- Added more filter test cases

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@425 a942ae1a-1317-0410-a47c-b1dcaea8d605
18 years ago · e581913c1f
parent 23127d951c
commit e581913c1f
4 changed files with 101 additions and 18 deletions
--- a/testcases/files/testcase02.log
+++ b/testcases/files/testcase02.log
@ -1,13 +1,13 @@
-Mar 16 04:57:00 i60p295 sshd[11437]: input_userauth_request: illegal user test123
-Mar 16 04:57:00 i60p295 sshd[11437]: Failed password for illegal user test123 from ::ffff:66.38.192.238 port 51381 ssh2
-Mar 16 04:57:00 i60p295 sshd[11437]: Connection closed by ::ffff:66.38.192.238
-Mar 16 10:33:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mar 16 10:33:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mar 16 10:33:59 i60p295 sshd[12365]: Postponed keyboard-interactive for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mar 16 10:34:01 i60p295 sshd[12365]: Postponed keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mar 16 10:34:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mär 16 10:33:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mär 16 10:33:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mar 16 10:35:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mar 16 10:36:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
-Mar 16 10:37:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:51:00 i60p295 sshd[11437]: input_userauth_request: illegal user test123
+Aug 14 11:52:00 i60p295 sshd[11437]: Failed password for illegal user test123 from ::ffff:66.38.192.238 port 51381 ssh2
+Aug 14 11:53:00 i60p295 sshd[11437]: Connection closed by ::ffff:66.38.192.238
+Aug 14 11:53:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:55:59 i60p295 sshd[12365]: Postponed keyboard-interactive for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:56:01 i60p295 sshd[12365]: Postponed keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:57:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:57:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
--- a/testcases/files/testcase03.log
+++ b/testcases/files/testcase03.log
@ -0,0 +1,9 @@
+Aug 14 11:53:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
+Aug 14 11:54:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
+Aug 14 11:55:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
+Aou 14 11:56:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
+Aou 14 11:57:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
+Aoü 14 11:58:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
+Aug 14 11:59:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
+Aug 14 12:50:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
+Aug 14 12:51:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
--- a/testcases/files/testcase04.log
+++ b/testcases/files/testcase04.log
@ -0,0 +1,15 @@
+Sep 21 22:03:07 [sshd] Invalid user toto from 212.41.96.185
+1124012400 [sshd] Invalid user fuck from 212.41.96.185
+Sep 21 21:03:38 [sshd] Invalid user toto from 212.41.96.185
+1124012500 [sshd] Invalid user fuck from 212.41.96.185
+Sep 21 21:03:46 [sshd] Invalid user toto from 212.41.96.185
+Aug 14 11:58:48 [sshd] Invalid user fuck from 212.41.96.185
+Aug 14 11:59:58 [sshd] Invalid user toto from 212.41.96.185
+Sep 21 21:04:03 [sshd] Invalid user fuck from 212.41.96.185
+                - Last output repeated twice -
+2005/08/14 11:57:00 [sshd] Invalid user toto from 212.41.96.186
+2005/08/14 11:58:00 [sshd] Invalid user fuck from 212.41.96.186
+2005/08/14 11:59:00 [sshd] Invalid user toto from 212.41.96.186
+2005/08/14 12:00:00 [sshd] Invalid user fuck from 212.41.96.186
+                - Last output repeated twice -
+Sep 21 21:09:01 [sshd] Invalid user toto from 212.41.96.185
--- a/testcases/filtertestcase.py
+++ b/testcases/filtertestcase.py
@ -28,6 +28,7 @@ import unittest, socket
 from server.filterpoll import FilterPoll
 from server.filter import Filter
 from server.failmanager import FailManager
+from server.failmanager import FailManagerEmpty

 class IgnoreIP(unittest.TestCase):

@ -78,23 +79,27 @@ class LogFile(unittest.TestCase):

 class GetFailures(unittest.TestCase):

-	FILENAME = "testcases/files/testcase01.log"
+	FILENAME_01 = "testcases/files/testcase01.log"
+	FILENAME_02 = "testcases/files/testcase02.log"
+	FILENAME_03 = "testcases/files/testcase03.log"
+	FILENAME_04 = "testcases/files/testcase04.log"

 	def setUp(self):
 		"""Call before every test case."""
 		self.__filter = Filter(None)
-		self.__filter.addLogPath(FILENAME)
 		#self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
 		#self.__filter.setTimePattern("%b %d %H:%M:%S")
-		self.__filter.setFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")

 	def tearDown(self):
 		"""Call after every test case."""
 		
-	def testGetFailures(self):
+	def testGetFailures01(self):
 		output = ('193.168.0.128', 3, 1124013599.0)
+		
+		self.__filter.addLogPath(GetFailures.FILENAME_01)
+		self.__filter.setFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")

-		self.__filter.getFailures(FILENAME)
+		self.__filter.getFailures(GetFailures.FILENAME_01)
 		
 		ticket = self.__filter.failManager.toBan()

@ -104,4 +109,58 @@ class GetFailures(unittest.TestCase):
 		found = (ip, attempts, date)
 		
 		self.assertEqual(found, output)
+	
+	def testGetFailures02(self):
+		output = ('141.3.81.106', 4, 1124013539.0)
+
+		self.__filter.addLogPath(GetFailures.FILENAME_02)
+		self.__filter.setFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)")
+		
+		self.__filter.getFailures(GetFailures.FILENAME_02)
+		
+		ticket = self.__filter.failManager.toBan()
+
+		attempts = ticket.getAttempt()
+		date = ticket.getTime()
+		ip = ticket.getIP()
+		found = (ip, attempts, date)
+		
+		self.assertEqual(found, output)	
+
+	def testGetFailures03(self):
+		output = ('203.162.223.135', 6, 1124013544.0)
+
+		self.__filter.addLogPath(GetFailures.FILENAME_03)
+		self.__filter.setFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
+		
+		self.__filter.getFailures(GetFailures.FILENAME_03)
+		
+		ticket = self.__filter.failManager.toBan()
+		
+		attempts = ticket.getAttempt()
+		date = ticket.getTime()
+		ip = ticket.getIP()
+		found = (ip, attempts, date)
+		
+		self.assertEqual(found, output)	
+
+	def testGetFailures04(self):
+		output = [('212.41.96.186', 4, 1124013600.0),
+				  ('212.41.96.185', 4, 1124013598.0)]
+
+		self.__filter.addLogPath(GetFailures.FILENAME_04)
+		self.__filter.setFailRegex("Invalid user .* (?P<host>\S*)")
+		
+		self.__filter.getFailures(GetFailures.FILENAME_04)
+
+		try:
+			for i in range(2):
+				ticket = self.__filter.failManager.toBan()		
+				attempts = ticket.getAttempt()
+				date = ticket.getTime()
+				ip = ticket.getIP()
+				found = (ip, attempts, date)
+				self.assertEqual(found, output[i])
+		except FailManagerEmpty:
+			pass