Exemplo n.º 1
0
    def testGetFailuresUseDNS(self):
        # We should still catch failures with usedns = no ;-)
        output_yes = (
            "192.0.43.10",
            2,
            1124013539.0,
            [
                "Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n",
                "Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n",
            ],
        )

        output_no = (
            "192.0.43.10",
            1,
            1124013539.0,
            [
                "Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n"
            ],
        )

        # Actually no exception would be raised -- it will be just set to 'no'
        # self.assertRaises(ValueError,
        # 				  FileFilter, None, useDns='wrong_value_for_useDns')

        for useDns, output in (("yes", output_yes), ("no", output_no), ("warn", output_yes)):
            filter_ = FileFilter(None, useDns=useDns)
            filter_.setActive(True)
            filter_.failManager.setMaxRetry(1)  # we might have just few failures

            filter_.addLogPath(GetFailures.FILENAME_USEDNS)
            filter_.addFailRegex("Failed .* from <HOST>")
            filter_.getFailures(GetFailures.FILENAME_USEDNS)
            _assert_correct_last_attempt(self, filter_, output)
Exemplo n.º 2
0
    def testGetFailuresUseDNS(self):
        # We should still catch failures with usedns = no ;-)
        output_yes = ('192.0.43.10', 2, 1124013539.0, [
            'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n',
            'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'
        ])

        output_no = ('192.0.43.10', 1, 1124013539.0, [
            'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'
        ])

        # Actually no exception would be raised -- it will be just set to 'no'
        #self.assertRaises(ValueError,
        #				  FileFilter, None, useDns='wrong_value_for_useDns')

        for useDns, output in (('yes', output_yes), ('no', output_no),
                               ('warn', output_yes)):
            filter_ = FileFilter(None, useDns=useDns)
            filter_.setActive(True)
            filter_.failManager.setMaxRetry(
                1)  # we might have just few failures

            filter_.addLogPath(GetFailures.FILENAME_USEDNS)
            filter_.addFailRegex("Failed .* from <HOST>")
            filter_.getFailures(GetFailures.FILENAME_USEDNS)
            _assert_correct_last_attempt(self, filter_, output)
Exemplo n.º 3
0
class GetFailures(unittest.TestCase):

	FILENAME_01 = "testcases/files/testcase01.log"
	FILENAME_02 = "testcases/files/testcase02.log"
	FILENAME_03 = "testcases/files/testcase03.log"
	FILENAME_04 = "testcases/files/testcase04.log"
	FILENAME_USEDNS = "testcases/files/testcase-usedns.log"

	# so that they could be reused by other tests
	FAILURES_01 = ('193.168.0.128', 3, 1124013599.0,
				  ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n']*3)

	def setUp(self):
		"""Call before every test case."""
		self.filter = FileFilter(None)
		self.filter.setActive(True)
		# TODO Test this
		#self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
		#self.filter.setTimePattern("%b %d %H:%M:%S")

	def tearDown(self):
		"""Call after every test case."""



	def testGetFailures01(self):
		self.filter.addLogPath(GetFailures.FILENAME_01)
		self.filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
		self.filter.getFailures(GetFailures.FILENAME_01)
		_assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01)


	def testGetFailures02(self):
		output = ('141.3.81.106', 4, 1124013539.0,
				  ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n'
				   % m for m in 53, 54, 57, 58])

		self.filter.addLogPath(GetFailures.FILENAME_02)
		self.filter.addFailRegex("Failed .* from <HOST>")
		self.filter.getFailures(GetFailures.FILENAME_02)
		_assert_correct_last_attempt(self, self.filter, output)

	def testGetFailures03(self):
		output = ('203.162.223.135', 6, 1124013544.0)

		self.filter.addLogPath(GetFailures.FILENAME_03)
		self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
		self.filter.getFailures(GetFailures.FILENAME_03)
		_assert_correct_last_attempt(self, self.filter, output)

	def testGetFailures04(self):
		output = [('212.41.96.186', 4, 1124013600.0),
				  ('212.41.96.185', 4, 1124013598.0)]

		self.filter.addLogPath(GetFailures.FILENAME_04)
		self.filter.addFailRegex("Invalid user .* <HOST>")
		self.filter.getFailures(GetFailures.FILENAME_04)

		try:
			for i, out in enumerate(output):
				_assert_correct_last_attempt(self, self.filter, out)
		except FailManagerEmpty:
			pass

	def testGetFailuresUseDNS(self):
		# We should still catch failures with usedns = no ;-)
		output_yes = ('192.0.43.10', 2, 1124013539.0,
					  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n',
					   'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'])

		output_no = ('192.0.43.10', 1, 1124013539.0,
					  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'])

