From 55d7d9e214f72bbe4f39a2d17aa004d80bfc7299 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Mon, 22 Feb 2021 18:39:58 +0100
Subject: [PATCH 1/3] *WiP* try to solve RC on jails with too many failures
without ban, gh-2945 ...
---
fail2ban/server/failmanager.py | 5 +++--
fail2ban/server/filter.py | 34 +++++++++++++++++++++++-------
fail2ban/server/filtergamin.py | 16 +++-----------
fail2ban/server/filterpoll.py | 10 ++-------
fail2ban/server/filterpyinotify.py | 15 ++++++-------
fail2ban/server/filtersystemd.py | 13 ++++++------
fail2ban/tests/filtertestcase.py | 14 ++++++------
7 files changed, 53 insertions(+), 54 deletions(-)
diff --git a/fail2ban/server/failmanager.py b/fail2ban/server/failmanager.py
index 4173a233..64576dbd 100644
--- a/fail2ban/server/failmanager.py
+++ b/fail2ban/server/failmanager.py
@@ -124,9 +124,10 @@ class FailManager:
return len(self.__failList)
def cleanup(self, time):
+ time -= self.__maxTime
with self.__lock:
todelete = [fid for fid,item in self.__failList.iteritems() \
- if item.getTime() + self.__maxTime <= time]
+ if item.getTime() <= time]
if len(todelete) == len(self.__failList):
# remove all:
self.__failList = dict()
@@ -140,7 +141,7 @@ class FailManager:
else:
# create new dictionary without items to be deleted:
self.__failList = dict((fid,item) for fid,item in self.__failList.iteritems() \
- if item.getTime() + self.__maxTime > time)
+ if item.getTime() > time)
self.__bgSvc.service()
def delFailure(self, fid):
diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py
index 4e947d27..0f4e9e5b 100644
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@@ -93,6 +93,8 @@ class Filter(JailThread):
## Store last time stamp, applicable for multi-line
self.__lastTimeText = ""
self.__lastDate = None
+ ## Next service (cleanup) time
+ self.__nextSvcTime = -(1<<63)
## if set, treat log lines without explicit time zone to be in this time zone
self.__logtimezone = None
## Default or preferred encoding (to decode bytes from file or journal):
@@ -114,10 +116,10 @@ class Filter(JailThread):
self.checkFindTime = True
## shows that filter is in operation mode (processing new messages):
self.inOperation = True
- ## if true prevents against retarded banning in case of RC by too many failures (disabled only for test purposes):
- self.banASAP = True
## Ticks counter
self.ticks = 0
+ ## Processed lines counter
+ self.procLines = 0
## Thread name:
self.name="f2b/f."+self.jailName
@@ -441,12 +443,23 @@ class Filter(JailThread):
def performBan(self, ip=None):
"""Performs a ban for IPs (or given ip) that are reached maxretry of the jail."""
- try: # pragma: no branch - exception is the only way out
- while True:
+ while True:
+ try:
ticket = self.failManager.toBan(ip)
- self.jail.putFailTicket(ticket)
- except FailManagerEmpty:
- self.failManager.cleanup(MyTime.time())
+ except FailManagerEmpty:
+ break
+ self.jail.putFailTicket(ticket)
+ if ip: break
+ self.performSvc()
+
+ def performSvc(self, force=False):
+ """Performs a service tasks (clean failure list)."""
+ tm = MyTime.time()
+ # avoid too early clean up:
+ if force or tm >= self.__nextSvcTime:
+ self.__nextSvcTime = tm + 5
+ # clean up failure list:
+ self.failManager.cleanup(tm)
def addAttempt(self, ip, *matches):
"""Generate a failed attempt for ip"""
@@ -694,8 +707,12 @@ class Filter(JailThread):
attempts = self.failManager.addFailure(tick)
# avoid RC on busy filter (too many failures) - if attempts for IP/ID reached maxretry,
# we can speedup ban, so do it as soon as possible:
- if self.banASAP and attempts >= self.failManager.getMaxRetry():
+ if attempts >= self.failManager.getMaxRetry():
self.performBan(ip)
+ self.procLines += 1
+ # every 100 lines check need to perform service tasks:
+ if self.procLines % 100 == 0:
+ self.performSvc()
# reset (halve) error counter (successfully processed line):
if self._errors:
self._errors //= 2
@@ -1064,6 +1081,7 @@ class FileFilter(Filter):
