src/tasks/top_attacking_ips.py

# tasks/export_malicious_ips.py

import os
from logger import get_app_logger
from database import get_database
from config import get_config
from models import IpStats
from ip_utils import is_valid_public_ip

app_logger = get_app_logger()

# ----------------------
# TASK CONFIG
# ----------------------
TASK_CONFIG = {
    "name": "export-malicious-ips",
    "cron": "*/5 * * * *",
    "enabled": True,
    "run_when_loaded": True,
}

EXPORTS_DIR = os.path.join(os.path.dirname(os.path.dirname(__file__)), "exports")
OUTPUT_FILE = os.path.join(EXPORTS_DIR, "malicious_ips.txt")


# ----------------------
# TASK LOGIC
# ----------------------
def main():
    """
    Export all attacker IPs to a text file, matching the "Attackers by Total Requests" dashboard table.
    Uses the same query as the dashboard: IpStats where category == "attacker", ordered by total_requests.
    TasksMaster will call this function based on the cron schedule.
    """
    task_name = TASK_CONFIG.get("name")
    app_logger.info(f"[Background Task] {task_name} starting...")

    try:
        db = get_database()
        session = db.session

        # Query attacker IPs from IpStats (same as dashboard "Attackers by Total Requests")
        attackers = (
            session.query(IpStats)
            .filter(IpStats.category == "attacker")
            .order_by(IpStats.total_requests.desc())
            .all()
        )

        # Filter out local/private IPs and the server's own IP
        config = get_config()
        server_ip = config.get_server_ip()

        public_ips = [
            attacker.ip
            for attacker in attackers
            if is_valid_public_ip(attacker.ip, server_ip)
        ]

        # Ensure exports directory exists
        os.makedirs(EXPORTS_DIR, exist_ok=True)

        # Write IPs to file (one per line)
        with open(OUTPUT_FILE, "w") as f:
            for ip in public_ips:
                f.write(f"{ip}\n")

        app_logger.info(
            f"[Background Task] {task_name} exported {len(public_ips)} attacker IPs "
            f"(filtered {len(attackers) - len(public_ips)} local/private IPs) to {OUTPUT_FILE}"
        )

    except Exception as e:
        app_logger.error(f"[Background Task] {task_name} failed: {e}")
    finally:
        db.close_session()
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00			`# tasks/export_malicious_ips.py`

			`import os`
			`from logger import get_app_logger`
			`from database import get_database`
added ip logging memory improvements, added local ip and public ip exlusion 2026-01-24 23:28:10 +01:00			`from config import get_config`
Fix/export malicious ip file creation (#62) * Fix: update EXPORTS_DIR path to ensure correct directory structure * Fix: remove unused imports and honeypot access check from export task 2026-01-29 13:54:07 +01:00			`from models import IpStats`
			`from ip_utils import is_valid_public_ip`
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00
			`app_logger = get_app_logger()`

			`# ----------------------`
			`# TASK CONFIG`
			`# ----------------------`
			`TASK_CONFIG = {`
			`"name": "export-malicious-ips",`
			`"cron": "/5 * * *",`
			`"enabled": True,`
Linted code iwht black tool 2026-01-23 22:00:21 +01:00			`"run_when_loaded": True,`
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00			`}`

Fix: update EXPORTS_DIR path to ensure correct directory structure (#61) 2026-01-29 12:52:48 +01:00			`EXPORTS_DIR = os.path.join(os.path.dirname(os.path.dirname(__file__)), "exports")`
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00			`OUTPUT_FILE = os.path.join(EXPORTS_DIR, "malicious_ips.txt")`

Linted code iwht black tool 2026-01-23 22:00:21 +01:00
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00			`# ----------------------`
			`# TASK LOGIC`
			`# ----------------------`
			`def main():`
			`"""`
Doc/updated documentation (#60) * added documentation, updated repo pointer in the dashboard, added dashboard link highlighting and mionor fixes * added doc * added logo to dashboard * Fixed dashboard attack chart * Enhance fake data generation with varied request counts for better visualization * Add automatic migrations and support for latitude/longitude in IP stats * Update Helm chart version to 0.2.2 and add timezone configuration option --------- Co-authored-by: BlessedRebuS <patrick.difa@gmail.com> 2026-01-29 11:55:06 +01:00			`Export all attacker IPs to a text file, matching the "Attackers by Total Requests" dashboard table.`
			`Uses the same query as the dashboard: IpStats where category == "attacker", ordered by total_requests.`
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00			`TasksMaster will call this function based on the cron schedule.`
			`"""`
			`task_name = TASK_CONFIG.get("name")`
			`app_logger.info(f"[Background Task] {task_name} starting...")`