		# Actually no exception would be raised -- it will be just set to 'no'
		#self.assertRaises(ValueError,
		#				  FileFilter, None, useDns='wrong_value_for_useDns')

		for useDns, output in (('yes',  output_yes),
							   ('no',   output_no),
							   ('warn', output_yes)):
			filter_ = FileFilter(None, useDns=useDns)
			filter_.setActive(True)
			filter_.failManager.setMaxRetry(1)	# we might have just few failures

			filter_.addLogPath(GetFailures.FILENAME_USEDNS)
			filter_.addFailRegex("Failed .* from <HOST>")
			filter_.getFailures(GetFailures.FILENAME_USEDNS)
			_assert_correct_last_attempt(self, filter_, output)



	def testGetFailuresMultiRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.filter.addLogPath(GetFailures.FILENAME_02)
		self.filter.addFailRegex("Failed .* from <HOST>")
		self.filter.addFailRegex("Accepted .* from <HOST>")
		self.filter.getFailures(GetFailures.FILENAME_02)
		_assert_correct_last_attempt(self, self.filter, output)

	def testGetFailuresIgnoreRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.filter.addLogPath(GetFailures.FILENAME_02)
		self.filter.addFailRegex("Failed .* from <HOST>")
		self.filter.addFailRegex("Accepted .* from <HOST>")
		self.filter.addIgnoreRegex("for roehl")

		self.filter.getFailures(GetFailures.FILENAME_02)

		self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
Exemplo n.º 4
0
class GetFailures(unittest.TestCase):

	FILENAME_01 = "testcases/files/testcase01.log"
	FILENAME_02 = "testcases/files/testcase02.log"
	FILENAME_03 = "testcases/files/testcase03.log"
	FILENAME_04 = "testcases/files/testcase04.log"

	def setUp(self):
		"""Call before every test case."""
		self.__filter = FileFilter(None)
		self.__filter.setActive(True)
		# TODO Test this
		#self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
		#self.__filter.setTimePattern("%b %d %H:%M:%S")

	def tearDown(self):
		"""Call after every test case."""
		
	def testGetFailures01(self):
		output = ('193.168.0.128', 3, 1124013599.0)
		
		self.__filter.addLogPath(GetFailures.FILENAME_01, False)
		self.__filter.addFailRegex("<TIME> <PREFIX> (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")

		self.__filter.getFailures(GetFailures.FILENAME_01)
		
		ticket = self.__filter.failManager.toBan()

		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		found = (ip, attempts, date)
		
		self.assertEqual(found, output)
	
	def testGetFailures02(self):
		output = ('141.3.81.106', 4, 1124013539.0)

		self.__filter.addLogPath(GetFailures.FILENAME_02, False)
		self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* (?:::f{4,6}:)(?P<host>\S*)")
		
		self.__filter.getFailures(GetFailures.FILENAME_02)
		
		ticket = self.__filter.failManager.toBan()

		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		found = (ip, attempts, date)
		
		self.assertEqual(found, output)

	def testGetFailures03(self):
		output = ('203.162.223.135', 6, 1124013544.0)

		self.__filter.addLogPath(GetFailures.FILENAME_03, False)
		self.__filter.addFailRegex("<TIME> <PREFIX> error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
		
		self.__filter.getFailures(GetFailures.FILENAME_03)
		
		ticket = self.__filter.failManager.toBan()
		
		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		found = (ip, attempts, date)
		
		self.assertEqual(found, output)	

	def testGetFailures04(self):
		output = [('212.41.96.186', 4, 1124013600.0),
				  ('212.41.96.185', 4, 1124013598.0)]

		self.__filter.addLogPath(GetFailures.FILENAME_04, False)
		self.__filter.addFailRegex("<TIME> <PREFIX> Invalid user .* (?P<host>\S*)")
		
		self.__filter.getFailures(GetFailures.FILENAME_04)

		try:
			for i in range(2):
				ticket = self.__filter.failManager.toBan()		
				attempts = ticket.getAttempt()
				date = ticket.getTime()
				ip = ticket.getIP()
				found = (ip, attempts, date)
				self.assertEqual(found, output[i])
		except FailManagerEmpty:
			pass
		
	def testGetFailuresMultiRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.__filter.addLogPath(GetFailures.FILENAME_02, False)
		self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* from <HOST>")
		self.__filter.addFailRegex("<TIME> <PREFIX> Accepted .* from <HOST>")
		
		self.__filter.getFailures(GetFailures.FILENAME_02)
		
		ticket = self.__filter.failManager.toBan()

