"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "fail2ban/tests/fail2banregextestcase.py" between
fail2ban-1.0.1.tar.gz and fail2ban-1.0.2.tar.gz

About: fail2ban scans log files and bans (via firewall rules) IP-addresses that makes too many access failures. It updates firewall rules to reject the IP address.

fail2banregextestcase.py  (fail2ban-1.0.1):fail2banregextestcase.py  (fail2ban-1.0.2)
skipping to change at line 38 skipping to change at line 38
import tempfile import tempfile
import unittest import unittest
from ..client import fail2banregex from ..client import fail2banregex
from ..client.fail2banregex import Fail2banRegex, get_opt_parser, exec_command_l ine, output, str2LogLevel from ..client.fail2banregex import Fail2banRegex, get_opt_parser, exec_command_l ine, output, str2LogLevel
from .utils import setUpMyTime, tearDownMyTime, LogCaptureTestCase, logSys from .utils import setUpMyTime, tearDownMyTime, LogCaptureTestCase, logSys
from .utils import CONFIG_DIR from .utils import CONFIG_DIR
fail2banregex.logSys = logSys fail2banregex.logSys = logSys
def _test_output(*args): def _test_output(*args):
logSys.notice(args[0]) logSys.notice('output: %s', args[0])
fail2banregex.output = _test_output fail2banregex.output = _test_output
TEST_CONFIG_DIR = os.path.join(os.path.dirname(__file__), "config") TEST_CONFIG_DIR = os.path.join(os.path.dirname(__file__), "config")
TEST_FILES_DIR = os.path.join(os.path.dirname(__file__), "files") TEST_FILES_DIR = os.path.join(os.path.dirname(__file__), "files")
DEV_NULL = None DEV_NULL = None
def _Fail2banRegex(*args): def _Fail2banRegex(*args):
parser = get_opt_parser() parser = get_opt_parser()
skipping to change at line 359 skipping to change at line 359
"[1516469849] 2001:DB8:FF:FF::1 FAIL: failure\n" "[1516469849] 2001:DB8:FF:FF::1 FAIL: failure\n"
"[1516469849] 2001:DB8:FF:FF::1/60 FAIL: failure\n", "[1516469849] 2001:DB8:FF:FF::1/60 FAIL: failure\n",
r"^<SUBNET> FAIL\b" r"^<SUBNET> FAIL\b"
)) ))
self.assertLogged('Lines: 4 lines, 0 ignored, 4 matched, 0 missed ') self.assertLogged('Lines: 4 lines, 0 ignored, 4 matched, 0 missed ')
self.assertLogged('192.0.2.0/24', '2001:db8:ff:f0::/60', all=True ) self.assertLogged('192.0.2.0/24', '2001:db8:ff:f0::/60', all=True )
def testFrmtOutput(self): def testFrmtOutput(self):
# id/ip only: # id/ip only:
self.assertTrue(_test_exec('-o', 'id', STR_00, RE_00_ID)) self.assertTrue(_test_exec('-o', 'id', STR_00, RE_00_ID))
self.assertLogged('kevin') self.assertLogged('output: %s' % 'kevin')
self.pruneLog() self.pruneLog()
# multiple id combined to a tuple (id, tuple_id): # multiple id combined to a tuple (id, tuple_id):
self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH', self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH',
'1591983743.667 192.0.2.1 192.0.2.2', '1591983743.667 192.0.2.1 192.0.2.2',
r'^\s*<F-ID/> <F-TUPLE_ID>\S+</F-TUPLE_ID>')) r'^\s*<F-ID/> <F-TUPLE_ID>\S+</F-TUPLE_ID>'))
self.assertLogged(str(('192.0.2.1', '192.0.2.2'))) self.assertLogged('output: %s' % str(('192.0.2.1', '192.0.2.2')))
self.pruneLog() self.pruneLog()
# multiple id combined to a tuple, id first - (id, tuple_id_1, tu ple_id_2): # multiple id combined to a tuple, id first - (id, tuple_id_1, tu ple_id_2):
self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH', self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH',
'1591983743.667 left 192.0.2.3 right', '1591983743.667 left 192.0.2.3 right',
r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID/> <F-TUPLE_I D_2>\S+</F-TUPLE_ID_2>')) r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID/> <F-TUPLE_I D_2>\S+</F-TUPLE_ID_2>'))
self.assertLogged(str(('192.0.2.3', 'left', 'right'))) self.assertLogged('output: %s' % str(('192.0.2.3', 'left', 'right ')))
self.pruneLog() self.pruneLog()
# id had higher precedence as ip-address: # id had higher precedence as ip-address:
self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH', self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH',
'1591983743.667 left [192.0.2.4]:12345 right', '1591983743.667 left [192.0.2.4]:12345 right',
r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PO RT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>')) r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PO RT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>'))
