def testGetFailuresUseDNS(self): # We should still catch failures with usedns = no ;-) output_yes = ('192.0.43.10', 2, 1124013539.0, [ 'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n', 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n' ]) output_no = ('192.0.43.10', 1, 1124013539.0, [ 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n' ]) # Actually no exception would be raised -- it will be just set to 'no' #self.assertRaises(ValueError, # FileFilter, None, useDns='wrong_value_for_useDns') for useDns, output in (('yes', output_yes), ('no', output_no), ('warn', output_yes)): filter_ = FileFilter(None, useDns=useDns) filter_.setActive(True) filter_.failManager.setMaxRetry( 1) # we might have just few failures filter_.addLogPath(GetFailures.FILENAME_USEDNS) filter_.addFailRegex("Failed .* from <HOST>") filter_.getFailures(GetFailures.FILENAME_USEDNS) _assert_correct_last_attempt(self, filter_, output)
def testGetFailuresUseDNS(self): # We should still catch failures with usedns = no ;-) output_yes = ( "192.0.43.10", 2, 1124013539.0, [ "Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n", "Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n", ], ) output_no = ( "192.0.43.10", 1, 1124013539.0, [ "Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n" ], ) # Actually no exception would be raised -- it will be just set to 'no' # self.assertRaises(ValueError, # FileFilter, None, useDns='wrong_value_for_useDns') for useDns, output in (("yes", output_yes), ("no", output_no), ("warn", output_yes)): filter_ = FileFilter(None, useDns=useDns) filter_.setActive(True) filter_.failManager.setMaxRetry(1) # we might have just few failures filter_.addLogPath(GetFailures.FILENAME_USEDNS) filter_.addFailRegex("Failed .* from <HOST>") filter_.getFailures(GetFailures.FILENAME_USEDNS) _assert_correct_last_attempt(self, filter_, output)
class GetFailures(unittest.TestCase): FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" def setUp(self): """Call before every test case.""" self.__filter = FileFilter(None) self.__filter.setActive(True) # TODO Test this #self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.__filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def testGetFailures01(self): output = ('193.168.0.128', 3, 1124013599.0) self.__filter.addLogPath(GetFailures.FILENAME_01, False) self.__filter.addFailRegex("<TIME> <PREFIX> (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>") self.__filter.getFailures(GetFailures.FILENAME_01) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0) self.__filter.addLogPath(GetFailures.FILENAME_02, False) self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* (?:::f{4,6}:)(?P<host>\S*)") self.__filter.getFailures(GetFailures.FILENAME_02) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.__filter.addLogPath(GetFailures.FILENAME_03, False) self.__filter.addFailRegex("<TIME> <PREFIX> error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown") self.__filter.getFailures(GetFailures.FILENAME_03) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.__filter.addLogPath(GetFailures.FILENAME_04, False) self.__filter.addFailRegex("<TIME> <PREFIX> Invalid user .* (?P<host>\S*)") self.__filter.getFailures(GetFailures.FILENAME_04) try: for i in range(2): ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output[i]) except FailManagerEmpty: pass def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02, False) self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* from <HOST>") self.__filter.addFailRegex("<TIME> <PREFIX> Accepted .* from <HOST>") self.__filter.getFailures(GetFailures.FILENAME_02) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02, False) self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* from <HOST>") self.__filter.addFailRegex("<TIME> <PREFIX> Accepted .* from <HOST>") self.__filter.addIgnoreRegex(".* for roehl") self.__filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
def setUp(self): """Call before every test case.""" self.__filter = FileFilter(None) self.__filter.setActive(True)
class GetFailures(unittest.TestCase): FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" def setUp(self): """Call before every test case.""" self.__filter = FileFilter(None) self.__filter.setActive(True) # TODO Test this #self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.__filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def _assertEqualEntries(self, found, output): """Little helper to unify comparisons with the target entries and report helpful failure reports instead of millions of seconds ;) """ self.assertEqual(found[:2], output[:2]) found_time, output_time = \ time.localtime(found[2]),\ time.localtime(output[2]) self.assertEqual(found_time, output_time) if len(found) > 3: # match matches self.assertEqual(found[3], output[3]) def testGetFailures01(self): output = ('193.168.0.128', 3, 1124013599.0, [ 'Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n' ] * 3) self.