		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		found = (ip, attempts, date)
		
		self.assertEqual(found, output)
	
	def testGetFailuresIgnoreRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.__filter.addLogPath(GetFailures.FILENAME_02, False)
		self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* from <HOST>")
		self.__filter.addFailRegex("<TIME> <PREFIX> Accepted .* from <HOST>")
		self.__filter.addIgnoreRegex(".* for roehl")
		
		self.__filter.getFailures(GetFailures.FILENAME_02)
		
		self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
Exemplo n.º 5
0
class GetFailures(unittest.TestCase):

    FILENAME_01 = "testcases/files/testcase01.log"
    FILENAME_02 = "testcases/files/testcase02.log"
    FILENAME_03 = "testcases/files/testcase03.log"
    FILENAME_04 = "testcases/files/testcase04.log"

    def setUp(self):
        """Call before every test case."""
        self.__filter = FileFilter(None)
        self.__filter.setActive(True)
        # TODO Test this
        #self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
        #self.__filter.setTimePattern("%b %d %H:%M:%S")

    def tearDown(self):
        """Call after every test case."""

    def _assertEqualEntries(self, found, output):
        """Little helper to unify comparisons with the target entries

		and report helpful failure reports instead of millions of seconds ;)
		"""
        self.assertEqual(found[:2], output[:2])
        found_time, output_time = \
           time.localtime(found[2]),\
           time.localtime(output[2])
        self.assertEqual(found_time, output_time)
        if len(found) > 3:  # match matches
            self.assertEqual(found[3], output[3])

    def testGetFailures01(self):
        output = ('193.168.0.128', 3, 1124013599.0, [
            'Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n'
        ] * 3)

        self.__filter.addLogPath(GetFailures.FILENAME_01)
        self.__filter.addFailRegex(
            "(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>"
        )

        self.__filter.getFailures(GetFailures.FILENAME_01)

        ticket = self.__filter.failManager.toBan()

        attempts = ticket.getAttempt()
        date = ticket.getTime()
        ip = ticket.getIP()
        matches = ticket.getMatches()
        found = (ip, attempts, date, matches)

        self._assertEqualEntries(found, output)

    def testGetFailures02(self):
        output = ('141.3.81.106', 4, 1124013539.0, [
            'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n'
            % m for m in 53, 54, 57, 58
        ])

        self.__filter.addLogPath(GetFailures.FILENAME_02)
        self.__filter.addFailRegex("Failed .* from <HOST>")

        self.__filter.getFailures(GetFailures.FILENAME_02)

        ticket = self.__filter.failManager.toBan()

        attempts = ticket.getAttempt()
        date = ticket.getTime()
        ip = ticket.getIP()
        matches = ticket.getMatches()
        found = (ip, attempts, date, matches)

        self._assertEqualEntries(found, output)

    def testGetFailures03(self):
        output = ('203.162.223.135', 6, 1124013544.0)

        self.__filter.addLogPath(GetFailures.FILENAME_03)
        self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")

        self.__filter.getFailures(GetFailures.FILENAME_03)

        ticket = self.__filter.failManager.toBan()

        attempts = ticket.getAttempt()
        date = ticket.getTime()
        ip = ticket.getIP()
        found = (ip, attempts, date)

        self._assertEqualEntries(found, output)

    def testGetFailures04(self):
        output = [('212.41.96.186', 4, 1124013600.0),
                  ('212.41.96.185', 4, 1124013598.0)]

        self.__filter.addLogPath(GetFailures.FILENAME_04)
        self.__filter.addFailRegex("Invalid user .* <HOST>")

        self.__filter.getFailures(GetFailures.FILENAME_04)

        try:
            for i in range(2):
                ticket = self.__filter.failManager.toBan()
                attempts = ticket.getAttempt()
                date = ticket.getTime()
                ip = ticket.getIP()
                found = (ip, attempts, date)
                self.assertEqual(found, output[i])
        except FailManagerEmpty:
            pass

    def testGetFailuresMultiRegex(self):
        output = ('141.3.81.106', 8, 1124013541.0)

        self.__filter.addLogPath(GetFailures.FILENAME_02)
        self.__filter.addFailRegex("Failed .* from <HOST>")
        self.__filter.addFailRegex("Accepted .* from <HOST>")

        self.__filter.getFailures(GetFailures.FILENAME_02)

        ticket = self.__filter.failManager.toBan()

        attempts = ticket.getAttempt()
        date = ticket.getTime()
        ip = ticket.getIP()
        found = (ip, attempts, date)

        self._assertEqualEntries(found, output)

    def testGetFailuresIgnoreRegex(self):
        output = ('141.3.81.106', 8, 1124013541.0)

        self.__filter.addLogPath(GetFailures.FILENAME_02)
        self.__filter.addFailRegex("Failed .* from <HOST>")
        self.__filter.addFailRegex("Accepted .* from <HOST>")
        self.__filter.addIgnoreRegex("for roehl")

        self.__filter.getFailures(GetFailures.FILENAME_02)

        self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
Exemplo n.º 6
0
class GetFailures(unittest.TestCase):

