2006-06-26 20:05:00 +00:00
|
|
|
# This file is part of Fail2Ban.
|
|
|
|
#
|
|
|
|
# Fail2Ban is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# Fail2Ban is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with Fail2Ban; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
|
|
# Author: Cyril Jaquier
|
|
|
|
#
|
2007-10-16 21:01:21 +00:00
|
|
|
# $Revision: 503 $
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
__author__ = "Cyril Jaquier"
|
2007-10-16 21:01:21 +00:00
|
|
|
__version__ = "$Revision: 503 $"
|
|
|
|
__date__ = "$Date: 2006-12-23 17:31:00 +0100 (Sat, 23 Dec 2006) $"
|
2006-06-26 20:05:00 +00:00
|
|
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
|
|
|
__license__ = "GPL"
|
|
|
|
|
2006-10-30 22:48:52 +00:00
|
|
|
import unittest
|
2006-09-14 22:05:32 +00:00
|
|
|
from server.filterpoll import FilterPoll
|
2006-10-18 22:35:32 +00:00
|
|
|
from server.filter import Filter
|
2006-06-26 20:05:00 +00:00
|
|
|
from server.failmanager import FailManager
|
2006-10-19 21:50:30 +00:00
|
|
|
from server.failmanager import FailManagerEmpty
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
class IgnoreIP(unittest.TestCase):
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
"""Call before every test case."""
|
2006-10-18 22:35:32 +00:00
|
|
|
self.__filter = Filter(None)
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
"""Call after every test case."""
|
|
|
|
|
|
|
|
def testIgnoreIPOK(self):
|
|
|
|
ipList = "127.0.0.1", "192.168.0.1", "255.255.255.255", "99.99.99.99"
|
|
|
|
for ip in ipList:
|
2006-09-25 17:03:48 +00:00
|
|
|
self.__filter.addIgnoreIP(ip)
|
|
|
|
self.assertTrue(self.__filter.inIgnoreIPList(ip))
|
2006-09-27 20:32:30 +00:00
|
|
|
# Test DNS
|
|
|
|
self.__filter.addIgnoreIP("www.epfl.ch")
|
|
|
|
self.assertTrue(self.__filter.inIgnoreIPList("128.178.50.12"))
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
def testIgnoreIPNOK(self):
|
2006-09-17 22:32:18 +00:00
|
|
|
ipList = "", "999.999.999.999", "abcdef", "192.168.0."
|
2006-06-26 20:05:00 +00:00
|
|
|
for ip in ipList:
|
2006-09-25 17:03:48 +00:00
|
|
|
self.__filter.addIgnoreIP(ip)
|
|
|
|
self.assertFalse(self.__filter.inIgnoreIPList(ip))
|
2006-09-27 20:32:30 +00:00
|
|
|
# Test DNS
|
|
|
|
self.__filter.addIgnoreIP("www.epfl.ch")
|
|
|
|
self.assertFalse(self.__filter.inIgnoreIPList("127.177.50.10"))
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
class LogFile(unittest.TestCase):
|
|
|
|
|
2006-09-25 17:03:48 +00:00
|
|
|
FILENAME = "testcases/files/testcase01.log"
|
2006-09-13 21:31:22 +00:00
|
|
|
|
2006-06-26 20:05:00 +00:00
|
|
|
def setUp(self):
|
|
|
|
"""Call before every test case."""
|
2006-09-25 17:03:48 +00:00
|
|
|
self.__filter = FilterPoll(None)
|
|
|
|
self.__filter.addLogPath(LogFile.FILENAME)
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
"""Call after every test case."""
|
|
|
|
|
2006-09-25 17:03:48 +00:00
|
|
|
#def testOpen(self):
|
|
|
|
# self.__filter.openLogFile(LogFile.FILENAME)
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
def testIsModified(self):
|
2006-09-25 17:03:48 +00:00
|
|
|
self.assertTrue(self.__filter.isModified(LogFile.FILENAME))
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
class GetFailures(unittest.TestCase):
|
|
|
|
|
2006-10-19 21:50:30 +00:00
|
|
|
FILENAME_01 = "testcases/files/testcase01.log"
|
|
|
|
FILENAME_02 = "testcases/files/testcase02.log"
|
|
|
|
FILENAME_03 = "testcases/files/testcase03.log"
|
|
|
|
FILENAME_04 = "testcases/files/testcase04.log"
|
2006-10-18 22:35:32 +00:00
|
|
|
|
2006-06-26 20:05:00 +00:00
|
|
|
def setUp(self):
|
|
|
|
"""Call before every test case."""
|
2006-10-18 22:35:32 +00:00
|
|
|
self.__filter = Filter(None)
|
2006-10-30 22:48:52 +00:00
|
|
|
self.__filter.setActive(True)
|
|
|
|
# TODO Test this
|
2006-10-18 22:35:32 +00:00
|
|
|
#self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
|
|
|
|
#self.__filter.setTimePattern("%b %d %H:%M:%S")
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
"""Call after every test case."""