__filter.addLogPath(GetFailures.FILENAME_01) self.__filter.addFailRegex( "(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>" ) self.__filter.getFailures(GetFailures.FILENAME_01) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() matches = ticket.getMatches() found = (ip, attempts, date, matches) self._assertEqualEntries(found, output) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0, [ 'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n' % m for m in 53, 54, 57, 58 ]) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.getFailures(GetFailures.FILENAME_02) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() matches = ticket.getMatches() found = (ip, attempts, date, matches) self._assertEqualEntries(found, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.__filter.addLogPath(GetFailures.FILENAME_03) self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") self.__filter.getFailures(GetFailures.FILENAME_03) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self._assertEqualEntries(found, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.__filter.addLogPath(GetFailures.FILENAME_04) self.__filter.addFailRegex("Invalid user .* <HOST>") self.__filter.getFailures(GetFailures.FILENAME_04) try: for i in range(2): ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output[i]) except FailManagerEmpty: pass def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.addFailRegex("Accepted .* from <HOST>") self.__filter.getFailures(GetFailures.FILENAME_02) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self._assertEqualEntries(found, output) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.addFailRegex("Accepted .* from <HOST>") self.__filter.addIgnoreRegex("for roehl") self.__filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
def setUp(self): """Call before every test case.""" self.__filter = FileFilter(None)
class IgnoreIP(unittest.TestCase): def setUp(self): """Call before every test case.""" self.__filter = FileFilter(None) def tearDown(self): """Call after every test case.""" def testIgnoreIPOK(self): ipList = "127.0.0.1", "192.168.0.1", "255.255.255.255", "99.99.99.99" for ip in ipList: self.__filter.addIgnoreIP(ip) self.assertTrue(self.__filter.inIgnoreIPList(ip)) # Test DNS self.__filter.addIgnoreIP("www.epfl.ch") self.assertTrue(self.__filter.inIgnoreIPList("128.178.50.12")) def testIgnoreIPNOK(self): ipList = "", "999.999.999.999", "abcdef", "192.168.0." for ip in ipList: self.__filter.addIgnoreIP(ip) self.assertFalse(self.__filter.inIgnoreIPList(ip)) # Test DNS self.__filter.addIgnoreIP("www.epfl.ch") self.assertFalse(self.__filter.inIgnoreIPList("127.177.50.10"))
class GetFailures(unittest.TestCase): FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" FILENAME_USEDNS = "testcases/files/testcase-usedns.log" # so that they could be reused by other tests FAILURES_01 = ('193.168.0.128', 3, 1124013599.0, ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n']*3) def setUp(self): """Call before every test case.""" self.filter = FileFilter(None) self.filter.setActive(True) # TODO Test this #self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def testGetFailures01(self): self.filter.addLogPath(GetFailures.FILENAME_01) self.filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>") self.filter.getFailures(GetFailures.FILENAME_01) _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0, ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n' % m for m in 53, 54, 57, 58]) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.filter.addLogPath(GetFailures.FILENAME_03) self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") self.filter.getFailures(GetFailures.FILENAME_03) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.filter.addLogPath(GetFailures.FILENAME_04) self.filter.addFailRegex("Invalid user .* <HOST>") self.filter.getFailures(GetFailures.FILENAME_04) try: for i, out in enumerate(output): _assert_correct_last_attempt(self, self.filter, out) except FailManagerEmpty: pass def testGetFailuresUseDNS(self): # We should still catch failures with usedns = no ;-) output_yes = ('192.0.43.10', 2, 1124013539.0, ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n', 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n']) output_no = ('192.0.43.10', 1, 1124013539.0, ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n']) # Actually no exception would be raised -- it will be just set to 'no' #self.assertRaises(ValueError, # FileFilter, None, useDns='wrong_value_for_useDns') for useDns, output in (('yes', output_yes), ('no', output_no), ('warn', output_yes)): filter_ = FileFilter(None, useDns=useDns) filter_.setActive(True) filter_.failManager.setMaxRetry(1) # we might have just few failures filter_.addLogPath(GetFailures.FILENAME_USEDNS) filter_.addFailRegex("Failed .* from <HOST>") filter_.getFailures(GetFailures.FILENAME_USEDNS) _assert_correct_last_attempt(self, filter_, output) def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.addIgnoreRegex("for roehl") self.filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