			`try:`
			`db = get_database()`
			`session = db.session`

Doc/updated documentation (#60) * added documentation, updated repo pointer in the dashboard, added dashboard link highlighting and mionor fixes * added doc * added logo to dashboard * Fixed dashboard attack chart * Enhance fake data generation with varied request counts for better visualization * Add automatic migrations and support for latitude/longitude in IP stats * Update Helm chart version to 0.2.2 and add timezone configuration option --------- Co-authored-by: BlessedRebuS <patrick.difa@gmail.com> 2026-01-29 11:55:06 +01:00			`# Query attacker IPs from IpStats (same as dashboard "Attackers by Total Requests")`
			`attackers = (`
			`session.query(IpStats)`
			`.filter(IpStats.category == "attacker")`
			`.order_by(IpStats.total_requests.desc())`
Linted code iwht black tool 2026-01-23 22:00:21 +01:00			`.all()`
			`)`
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00
added ip logging memory improvements, added local ip and public ip exlusion 2026-01-24 23:28:10 +01:00			`# Filter out local/private IPs and the server's own IP`
			`config = get_config()`
			`server_ip = config.get_server_ip()`
Feat/deployment update (#56) * feat: update analyzer thresholds and add crawl configuration options * feat: update Helm chart version and add README for installation instructions * feat: update installation instructions in README and add Docker support * feat: update deployment manifests and configuration for improved service handling and analyzer settings * feat: add API endpoint for paginated IP retrieval and enhance dashboard visualization with category filters * feat: update configuration for Krawl service to use external config file * feat: refactor code for improved readability and consistency across multiple files * feat: remove Flake8, Pylint, and test steps from PR checks workflow 2026-01-26 12:36:22 +01:00
Doc/updated documentation (#60) * added documentation, updated repo pointer in the dashboard, added dashboard link highlighting and mionor fixes * added doc * added logo to dashboard * Fixed dashboard attack chart * Enhance fake data generation with varied request counts for better visualization * Add automatic migrations and support for latitude/longitude in IP stats * Update Helm chart version to 0.2.2 and add timezone configuration option --------- Co-authored-by: BlessedRebuS <patrick.difa@gmail.com> 2026-01-29 11:55:06 +01:00			`public_ips = [`
			`attacker.ip`
			`for attacker in attackers`
			`if is_valid_public_ip(attacker.ip, server_ip)`
			`]`
added ip logging memory improvements, added local ip and public ip exlusion 2026-01-24 23:28:10 +01:00
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00			`# Ensure exports directory exists`
			`os.makedirs(EXPORTS_DIR, exist_ok=True)`

			`# Write IPs to file (one per line)`
Linted code iwht black tool 2026-01-23 22:00:21 +01:00			`with open(OUTPUT_FILE, "w") as f:`
added ip logging memory improvements, added local ip and public ip exlusion 2026-01-24 23:28:10 +01:00			`for ip in public_ips:`
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00			`f.write(f"{ip}\n")`

Linted code iwht black tool 2026-01-23 22:00:21 +01:00			`app_logger.info(`
Doc/updated documentation (#60) * added documentation, updated repo pointer in the dashboard, added dashboard link highlighting and mionor fixes * added doc * added logo to dashboard * Fixed dashboard attack chart * Enhance fake data generation with varied request counts for better visualization * Add automatic migrations and support for latitude/longitude in IP stats * Update Helm chart version to 0.2.2 and add timezone configuration option --------- Co-authored-by: BlessedRebuS <patrick.difa@gmail.com> 2026-01-29 11:55:06 +01:00			`f"[Background Task] {task_name} exported {len(public_ips)} attacker IPs "`
			`f"(filtered {len(attackers) - len(public_ips)} local/private IPs) to {OUTPUT_FILE}"`
Linted code iwht black tool 2026-01-23 22:00:21 +01:00			`)`
Add background task to export suspicious IPs to text file - Implement export-malicious-ips task that queries distinct IPs flagged as is_suspicious from database and writes to exports/malicious_ips.txt - Add exports volume mount to docker-compose.yaml for host persistence - Update entrypoint.sh to fix ownership of exports directory for krawl user - Update Dockerfile to create /app/exports directory during build Other tasks can be added by creating them in the tasks dir using the same setup as this task. All tasks MUST include a TASK_CONFIG dict and a main method in the file to work correctly. 2026-01-05 11:54:02 -06:00
			`except Exception as e:`
			`app_logger.error(f"[Background Task] {task_name} failed: {e}")`
			`finally:`
			`db.close_session()`