def test_parse_log_file(self, mock_utils, mock_failed_login): """ Test parse_log_file. """ mock_utils.categorize_os.return_value = self.os # Create SSHLogin object self.ssh_login_obj = SSHLogin() mock_utils.open_file.return_value = ["Jun 1 10:22:56 ip-172-31-1-163 sshd[2363]:\ Invalid user ubnt from 179.39.2.133"] mock_utils.get_epoch_time.return_value = 1 self.ssh_login_obj.parse_log_file() mock_utils.get_epoch_time.assert_called_with('Jun', '1', '10:22:56') mock_failed_login.assert_called_with('ubnt', '179.39.2.133', 'Jun 1', 1)
def test_update_username_dict(self, mock_utils): """ Test update_username_dict. """ mock_utils.categorize_os.return_value = self.os # Create SSHLogin object self.ssh_login_obj = SSHLogin() self.ssh_login_obj.update_username_dict('ubnt', '179.39.2.133', 'Jun 1', 1) hashed_username = "******" + self.ssh_login_obj.SALT + "Jun 1" self.assertTrue(self.ssh_login_obj.username_dict.get(hashed_username)) temp_dict = {"ip": ["179.39.2.133"], "last_time": 1, "count": 1} self.assertEqual(temp_dict, self.ssh_login_obj.username_dict[hashed_username])
def test_check_ssh_bruteforce(self, mock_time, mock_log, mock_utils): """ Test check_ssh_bruteforce. """ mock_utils.categorize_os.return_value = self.os # Create SSHLogin object self.ssh_login_obj = SSHLogin() mock_time.time.return_value = 2 self.ssh_login_obj.update_username_dict('ubnt', '179.39.2.133', 'Jun 1', 1) self.ssh_login_obj.THRESHOLD = -10 # Set THRESHOLD to negative to trigger alarm self.ssh_login_obj.check_ssh_bruteforce() mock_log.assert_called_with( 'Possible SSH brute force detected for the user: ubnt from: 179.39.2.133 on: Jun 1', logtype='warning')
class TestSSHLogin(unittest.TestCase): """ Test class for SSHLogin. """ def setUp(self): """ Setup class for SSHLogin. """ self.os = "debian" @patch.object(SSHLogin, "update_username_dict") @patch('securetea.lib.log_monitor.system_log.ssh_login.utils') def test_parse_log_file(self, mock_utils, mock_failed_login): """ Test parse_log_file. """ mock_utils.categorize_os.return_value = self.os # Create SSHLogin object self.ssh_login_obj = SSHLogin() mock_utils.open_file.return_value = ["Jun 1 10:22:56 ip-172-31-1-163 sshd[2363]:\ Invalid user ubnt from 179.39.2.133"] mock_utils.get_epoch_time.return_value = 1 self.ssh_login_obj.parse_log_file() mock_utils.get_epoch_time.assert_called_with('Jun', '1', '10:22:56') mock_failed_login.assert_called_with('ubnt', '179.39.2.133', 'Jun 1', 1) @patch('securetea.lib.log_monitor.system_log.ssh_login.utils') def test_update_username_dict(self, mock_utils): """ Test update_username_dict. """ mock_utils.categorize_os.return_value = self.os # Create SSHLogin object self.ssh_login_obj = SSHLogin() self.ssh_login_obj.update_username_dict('ubnt', '179.39.2.133', 'Jun 1', 1) hashed_username = "******" + self.ssh_login_obj.SALT + "Jun 1" self.assertTrue(self.ssh_login_obj.username_dict.get(hashed_username)) temp_dict = { "ip": ["179.39.2.133"], "last_time": 1, "count": 1 } self.assertEqual(temp_dict, self.ssh_login_obj.username_dict[hashed_username]) @patch("securetea.lib.log_monitor.system_log.ssh_login.write_mal_ip") @patch.object(OSINT, "perform_osint_scan") @patch('securetea.lib.log_monitor.system_log.ssh_login.utils') @patch.object(SecureTeaLogger, "log") @patch('securetea.lib.log_monitor.system_log.ssh_login.time') def test_check_ssh_bruteforce(self, mock_time, mock_log, mock_utils, mck_osint, mck_wmip): """ Test check_ssh_bruteforce. """ mck_wmip.return_value = True mck_osint.return_value = True mock_utils.categorize_os.return_value = self.os # Create SSHLogin object self.ssh_login_obj = SSHLogin() mock_time.time.return_value = 2 self.ssh_login_obj.update_username_dict('ubnt', '179.39.2.133', 'Jun 1', 1) self.ssh_login_obj.THRESHOLD = -10 # Set THRESHOLD to negative to trigger alarm self.ssh_login_obj.check_ssh_bruteforce() mock_log.assert_called_with('Possible SSH brute force detected for the user: ubnt from: 179.39.2.133 on: Jun 1', logtype='warning') mck_wmip.assert_called_with("179.39.2.133")