class GetFailures(unittest.TestCase): FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" def setUp(self): """Call before every test case.""" self.__filter = FileFilter(None) self.__filter.setActive(True) # TODO Test this #self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.__filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def _assertEqualEntries(self, found, output): """Little helper to unify comparisons with the target entries and report helpful failure reports instead of millions of seconds ;) """ self.assertEqual(found[:2], output[:2]) found_time, output_time = \ time.localtime(found[2]),\ time.localtime(output[2]) self.assertEqual(found_time, output_time) def testGetFailures01(self): output = ('193.168.0.128', 3, 1124013599.0) self.__filter.addLogPath(GetFailures.FILENAME_01) self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>") self.__filter.getFailures(GetFailures.FILENAME_01) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self._assertEqualEntries(found, output) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.getFailures(GetFailures.FILENAME_02) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self._assertEqualEntries(found, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.__filter.addLogPath(GetFailures.FILENAME_03) self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") self.__filter.getFailures(GetFailures.FILENAME_03) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self._assertEqualEntries(found, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.__filter.addLogPath(GetFailures.FILENAME_04) self.__filter.addFailRegex("Invalid user .* <HOST>") self.__filter.getFailures(GetFailures.FILENAME_04) try: for i in range(2): ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output[i]) except FailManagerEmpty: pass def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.addFailRegex("Accepted .* from <HOST>") self.__filter.getFailures(GetFailures.FILENAME_02) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self._assertEqualEntries(found, output) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.addFailRegex("Accepted .* from <HOST>") self.__filter.addIgnoreRegex("for roehl") self.__filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
def setUp(self): """Call before every test case.""" LogCaptureTestCase.setUp(self) self.jail = DummyJail() self.filter = FileFilter(self.jail)
class IgnoreIP(LogCaptureTestCase): def setUp(self): """Call before every test case.""" LogCaptureTestCase.setUp(self) self.jail = DummyJail() self.filter = FileFilter(self.jail) def testIgnoreIPOK(self): ipList = "127.0.0.1", "192.168.0.1", "255.255.255.255", "99.99.99.99" for ip in ipList: self.filter.addIgnoreIP(ip) self.assertTrue(self.filter.inIgnoreIPList(ip)) def testIgnoreIPNOK(self): ipList = "", "999.999.999.999", "abcdef", "192.168.0." for ip in ipList: self.filter.addIgnoreIP(ip) self.assertFalse(self.filter.inIgnoreIPList(ip)) def testIgnoreIPCIDR(self): self.filter.addIgnoreIP('192.168.1.0/25') self.assertTrue(self.filter.inIgnoreIPList('192.168.1.0')) self.assertTrue(self.filter.inIgnoreIPList('192.168.1.1')) self.assertTrue(self.filter.inIgnoreIPList('192.168.1.127')) self.assertFalse(self.filter.inIgnoreIPList('192.168.1.128')) self.assertFalse(self.filter.inIgnoreIPList('192.168.1.255')) self.assertFalse(self.filter.inIgnoreIPList('192.168.0.255')) def testIgnoreInProcessLine(self): self.filter.addIgnoreIP('192.168.1.0/25') self.filter.addFailRegex('<HOST>') self.filter.processLineAndAdd('Thu Jul 11 01:21:43 2013 192.168.1.32') self.assertTrue(self._is_logged('Ignore 192.168.1.32')) def testIgnoreAddBannedIP(self): self.filter.addIgnoreIP('192.168.1.0/25') self.filter.addBannedIP('192.168.1.32') self.assertFalse(self._is_logged('Ignore 192.168.1.32')) self.assertTrue(self._is_logged('Requested to manually ban an ignored IP 192.168.1.32. User knows best. Proceeding to ban it.')) def testIgnoreCommand(self): self.filter.setIgnoreCommand("testcases/files/ignorecommand.py <ip>") self.assertTrue(self.filter.inIgnoreIPList("10.0.0.1")) self.assertFalse(self.filter.inIgnoreIPList("10.0.0.0"))