# is created and is added to the FailManager.
def getFailures(self, filename, inOperation=None):
+ if self.idle: return False
log = self.getLog(filename)
if log is None:
logSys.error("Unable to get failures in %s", filename)
diff --git a/fail2ban/server/filtergamin.py b/fail2ban/server/filtergamin.py
index 078246de..c5373445 100644
--- a/fail2ban/server/filtergamin.py
+++ b/fail2ban/server/filtergamin.py
@@ -55,7 +55,6 @@ class FilterGamin(FileFilter):
def __init__(self, jail):
FileFilter.__init__(self, jail)
- self.__modified = False
# Gamin monitor
self.monitor = gamin.WatchMonitor()
fd = self.monitor.get_fd()
@@ -67,21 +66,9 @@ class FilterGamin(FileFilter):
logSys.log(4, "Got event: " + repr(event) + " for " + path)
if event in (gamin.GAMCreated, gamin.GAMChanged, gamin.GAMExists):
logSys.debug("File changed: " + path)
- self.__modified = True
self.ticks += 1
- self._process_file(path)
-
- def _process_file(self, path):
- """Process a given file
-
- TODO -- RF:
- this is a common logic and must be shared/provided by FileFilter
- """
self.getFailures(path)
- if not self.banASAP: # pragma: no cover
- self.performBan()
- self.__modified = False
##
# Add a log file path
@@ -128,6 +115,9 @@ class FilterGamin(FileFilter):
Utils.wait_for(lambda: not self.active or self._handleEvents(),
self.sleeptime)
self.ticks += 1
+ if self.ticks % 10 == 0:
+ self.performSvc()
+
logSys.debug("[%s] filter terminated", self.jailName)
return True
diff --git a/fail2ban/server/filterpoll.py b/fail2ban/server/filterpoll.py
index 7bbdfc5c..7ee00540 100644
--- a/fail2ban/server/filterpoll.py
+++ b/fail2ban/server/filterpoll.py
@@ -27,9 +27,7 @@ __license__ = "GPL"
import os
import time
-from .failmanager import FailManagerEmpty
from .filter import FileFilter
-from .mytime import MyTime
from .utils import Utils
from ..helpers import getLogger, logging
@@ -55,7 +53,6 @@ class FilterPoll(FileFilter):
def __init__(self, jail):
FileFilter.__init__(self, jail)
- self.__modified = False
## The time of the last modification of the file.
self.__prevStats = dict()
self.__file404Cnt = dict()
@@ -115,13 +112,10 @@ class FilterPoll(FileFilter):
break
for filename in modlst:
self.getFailures(filename)
- self.__modified = True
self.ticks += 1
- if self.__modified:
- if not self.banASAP: # pragma: no cover
- self.performBan()
- self.__modified = False
+ if self.ticks % 10 == 0:
+ self.performSvc()
except Exception as e: # pragma: no cover
if not self.active: # if not active - error by stop...
break
diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py
index 9796e26f..d62348a2 100644
--- a/fail2ban/server/filterpyinotify.py
+++ b/fail2ban/server/filterpyinotify.py
@@ -75,7 +75,6 @@ class FilterPyinotify(FileFilter):
def __init__(self, jail):
FileFilter.__init__(self, jail)
- self.__modified = False
# Pyinotify watch manager
self.__monitor = pyinotify.WatchManager()
self.__notifier = None
@@ -140,9 +139,6 @@ class FilterPyinotify(FileFilter):
"""
if not self.idle:
self.getFailures(path)
- if not self.banASAP: # pragma: no cover
- self.performBan()
- self.__modified = False
def _addPending(self, path, reason, isDir=False):
if path not in self.__pending:
@@ -352,9 +348,14 @@ class FilterPyinotify(FileFilter):
if not self.active: break
self.__notifier.read_events()
+ self.ticks += 1
+
# check pending files/dirs (logrotate ready):
- if not self.idle:
- self._checkPending()
+ if self.idle:
+ continue
+ self._checkPending()
+ if self.ticks % 10 == 0:
+ self.performSvc()
except Exception as e: # pragma: no cover
if not self.active: # if not active - error by stop...
