abuseipdb-reporter.py 0.4.3 & readme

- add LF_PERMBLOCK_COUNT_CATEGORY = 14 override support in abuseipdb-reporter.ini settings override for LF_PERMBLOCK_COUNT lfd trigger
- update readme instructions for category overrides setup

abuseipdb-reporter.py

@@ -46,7 +46,7 @@
 import datetime
 from urllib.parse import quote
 
-VERSION = "0.4.2"
+VERSION = "0.4.3"
 # Set the DEBUG and LOG_API_REQUEST variables here (True or False)
 # DEBUG doesn't send to AbuseIPDB. Only logs to file
 # LOG_API_REQUEST, when True, logs API requests to file
@@ -94,6 +94,7 @@
 # default LFD trigger AbuseIPDB categories assigned
 # https://www.abuseipdb.com/categories
 LF_DEFAULT_CATEGORY = '14'
+LF_PERMBLOCK_COUNT_CATEGORY = '14'
 LF_SSHD_CATEGORY = '22'
 LF_DISTATTACK_CATEGORY = '4'
 LF_SMTPAUTH_CATEGORY = '18'
@@ -172,6 +173,9 @@
 if config.has_option('settings', 'LF_DEFAULT_CATEGORY'):
     LF_DEFAULT_CATEGORY = config.get('settings', 'LF_DEFAULT_CATEGORY')
 
+if config.has_option('settings', 'LF_PERMBLOCK_COUNT_CATEGORY'):
+    LF_PERMBLOCK_COUNT_CATEGORY = config.get('settings', 'LF_PERMBLOCK_COUNT_CATEGORY')
+
 if config.has_option('settings', 'LF_SSHD_CATEGORY'):
     LF_SSHD_CATEGORY = config.get('settings', 'LF_SSHD_CATEGORY')
 
@@ -457,6 +461,8 @@ def get_all_public_ips():
     categories = LF_DIRECTADMIN_CATEGORY
 elif 'LF_CUSTOMTRIGGER' in trigger:
     categories = LF_CUSTOMTRIGGER_CATEGORY
+elif 'LF_PERMBLOCK_COUNT' in trigger:
+    categories = LF_PERMBLOCK_COUNT_CATEGORY
 
 url_encoded_ip = quote(args.arguments[0])
 

readme.md

@@ -300,37 +300,39 @@ USERNAME_REPLACEMENT = [USERNAME]
 ACCOUNT_REPLACEMENT = [REDACTED]
 CACHE_FILE = ip_cache.json
 CACHE_DURATION = 900
-LF_DEFAULT_CATEGORY = '14'
-LF_SSHD_CATEGORY = '22'
-LF_DISTATTACK_CATEGORY = '4'
-LF_SMTPAUTH_CATEGORY = '18'
-LF_DISTFTP_CATEGORY = '5'
-LF_FTPD_CATEGORY = '5'
-LF_MODSEC_CATEGORY = '21'
-PS_LIMIT_CATEGORY = '14'
-LF_DISTSMTP_CATEGORY = '18'
-CT_LIMIT_CATEGORY = '4'
-LF_DIRECTADMIN_CATEGORY = '21'
-LF_CUSTOMTRIGGER_CATEGORY = '21'
+LF_DEFAULT_CATEGORY = 14
+LF_PERMBLOCK_COUNT_CATEGORY = 14
+LF_SSHD_CATEGORY = 22
+LF_DISTATTACK_CATEGORY = 4
+LF_SMTPAUTH_CATEGORY = 18
+LF_DISTFTP_CATEGORY = 5
+LF_FTPD_CATEGORY = 5
+LF_MODSEC_CATEGORY = 21
+PS_LIMIT_CATEGORY = 14
+LF_DISTSMTP_CATEGORY = 18
+CT_LIMIT_CATEGORY = 4
+LF_DIRECTADMIN_CATEGORY = 21
+LF_CUSTOMTRIGGER_CATEGORY = 21
 ```
 
 ### Override AbuseIPDB Categories
 
-As you can see you can now as of version `0.3.6` override the [AbuseIPDB categories](https://www.abuseipdb.com/categories) as well in `abuseipdb-reporter.ini` file.
-
-```
-LF_DEFAULT_CATEGORY = '14'
-LF_SSHD_CATEGORY = '22'
-LF_DISTATTACK_CATEGORY = '4'
-LF_SMTPAUTH_CATEGORY = '18'
-LF_DISTFTP_CATEGORY = '5'
-LF_FTPD_CATEGORY = '5'
-LF_MODSEC_CATEGORY = '21'
-PS_LIMIT_CATEGORY = '14'
-LF_DISTSMTP_CATEGORY = '18'
-CT_LIMIT_CATEGORY = '4'
-LF_DIRECTADMIN_CATEGORY = '21'
-LF_CUSTOMTRIGGER_CATEGORY = '21'
+As you can see you can now as of version `0.3.6` override the [AbuseIPDB categories](https://www.abuseipdb.com/categories) as well in `abuseipdb-reporter.ini` file. Updated in `0.4.3`, removing single quotes from LFD trigger category override values.
+
+```
+LF_DEFAULT_CATEGORY = 14
+LF_PERMBLOCK_COUNT_CATEGORY = 14
+LF_SSHD_CATEGORY = 22
+LF_DISTATTACK_CATEGORY = 4
+LF_SMTPAUTH_CATEGORY = 18
+LF_DISTFTP_CATEGORY = 5
+LF_FTPD_CATEGORY = 5
+LF_MODSEC_CATEGORY = 21
+PS_LIMIT_CATEGORY = 14
+LF_DISTSMTP_CATEGORY = 18
+CT_LIMIT_CATEGORY = 4
+LF_DIRECTADMIN_CATEGORY = 21
+LF_CUSTOMTRIGGER_CATEGORY = 21
 ```
 
 Here's an example `abuseipdb-reporter.ini` settings config to enable API submissions to AbuseIPDB, with compact log format and JSON logging that ignores Cluster member entries where you'd inspect `DEFAULT_JSONLOG_FILE = /var/log/abuseipdb-reporter-debug-json.log` and `DEFAULT_JSONAPILOG_FILE = /var/log/abuseipdb-reporter-api-json.log` JSON logs.