abuseipdb-reporter.py 0.4.4 add additional lfd trigger category overr…

…ides for LF_HTACCESS_CATEGORY = 21 LF_IMAPD_CATEGORY = 18 LF_POP3D_CATEGORY = 18
centminmod · Jul 29, 2023 · b9fae93 · b9fae93
1 parent 308246a
commit b9fae93
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/abuseipdb-reporter.py b/abuseipdb-reporter.py
@@ -46,7 +46,7 @@
 import datetime
 from urllib.parse import quote
 
-VERSION = "0.4.3"
+VERSION = "0.4.4"
 # Set the DEBUG and LOG_API_REQUEST variables here (True or False)
 # DEBUG doesn't send to AbuseIPDB. Only logs to file
 # LOG_API_REQUEST, when True, logs API requests to file
@@ -106,6 +106,9 @@
 CT_LIMIT_CATEGORY = '4'
 LF_DIRECTADMIN_CATEGORY = '21'
 LF_CUSTOMTRIGGER_CATEGORY = '21'
+LF_HTACCESS_CATEGORY = '21'
+LF_IMAPD_CATEGORY = '18'
+LF_POP3D_CATEGORY = '18'
 
 # Get the absolute path of the script
 script_dir = os.path.dirname(os.path.abspath(__file__))
@@ -209,6 +212,15 @@
 if config.has_option('settings', 'LF_CUSTOMTRIGGER_CATEGORY'):
     LF_CUSTOMTRIGGER_CATEGORY = config.get('settings', 'LF_CUSTOMTRIGGER_CATEGORY')
 
+if config.has_option('settings', 'LF_HTACCESS_CATEGORY'):
+    LF_HTACCESS_CATEGORY = config.get('settings', 'LF_HTACCESS_CATEGORY')
+
+if config.has_option('settings', 'LF_IMAPD_CATEGORY'):
+    LF_IMAPD_CATEGORY = config.get('settings', 'LF_IMAPD_CATEGORY')
+
+if config.has_option('settings', 'LF_POP3D_CATEGORY'):
+    LF_POP3D_CATEGORY = config.get('settings', 'LF_POP3D_CATEGORY')
+
 # Parse command line arguments
 parser = argparse.ArgumentParser(description='AbuseIPDB reporter script.')
 parser.add_argument('-log', dest='log_file', default=DEFAULT_LOG_FILE, help='Path to the log file.')
@@ -463,6 +475,12 @@ def get_all_public_ips():
     categories = LF_CUSTOMTRIGGER_CATEGORY
 elif 'LF_PERMBLOCK_COUNT' in trigger:
     categories = LF_PERMBLOCK_COUNT_CATEGORY
+elif 'LF_HTACCESS' in trigger:
+    categories = LF_HTACCESS_CATEGORY
+elif 'LF_IMAPD' in trigger:
+    categories = LF_IMAPD_CATEGORY
+elif 'LF_POP3D' in trigger:
+    categories = LF_POP3D_CATEGORY
 
 url_encoded_ip = quote(args.arguments[0])
 

diff --git a/readme.md b/readme.md
@@ -313,6 +313,9 @@ LF_DISTSMTP_CATEGORY = 18
 CT_LIMIT_CATEGORY = 4
 LF_DIRECTADMIN_CATEGORY = 21
 LF_CUSTOMTRIGGER_CATEGORY = 21
+LF_HTACCESS_CATEGORY = 21
+LF_IMAPD_CATEGORY = 18
+LF_POP3D_CATEGORY = 18
 ```
 
 ### Override AbuseIPDB Categories
@@ -333,6 +336,9 @@ LF_DISTSMTP_CATEGORY = 18
 CT_LIMIT_CATEGORY = 4
 LF_DIRECTADMIN_CATEGORY = 21
 LF_CUSTOMTRIGGER_CATEGORY = 21
+LF_HTACCESS_CATEGORY = 21
+LF_IMAPD_CATEGORY = 18
+LF_POP3D_CATEGORY = 18
 ```
 
 Here's an example `abuseipdb-reporter.ini` settings config to enable API submissions to AbuseIPDB, with compact log format and JSON logging that ignores Cluster member entries where you'd inspect `DEFAULT_JSONLOG_FILE = /var/log/abuseipdb-reporter-debug-json.log` and `DEFAULT_JSONAPILOG_FILE = /var/log/abuseipdb-reporter-api-json.log` JSON logs.