* Add environment variable override for config fields
Introduces functions to override configuration fields from environment variables, allowing dynamic configuration without modifying YAML files. The environment variable names are generated from field names, and type conversion is handled for int, float, and tuple fields.
* update chart version to 0.1.4
* Update README.md to enhance environment variable configuration details and improve overall clarity
- Add conditional execution to export-malicious-ips task: only runs
when honeypot was accessed in last 5 minutes
- Add since_minutes parameter to get_access_logs() for time filtering
- Optimize analyze-ips task to only process IPs with activity in the
last minute, fetching full history per-IP instead of all logs
- Exclude RFC1918 private addresses and non-routable IPs from IP
reputation enrichment (10.x, 172.16-31.x, 192.168.x, 127.x, 169.254.x)
- Add missing session.commit() and cleanup to update_ip_rep_infos() **bugfix**
- Enable SQLite WAL mode and 30s busy timeout for better concurrency **race condition prevention**
- Add get_unenriched_ips() method to only fetch IPs needing enrichment **don't enrich what's already done*
- Rewrite fetch_ip_rep task to process only unenriched IPs (limit 50) **API kindness**
- Change task frequency from every 1 minute to every 5 minutes **API kindness**
- Add request timeout (10s) and proper error handling **can update to longer if needed**
- Implement export-malicious-ips task that queries distinct IPs flagged
as is_suspicious from database and writes to exports/malicious_ips.txt
- Add exports volume mount to docker-compose.yaml for host persistence
- Update entrypoint.sh to fix ownership of exports directory for krawl user
- Update Dockerfile to create /app/exports directory during build
Other tasks can be added by creating them in the tasks dir using the same setup as this task.
All tasks *MUST* include a TASK_CONFIG dict and a main method in the file to work correctly.
Add SERVER_HEADER environment variable to customize the HTTP Server
response header, defaulting to Apache/2.2.22 (Ubuntu). This allows the
honeypot to masquerade as different web servers to attract attackers.
- Add server_header field to Config dataclass
- Override version_string() in Handler to return configured header
- Update documentation and all deployment configs
- Add SQLAlchemy-based database layer for persistent storage
- Create models for access_logs, credential_attempts, attack_detections, ip_stats
- Include fields for future GeoIP and reputation enrichment
- Implement sanitization utilities to protect against malicious payloads
- Fix XSS vulnerability in dashboard template (HTML escape all user data)
- Add DATABASE_PATH and DATABASE_RETENTION_DAYS config options
- Dual storage: in-memory for dashboard performance + SQLite for persistence
New files:
- src/models.py - SQLAlchemy ORM models
- src/database.py - DatabaseManager singleton
- src/sanitizer.py - Input sanitization and HTML escaping
- requirements.txt - SQLAlchemy dependency
Security protections:
- Parameterized queries via SQLAlchemy ORM
- Field length limits to prevent storage exhaustion
- Null byte and control character stripping
- HTML escaping on dashboard output
