abuseipdb-reporter.py 0.4.6 add abuseipdb-exclusions.txt file support

Added IP exclusion list abuseipdb-exclusions.txt. You can add one IP address per line to configure the exclusion file to skip AbuseIPDB API submission https://github.com/centminmod/centminmod-abuseipdb-reporter#ip-exclusion-list

abuseipdb-reporter.py

@@ -46,7 +46,7 @@
 import datetime
 from urllib.parse import quote
 
-VERSION = "0.4.5"
+VERSION = "0.4.6"
 # Set the DEBUG and LOG_API_REQUEST variables here (True or False)
 # DEBUG doesn't send to AbuseIPDB. Only logs to file
 # LOG_API_REQUEST, when True, logs API requests to file
@@ -263,6 +263,10 @@ def log_message(log_file, message):
 print("Received Logs:", logs)
 print("Received Trigger:", trigger, '\n')
 
+def load_excluded_ips(filename):
+    with open(filename, 'r') as f:
+        return set(line.strip() for line in f)
+
 def load_cache():
     if os.path.isfile(CACHE_FILE):
         with open(CACHE_FILE, 'r') as f:
@@ -307,6 +311,14 @@ def get_all_public_ips():
 
 public_ips = get_all_public_ips()
 
+# Check for exclusion file that lists one IP address per line
+# for skipping API submissions
+exclusion_file = 'abuseipdb-exclusions.txt'
+excluded_ips = set()
+
+if os.path.exists(exclusion_file):
+    excluded_ips = load_excluded_ips(exclusion_file)
+
 # Get the values from the csf.conf file
 with open('/etc/csf/csf.conf') as f:
     csf_conf = f.read()
@@ -616,7 +628,15 @@ def contains_cluster_member_pattern(message):
     print("Loaded cache:", cache)
     cache = clean_cache(cache)
     print("Current cache:", cache)
+
     if not (IGNORE_CLUSTER_SUBMISSIONS and contains_cluster_member_pattern(message)):
+        # Define IP
+        ip = args.arguments[0]
+
+        # If IP is in exclusions, do not report
+        if ip in excluded_ips:
+            print("IP: {} is in exclusions. Skipping report.".format(ip))
+            sys.exit()
         # Check if the IP address is in the cache before sending the report
         if not ip_in_cache(args.arguments[0], cache):
             response = requests.post(url, headers=headers, params=querystring)

readme.md

@@ -15,6 +15,7 @@ This guide will show you how to set up CSF Firewall so that attempted intrusions
 * [Dependencies](#dependencies)
 * [Setup](#setup)
   * [Configuration](#configuration)
+    * [IP Exclusion List](#ip-exclusion-list)
     * [Log Rotation](#log-rotation)
   * [Local IP Cache](#local-ip-cache)
   * [abuseipdb-reporter.ini](#abuseipdb-reporterini)
@@ -196,6 +197,19 @@ Mar 31 00:45:29 sshd[15102]: Failed password for invalid user [USERNAME] from 5.
 Mar 31 00:46:35 sshd[15383]: Invalid user [USERNAME] from 5.189.165.229 port 59862
 ```
 
+### IP Exclusion List
+
+With `abuseipdb-reporter.py 0.4.6` added IP exclusion list `abuseipdb-exclusions.txt`. You can add one IP address per line to configure the exclusion file to skip AbuseIPDB API submission. Example below has `127.0.0.11` added to `abuseipdb-exclusions.txt` located in same directory as `abuseipdb-reporter.py`.
+
+```
+Loaded cache data before conversion: {'127.0.0.11': 1690830026.9128997}
+Loaded cache data after conversion: {'127.0.0.11': 1690830026.9128997}
+Loaded cache: {'127.0.0.11': 1690830026.9128997}
+Cleaned cache: {'127.0.0.11': 1690830026.9128997}
+Current cache: {'127.0.0.11': 1690830026.9128997}
+IP: 127.0.0.11 is in exclusions. Skipping report.
+```
+
 ### Log Rotation
 
 Setup log rotation `/etc/logrotate.d/abuseipdb` with contents