delay 1s;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ RouterOS Scripts
|
|||
[](https://github.com/eworm-de/routeros-scripts/stargazers)
|
||||
[](https://github.com/eworm-de/routeros-scripts/network)
|
||||
[](https://github.com/eworm-de/routeros-scripts/watchers)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://t.me/routeros_scripts)
|
||||
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
# Copyright (c) 2013-2026 Christian Hesse <mail@eworm.de>
|
||||
# https://rsc.eworm.de/COPYING.md
|
||||
#
|
||||
# requires RouterOS, version=7.17
|
||||
# requires RouterOS, version=7.19
|
||||
# requires device-mode, fetch
|
||||
#
|
||||
# check for certificate validity
|
||||
|
|
@ -117,10 +117,7 @@
|
|||
:local Return "";
|
||||
:for I from=0 to=5 do={
|
||||
:set Return ($Return . [ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
|
||||
:local CertSettings [ /certificate/settings/get ];
|
||||
:if (([ :len ($CertSettings->"builtin-trust-anchors") ] > 0 || \
|
||||
[ :len ($CertSettings->"builtin-trust-store") ] > 0) && \
|
||||
[[ :parse (":return [ :len [ /certificate/builtin/find where skid=\"" . ($CertVal->"akid") . "\" ] ]") ]] > 0) do={
|
||||
:if ([ :len [ /certificate/builtin/find where skid=($CertVal->"akid") ] ] > 0) do={
|
||||
:return $Return;
|
||||
}
|
||||
:do {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ Renew certificates and notify on expiration
|
|||
[](https://github.com/eworm-de/routeros-scripts/stargazers)
|
||||
[](https://github.com/eworm-de/routeros-scripts/network)
|
||||
[](https://github.com/eworm-de/routeros-scripts/watchers)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://t.me/routeros_scripts)
|
||||
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ Forward log messages via notification
|
|||
[](https://github.com/eworm-de/routeros-scripts/stargazers)
|
||||
[](https://github.com/eworm-de/routeros-scripts/network)
|
||||
[](https://github.com/eworm-de/routeros-scripts/watchers)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://t.me/routeros_scripts)
|
||||
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ Import ssh keys for public key authentication
|
|||
[](https://github.com/eworm-de/routeros-scripts/stargazers)
|
||||
[](https://github.com/eworm-de/routeros-scripts/network)
|
||||
[](https://github.com/eworm-de/routeros-scripts/watchers)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://mikrotik.com/download/changelogs/)
|
||||
[](https://t.me/routeros_scripts)
|
||||
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
|
||||
|
||||
|
|
@ -38,9 +38,8 @@ import that key:
|
|||
$SSHKeysImport "ssh-rsa AAAAB3Nza...QYZk8= user" admin;
|
||||
|
||||
The third part of the key (`user` in this example) is inherited as
|
||||
`info` in RouterOS (or `key-owner` with RouterOS 7.20.x and before). Also
|
||||
the `MD5` fingerprint is recorded, this helps to audit and verify the
|
||||
available keys.
|
||||
`info` in RouterOS. Also the `MD5` fingerprint is recorded, this helps
|
||||
to audit and verify the available keys.