|
|
|
|
|
2006-10-19 21:50:30 +00:00
|
|
|
def testGetFailures01(self):
|
2006-10-18 22:35:32 +00:00
|
|
|
output = ('193.168.0.128', 3, 1124013599.0)
|
2006-10-19 21:50:30 +00:00
|
|
|
|
|
|
|
self.__filter.addLogPath(GetFailures.FILENAME_01)
|
2006-12-23 16:31:00 +00:00
|
|
|
self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")
|
2006-10-18 22:35:32 +00:00
|
|
|
|
2006-10-19 21:50:30 +00:00
|
|
|
self.__filter.getFailures(GetFailures.FILENAME_01)
|
2006-10-18 22:35:32 +00:00
|
|
|
|
|
|
|
ticket = self.__filter.failManager.toBan()
|
2006-06-26 20:05:00 +00:00
|
|
|
|
2006-10-18 22:35:32 +00:00
|
|
|
attempts = ticket.getAttempt()
|
|
|
|
date = ticket.getTime()
|
|
|
|
ip = ticket.getIP()
|
|
|
|
found = (ip, attempts, date)
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
self.assertEqual(found, output)
|
2006-10-19 21:50:30 +00:00
|
|
|
|
|
|
|
def testGetFailures02(self):
|
|
|
|
output = ('141.3.81.106', 4, 1124013539.0)
|
|
|
|
|
|
|
|
self.__filter.addLogPath(GetFailures.FILENAME_02)
|
2006-12-23 16:31:00 +00:00
|
|
|
self.__filter.addFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)")
|
2006-10-19 21:50:30 +00:00
|
|
|
|
|
|
|
self.__filter.getFailures(GetFailures.FILENAME_02)
|
|
|
|
|
|
|
|
ticket = self.__filter.failManager.toBan()
|
|
|
|
|
|
|
|
attempts = ticket.getAttempt()
|
|
|
|
date = ticket.getTime()
|
|
|
|
ip = ticket.getIP()
|
|
|
|
found = (ip, attempts, date)
|
|
|
|
|
2006-12-23 16:31:00 +00:00
|
|
|
self.assertEqual(found, output)
|
2006-10-19 21:50:30 +00:00
|
|
|
|
|
|
|
def testGetFailures03(self):
|
|
|
|
output = ('203.162.223.135', 6, 1124013544.0)
|
|
|
|
|
|
|
|
self.__filter.addLogPath(GetFailures.FILENAME_03)
|
2006-12-23 16:31:00 +00:00
|
|
|
self.__filter.addFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
|
2006-10-19 21:50:30 +00:00
|
|
|
|
|
|
|
self.__filter.getFailures(GetFailures.FILENAME_03)
|
|
|
|
|
|
|
|
ticket = self.__filter.failManager.toBan()
|
|
|
|
|
|
|
|
attempts = ticket.getAttempt()
|
|
|
|
date = ticket.getTime()
|
|
|
|
ip = ticket.getIP()
|
|
|
|
found = (ip, attempts, date)
|
|
|
|
|
|
|
|
self.assertEqual(found, output)
|
|
|
|
|
|
|
|
def testGetFailures04(self):
|
|
|
|
output = [('212.41.96.186', 4, 1124013600.0),
|
|
|
|
('212.41.96.185', 4, 1124013598.0)]
|
|
|
|
|
|
|
|
self.__filter.addLogPath(GetFailures.FILENAME_04)
|
2006-12-23 16:31:00 +00:00
|
|
|
self.__filter.addFailRegex("Invalid user .* (?P<host>\S*)")
|
2006-10-19 21:50:30 +00:00
|
|
|
|
|
|
|
self.__filter.getFailures(GetFailures.FILENAME_04)
|
|
|
|
|
|
|
|
try:
|
|
|
|
for i in range(2):
|
|
|
|
ticket = self.__filter.failManager.toBan()
|
|
|
|
attempts = ticket.getAttempt()
|
|
|
|
date = ticket.getTime()
|
|
|
|
ip = ticket.getIP()
|
|
|
|
found = (ip, attempts, date)
|
|
|
|
self.assertEqual(found, output[i])
|
|
|
|
except FailManagerEmpty:
|
|
|
|
pass
|
2006-12-23 16:31:00 +00:00
|
|
|
|
|
|
|
def testGetFailuresMultiRegex(self):
|
|
|
|
output = ('141.3.81.106', 8, 1124013541.0)
|
|
|
|
|
|
|
|
self.__filter.addLogPath(GetFailures.FILENAME_02)
|
|
|
|
self.__filter.addFailRegex("Failed .* from <HOST>")
|
|
|
|
self.__filter.addFailRegex("Accepted .* from <HOST>")
|
|
|
|
|
|
|
|
self.__filter.getFailures(GetFailures.FILENAME_02)
|
|
|
|
|
|
|
|
ticket = self.__filter.failManager.toBan()
|
|
|
|
|
|
|
|
attempts = ticket.getAttempt()
|
|
|
|
date = ticket.getTime()
|
|
|
|
ip = ticket.getIP()
|
|
|
|
found = (ip, attempts, date)
|
|
|
|
|
|
|
|
self.assertEqual(found, output)
|
|
|
|
|
|
|
|
def testGetFailuresIgnoreRegex(self):
|
|
|
|
output = ('141.3.81.106', 8, 1124013541.0)
|
|
|
|
|
|
|
|
self.__filter.addLogPath(GetFailures.FILENAME_02)
|
|
|
|
self.__filter.addFailRegex("Failed .* from <HOST>")
|
|
|
|
self.__filter.addFailRegex("Accepted .* from <HOST>")
|
|
|
|
self.__filter.addIgnoreRegex("for roehl")
|
|
|
|
|
|
|
|
self.__filter.getFailures(GetFailures.FILENAME_02)
|
|
|
|
|
|
|
|
self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
|