class GetFailures(unittest.TestCase): FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" FILENAME_USEDNS = "testcases/files/testcase-usedns.log" def setUp(self): """Call before every test case.""" self.__filter = FileFilter(None) self.__filter.setActive(True) # TODO Test this #self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.__filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def _assertEqualEntries(self, found, output): """Little helper to unify comparisons with the target entries and report helpful failure reports instead of millions of seconds ;) """ self.assertEqual(found[:2], output[:2]) found_time, output_time = \ time.localtime(found[2]),\ time.localtime(output[2]) self.assertEqual(found_time, output_time) if len(output) > 3: # match matches self.assertEqual(repr(found[3]), repr(output[3])) def _assertCorrectLastAtempt(self, filter_, output): """Additional helper to wrap most common test case Test filter to contain target ticket """ ticket = filter_.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() matches = ticket.getMatches() found = (ip, attempts, date, matches) self._assertEqualEntries(found, output) def testGetFailures01(self): output = ('193.168.0.128', 3, 1124013599.0, ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n']*3) self.__filter.addLogPath(GetFailures.FILENAME_01) self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>") self.__filter.getFailures(GetFailures.FILENAME_01) self._assertCorrectLastAtempt(self.__filter, output) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0, ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n' % m for m in 53, 54, 57, 58]) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.getFailures(GetFailures.FILENAME_02) self._assertCorrectLastAtempt(self.__filter, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.__filter.addLogPath(GetFailures.FILENAME_03) self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") self.__filter.getFailures(GetFailures.FILENAME_03) self._assertCorrectLastAtempt(self.__filter, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.__filter.addLogPath(GetFailures.FILENAME_04) self.__filter.addFailRegex("Invalid user .* <HOST>") self.__filter.getFailures(GetFailures.FILENAME_04) try: for i, out in enumerate(output): self._assertCorrectLastAtempt(self.__filter, out) except FailManagerEmpty: pass def testGetFailuresUseDNS(self): # We should still catch failures with usedns = no ;-) output_yes = ('192.0.43.10', 2, 1124013539.0, ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n', 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n']) output_no = ('192.0.43.10', 1, 1124013539.0, ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n']) # Actually no exception would be raised -- it will be just set to 'no' #self.assertRaises(ValueError, # FileFilter, None, useDns='wrong_value_for_useDns') for useDns, output in (('yes', output_yes), ('no', output_no), ('warn', output_yes)): filter_ = FileFilter(None, useDns=useDns) filter_.setActive(True) filter_.failManager.setMaxRetry(1) # we might have just few failures filter_.addLogPath(GetFailures.FILENAME_USEDNS) filter_.addFailRegex("Failed .* from <HOST>") filter_.getFailures(GetFailures.FILENAME_USEDNS) self._assertCorrectLastAtempt(filter_, output) def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.addFailRegex("Accepted .* from <HOST>") self.__filter.getFailures(GetFailures.FILENAME_02) self._assertCorrectLastAtempt(self.__filter, output) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02) self.__filter.addFailRegex("Failed .* from <HOST>") self.__filter.addFailRegex("Accepted .* from <HOST>") self.__filter.addIgnoreRegex("for roehl") self.__filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
class IgnoreIP(LogCaptureTestCase): def setUp(self): """Call before every test case.""" LogCaptureTestCase.setUp(self) self.jail = DummyJail() self.filter = FileFilter(self.jail) def testIgnoreIPOK(self): ipList = "127.0.0.1", "192.168.0.1", "255.255.255.255", "99.99.99.99" for ip in ipList: self.filter.addIgnoreIP(ip) self.assertTrue(self.filter.inIgnoreIPList(ip)) def testIgnoreIPNOK(self): ipList = "", "999.999.999.999", "abcdef", "192.168.0." for ip in ipList: self.filter.addIgnoreIP(ip) self.assertFalse(self.filter.inIgnoreIPList(ip)) def testIgnoreIPCIDR(self): self.filter.addIgnoreIP('192.168.1.0/25') self.assertTrue(self.filter.inIgnoreIPList('192.168.1.0')) self.assertTrue(self.filter.inIgnoreIPList('192.168.1.1')) self.assertTrue(self.filter.inIgnoreIPList('192.168.1.127')) self.assertFalse(self.filter.inIgnoreIPList('192.168.1.128')) self.assertFalse(self.filter.inIgnoreIPList('192.168.1.255')) self.assertFalse(self.filter.inIgnoreIPList('192.168.0.255')) def testIgnoreInProcessLine(self): self.filter.addIgnoreIP('192.168.1.0/25') self.filter.addFailRegex('<HOST>') self.filter.processLineAndAdd('Thu Jul 11 01:21:43 2013 192.168.1.32') self.assertTrue(self._is_logged('Ignore 192.168.1.32')) def testIgnoreAddBannedIP(self): self.filter.addIgnoreIP('192.168.1.0/25') self.filter.addBannedIP('192.168.1.32') self.assertFalse(self._is_logged('Ignore 192.168.1.32')) self.assertTrue(self._is_logged('Requested to manually ban an ignored IP 192.168.1.32. User knows best. Proceeding to ban it.'))
