* feat: enhance IP reputation management with city data and geolocation integration
* feat: enhance dashboard with city coordinates and improved marker handling
* feat: update chart version to 0.2.1 in Chart.yaml, README.md, and values.yaml
* feat: update logo format and size in README.md
* feat: improve location display logic in dashboard for attackers and IPs
* feat: update analyzer thresholds and add crawl configuration options
* feat: update Helm chart version and add README for installation instructions
* feat: update installation instructions in README and add Docker support
* feat: update deployment manifests and configuration for improved service handling and analyzer settings
* feat: add API endpoint for paginated IP retrieval and enhance dashboard visualization with category filters
* feat: update configuration for Krawl service to use external config file
* feat: refactor code for improved readability and consistency across multiple files
* feat: remove Flake8, Pylint, and test steps from PR checks workflow
* Add environment variable override for config fields
Introduces functions to override configuration fields from environment variables, allowing dynamic configuration without modifying YAML files. The environment variable names are generated from field names, and type conversion is handled for int, float, and tuple fields.
* update chart version to 0.1.4
* Update README.md to enhance environment variable configuration details and improve overall clarity
- Add conditional execution to export-malicious-ips task: only runs
when honeypot was accessed in last 5 minutes
- Add since_minutes parameter to get_access_logs() for time filtering
- Optimize analyze-ips task to only process IPs with activity in the
last minute, fetching full history per-IP instead of all logs
- Exclude RFC1918 private addresses and non-routable IPs from IP
reputation enrichment (10.x, 172.16-31.x, 192.168.x, 127.x, 169.254.x)
- Add missing session.commit() and cleanup to update_ip_rep_infos() **bugfix**
- Enable SQLite WAL mode and 30s busy timeout for better concurrency **race condition prevention**
- Add get_unenriched_ips() method to only fetch IPs needing enrichment **don't enrich what's already done*
- Rewrite fetch_ip_rep task to process only unenriched IPs (limit 50) **API kindness**
- Change task frequency from every 1 minute to every 5 minutes **API kindness**
- Add request timeout (10s) and proper error handling **can update to longer if needed**
- Implement export-malicious-ips task that queries distinct IPs flagged
as is_suspicious from database and writes to exports/malicious_ips.txt
- Add exports volume mount to docker-compose.yaml for host persistence
- Update entrypoint.sh to fix ownership of exports directory for krawl user
- Update Dockerfile to create /app/exports directory during build
Other tasks can be added by creating them in the tasks dir using the same setup as this task.
All tasks *MUST* include a TASK_CONFIG dict and a main method in the file to work correctly.
Add SERVER_HEADER environment variable to customize the HTTP Server
response header, defaulting to Apache/2.2.22 (Ubuntu). This allows the
honeypot to masquerade as different web servers to attract attackers.
- Add server_header field to Config dataclass
- Override version_string() in Handler to return configured header
- Update documentation and all deployment configs