@@ -364,8 +365,6 @@ class FilterPyinotify(FileFilter):
# incr common error counter:
self.commonError()
- self.ticks += 1
-
logSys.debug("[%s] filter exited (pyinotifier)", self.jailName)
self.__notifier = None
diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
index 1b33b115..925109d1 100644
--- a/fail2ban/server/filtersystemd.py
+++ b/fail2ban/server/filtersystemd.py
@@ -322,13 +322,12 @@ class FilterSystemd(JournalFilter): # pragma: systemd no cover
break
else:
break
- if self.__modified:
- if not self.banASAP: # pragma: no cover
- self.performBan()
- self.__modified = 0
- # update position in log (time and iso string):
- if self.jail.database is not None:
- self.jail.database.updateJournal(self.jail, 'systemd-journal', line[1], line[0][1])
+ self.__modified = 0
+ if self.ticks % 10 == 0:
+ self.performSvc()
+ # update position in log (time and iso string):
+ if self.jail.database is not None:
+ self.jail.database.updateJournal(self.jail, 'systemd-journal', line[1], line[0][1])
except Exception as e: # pragma: no cover
if not self.active: # if not active - error by stop...
break
diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
index 2dac91d1..15882ea0 100644
--- a/fail2ban/tests/filtertestcase.py
+++ b/fail2ban/tests/filtertestcase.py
@@ -800,7 +800,6 @@ class LogFileMonitor(LogCaptureTestCase):
_, self.name = tempfile.mkstemp('fail2ban', 'monitorfailures')
self.file = open(self.name, 'a')
self.filter = FilterPoll(DummyJail())
- self.filter.banASAP = False # avoid immediate ban in this tests
self.filter.addLogPath(self.name, autoSeek=False)
self.filter.active = True
self.filter.addFailRegex(r"(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
@@ -952,15 +951,18 @@ class LogFileMonitor(LogCaptureTestCase):
self.file.close()
self.file = _copy_lines_between_files(GetFailures.FILENAME_01, self.name,
n=14, mode='w')
+ print('=========='*10)
self.filter.getFailures(self.name)
+ print('=========='*10)
self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
self.assertEqual(self.filter.failManager.getFailTotal(), 2)
# move aside, but leaving the handle still open...
+ print('=========='*10)
os.rename(self.name, self.name + '.bak')
_copy_lines_between_files(GetFailures.FILENAME_01, self.name, skip=14, n=1).close()
self.filter.getFailures(self.name)
- _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01)
+ #_assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01)
self.assertEqual(self.filter.failManager.getFailTotal(), 3)
@@ -1018,7 +1020,6 @@ def get_monitor_failures_testcase(Filter_):
self.file = open(self.name, 'a')
self.jail = DummyJail()
self.filter = Filter_(self.jail)
- self.filter.banASAP = False # avoid immediate ban in this tests
self.filter.addLogPath(self.name, autoSeek=False)
# speedup search using exact date pattern:
self.filter.setDatePattern(r'^(?:%a )?%b %d %H:%M:%S(?:\.%f)?(?: %ExY)?')
@@ -1277,14 +1278,14 @@ def get_monitor_failures_testcase(Filter_):
# tail written before, so let's not copy anything yet
#_copy_lines_between_files(GetFailures.FILENAME_01, self.name, n=100)
# we should detect the failures
- self.assert_correct_last_attempt(GetFailures.FAILURES_01, count=6) # was needed if we write twice above
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01, count=3) # was needed if we write twice above
# now copy and get even more
_copy_lines_between_files(GetFailures.FILENAME_01, self.file, skip=12, n=3)
# check for 3 failures (not 9), because 6 already get above...
self.assert_correct_last_attempt(GetFailures.FAILURES_01)
# total count in this test:
- self.assertEqual(self.filter.failManager.getFailTotal(), 12)
+ self.assertEqual(self.filter.failManager.getFailTotal(), 9)
cls = MonitorFailures
cls.__qualname__ = cls.__name__ = "MonitorFailures<%s>(%s)" \
@@ -1316,7 +1317,6 @@ def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no cover
def _initFilter(self, **kwargs):
self._getRuntimeJournal() # check journal available
self.filter = Filter_(self.jail, **kwargs)
- self.filter.banASAP = False # avoid immediate ban in this tests
self.filter.addJournalMatch([
"SYSLOG_IDENTIFIER=fail2ban-testcases",
"TEST_FIELD=1",
@@ -1570,7 +1570,6 @@ class GetFailures(LogCaptureTestCase):
setUpMyTime()
self.jail = DummyJail()
self.filter = FileFilter(self.jail)
- self.filter.banASAP = False # avoid immediate ban in this tests
self.filter.active = True
# speedup search using exact date pattern:
self.filter.setDatePattern(r'^(?:%a )?%b %d %H:%M:%S(?:\.%f)?(?: %ExY)?')