	FILENAME_01 = "testcases/files/testcase01.log"
	FILENAME_02 = "testcases/files/testcase02.log"
	FILENAME_03 = "testcases/files/testcase03.log"
	FILENAME_04 = "testcases/files/testcase04.log"
	FILENAME_USEDNS = "testcases/files/testcase-usedns.log"

	# so that they could be reused by other tests
	FAILURES_01 = ('193.168.0.128', 3, 1124013599.0,
				  ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n']*3)

	def setUp(self):
		"""Call before every test case."""
		self.filter = FileFilter(None)
		self.filter.setActive(True)
		# TODO Test this
		#self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
		#self.filter.setTimePattern("%b %d %H:%M:%S")

	def tearDown(self):
		"""Call after every test case."""



	def testGetFailures01(self, filename=None, failures=None):
		filename = filename or GetFailures.FILENAME_01
		failures = failures or GetFailures.FAILURES_01

		self.filter.addLogPath(filename)
		self.filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>$")
		self.filter.getFailures(filename)
		_assert_correct_last_attempt(self, self.filter,  failures)

	def testCRLFFailures01(self):
		# We first adjust logfile/failures to end with CR+LF
		fname = tempfile.mktemp(prefix='tmp_fail2ban', suffix='crlf')
		# poor man unix2dos:
		fin, fout = open(GetFailures.FILENAME_01), open(fname, 'w')
		for l in fin.readlines():
			fout.write('%s\r\n' % l.rstrip('\n'))
		fin.close()
		fout.close()

		# now see if we should be getting the "same" failures
		self.testGetFailures01(filename=fname,
							   failures=GetFailures.FAILURES_01[:3] +
							   ([x.rstrip('\n') + '\r\n' for x in
								 GetFailures.FAILURES_01[-1]],))
		_killfile(fout, fname)


	def testGetFailures02(self):
		output = ('141.3.81.106', 4, 1124013539.0,
				  ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n'
				   % m for m in 53, 54, 57, 58])

		self.filter.addLogPath(GetFailures.FILENAME_02)
		self.filter.addFailRegex("Failed .* from <HOST>")
		self.filter.getFailures(GetFailures.FILENAME_02)
		_assert_correct_last_attempt(self, self.filter, output)

	def testGetFailures03(self):
		output = ('203.162.223.135', 6, 1124013544.0)

		self.filter.addLogPath(GetFailures.FILENAME_03)
		self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
		self.filter.getFailures(GetFailures.FILENAME_03)
		_assert_correct_last_attempt(self, self.filter, output)

	def testGetFailures04(self):
		output = [('212.41.96.186', 4, 1124013600.0),
				  ('212.41.96.185', 4, 1124013598.0)]

		self.filter.addLogPath(GetFailures.FILENAME_04)
		self.filter.addFailRegex("Invalid user .* <HOST>")
		self.filter.getFailures(GetFailures.FILENAME_04)

		try:
			for i, out in enumerate(output):
				_assert_correct_last_attempt(self, self.filter, out)
		except FailManagerEmpty:
			pass

	def testGetFailuresUseDNS(self):
		# We should still catch failures with usedns = no ;-)
		output_yes = ('93.184.216.119', 2, 1124013539.0,
					  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n',
					   'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.119 port 51332 ssh2\n'])

		output_no = ('93.184.216.119', 1, 1124013539.0,
					  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.119 port 51332 ssh2\n'])