|
||||
|
||||
> ℹ️️ **Info**: Use `ssh-keygen` to show a fingerprint of an existing public
|
||||
> key file: `ssh-keygen -l -E md5 -f ~/.ssh/id_ed25519.pub`
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
# Michael Gisbers <michael@gisbers.de>
|
||||
# https://rsc.eworm.de/COPYING.md
|
||||
#
|
||||
# requires RouterOS, version=7.17
|
||||
# requires RouterOS, version=7.19
|
||||
# requires device-mode, fetch, scheduler
|
||||
#
|
||||
# global functions
|
||||
|
|
@ -47,7 +47,6 @@
|
|||
:global GetRandom20CharHex;
|
||||
:global GetRandomNumber;
|
||||
:global Grep;
|
||||
:global HexToNum;
|
||||
:global HumanReadableNum;
|
||||
:global IfThenElse;
|
||||
:global IsDefaultRouteReachable;
|
||||
|
|
@ -131,7 +130,7 @@
|
|||
:if ((($CertSettings->"builtin-trust-anchors") = "trusted" || \
|
||||
($CertSettings->"builtin-trust-store") ~ $UseFor || \
|
||||
($CertSettings->"builtin-trust-store") = "all") && \
|
||||
[[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CommonName . "\" ] ]") ]] > 0) do={
|
||||
[ :len [ /certificate/builtin/find where common-name=$CommonName ] ] > 0) do={
|
||||
:return true;
|
||||
}
|
||||
|
||||
|
|
@ -717,19 +716,6 @@
|
|||
:return [];
|
||||
}
|
||||
|
||||
# convert from hex (string) to num
|
||||
:set HexToNum do={
|
||||
:local Input [ :tostr $1 ];
|
||||
|
||||
:global HexToNum;
|
||||
|
||||
:if ([ :pick $Input 0 ] = "*") do={
|
||||
:return [ $HexToNum [ :pick $Input 1 [ :len $Input ] ] ];
|
||||
}
|
||||
|
||||
:return [ :tonum ("0x" . $Input) ];
|
||||
}
|
||||
|
||||
# return human readable number
|
||||
:set HumanReadableNum do={
|
||||
:local Input [ :tonum $1 ];
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
# Copyright (c) 2020-2026 Christian Hesse <mail@eworm.de>
|
||||
# https://rsc.eworm.de/COPYING.md
|
||||
#
|
||||
# requires RouterOS, version=7.17
|
||||
# requires RouterOS, version=7.22beta1
|
||||
#
|
||||
# forward log messages via notification
|
||||
# https://rsc.eworm.de/doc/log-forward.md
|
||||
|
|
@ -24,7 +24,6 @@
|
|||
:global LogForwardRateLimit;
|
||||
|
||||
:global EitherOr;
|
||||
:global HexToNum;
|
||||
:global IfThenElse;
|
||||
:global LogForwardFilterLogForwarding;
|
||||
:global LogPrint;
|
||||
|
|
@ -38,6 +37,10 @@
|
|||
:error false;
|
||||
}
|
||||
|
||||
:if ([ :typeof $LogForwardLast ] = "nothing") do={
|
||||
:set LogForwardLast false;
|
||||
}
|
||||
|
||||
:if ([ :typeof $LogForwardRateLimit ] = "nothing") do={
|
||||
:set LogForwardRateLimit 0;
|
||||
}
|
||||
|
|
@ -51,7 +54,6 @@
|
|||
|
||||
:local Count 0;
|
||||
:local Duplicates false;
|
||||
:local Last [ $IfThenElse ([ :len $LogForwardLast ] > 0) [ $HexToNum $LogForwardLast ] -1 ];
|
||||
:local Messages "";
|
||||
:local Warning false;
|
||||
:local MessageVal;
|
||||
|
|
@ -63,37 +65,33 @@
|
|||
:set LogForwardIncludeMessage [ $EitherOr $LogForwardIncludeMessage [] ];
|
||||
|
||||
:local LogAll [ /log/find ];
|
||||
:local MaxId ($LogAll->([ :len $LogAll ] - 1));
|
||||
:local MaxNum [ $HexToNum $MaxId ];
|
||||
:local Max ($LogAll->([ :len $LogAll ] - 1));
|
||||
