Command line tool to obfuscate IP addresses in log files, securely. The IP addresses are hashed and recombined to new IP addresses, so that they are still distinguishable but can't be associated with a user's real IP. If the secret salt is long enough (e.g. larger than 64 bytes), the obfuscation should be cryptographically secure meaning it is very hard to reconstruct the original IP addresses.
- replace all IPs with
- hash IPs, keeping them distinguishable
- use a secret salt with hash to hinder reconstruction of the original
/dev/nullif you want unsalted hashes)
- optional: re-read the secret if it changed (useful for long-running log pipes where the salt is rotated regularly)
- optional: use PGP words instead of octet notation
pip3 install --user cryptography)
$ python main -h usage: main.py [-h] [-i INFILE] [-s] [-o OUTFILE] [-w] [-t TIME] This module can be used to obfuscate or simply hide ip addresses, e.g. in server access log files. With a regularly rotated secret, the IPs remain readable, you can monitor and backtrace the requests of a single IP (for security auditing, ...) but the actual user IP remains hidden. optional arguments: -h, --help show this help message and exit -i INFILE, --infile INFILE input, read line by line, default: stdin -s, --secret generate pseudonyms (default: set IP to 0.0.0.0) -o OUTFILE, --outfile OUTFILE output, appended to, default: stdout -w, --words replace bytes by words, default: False -t TIME, --time TIME validity period of salt <amount>(s|m|d), default: 60m
$ python -m doctest hideip.py
Licensed under GNU GPLv3, see LICENSE.