		# Actually no exception would be raised -- it will be just set to 'no'
		#self.assertRaises(ValueError,
		#				  FileFilter, None, useDns='wrong_value_for_useDns')

		for useDns, output in (('yes',  output_yes),
							   ('no',   output_no),
							   ('warn', output_yes)):
			filter_ = FileFilter(None, useDns=useDns)
			filter_.setActive(True)
			filter_.failManager.setMaxRetry(1)	# we might have just few failures

			filter_.addLogPath(GetFailures.FILENAME_USEDNS)
			filter_.addFailRegex("Failed .* from <HOST>")
			filter_.getFailures(GetFailures.FILENAME_USEDNS)
			_assert_correct_last_attempt(self, filter_, output)



	def testGetFailuresMultiRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.filter.addLogPath(GetFailures.FILENAME_02)
		self.filter.addFailRegex("Failed .* from <HOST>")
		self.filter.addFailRegex("Accepted .* from <HOST>")
		self.filter.getFailures(GetFailures.FILENAME_02)
		_assert_correct_last_attempt(self, self.filter, output)

	def testGetFailuresIgnoreRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.filter.addLogPath(GetFailures.FILENAME_02)
		self.filter.addFailRegex("Failed .* from <HOST>")
		self.filter.addFailRegex("Accepted .* from <HOST>")
		self.filter.addIgnoreRegex("for roehl")

		self.filter.getFailures(GetFailures.FILENAME_02)

		self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
Exemplo n.º 7
0
class GetFailures(unittest.TestCase):

	FILENAME_01 = "testcases/files/testcase01.log"
	FILENAME_02 = "testcases/files/testcase02.log"
	FILENAME_03 = "testcases/files/testcase03.log"
	FILENAME_04 = "testcases/files/testcase04.log"

	def setUp(self):
		"""Call before every test case."""
		self.__filter = FileFilter(None)
		self.__filter.setActive(True)
		# TODO Test this
		#self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
		#self.__filter.setTimePattern("%b %d %H:%M:%S")

	def tearDown(self):
		"""Call after every test case."""

	def _assertEqualEntries(self, found, output):
		"""Little helper to unify comparisons with the target entries

		and report helpful failure reports instead of millions of seconds ;)
		"""
		self.assertEqual(found[:2], output[:2])
		found_time, output_time = \
					time.localtime(found[2]),\
					time.localtime(output[2])
		self.assertEqual(found_time, output_time)

	def testGetFailures01(self):
		output = ('193.168.0.128', 3, 1124013599.0)

		self.__filter.addLogPath(GetFailures.FILENAME_01)
		self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")

		self.__filter.getFailures(GetFailures.FILENAME_01)

		ticket = self.__filter.failManager.toBan()

		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		found = (ip, attempts, date)

		self._assertEqualEntries(found, output)
	
	def testGetFailures02(self):
		output = ('141.3.81.106', 4, 1124013539.0)

		self.__filter.addLogPath(GetFailures.FILENAME_02)
		self.__filter.addFailRegex("Failed .* from <HOST>")
		
		self.__filter.getFailures(GetFailures.FILENAME_02)
		
		ticket = self.__filter.failManager.toBan()

		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		found = (ip, attempts, date)
		
		self._assertEqualEntries(found, output)

	def testGetFailures03(self):
		output = ('203.162.223.135', 6, 1124013544.0)

		self.__filter.addLogPath(GetFailures.FILENAME_03)
		self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
		
		self.__filter.getFailures(GetFailures.FILENAME_03)
		
		ticket = self.__filter.failManager.toBan()
		
		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		found = (ip, attempts, date)
		
		self._assertEqualEntries(found, output)	

	def testGetFailures04(self):
		output = [('212.41.96.186', 4, 1124013600.0),
				  ('212.41.96.185', 4, 1124013598.0)]

		self.__filter.addLogPath(GetFailures.FILENAME_04)
		self.__filter.addFailRegex("Invalid user .* <HOST>")
		
		self.__filter.getFailures(GetFailures.FILENAME_04)

		try:
			for i in range(2):
				ticket = self.__filter.failManager.toBan()		
				attempts = ticket.getAttempt()
				date = ticket.getTime()
				ip = ticket.getIP()
				found = (ip, attempts, date)
				self.assertEqual(found, output[i])
		except FailManagerEmpty:
			pass
		
	def testGetFailuresMultiRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.__filter.addLogPath(GetFailures.FILENAME_02)
		self.__filter.addFailRegex("Failed .* from <HOST>")
		self.__filter.addFailRegex("Accepted .* from <HOST>")
		
		self.__filter.getFailures(GetFailures.FILENAME_02)
		
		ticket = self.__filter.failManager.toBan()

		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		found = (ip, attempts, date)
		
		self._assertEqualEntries(found, output)
	
	def testGetFailuresIgnoreRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.__filter.addLogPath(GetFailures.FILENAME_02)
		self.__filter.addFailRegex("Failed .* from <HOST>")
		self.__filter.addFailRegex("Accepted .* from <HOST>")
		self.__filter.addIgnoreRegex("for roehl")
		
		self.__filter.getFailures(GetFailures.FILENAME_02)
		
		self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
Exemplo n.º 8
0
class GetFailures(unittest.TestCase):

