def setUp(self): """Call before every test case.""" self.filter = AIFilter(None) self.filter.setActive(True)
class GetFailures(unittest.TestCase): FILENAME_ATS = "testcases/files/testcase-ats.log" FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" FILENAME_USEDNS = "testcases/files/testcase-usedns.log" FAIL_MODEL_FILENAME = "testcases/files/filter.d/ats-ddos-model.conf" # so that they could be reused by other tests FAILURES_01 = ('193.168.0.128', 3, 1124013599.0, [ 'Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n' ] * 3) def setUp(self): """Call before every test case.""" self.filter = AIFilter(None) self.filter.setActive(True) # TODO Test this #self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def readFailModel(self): #read the test model model_file = open(self.FAIL_MODEL_FILENAME) #read the failmodel attribiute fail_model = None for cur_line in model_file: if ("=" in cur_line) and (cur_line[:cur_line.index("=")].strip() == "failmodel"): fail_model = cur_line[cur_line.index("=") + 1:].strip() break return fail_model def testGetFailures01(self): self.filter.addLogPath(GetFailures.FILENAME_01) self.filter.addFailRegex( "(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>" ) self.filter.getFailures(GetFailures.FILENAME_01) _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0, [ 'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n' % m for m in 53, 54, 57, 58 ]) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.filter.addLogPath(GetFailures.FILENAME_03) self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") self.filter.getFailures(GetFailures.FILENAME_03) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.filter.addLogPath(GetFailures.FILENAME_04) self.filter.addFailRegex("Invalid user .* <HOST>") self.filter.getFailures(GetFailures.FILENAME_04) try: for i, out in enumerate(output): _assert_correct_last_attempt(self, self.filter, out) except FailManagerEmpty: pass def testGetFailuresUseDNS(self): # We should still catch failures with usedns = no ;-) output_yes = ('192.0.43.10', 2, 1124013539.0, [ 'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n', 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n' ]) output_no = ('192.0.43.10', 1, 1124013539.0, [ 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n' ]) # Actually no exception would be raised -- it will be just set to 'no' #self.assertRaises(ValueError, # FileFilter, None, useDns='wrong_value_for_useDns') for useDns, output in (('yes', output_yes), ('no', output_no), ('warn', output_yes)): filter_ = FileFilter(None, useDns=useDns) filter_.setActive(True) filter_.failManager.setMaxRetry( 1) # we might have just few failures filter_.addLogPath(GetFailures.FILENAME_USEDNS) filter_.addFailRegex("Failed .* from <HOST>") filter_.getFailures(GetFailures.FILENAME_USEDNS) _assert_correct_last_attempt(self, filter_, output) def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailuresFailModel(self): output = "" self.filter.addLogPath(GetFailures.FILENAME_ATS) self.filter.addFailModel(self.readFailModel()) self.filter.getFailures(GetFailures.FILENAME_ATS) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.addIgnoreRegex("for roehl") self.filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
class GetFailures(unittest.TestCase): FILENAME_ATS = "testcases/files/testcase-ats.log" FILENAME_01 = "testcases/files/testcase01.log" FILENAME_02 = "testcases/files/testcase02.log" FILENAME_03 = "testcases/files/testcase03.log" FILENAME_04 = "testcases/files/testcase04.log" FILENAME_USEDNS = "testcases/files/testcase-usedns.log" FAIL_MODEL_FILENAME = "testcases/files/filter.d/ats-ddos-model.conf" # so that they could be reused by other tests FAILURES_01 = ('193.168.0.128', 3, 1124013599.0, ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n']*3) def setUp(self): """Call before every test case.""" self.filter = AIFilter(None) self.filter.setActive(True) # TODO Test this #self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") #self.filter.setTimePattern("%b %d %H:%M:%S") def tearDown(self): """Call after every test case.""" def readFailModel(self): #read the test model model_file = open(self.FAIL_MODEL_FILENAME) #read the failmodel attribiute fail_model = None for cur_line in model_file: if ("=" in cur_line) and (cur_line[:cur_line.index("=")].strip()=="failmodel"): fail_model = cur_line[cur_line.index("=")+1:].strip() break return fail_model def testGetFailures01(self): self.filter.addLogPath(GetFailures.FILENAME_01) self.filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>") self.filter.getFailures(GetFailures.FILENAME_01) _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01) def testGetFailures02(self): output = ('141.3.81.106', 4, 1124013539.0, ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n' % m for m in 53, 54, 57, 58]) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures03(self): output = ('203.162.223.135', 6, 1124013544.0) self.filter.addLogPath(GetFailures.FILENAME_03) self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") self.filter.getFailures(GetFailures.FILENAME_03) _assert_correct_last_attempt(self, self.filter, output) def testGetFailures04(self): output = [('212.41.96.186', 4, 1124013600.0), ('212.41.96.185', 4, 1124013598.0)] self.filter.addLogPath(GetFailures.FILENAME_04) self.filter.addFailRegex("Invalid user .* <HOST>") self.filter.getFailures(GetFailures.FILENAME_04) try: for i, out in enumerate(output): _assert_correct_last_attempt(self, self.filter, out) except FailManagerEmpty: pass def testGetFailuresUseDNS(self): # We should still catch failures with usedns = no ;-) output_yes = ('192.0.43.10', 2, 1124013539.0, ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n', 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n']) output_no = ('192.0.43.10', 1, 1124013539.0, ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n']) # Actually no exception would be raised -- it will be just set to 'no' #self.assertRaises(ValueError, # FileFilter, None, useDns='wrong_value_for_useDns') for useDns, output in (('yes', output_yes), ('no', output_no), ('warn', output_yes)): filter_ = FileFilter(None, useDns=useDns) filter_.setActive(True) filter_.failManager.setMaxRetry(1) # we might have just few failures filter_.addLogPath(GetFailures.FILENAME_USEDNS) filter_.addFailRegex("Failed .* from <HOST>") filter_.getFailures(GetFailures.FILENAME_USEDNS) _assert_correct_last_attempt(self, filter_, output) def testGetFailuresMultiRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.getFailures(GetFailures.FILENAME_02) _assert_correct_last_attempt(self, self.filter, output) def testGetFailuresFailModel(self): output = "" self.filter.addLogPath(GetFailures.FILENAME_ATS) self.filter.addFailModel(self.readFailModel()) self.filter.getFailures(GetFailures.FILENAME_ATS) def testGetFailuresIgnoreRegex(self): output = ('141.3.81.106', 8, 1124013541.0) self.filter.addLogPath(GetFailures.FILENAME_02) self.filter.addFailRegex("Failed .* from <HOST>") self.filter.addFailRegex("Accepted .* from <HOST>") self.filter.addIgnoreRegex("for roehl") self.filter.getFailures(GetFailures.FILENAME_02) self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)