@@ -1771,7 +1770,6 @@ class GetFailures(LogCaptureTestCase):
self.pruneLog("[test-phase useDns=%s]" % useDns)
jail = DummyJail()
filter_ = FileFilter(jail, useDns=useDns)
- filter_.banASAP = False # avoid immediate ban in this tests
filter_.active = True
filter_.failManager.setMaxRetry(1) # we might have just few failures
From e353fb802442309d0b6fbfe86cf6d0ab286c6626 Mon Sep 17 00:00:00 2001
From: sebres <info@sebres.de>
Date: Tue, 23 Feb 2021 02:46:44 +0100
Subject: [PATCH 2/3] fixed test cases (ban ASAP also followed in test suite
now, so failure reached maxretry causes immediate ban now)
---
fail2ban/tests/filtertestcase.py | 120 +++++++++++++++++--------------
1 file changed, 66 insertions(+), 54 deletions(-)
diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
index 15882ea0..fe37ea29 100644
--- a/fail2ban/tests/filtertestcase.py
+++ b/fail2ban/tests/filtertestcase.py
@@ -164,18 +164,25 @@ def _assert_correct_last_attempt(utest, filter_, output, count=None):
# get fail ticket from jail
found.append(_ticket_tuple(filter_.getFailTicket()))
else:
- # when we are testing without jails
- # wait for failures (up to max time)
- Utils.wait_for(
- lambda: filter_.failManager.getFailCount() >= (tickcount, failcount),
- _maxWaitTime(10))
- # get fail ticket(s) from filter
- while tickcount:
- try:
- found.append(_ticket_tuple(filter_.failManager.toBan()))
- except FailManagerEmpty:
- break
- tickcount -= 1
+ # when we are testing without jails wait for failures (up to max time)
+ if filter_.jail:
+ while True:
+ t = filter_.jail.getFailTicket()
+ if not t: break
+ found.append(_ticket_tuple(t))
+ if found:
+ tickcount -= len(found)
+ if tickcount > 0:
+ Utils.wait_for(
+ lambda: filter_.failManager.getFailCount() >= (tickcount, failcount),
+ _maxWaitTime(10))
+ # get fail ticket(s) from filter
+ while tickcount:
+ try:
+ found.append(_ticket_tuple(filter_.failManager.toBan()))
+ except FailManagerEmpty:
+ break
+ tickcount -= 1
if not isinstance(output[0], (tuple,list)):
utest.assertEqual(len(found), 1)
@@ -951,14 +958,11 @@ class LogFileMonitor(LogCaptureTestCase):
self.file.close()
self.file = _copy_lines_between_files(GetFailures.FILENAME_01, self.name,
n=14, mode='w')
- print('=========='*10)
self.filter.getFailures(self.name)
- print('=========='*10)
self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
self.assertEqual(self.filter.failManager.getFailTotal(), 2)
# move aside, but leaving the handle still open...
- print('=========='*10)
os.rename(self.name, self.name + '.bak')
_copy_lines_between_files(GetFailures.FILENAME_01, self.name, skip=14, n=1).close()
self.filter.getFailures(self.name)
@@ -1112,12 +1116,13 @@ def get_monitor_failures_testcase(Filter_):
skip=12, n=3, mode='w')
self.assert_correct_last_attempt(GetFailures.FAILURES_01)
- def _wait4failures(self, count=2):
+ def _wait4failures(self, count=2, waitEmpty=True):
# Poll might need more time
- self.assertTrue(self.isEmpty(_maxWaitTime(5)),
- "Queue must be empty but it is not: %s."
- % (', '.join([str(x) for x in self.jail.queue])))
- self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+ if waitEmpty:
+ self.assertTrue(self.isEmpty(_maxWaitTime(5)),
+ "Queue must be empty but it is not: %s."
+ % (', '.join([str(x) for x in self.jail.queue])))
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
Utils.wait_for(lambda: self.filter.failManager.getFailTotal() >= count, _maxWaitTime(10))
self.assertEqual(self.filter.failManager.getFailTotal(), count)
@@ -1283,9 +1288,9 @@ def get_monitor_failures_testcase(Filter_):
# now copy and get even more
_copy_lines_between_files(GetFailures.FILENAME_01, self.file, skip=12, n=3)
# check for 3 failures (not 9), because 6 already get above...
- self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01, count=3)
# total count in this test:
- self.assertEqual(self.filter.failManager.getFailTotal(), 9)
+ self._wait4failures(12, False)
cls = MonitorFailures
cls.__qualname__ = cls.__name__ = "MonitorFailures<%s>(%s)" \
@@ -1640,6 +1645,7 @@ class GetFailures(LogCaptureTestCase):
[u'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2'
% m for m in 53, 54, 57, 58])
+ self.filter.setMaxRetry(4)
self.filter.addLogPath(GetFailures.FILENAME_02, autoSeek=0)
self.filter.addFailRegex(r"Failed .* from <HOST>")
self.filter.getFailures(GetFailures.FILENAME_02)
@@ -1648,6 +1654,7 @@ class GetFailures(LogCaptureTestCase):
def testGetFailures03(self):
output = ('203.162.223.135', 6, 1124013600.0)
+ self.filter.setMaxRetry(6)
self.filter.addLogPath(GetFailures.FILENAME_03, autoSeek=0)
self.filter.addFailRegex(r"error,relay=<HOST>,.*550 User unknown")
self.filter.getFailures(GetFailures.FILENAME_03)
@@ -1656,6 +1663,7 @@ class GetFailures(LogCaptureTestCase):
def testGetFailures03_InOperation(self):
output = ('203.162.223.135', 9, 1124013600.0)
+ self.filter.setMaxRetry(9)
self.filter.addLogPath(GetFailures.FILENAME_03, autoSeek=0)
self.filter.addFailRegex(r"error,relay=<HOST>,.*550 User unknown")
self.filter.getFailures(GetFailures.FILENAME_03, inOperation=True)
@@ -1673,7 +1681,7 @@ class GetFailures(LogCaptureTestCase):
def testGetFailures03_Seek2(self):
# same test as above but with seek to 'Aug 14 11:59:04' - so other output ...
output = ('203.162.223.135', 2, 1124013600.0)
- self.filter.setMaxRetry(1)
+ self.filter.setMaxRetry(2)
self.filter.addLogPath(GetFailures.FILENAME_03, autoSeek=output[2])
self.filter.addFailRegex(r"error,relay=<HOST>,.*550 User unknown")
@@ -1683,10 +1691,12 @@ class GetFailures(LogCaptureTestCase):
def testGetFailures04(self):
# because of not exact time in testcase04.log (no year), we should always use our test time:
self.assertEqual(MyTime.time(), 1124013600)
- # should find exact 4 failures for *.186 and 2 failures for *.185
- output = (('212.41.96.186', 4, 1124013600.0),
- ('212.41.96.185', 2, 1124013598.0))
-
+ # should find exact 4 failures for *.186 and 2 failures for *.185, but maxretry is 2, so 3 tickets:
+ output = (
+ ('212.41.96.186', 2, 1124013480.0),
+ ('212.41.96.186', 2, 1124013600.0),
+ ('212.41.96.185', 2, 1124013598.0)
+ )
# speedup search using exact date pattern:
self.filter.setDatePattern((r'^%ExY(?P<_sep>[-/.])%m(?P=_sep)%d[T ]%H:%M:%S(?:[.,]%f)?(?:\s*%z)?',
r'^(?:%a )?%b %d %H:%M:%S(?:\.%f)?(?: %ExY)?',
@@ -1743,9 +1753,11 @@ class GetFailures(LogCaptureTestCase):
unittest.F2B.SkipIfNoNetwork()
# We should still catch failures with usedns = no ;-)
output_yes = (
- ('93.184.216.34', 2, 1124013539.0,
- [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2',
- u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
+ ('93.184.216.34', 1, 1124013299.0,
+ [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
+ ),
+ ('93.184.216.34', 1, 1124013539.0,
+ [u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
),
('2606:2800:220:1:248:1893:25c8:1946', 1, 1124013299.0,
[u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
@@ -1779,8 +1791,11 @@ class GetFailures(LogCaptureTestCase):
_assert_correct_last_attempt(self, filter_, output)
def testGetFailuresMultiRegex(self):
- output = ('141.3.81.106', 8, 1124013541.0)
+ output = [
+ ('141.3.81.106', 8, 1124013541.0)
+ ]
+ self.filter.setMaxRetry(8)
self.filter.addLogPath(GetFailures.FILENAME_02, autoSeek=False)
self.filter.addFailRegex(r"Failed .* from <HOST>")
self.filter.addFailRegex(r"Accepted .* from <HOST>")
@@ -1798,26 +1813,25 @@ class GetFailures(LogCaptureTestCase):
self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
def testGetFailuresMultiLine(self):
- output = [("192.0.43.10", 2, 1124013599.0),
- ("192.0.43.11", 1, 1124013598.0)]
+ output = [
+ ("192.0.43.10", 1, 1124013598.0),
+ ("192.0.43.10", 1, 1124013599.0),
+ ("192.0.43.11", 1, 1124013598.0)
+ ]
self.filter.addLogPath(GetFailures.FILENAME_MULTILINE, autoSeek=False)
self.filter.setMaxLines(100)
self.filter.addFailRegex(r"^.*rsyncd\[(?P<pid>\d+)\]: connect from .+ \(<HOST>\)$<SKIPLINES>^.+ rsyncd\[(?P=pid)\]: rsync error: .*$")
self.filter.setMaxRetry(1)
self.filter.getFailures(GetFailures.FILENAME_MULTILINE)
-
- foundList = []
- while True:
- try:
- foundList.append(
- _ticket_tuple(self.filter.failManager.toBan())[0:3])
- except FailManagerEmpty:
- break
- self.assertSortedEqual(foundList, output)
+
+ _assert_correct_last_attempt(self, self.filter, output)
def testGetFailuresMultiLineIgnoreRegex(self):
- output = [("192.0.43.10", 2, 1124013599.0)]
+ output = [
+ ("192.0.43.10", 1, 1124013598.0),
+ ("192.0.43.10", 1, 1124013599.0)
+ ]
self.filter.addLogPath(GetFailures.FILENAME_MULTILINE, autoSeek=False)
self.filter.setMaxLines(100)
self.filter.addFailRegex(r"^.*rsyncd\[(?P<pid>\d+)\]: connect from .+ \(<HOST>\)$<SKIPLINES>^.+ rsyncd\[(?P=pid)\]: rsync error: .*$")
@@ -1826,14 +1840,17 @@ class GetFailures(LogCaptureTestCase):
self.filter.getFailures(GetFailures.FILENAME_MULTILINE)
- _assert_correct_last_attempt(self, self.filter, output.pop())
+ _assert_correct_last_attempt(self, self.filter, output)
self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
def testGetFailuresMultiLineMultiRegex(self):
- output = [("192.0.43.10", 2, 1124013599.0),
+ output = [
+ ("192.0.43.10", 1, 1124013598.0),
+ ("192.0.43.10", 1, 1124013599.0),
("192.0.43.11", 1, 1124013598.0),
- ("192.0.43.15", 1, 1124013598.0)]
+ ("192.0.43.15", 1, 1124013598.0)
+ ]
self.filter.addLogPath(GetFailures.FILENAME_MULTILINE, autoSeek=False)
self.filter.setMaxLines(100)
self.filter.addFailRegex(r"^.*rsyncd\[(?P<pid>\d+)\]: connect from .+ \(<HOST>\)$<SKIPLINES>^.+ rsyncd\[(?P=pid)\]: rsync error: .*$")
@@ -1842,14 +1859,9 @@ class GetFailures(LogCaptureTestCase):
self.filter.getFailures(GetFailures.FILENAME_MULTILINE)
- foundList = []
- while True:
- try:
- foundList.append(
- _ticket_tuple(self.filter.failManager.toBan())[0:3])
- except FailManagerEmpty:
- break
- self.assertSortedEqual(foundList, output)
+ _assert_correct_last_attempt(self, self.filter, output)
+
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
class DNSUtilsTests(unittest.TestCase):
From 92a224217496fe3114fc7ee9f80708c00804ec03 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Tue, 23 Feb 2021 15:54:48 +0100
Subject: [PATCH 3/3] amend fixing journal tests (systemd backend only)
---
fail2ban/tests/filtertestcase.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
index fe37ea29..b9b7e8aa 100644
--- a/fail2ban/tests/filtertestcase.py
+++ b/fail2ban/tests/filtertestcase.py
@@ -1517,7 +1517,7 @@ def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no cover
"SYSLOG_IDENTIFIER=fail2ban-testcases",
"TEST_FIELD=1",
"TEST_UUID=%s" % self.test_uuid])
- self.assert_correct_ban("193.168.0.128", 4)
+ self.assert_correct_ban("193.168.0.128", 3)
_copy_lines_to_journal(
self.test_file, self.journal_fields, n=6, skip=10)
# we should detect the failures
@@ -1531,7 +1531,7 @@ def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no cover
self.test_file, self.journal_fields, skip=15, n=4)
self.waitForTicks(1)
self.assertTrue(self.isFilled(10))
- self.assert_correct_ban("87.142.124.10", 4)
+ self.assert_correct_ban("87.142.124.10", 3)
# Add direct utf, unicode, blob:
for l in (
"error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1",