	FILENAME_01 = "testcases/files/testcase01.log"
	FILENAME_02 = "testcases/files/testcase02.log"
	FILENAME_03 = "testcases/files/testcase03.log"
	FILENAME_04 = "testcases/files/testcase04.log"
	FILENAME_USEDNS = "testcases/files/testcase-usedns.log"

	def setUp(self):
		"""Call before every test case."""
		self.__filter = FileFilter(None)
		self.__filter.setActive(True)
		# TODO Test this
		#self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
		#self.__filter.setTimePattern("%b %d %H:%M:%S")

	def tearDown(self):
		"""Call after every test case."""

	def _assertEqualEntries(self, found, output):
		"""Little helper to unify comparisons with the target entries

		and report helpful failure reports instead of millions of seconds ;)
		"""
		self.assertEqual(found[:2], output[:2])
		found_time, output_time = \
					time.localtime(found[2]),\
					time.localtime(output[2])
		self.assertEqual(found_time, output_time)
		if len(output) > 3:				# match matches
			self.assertEqual(repr(found[3]), repr(output[3]))

	def _assertCorrectLastAtempt(self, filter_, output):
		"""Additional helper to wrap most common test case

		Test filter to contain target ticket
		"""
		ticket = filter_.failManager.toBan()

		attempts = ticket.getAttempt()
		date = ticket.getTime()
		ip = ticket.getIP()
		matches = ticket.getMatches()
		found = (ip, attempts, date, matches)

		self._assertEqualEntries(found, output)


	def testGetFailures01(self):
		output = ('193.168.0.128', 3, 1124013599.0,
				  ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n']*3)

		self.__filter.addLogPath(GetFailures.FILENAME_01)
		self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
		self.__filter.getFailures(GetFailures.FILENAME_01)
		self._assertCorrectLastAtempt(self.__filter, output)


	def testGetFailures02(self):
		output = ('141.3.81.106', 4, 1124013539.0,
				  ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n'
				   % m for m in 53, 54, 57, 58])

		self.__filter.addLogPath(GetFailures.FILENAME_02)
		self.__filter.addFailRegex("Failed .* from <HOST>")
		self.__filter.getFailures(GetFailures.FILENAME_02)
		self._assertCorrectLastAtempt(self.__filter, output)

	def testGetFailures03(self):
		output = ('203.162.223.135', 6, 1124013544.0)

		self.__filter.addLogPath(GetFailures.FILENAME_03)
		self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
		self.__filter.getFailures(GetFailures.FILENAME_03)
		self._assertCorrectLastAtempt(self.__filter, output)

	def testGetFailures04(self):
		output = [('212.41.96.186', 4, 1124013600.0),
				  ('212.41.96.185', 4, 1124013598.0)]

		self.__filter.addLogPath(GetFailures.FILENAME_04)
		self.__filter.addFailRegex("Invalid user .* <HOST>")
		self.__filter.getFailures(GetFailures.FILENAME_04)

		try:
			for i, out in enumerate(output):
				self._assertCorrectLastAtempt(self.__filter, out)
		except FailManagerEmpty:
			pass

	def testGetFailuresUseDNS(self):
		# We should still catch failures with usedns = no ;-)
		output_yes = ('192.0.43.10', 2, 1124013539.0,
					  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n',
					   'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'])

		output_no = ('192.0.43.10', 1, 1124013539.0,
					  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'])

		# Actually no exception would be raised -- it will be just set to 'no'
		#self.assertRaises(ValueError,
		#				  FileFilter, None, useDns='wrong_value_for_useDns')

		for useDns, output in (('yes',  output_yes),
							   ('no',   output_no),
							   ('warn', output_yes)):
			filter_ = FileFilter(None, useDns=useDns)
			filter_.setActive(True)
			filter_.failManager.setMaxRetry(1)	# we might have just few failures

			filter_.addLogPath(GetFailures.FILENAME_USEDNS)
			filter_.addFailRegex("Failed .* from <HOST>")
			filter_.getFailures(GetFailures.FILENAME_USEDNS)
			self._assertCorrectLastAtempt(filter_, output)



	def testGetFailuresMultiRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.__filter.addLogPath(GetFailures.FILENAME_02)
		self.__filter.addFailRegex("Failed .* from <HOST>")
		self.__filter.addFailRegex("Accepted .* from <HOST>")
		self.__filter.getFailures(GetFailures.FILENAME_02)
		self._assertCorrectLastAtempt(self.__filter, output)

	def testGetFailuresIgnoreRegex(self):
		output = ('141.3.81.106', 8, 1124013541.0)

		self.__filter.addLogPath(GetFailures.FILENAME_02)
		self.__filter.addFailRegex("Failed .* from <HOST>")
		self.__filter.addFailRegex("Accepted .* from <HOST>")
		self.__filter.addIgnoreRegex("for roehl")

		self.__filter.getFailures(GetFailures.FILENAME_02)

		self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
Exemplo n.º 9
0
class GetFailures(unittest.TestCase):

    FILENAME_01 = "testcases/files/testcase01.log"
    FILENAME_02 = "testcases/files/testcase02.log"
    FILENAME_03 = "testcases/files/testcase03.log"
    FILENAME_04 = "testcases/files/testcase04.log"
    FILENAME_USEDNS = "testcases/files/testcase-usedns.log"

    # so that they could be reused by other tests
    FAILURES_01 = ('193.168.0.128', 3, 1124013599.0, [
        'Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n'
    ] * 3)

    def setUp(self):
        """Call before every test case."""
        self.filter = FileFilter(None)
        self.filter.setActive(True)
        # TODO Test this
        #self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
        #self.filter.setTimePattern("%b %d %H:%M:%S")

    def tearDown(self):
        """Call after every test case."""

    def testGetFailures01(self):
        self.filter.addLogPath(GetFailures.FILENAME_01)
        self.filter.addFailRegex(
            "(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>"
        )
        self.filter.getFailures(GetFailures.FILENAME_01)
        _assert_correct_last_attempt(self, self.filter,
                                     GetFailures.FAILURES_01)

    def testGetFailures02(self):
        output = ('141.3.81.106', 4, 1124013539.0, [
            'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n'
            % m for m in 53, 54, 57, 58
        ])

        self.filter.addLogPath(GetFailures.FILENAME_02)
        self.filter.addFailRegex("Failed .* from <HOST>")
        self.filter.getFailures(GetFailures.FILENAME_02)
        _assert_correct_last_attempt(self, self.filter, output)

    def testGetFailures03(self):
        output = ('203.162.223.135', 6, 1124013544.0)

        self.filter.addLogPath(GetFailures.FILENAME_03)
        self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
        self.filter.getFailures(GetFailures.FILENAME_03)
        _assert_correct_last_attempt(self, self.filter, output)

    def testGetFailures04(self):
        output = [('212.41.96.186', 4, 1124013600.0),
                  ('212.41.96.185', 4, 1124013598.0)]

        self.filter.addLogPath(GetFailures.FILENAME_04)
        self.filter.addFailRegex("Invalid user .* <HOST>")
        self.filter.getFailures(GetFailures.FILENAME_04)

        try:
            for i, out in enumerate(output):
                _assert_correct_last_attempt(self, self.filter, out)
        except FailManagerEmpty:
            pass

    def testGetFailuresUseDNS(self):
        # We should still catch failures with usedns = no ;-)
        output_yes = ('192.0.43.10', 2, 1124013539.0, [
            'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n',
            'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'
        ])

        output_no = ('192.0.43.10', 1, 1124013539.0, [
            'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'
        ])

        # Actually no exception would be raised -- it will be just set to 'no'
        #self.assertRaises(ValueError,
        #				  FileFilter, None, useDns='wrong_value_for_useDns')

        for useDns, output in (('yes', output_yes), ('no', output_no),
                               ('warn', output_yes)):
            filter_ = FileFilter(None, useDns=useDns)
            filter_.setActive(True)
            filter_.failManager.setMaxRetry(
                1)  # we might have just few failures

            filter_.addLogPath(GetFailures.FILENAME_USEDNS)
            filter_.addFailRegex("Failed .* from <HOST>")
            filter_.getFailures(GetFailures.FILENAME_USEDNS)
            _assert_correct_last_attempt(self, filter_, output)

    def testGetFailuresMultiRegex(self):
        output = ('141.3.81.106', 8, 1124013541.0)

        self.filter.addLogPath(GetFailures.FILENAME_02)
        self.filter.addFailRegex("Failed .* from <HOST>")
        self.filter.addFailRegex("Accepted .* from <HOST>")
        self.filter.getFailures(GetFailures.FILENAME_02)
        _assert_correct_last_attempt(self, self.filter, output)

    def testGetFailuresIgnoreRegex(self):
        output = ('141.3.81.106', 8, 1124013541.0)

        self.filter.addLogPath(GetFailures.FILENAME_02)
        self.filter.addFailRegex("Failed .* from <HOST>")
        self.filter.addFailRegex("Accepted .* from <HOST>")
        self.filter.addIgnoreRegex("for roehl")

        self.filter.getFailures(GetFailures.FILENAME_02)

        self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
Exemplo n.º 10
0
class GetFailures(unittest.TestCase):

