Skip to content
This repository was archived by the owner on Apr 28, 2025. It is now read-only.

rwehe/Dynamic_IP_Blocker

BranchesTags

Repository files navigation

Dynamic IP Blocker

Dynamic IP Blocker is an automated security tool designed to monitor log files for failed login attempts and dynamically block offending IP addresses. Depending on your chosen method, it can update AWS Network ACLs or Cisco Security Cloud Control blocklists. The project leverages modern Python libraries to provide an interactive command-line interface and robust logging.

Features

  • Real-time Monitoring: Continuously tails a specified log file for suspicious IP activity.
  • Threshold-based Blocking: Tracks failed logins per IP address and triggers a block when a configurable threshold is exceeded.
  • Multi-platform Support: Choose between blocking IPs via AWS Network ACL updates or Cisco Security Cloud Control.
  • Interactive CLI: Uses Questionary for an interactive method selection menu and a simple mechanism to gracefully quit the application.
  • Detailed Logging: Logs detailed information to a file for audit and troubleshooting purposes, while providing concise success messages to the user.

Project Structure

  • main.py:
    The entry point of the application. It monitors the log file, parses IP addresses, tracks failed login attempts, and triggers the appropriate block based on user selection.

  • update_nacl.py:
    Contains functionality to update AWS Network ACLs to block specified IP addresses. Uses boto3 for AWS API interactions.

  • update_cisco_blocklist.py:
    Contains functionality to update the Cisco Security Cloud Control blocklist. Uses the cdo_sdk_python package to interact with Cisco's API, and includes transaction handling for CLI command execution.

  • config.py:
    Holds configuration settings such as API endpoints, logging settings, AWS region, ACL IDs, threshold values, etc.

  • requirements.txt:
    Lists all dependencies required to run the project.

Getting Started

Prerequisites

  • Python 3.7 or higher
  • pip (Python package installer)

Installation

  1. Clone the repository:

    git clone https://github.com/rwehe/5901_code.git
cd dynamic-ip-blocker

  2. Create and activate a virtual environment (optional but recommended):

    python3 -m venv venv
source venv/bin/activate

  3. Install dependencies:

    pip install -r requirements.txt

  4. Configure Environment Variables:

  • Rename .env.template to .env and populate:

    • AWS_ACCESS_KEY_ID
    • AWS_SECRET_ACCESS_KEY
    • SCC_API
  1. Configure Remainaing Variables:
  • Rename config.py.template to config.py and populate variables as described in comments.

Usage

To run the application, execute the main script:

python3 main.py

Upon startup, you will be prompted with an interactive menu to choose the target method (AWS NACL or Cisco Security Cloud Control). The application will then start monitoring the specified log file. To gracefully exit the application, type q and press Enter.

Logging

File Logging:

Detailed logs (including debug information and CLI execution results) are written to the file specified by DEBUG_LOGFILE in config.py.

User Output:

Concise success messages are printed to the console using click.echo().

License

This project is licensed under the terms of the MIT license.

Credit

Thank you to countless friends and colleagues who helped contribute to this project in so many ways.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages