github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH+BF: Allow multi lines regex to be tested with samples test case 

Multi line regex currently only flags on last line, and other lines must
be labelled as not matched.
TODO: Create extension to fail JSON data to allow tying together of
multiple lines
pull/300/head
Steven Hiscocks 2013-07-16 23:47:28 +01:00
parent 774c9ce4fd
commit c61ba9f0de
3 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fail2ban/tests/files/logs/guacamole
View File

@ -1,6 +1,12 @@
# failJSON: { "match": false }
apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn
# failJSON: { "time": "2013-04-15T20:34:08", "match": true , "host": "192.0.2.0" }
WARNING: Authentication attempt from 192.0.2.0 for user "null" failed. WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
# failJSON: { "match": false }
apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn
# failJSON: { "time": "2013-04-16T08:32:13", "match": true , "host": "192.0.2.0" }
WARNING: Authentication attempt from 192.0.2.0 for user "null" failed. WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
# failJSON: { "match": false }
apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn
# failJSON: { "time": "2013-04-16T08:32:28", "match": true , "host": "192.0.2.0" }
WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed. WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed.

6
fail2ban/tests/files/logs/sshd
View File

@ -79,9 +79,15 @@ Apr 29 18:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error
Jun 25 23:53:34 [sshd] User root from 1.2.3.4 not allowed because not listed in AllowUsers Jun 25 23:53:34 [sshd] User root from 1.2.3.4 not allowed because not listed in AllowUsers
#12 #12
# failJSON: { "match": false }
Apr 24 01:39:19 host sshd[3719]: User root not allowed because account is locked Apr 24 01:39:19 host sshd[3719]: User root not allowed because account is locked
# failJSON: { "match": false }
Apr 24 01:39:19 host sshd[3719]: input_userauth_request: invalid user root [preauth] Apr 24 01:39:19 host sshd[3719]: input_userauth_request: invalid user root [preauth]
# failJSON: { "time": "2005-04-24T01:39:19", "match": true , "host": "198.51.100.34" }
Apr 24 01:39:19 host sshd[3719]: error: Received disconnect from 198.51.100.34: 11: Bye Bye [preauth] Apr 24 01:39:19 host sshd[3719]: error: Received disconnect from 198.51.100.34: 11: Bye Bye [preauth]
# failJSON: { "match": false }
May 27 00:16:33 host sshd[2364]: User root not allowed because account is locked May 27 00:16:33 host sshd[2364]: User root not allowed because account is locked
# failJSON: { "match": false }
May 27 00:16:33 host sshd[2364]: input_userauth_request: invalid user root [preauth] May 27 00:16:33 host sshd[2364]: input_userauth_request: invalid user root [preauth]
# failJSON: { "time": "2005-05-27T00:16:33", "match": true , "host": "198.51.100.76" }
May 27 00:16:33 host sshd[2364]: Received disconnect from 198.51.100.76: 11: Bye Bye [preauth] May 27 00:16:33 host sshd[2364]: Received disconnect from 198.51.100.76: 11: Bye Bye [preauth]

2
fail2ban/tests/samplestestcase.py
View File

@ -72,6 +72,8 @@ def testSampleRegexsFactory(name):
for opt in filterConf.convert(): for opt in filterConf.convert():
if opt[2] == "addfailregex": if opt[2] == "addfailregex":
self.filter.addFailRegex(opt[3]) self.filter.addFailRegex(opt[3])
elif opt[2] == "maxlines":
self.filter.setMaxLines(opt[3])
if not self.filter.getFailRegex(): if not self.filter.getFailRegex():
# No fail regexs set: likely just common file for includes. # No fail regexs set: likely just common file for includes.