:local LogForwardFilterLogForwardingCached [ $EitherOr [ $LogForwardFilterLogForwarding ] ("\$^") ];
|
||||
|
||||
:foreach Message in=[ /log/find where (!(message="") and \
|
||||
!(message~$LogForwardFilterLogForwardingCached) and \
|
||||
!(topics~$LogForwardFilter) and !(message~$LogForwardFilterMessage)) or \
|
||||
topics~$LogForwardInclude or message~$LogForwardIncludeMessage ] do={
|
||||
:foreach Message in=[ /log/find where .id>$LogForwardLast and .id<=$Max and \
|
||||
((!(message="") and !(message~$LogForwardFilterLogForwardingCached) and \
|
||||
!(topics~$LogForwardFilter) and !(message~$LogForwardFilterMessage)) or \
|
||||
topics~$LogForwardInclude or message~$LogForwardIncludeMessage) ] do={
|
||||
:set MessageVal [ /log/get $Message ];
|
||||
:local Bullet "information";
|
||||
|
||||
:local Current [ $HexToNum ($MessageVal->".id") ];
|
||||
:if ($Last < $Current && $Current <= $MaxNum) do={
|
||||
:local DupCount ($MessageDups->($MessageVal->"message"));
|
||||
:if ($MessageVal->"topics" ~ "(warning)") do={
|
||||
:set Warning true;
|
||||
:set Bullet "large-orange-circle";
|
||||
}
|
||||
:if ($MessageVal->"topics" ~ "(emergency|alert|critical|error)") do={
|
||||
:set Warning true;
|
||||
:set Bullet "large-red-circle";
|
||||
}
|
||||
:if ($DupCount < 3) do={
|
||||
:set Messages ($Messages . "\n" . [ $SymbolForNotification $Bullet ] . \
|
||||
$MessageVal->"time" . " " . [ :tostr ($MessageVal->"topics") ] . " " . $MessageVal->"message");
|
||||
} else={
|
||||
:set Duplicates true;
|
||||
}
|
||||
:set ($MessageDups->($MessageVal->"message")) ($DupCount + 1);
|
||||
:set Count ($Count + 1);
|
||||
:local DupCount ($MessageDups->($MessageVal->"message"));
|
||||
:if ($MessageVal->"topics" ~ "(warning)") do={
|
||||
:set Warning true;
|
||||
:set Bullet "large-orange-circle";
|
||||
}
|
||||
:if ($MessageVal->"topics" ~ "(emergency|alert|critical|error)") do={
|
||||
:set Warning true;
|
||||
:set Bullet "large-red-circle";
|
||||
}
|
||||
:if ($DupCount < 3) do={
|
||||
:set Messages ($Messages . "\n" . [ $SymbolForNotification $Bullet ] . \
|
||||
$MessageVal->"time" . " " . [ :tostr ($MessageVal->"topics") ] . " " . $MessageVal->"message");
|
||||
} else={
|
||||
:set Duplicates true;
|
||||
}
|
||||
:set ($MessageDups->($MessageVal->"message")) ($DupCount + 1);
|
||||
:set Count ($Count + 1);
|
||||
}
|
||||
|
||||
:if ($Count > 0) do={
|
||||
|
|
@ -111,7 +109,7 @@
|
|||
:set LogForwardRateLimit [ $MAX 0 ($LogForwardRateLimit - 1) ];
|
||||
}
|
||||
|
||||
:set LogForwardLast $MaxId;
|
||||
:set LogForwardLast $Max;
|
||||
} do={
|
||||
:global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
# Copyright (c) 2020-2026 Christian Hesse <mail@eworm.de>
|
||||
# https://rsc.eworm.de/COPYING.md
|
||||
#
|
||||
# requires RouterOS, version=7.17
|
||||
# requires RouterOS, version=7.21
|
||||
#
|
||||
# import ssh keys for public key authentication
|
||||
# https://rsc.eworm.de/doc/mod/ssh-keys-import.md
|
||||
|
|
@ -40,9 +40,8 @@
|
|||
|
||||
:local FingerPrintMD5 [ :convert from=base64 transform=md5 to=hex ($KeyVal->1) ];
