From a7ccbd46dc34d7744248ec38ab35df38ffaacc47 Mon Sep 17 00:00:00 2001 From: sebres Date: Sat, 16 Mar 2019 00:06:09 +0100 Subject: [PATCH] test cases extended to cover xarf-login-attack action --- fail2ban/tests/servertestcase.py | 44 +++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py index a8722238..aba5dd7f 100644 --- a/fail2ban/tests/servertestcase.py +++ b/fail2ban/tests/servertestcase.py @@ -1866,12 +1866,19 @@ class ServerConfigReaderTests(LogCaptureTestCase): def _executeMailCmd(self, realCmd, timeout=60): # replace pipe to mail with pipe to cat: - realCmd = re.sub(r'\)\s*\|\s*mail\b([^\n]*)', - r') | cat; printf "\\n... | "; echo mail \1', realCmd) + cmd = realCmd + if isinstance(realCmd, list): + cmd = realCmd[0] + cmd = re.sub(r'\)\s*\|\s*mail\b([^\n]*)', + r') | cat; printf "\\n... | "; echo mail \1', cmd) # replace abuse retrieving (possible no-network), just replace first occurrence of 'dig...': - realCmd = re.sub(r'\bADDRESSES=\$\(dig\s[^\n]+', + cmd = re.sub(r'\bADDRESSES=\$\(dig\s[^\n]+', lambda m: 'ADDRESSES="abuse-1@abuse-test-server, abuse-2@abuse-test-server"', - realCmd, 1) + cmd, 1) + if isinstance(realCmd, list): + realCmd[0] = cmd + else: + realCmd = cmd # execute action: return _actions.CommandAction.executeCmd(realCmd, timeout=timeout) @@ -1926,6 +1933,31 @@ class ServerConfigReaderTests(LogCaptureTestCase): 'mail -s Hostname: test-host, family: inet6 - Abuse from 2001:db8::1 abuse-1@abuse-test-server abuse-2@abuse-test-server', ), }), + # xarf-login-attack -- + ('j-xarf-abuse', + 'xarf-login-attack[' + 'name=%(__name__)s, mailcmd="mail", mailargs="",' + + # test reverse ip: + 'debug=1' + + ']', + { + 'ip4-ban': ( + # test reverse ip: + 'try to resolve 10.124.142.87.abuse-contacts.abusix.org', + 'We have detected abuse from the IP address 87.142.124.10', + 'Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10', + 'Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10', + # both abuse mails should be separated with space: + 'mail abuse-1@abuse-test-server abuse-2@abuse-test-server', + ), + 'ip6-ban': ( + # test reverse ip: + 'try to resolve 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org', + 'We have detected abuse from the IP address 2001:db8::1', + # both abuse mails should be separated with space: + 'mail abuse-1@abuse-test-server abuse-2@abuse-test-server', + ), + }), ) server = TestServer() transm = server._Server__transm @@ -1963,6 +1995,10 @@ class ServerConfigReaderTests(LogCaptureTestCase): self.pruneLog('# === %s ===' % test) ticket = BanTicket(ip) ticket.setAttempt(100) + ticket.setMatches([ + 'Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10', + 'Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10' + ]) ticket = _actions.Actions.ActionInfo(ticket, dmyjail) action.ban(ticket) self.assertLogged(*tests[test], all=True)