    FILENAME_01 = "testcases/files/testcase01.log"
    FILENAME_02 = "testcases/files/testcase02.log"
    FILENAME_03 = "testcases/files/testcase03.log"
    FILENAME_04 = "testcases/files/testcase04.log"

    def setUp(self):
        """Call before every test case."""
        self.__filter = FileFilter(None)
        self.__filter.setActive(True)
        # TODO Test this
        #self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
        #self.__filter.setTimePattern("%b %d %H:%M:%S")

    def tearDown(self):
        """Call after every test case."""

    def testGetFailures01(self):
        output = ('193.168.0.128', 3, 1124013599.0)

        self.__filter.addLogPath(GetFailures.FILENAME_01, False)
        self.__filter.addFailRegex(
            "<TIME> <PREFIX> (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>"
        )

        self.__filter.getFailures(GetFailures.FILENAME_01)

        ticket = self.__filter.failManager.toBan()

        attempts = ticket.getAttempt()
        date = ticket.getTime()
        ip = ticket.getIP()
        found = (ip, attempts, date)

        self.assertEqual(found, output)

    def testGetFailures02(self):
        output = ('141.3.81.106', 4, 1124013539.0)

        self.__filter.addLogPath(GetFailures.FILENAME_02, False)
        self.__filter.addFailRegex(
            "<TIME> <PREFIX> Failed .* (?:::f{4,6}:)(?P<host>\S*)")

        self.__filter.getFailures(GetFailures.FILENAME_02)

        ticket = self.__filter.failManager.toBan()

        attempts = ticket.getAttempt()
        date = ticket.getTime()
        ip = ticket.getIP()
        found = (ip, attempts, date)

        self.assertEqual(found, output)

    def testGetFailures03(self):
        output = ('203.162.223.135', 6, 1124013544.0)

        self.__filter.addLogPath(GetFailures.FILENAME_03, False)
        self.__filter.addFailRegex(
            "<TIME> <PREFIX> error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown"
        )

        self.__filter.getFailures(GetFailures.FILENAME_03)

        ticket = self.__filter.failManager.toBan()

        attempts = ticket.getAttempt()
        date = ticket.getTime()
        ip = ticket.getIP()
        found = (ip, attempts, date)

        self.assertEqual(found, output)

    def testGetFailures04(self):
        output = [('212.41.96.186', 4, 1124013600.0),
                  ('212.41.96.185', 4, 1124013598.0)]

        self.__filter.addLogPath(GetFailures.FILENAME_04, False)
        self.__filter.addFailRegex(
            "<TIME> <PREFIX> Invalid user .* (?P<host>\S*)")

        self.__filter.getFailures(GetFailures.FILENAME_04)

        try:
            for i in range(2):
                ticket = self.__filter.failManager.toBan()
                attempts = ticket.getAttempt()
                date = ticket.getTime()
                ip = ticket.getIP()
                found = (ip, attempts, date)
                self.assertEqual(found, output[i])
        except FailManagerEmpty:
            pass

    def testGetFailuresMultiRegex(self):
        output = ('141.3.81.106', 8, 1124013541.0)

        self.__filter.addLogPath(GetFailures.FILENAME_02, False)
        self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* from <HOST>")
        self.__filter.addFailRegex("<TIME> <PREFIX> Accepted .* from <HOST>")

        self.__filter.getFailures(GetFailures.FILENAME_02)

        ticket = self.__filter.failManager.toBan()

        attempts = ticket.getAttempt()
        date = ticket.getTime()
        ip = ticket.getIP()
        found = (ip, attempts, date)

        self.assertEqual(found, output)

    def testGetFailuresIgnoreRegex(self):
        output = ('141.3.81.106', 8, 1124013541.0)

        self.__filter.addLogPath(GetFailures.FILENAME_02, False)
        self.__filter.addFailRegex("<TIME> <PREFIX> Failed .* from <HOST>")
        self.__filter.addFailRegex("<TIME> <PREFIX> Accepted .* from <HOST>")
        self.__filter.addIgnoreRegex(".* for roehl")

        self.__filter.getFailures(GetFailures.FILENAME_02)

        self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)