class GetFailures(unittest.TestCase): FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" FILENAME_USEDNS = "testcases/files/testcase-usedns.log" # so that they could be reused by other tests FAILURES_01 = ('193.168.0.128', 3, 1124013599.0, [ 'Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n' ] * 3) def setUp(self): """Call before every test case.""" self.filter = FileFilter(None) self.filter.setActive(True) # TODO Test this #self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def testGetFailures01(self): self.filter.addLogPath(GetFailures.FILENAME_01) self.filter.addFailRegex( "(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>" ) self.filter.getFailures(GetFailures.FILENAME_01) _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0, [ 'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n' % m for m in 53, 54, 57, 58 ]) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.filter.addLogPath(GetFailures.FILENAME_03) self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") self.filter.getFailures(GetFailures.FILENAME_03) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.filter.addLogPath(GetFailures.FILENAME_04) self.filter.addFailRegex("Invalid user .* <HOST>") self.filter.getFailures(GetFailures.FILENAME_04) try: for i, out in enumerate(output): _assert_correct_last_attempt(self, self.filter, out) except FailManagerEmpty: pass def testGetFailuresUseDNS(self): # We should still catch failures with usedns = no ;-) output_yes = ('192.0.43.10', 2, 1124013539.0, [ 'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n', 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n' ]) output_no = ('192.0.43.10', 1, 1124013539.0, [ 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n' ]) # Actually no exception would be raised -- it will be just set to 'no' #self.assertRaises(ValueError, # FileFilter, None, useDns='wrong_value_for_useDns') for useDns, output in (('yes', output_yes), ('no', output_no), ('warn', output_yes)): filter_ = FileFilter(None, useDns=useDns) filter_.setActive(True) filter_.failManager.setMaxRetry( 1) # we might have just few failures filter_.addLogPath(GetFailures.FILENAME_USEDNS) filter_.addFailRegex("Failed .* from <HOST>") filter_.getFailures(GetFailures.FILENAME_USEDNS) _assert_correct_last_attempt(self, filter_, output) def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.addIgnoreRegex("for roehl") self.filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
class IgnoreIP(unittest.TestCase): def setUp(self): """Call before every test case.""" self.filter = FileFilter(None) def tearDown(self): """Call after every test case.""" def testIgnoreIPOK(self): ipList = "127.0.0.1", "192.168.0.1", "255.255.255.255", "99.99.99.99" for ip in ipList: self.filter.addIgnoreIP(ip) self.assertTrue(self.filter.inIgnoreIPList(ip)) # Test DNS self.filter.addIgnoreIP("www.epfl.ch") self.assertTrue(self.filter.inIgnoreIPList("128.178.50.12")) def testIgnoreIPNOK(self): ipList = "", "999.999.999.999", "abcdef", "192.168.0." for ip in ipList: self.filter.addIgnoreIP(ip) self.assertFalse(self.filter.inIgnoreIPList(ip)) # Test DNS self.filter.addIgnoreIP("www.epfl.ch") self.assertFalse(self.filter.inIgnoreIPList("127.177.50.10"))
def setUp(self): """Call before every test case.""" self.filter = FileFilter(None)
class GetFailures(unittest.TestCase): FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" FILENAME_USEDNS = "testcases/files/testcase-usedns.log" # so that they could be reused by other tests FAILURES_01 = ('193.168.0.128', 3, 1124013599.0, ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n']*3) def setUp(self): """Call before every test case.""" self.filter = FileFilter(None) self.filter.setActive(True) # TODO Test this #self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def testGetFailures01(self, filename=None, failures=None): filename = filename or GetFailures.FILENAME_01 failures = failures or GetFailures.FAILURES_01 self.filter.addLogPath(filename) self.filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>$") self.filter.getFailures(filename) _assert_correct_last_attempt(self, self.filter, failures) def testCRLFFailures01(self): # We first adjust logfile/failures to end with CR+LF fname = tempfile.mktemp(prefix='tmp_fail2ban', suffix='crlf') # poor man unix2dos: fin, fout = open(GetFailures.FILENAME_01), open(fname, 'w') for l in fin.readlines(): fout.write('%s\r\n' % l.rstrip('\n')) fin.close() fout.close() # now