github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

additionally complex test-case coverage for `actionflush` inside server via actions-mechanism of fail2ban - reload with removing action, unban all, stopping of jails and actions, etc.

pull/1743/head
sebres 2017-03-29 23:23:32 +02:00
parent d03872fbbf
commit 042a060a54
1 changed files with 35 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
fail2ban/tests/fail2banclienttestcase.py
View File

@ -762,6 +762,7 @@ class Fail2banServerTest(Fail2banClientServerBase):
"norestored = %(_exec_once)s", "norestored = %(_exec_once)s",
"restore = ", "restore = ",
"info = ", "info = ",
"_use_flush_ = echo [<name>] <actname>: -- flushing IPs",
"actionstart = echo '[%(name)s] %(actname)s: ** start'", start, "actionstart = echo '[%(name)s] %(actname)s: ** start'", start,
"actionreload = echo '[%(name)s] %(actname)s: .. reload'", reload, "actionreload = echo '[%(name)s] %(actname)s: .. reload'", reload,
"actionban = echo '[%(name)s] %(actname)s: ++ ban <ip> %(restore)s%(info)s'", ban, "actionban = echo '[%(name)s] %(actname)s: ++ ban <ip> %(restore)s%(info)s'", ban,
@ -788,7 +789,8 @@ class Fail2banServerTest(Fail2banClientServerBase):
if 1 in actions else "", if 1 in actions else "",
" test-action2[name='%(__name__)s', restore='restored: <restored>', info=', err-code: <F-ERRCODE>']" \ " test-action2[name='%(__name__)s', restore='restored: <restored>', info=', err-code: <F-ERRCODE>']" \
if 2 in actions else "", if 2 in actions else "",
" test-action2[name='%(__name__)s', actname=test-action3, _exec_once=1, restore='restored: <restored>']" \ " test-action2[name='%(__name__)s', actname=test-action3, _exec_once=1, restore='restored: <restored>',"
" actionflush=<_use_flush_>]" \
if 3 in actions else "", if 3 in actions else "",
"logpath = " + test1log, "logpath = " + test1log,
" " + test2log if 2 in enabled else "", " " + test2log if 2 in enabled else "",
@ -802,7 +804,8 @@ class Fail2banServerTest(Fail2banClientServerBase):
"action = ", "action = ",
" test-action2[name='%(__name__)s', restore='restored: <restored>', info=', err-code: <F-ERRCODE>']" \ " test-action2[name='%(__name__)s', restore='restored: <restored>', info=', err-code: <F-ERRCODE>']" \
if 2 in actions else "", if 2 in actions else "",
" test-action2[name='%(__name__)s', actname=test-action3, _exec_once=1, restore='restored: <restored>']" \ " test-action2[name='%(__name__)s', actname=test-action3, _exec_once=1, restore='restored: <restored>']"
" actionflush=<_use_flush_>]" \
if 3 in actions else "", if 3 in actions else "",
"logpath = " + test2log, "logpath = " + test2log,
"enabled = true" if 2 in enabled else "", "enabled = true" if 2 in enabled else "",
@ -874,6 +877,12 @@ class Fail2banServerTest(Fail2banClientServerBase):
self.assertLogged( self.assertLogged(
"Creating new jail 'test-jail2'", "Creating new jail 'test-jail2'",
"Jail 'test-jail2' started", all=True) "Jail 'test-jail2' started", all=True)
# test action3 removed, test flushing successful (and no single unban occurred):
self.assertLogged(
"stdout: '[test-jail1] test-action3: -- flushing IPs'",
"stdout: '[test-jail1] test-action3: __ stop'", all=True)
self.assertNotLogged(
"stdout: '[test-jail1] test-action3: -- unban 192.0.2.1'")
# update action1, delete action2 (should be stopped via configuration)... # update action1, delete action2 (should be stopped via configuration)...
self.pruneLog("[test-phase 2a]") self.pruneLog("[test-phase 2a]")
@ -969,12 +978,18 @@ class Fail2banServerTest(Fail2banClientServerBase):
"stdout: '[test-jail2] test-action3: ++ ban 192.0.2.8 restored: 1'", "stdout: '[test-jail2] test-action3: ++ ban 192.0.2.8 restored: 1'",
all=True) all=True)
# don't need actions anymore: # ban manually to test later flush by unban all:
_write_action_cfg(actname="test-action2", allow=False) self.pruneLog("[test-phase 2d]")
_write_jail_cfg(actions=[]) self.execSuccess(startparams,
"set", "test-jail2", "banip", "192.0.2.21")
self.execSuccess(startparams,
"set", "test-jail2", "banip", "192.0.2.22")
self.assertLogged(
"stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22",
"stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22 ", all=True, wait=MID_WAITTIME)
# restart jail with unban all: # restart jail with unban all:
self.pruneLog("[test-phase 2d]") self.pruneLog("[test-phase 2e]")
self.execSuccess(startparams, self.execSuccess(startparams,
"restart", "--unban", "test-jail2") "restart", "--unban", "test-jail2")
self.assertLogged( self.assertLogged(
@ -986,12 +1001,26 @@ class Fail2banServerTest(Fail2banClientServerBase):
"[test-jail2] Unban 192.0.2.4", "[test-jail2] Unban 192.0.2.4",
"[test-jail2] Unban 192.0.2.8", all=True "[test-jail2] Unban 192.0.2.8", all=True
) )
# test unban (action2):
self.assertLogged(
"stdout: '[test-jail2] test-action2: -- unban 192.0.2.21",
"stdout: '[test-jail2] test-action2: -- unban 192.0.2.22'", all=True)
# test flush (action3, and no single unban via action3 occurred):
self.assertLogged(
"stdout: '[test-jail2] test-action3: -- flushing IPs'")
self.assertNotLogged(
"stdout: '[test-jail2] test-action3: -- unban 192.0.2.21'",
"stdout: '[test-jail2] test-action3: -- unban 192.0.2.22'", all=True)
# no more ban (unbanned all): # no more ban (unbanned all):
self.assertNotLogged( self.assertNotLogged(
"[test-jail2] Ban 192.0.2.4", "[test-jail2] Ban 192.0.2.4",
"[test-jail2] Ban 192.0.2.8", all=True "[test-jail2] Ban 192.0.2.8", all=True
) )
# don't need actions anymore:
_write_action_cfg(actname="test-action2", allow=False)
_write_jail_cfg(actions=[])
# reload jail1 without restart (without ban/unban): # reload jail1 without restart (without ban/unban):
self.pruneLog("[test-phase 3]") self.pruneLog("[test-phase 3]")
self.execSuccess(startparams, "reload", "test-jail1") self.execSuccess(startparams, "reload", "test-jail1")