|
||||
|
||||
:local RegEx ("\\bmd5=" . $FingerPrintMD5 . "\\b");
|
||||
:if ([ :len [ /user/ssh-keys/find where user=$User \
|
||||
(key-owner~$RegEx or info~$RegEx) ] ] > 0) do={
|
||||
info~("\\bmd5=" . $FingerPrintMD5 . "\\b") ] ] > 0) do={
|
||||
$LogPrint warning $0 ("The ssh public key (MD5:" . $FingerPrintMD5 . \
|
||||
") is already available for user '" . $User . "'.");
|
||||
:return false;
|
||||
|
|
|
|||
|
|
@ -3,13 +3,12 @@
|
|||
# Copyright (c) 2022-2026 Christian Hesse <mail@eworm.de>
|
||||
# https://rsc.eworm.de/COPYING.md
|
||||
#
|
||||
# requires RouterOS, version=7.17
|
||||
# requires RouterOS, version=7.22beta1
|
||||
# requires device-mode, fetch
|
||||
#
|
||||
# monitor and manage dns/doh with netwatch
|
||||
# https://rsc.eworm.de/doc/netwatch-dns.md
|
||||
|
||||
:local ExitOK false;
|
||||
:onerror Err {
|
||||
:global GlobalConfigReady; :global GlobalFunctionsReady;
|
||||
:retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
|
||||
|
|
@ -25,15 +24,13 @@
|
|||
:global ScriptLock;
|
||||
|
||||
:if ([ $ScriptLock $ScriptName ] = false) do={
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
:exit;
|
||||
}
|
||||
|
||||
:local SettleTime (5m30s - [ /system/resource/get uptime ]);
|
||||
:if ($SettleTime > 0s) do={
|
||||
$LogPrint info $ScriptName ("System just booted, giving netwatch " . $SettleTime . " to settle.");
|
||||
:set ExitOK true;
|
||||
:error true;
|
||||
:exit;
|
||||
}
|
||||
|
||||
:local DnsServers ({});
|
||||
|
|
@ -88,8 +85,7 @@
|
|||
|
||||
:if ($DohCurrent = $HostInfo->"doh-url" && [ $IsDNSResolving ] = true) do={
|
||||
$LogPrint debug $ScriptName ("Current DoH server is still up and resolving: " . $DohCurrent);
|
||||
:set ExitOK true;
|
||||
:error true;
|
||||
:exit;
|
||||
}
|
||||
|
||||
:set ($DohServers->[ :len $DohServers ]) $HostInfo;
|
||||
|
|
@ -132,8 +128,7 @@
|
|||
}
|
||||
/ip/dns/cache/flush;
|
||||
$LogPrint info $ScriptName ("Setting DoH server: " . ($DohServer->"doh-url"));
|
||||
:set ExitOK true;
|
||||
:error true;
|
||||
:exit;
|
||||
} else={
|
||||
$LogPrint warning $ScriptName ("Received unexpected response from DoH server: " . \
|
||||
($DohServer->"doh-url"));
|
||||
|
|
@ -141,5 +136,5 @@
|
|||
}
|
||||
}
|
||||
} do={
|
||||
:global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
|
||||
:global ExitError; $ExitError true [ :jobname ] $Err;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,13 +3,12 @@
|
|||
# Copyright (c) 2023-2026 Christian Hesse <mail@eworm.de>
|
||||
# https://rsc.eworm.de/COPYING.md
|
||||
#
|
||||
# requires RouterOS, version=7.17
|
||||
# requires RouterOS, version=7.22beta1
|
||||
# requires device-mode, fetch
|
||||
#
|
||||
# use Telegram to chat with your Router and send commands
|
||||
# https://rsc.eworm.de/doc/telegram-chat.md
|
||||
|
||||
:local ExitOK false;
|
||||
:onerror Err {
|
||||
:global GlobalConfigReady; :global GlobalFunctionsReady;
|
||||
:retry { :if ($GlobalConfigReady != true || $GlobalFunctionsReady != true) \
|
||||
|
|
@ -48,8 +47,7 @@
|
|||