self.assertLogged(str(('[192.0.2.4]:12345', 'left', 'right'))) self.assertLogged('output: %s' % str(('[192.0.2.4]:12345', 'left' , 'right')))
self.pruneLog() self.pruneLog()
# ip is not id anymore (if IP-address deviates from ID): # ip is not id anymore (if IP-address deviates from ID):
self.assertTrue(_test_exec('-o', 'ip', '-d', '{^LN-BEG}EPOCH', self.assertTrue(_test_exec('-o', 'ip', '-d', '{^LN-BEG}EPOCH',
'1591983743.667 left [192.0.2.4]:12345 right', '1591983743.667 left [192.0.2.4]:12345 right',
r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PO RT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>')) r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PO RT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>'))
self.assertNotLogged(str(('[192.0.2.4]:12345', 'left', 'right'))) self.assertNotLogged('output: %s' % str(('[192.0.2.4]:12345', 'le
self.assertLogged('192.0.2.4') ft', 'right')))
self.assertLogged('output: %s' % '192.0.2.4')
self.pruneLog() self.pruneLog()
self.assertTrue(_test_exec('-o', 'ID:<fid> | IP:<ip>', '-d', '{^L N-BEG}EPOCH', self.assertTrue(_test_exec('-o', 'ID:<fid> | IP:<ip>', '-d', '{^L N-BEG}EPOCH',
'1591983743.667 left [192.0.2.4]:12345 right', '1591983743.667 left [192.0.2.4]:12345 right',
r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PO RT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>')) r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PO RT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>'))
self.assertLogged('ID:'+str(('[192.0.2.4]:12345', 'left', 'right' ))+' | IP:192.0.2.4') self.assertLogged('output: %s' % 'ID:'+str(('[192.0.2.4]:12345', 'left', 'right'))+' | IP:192.0.2.4')
self.pruneLog() self.pruneLog()
# row with id : # row with id :
self.assertTrue(_test_exec('-o', 'row', STR_00, RE_00_ID)) self.assertTrue(_test_exec('-o', 'row', STR_00, RE_00_ID))
self.assertLogged("['kevin'", "'ip4': '192.0.2.0'", "'fid': 'kevi n'", all=True) self.assertLogged('output: %s' % "['kevin'", "'ip4': '192.0.2.0'" , "'fid': 'kevin'", all=True)
self.pruneLog() self.pruneLog()
# row with ip : # row with ip :
self.assertTrue(_test_exec('-o', 'row', STR_00, RE_00_USER)) self.assertTrue(_test_exec('-o', 'row', STR_00, RE_00_USER))
self.assertLogged("['192.0.2.0'", "'ip4': '192.0.2.0'", "'user': 'kevin'", all=True) self.assertLogged('output: %s' % "['192.0.2.0'", "'ip4': '192.0.2 .0'", "'user': 'kevin'", all=True)
self.pruneLog() self.pruneLog()
# log msg : # log msg :
self.assertTrue(_test_exec('-o', 'msg', STR_00, RE_00_USER)) self.assertTrue(_test_exec('-o', 'msg', STR_00, RE_00_USER))
self.assertLogged(STR_00) self.assertLogged('output: %s' % STR_00)
self.pruneLog() self.pruneLog()
# item of match (user): # item of match (user):
self.assertTrue(_test_exec('-o', 'user', STR_00, RE_00_USER)) self.assertTrue(_test_exec('-o', 'user', STR_00, RE_00_USER))
self.assertLogged('kevin') self.assertLogged('output: %s' % 'kevin')
self.pruneLog() self.pruneLog()
# complex substitution using tags (ip, user, family): # complex substitution using tags (ip, user, family):
self.assertTrue(_test_exec('-o', '<ip>, <F-USER>, <family>', STR_ 00, RE_00_USER)) self.assertTrue(_test_exec('-o', '<ip>, <F-USER>, <family>', STR_ 00, RE_00_USER))
self.assertLogged('192.0.2.0, kevin, inet4') self.assertLogged('output: %s' % '192.0.2.0, kevin, inet4')
self.pruneLog() self.pruneLog()
def testStalledIPByNoFailFrmtOutput(self): def testStalledIPByNoFailFrmtOutput(self):
opts = ( opts = (
'-c', CONFIG_DIR, '-c', CONFIG_DIR,
"-d", r"^(?:%a )?%b %d %H:%M:%S(?:\.%f)?(?: %ExY)?", "-d", r"^(?:%a )?%b %d %H:%M:%S(?:\.%f)?(?: %ExY)?",
) )
log = ( log = (
'May 27 00:16:33 host sshd[2364]: User root not allowed b ecause account is locked\n' 'May 27 00:16:33 host sshd[2364]: User root not allowed b ecause account is locked\n'
'May 27 00:16:33 host sshd[2364]: Received disconnect fro m 192.0.2.76 port 58846:11: Bye Bye [preauth]' 'May 27 00:16:33 host sshd[2364]: Received disconnect fro m 192.0.2.76 port 58846:11: Bye Bye [preauth]'
 End of changes. 12 change blocks. 
13 lines changed or deleted 14 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)