see if we should be getting the "same" failures self.testGetFailures01(filename=fname, failures=GetFailures.FAILURES_01[:3] + ([x.rstrip('\n') + '\r\n' for x in GetFailures.FAILURES_01[-1]],)) _killfile(fout, fname) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0, ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n' % m for m in 53, 54, 57, 58]) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.filter.addLogPath(GetFailures.FILENAME_03) self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") self.filter.getFailures(GetFailures.FILENAME_03) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.filter.addLogPath(GetFailures.FILENAME_04) self.filter.addFailRegex("Invalid user .* <HOST>") self.filter.getFailures(GetFailures.FILENAME_04) try: for i, out in enumerate(output): _assert_correct_last_attempt(self, self.filter, out) except FailManagerEmpty: pass def testGetFailuresUseDNS(self): # We should still catch failures with usedns = no ;-) output_yes = ('93.184.216.119', 2, 1124013539.0, ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n', 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.119 port 51332 ssh2\n']) output_no = ('93.184.216.119', 1, 1124013539.0, ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.119 port 51332 ssh2\n']) # Actually no exception would be raised -- it will be just set to 'no' #self.assertRaises(ValueError, # FileFilter, None, useDns='wrong_value_for_useDns') for useDns, output in (('yes', output_yes), ('no', output_no), ('warn', output_yes)): filter_ = FileFilter(None, useDns=useDns) filter_.setActive(True) filter_.failManager.setMaxRetry(1) # we might have just few failures filter_.addLogPath(GetFailures.FILENAME_USEDNS) filter_.addFailRegex("Failed .* from <HOST>") filter_.getFailures(GetFailures.FILENAME_USEDNS) _assert_correct_last_attempt(self, filter_, output) def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.addIgnoreRegex("for roehl") self.filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
def setUp(self): """Call before every test case.""" self.filter = FileFilter(None) self.filter.setActive(True)
class GetFailures(unittest.TestCase): FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" def setUp(self): """Call before every test case.""" self.__filter = FileFilter(None) self.__filter.setActive(True) # TODO Test this #self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.__filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def testGetFailures01(self): output = ('193.168.0.128', 3, 1124013599.0) self.__filter.addLogPath(GetFailures.FILENAME_01, False) self.__filter.addFailRegex( "<TIME> <PREFIX> (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>" ) self.__filter.getFailures(GetFailures.FILENAME_01) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0) self.__filter.addLogPath(GetFailures.FILENAME_02, False) self.__filter.addFailRegex( "<TIME> <PREFIX> Failed .* (?:::f{4,6}:)(?P<host>\S*)") self.__filter.getFailures(GetFailures.FILENAME_02) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.__filter.addLogPath(GetFailures.FILENAME_03, False) self.__filter.addFailRegex( "<TIME> <PREFIX> error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown" ) self.__filter.getFailures(GetFailures.FILENAME_03) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.__filter.addLogPath(GetFailures.FILENAME_04, False) self.__filter.addFailRegex( "<TIME> <PREFIX> Invalid user .* (?P<host>\S*)") self.__filter.getFailures(GetFailures.FILENAME_04) try: for i in range(2): ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output[i]) except FailManagerEmpty: pass def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02, False) self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* from <HOST>") self.__filter.addFailRegex("<TIME> <PREFIX> Accepted .* from <HOST>") self.__filter.getFailures(GetFailures.FILENAME_02) ticket = self.__filter.failManager.toBan() attempts = ticket.getAttempt() date = ticket.getTime() ip = ticket.getIP() found = (ip, attempts, date) self.assertEqual(found, output) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.__filter.addLogPath(GetFailures.FILENAME_02, False) self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* from <HOST>") self.__filter.addFailRegex("<TIME> <PREFIX> Accepted .* from <HOST>") self.__filter.addIgnoreRegex(".* for roehl") self.__filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)