:global WaitFullyConnected;
|
||||
|
||||
:if ([ $ScriptLock $ScriptName ] = false) do={
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
:exit;
|
||||
}
|
||||
|
||||
$WaitFullyConnected;
|
||||
|
|
@ -63,8 +61,7 @@
|
|||
|
||||
:if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
|
||||
$LogPrint warning $ScriptName ("Downloading required certificate failed.");
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
:exit;
|
||||
}
|
||||
|
||||
$RandomDelay $TelegramRandomDelay;
|
||||
|
|
@ -89,8 +86,7 @@
|
|||
|
||||
:if ($Data = false) do={
|
||||
$LogPrint warning $ScriptName ("Failed getting updates.");
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
:exit;
|
||||
}
|
||||
|
||||
:local JSON [ :deserialize from=json value=$Data ];
|
||||
|
|
@ -119,7 +115,6 @@
|
|||
}
|
||||
|
||||
:if ($Trusted = true) do={
|
||||
:local Done false;
|
||||
:if ($Command = "?") do={
|
||||
$LogPrint info $ScriptName ("Sending notice for update " . $UpdateID . ".");
|
||||
$SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; \
|
||||
|
|
@ -127,9 +122,9 @@
|
|||
subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \
|
||||
message=([ $IfThenElse ([ :len ($From->"first_name") ] > 0) ("Hello " . ($From->"first_name") . "!\n\n") ] . \
|
||||
"Online" . [ $IfThenElse $TelegramChatActive " (and active!)" ] . ", awaiting your commands!") });
|
||||
:set Done true;
|
||||
:continue;
|
||||
}
|
||||
:if ($Done = false && [ :pick $Command 0 1 ] = "!") do={
|
||||
:if ([ :pick $Command 0 1 ] = "!") do={
|
||||
:if ($Command ~ ("^! *(" . [ $EscapeForRegEx $Identity ] . "|@" . $TelegramChatGroups . ")\$")) do={
|
||||
:set TelegramChatActive true;
|
||||
} else={
|
||||
|
|
@ -137,17 +132,16 @@
|
|||
}
|
||||
$LogPrint info $ScriptName ("Now " . [ $IfThenElse $TelegramChatActive "active" "passive" ] . \
|
||||
" from update " . $UpdateID . "!");
|
||||
:set Done true;
|
||||
:continue;
|
||||
}
|
||||
:if ($Done = false && ($IsMyReply = 1 || ($IsAnyReply = false && \
|
||||
:if (($IsMyReply = 1 || ($IsAnyReply = false && \
|
||||
$TelegramChatActive = true)) && [ :len $Command ] > 0) do={
|
||||
:if ([ $ValidateSyntax $Command ] = true) do={
|
||||
:local State "";
|
||||
:local File ("tmpfs/telegram-chat/" . [ $GetRandom20CharAlNum 6 ]);
|
||||
:if ([ $MkDir "tmpfs/telegram-chat" ] = false) do={
|
||||
$LogPrint error $ScriptName ("Failed creating directory!");
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
:exit;
|
||||
}
|
||||
$LogPrint info $ScriptName ("Running command from update " . $UpdateID . ": " . $Command);
|
||||
:execute script=(":do {\n" . $Command . "\n} on-error={ /file/add name=\"" . $File . ".failed\" };" . \
|
||||
|
|
@ -197,5 +191,5 @@
|
|||
:set TelegramChatOffset ([ :pick $TelegramChatOffset 1 3 ], \
|
||||
[ $IfThenElse ($UpdateID >= $TelegramChatOffset->2) ($UpdateID + 1) ($TelegramChatOffset->2) ]);
|
||||
} do={
|
||||
:global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
|
||||
:global ExitError; $ExitError true [ :jobname ] $Err;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue