mirror of https://github.com/fail2ban/fail2ban
- Added more filter test cases
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@425 a942ae1a-1317-0410-a47c-b1dcaea8d6050.x
Cyril Jaquier
parent
23127d951c
commit
e581913c1f
|
|
@ -1,13 +1,13 @@
|
|||
Mar 16 04:57:00 i60p295 sshd[11437]: input_userauth_request: illegal user test123
|
||||
Mar 16 04:57:00 i60p295 sshd[11437]: Failed password for illegal user test123 from ::ffff:66.38.192.238 port 51381 ssh2
|
||||
Mar 16 04:57:00 i60p295 sshd[11437]: Connection closed by ::ffff:66.38.192.238
|
||||
Mar 16 10:33:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mar 16 10:33:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mar 16 10:33:59 i60p295 sshd[12365]: Postponed keyboard-interactive for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mar 16 10:34:01 i60p295 sshd[12365]: Postponed keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mar 16 10:34:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mär 16 10:33:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mär 16 10:33:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mar 16 10:35:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mar 16 10:36:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Mar 16 10:37:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:51:00 i60p295 sshd[11437]: input_userauth_request: illegal user test123
|
||||
Aug 14 11:52:00 i60p295 sshd[11437]: Failed password for illegal user test123 from ::ffff:66.38.192.238 port 51381 ssh2
|
||||
Aug 14 11:53:00 i60p295 sshd[11437]: Connection closed by ::ffff:66.38.192.238
|
||||
Aug 14 11:53:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:55:59 i60p295 sshd[12365]: Postponed keyboard-interactive for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:56:01 i60p295 sshd[12365]: Postponed keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:57:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:57:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
Aug 14 11:53:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
Aug 14 11:54:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
Aug 14 11:55:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
Aou 14 11:56:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
Aou 14 11:57:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
Aoü 14 11:58:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
Aug 14 11:59:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
Aug 14 12:50:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
Aug 14 12:51:04 HOSTNAME courieresmtpd: error,relay=::ffff:203.162.223.135,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
Sep 21 22:03:07 [sshd] Invalid user toto from 212.41.96.185
|
||||
1124012400 [sshd] Invalid user fuck from 212.41.96.185
|
||||
Sep 21 21:03:38 [sshd] Invalid user toto from 212.41.96.185
|
||||
1124012500 [sshd] Invalid user fuck from 212.41.96.185
|
||||
Sep 21 21:03:46 [sshd] Invalid user toto from 212.41.96.185
|
||||
Aug 14 11:58:48 [sshd] Invalid user fuck from 212.41.96.185
|
||||
Aug 14 11:59:58 [sshd] Invalid user toto from 212.41.96.185
|
||||
Sep 21 21:04:03 [sshd] Invalid user fuck from 212.41.96.185
|
||||
- Last output repeated twice -
|
||||
2005/08/14 11:57:00 [sshd] Invalid user toto from 212.41.96.186
|
||||
2005/08/14 11:58:00 [sshd] Invalid user fuck from 212.41.96.186
|
||||
2005/08/14 11:59:00 [sshd] Invalid user toto from 212.41.96.186
|
||||
2005/08/14 12:00:00 [sshd] Invalid user fuck from 212.41.96.186
|
||||
- Last output repeated twice -
|
||||
Sep 21 21:09:01 [sshd] Invalid user toto from 212.41.96.185
|
||||
|
|
@ -28,6 +28,7 @@ import unittest, socket
|
|||
from server.filterpoll import FilterPoll
|
||||
from server.filter import Filter
|
||||
from server.failmanager import FailManager
|
||||
from server.failmanager import FailManagerEmpty
|
||||
|
||||
class IgnoreIP(unittest.TestCase):
|
||||
|
||||
|
|
@ -78,23 +79,27 @@ class LogFile(unittest.TestCase):
|
|||
|
||||
class GetFailures(unittest.TestCase):
|
||||
|
||||
FILENAME = "testcases/files/testcase01.log"
|
||||
FILENAME_01 = "testcases/files/testcase01.log"
|
||||
FILENAME_02 = "testcases/files/testcase02.log"
|
||||
FILENAME_03 = "testcases/files/testcase03.log"
|
||||
FILENAME_04 = "testcases/files/testcase04.log"
|
||||
|
||||
def setUp(self):
|
||||
"""Call before every test case."""
|
||||
self.__filter = Filter(None)
|
||||
self.__filter.addLogPath(FILENAME)
|
||||
#self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
|
||||
#self.__filter.setTimePattern("%b %d %H:%M:%S")
|
||||
self.__filter.setFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")
|
||||
|
||||
def tearDown(self):
|
||||
"""Call after every test case."""
|
||||
|
||||
def testGetFailures(self):
|
||||
def testGetFailures01(self):
|
||||
output = ('193.168.0.128', 3, 1124013599.0)
|
||||
|
||||
self.__filter.addLogPath(GetFailures.FILENAME_01)
|
||||
self.__filter.setFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")
|
||||
|
||||
self.__filter.getFailures(FILENAME)
|
||||
self.__filter.getFailures(GetFailures.FILENAME_01)
|
||||
|
||||
ticket = self.__filter.failManager.toBan()
|
||||
|
||||
|
|
@ -104,4 +109,58 @@ class GetFailures(unittest.TestCase):
|
|||
found = (ip, attempts, date)
|
||||
|
||||
self.assertEqual(found, output)
|
||||
|
||||
def testGetFailures02(self):
|
||||
output = ('141.3.81.106', 4, 1124013539.0)
|
||||
|
||||
self.__filter.addLogPath(GetFailures.FILENAME_02)
|
||||
self.__filter.setFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)")
|
||||
|
||||
self.__filter.getFailures(GetFailures.FILENAME_02)
|
||||
|
||||
ticket = self.__filter.failManager.toBan()
|
||||
|
||||
attempts = ticket.getAttempt()
|
||||
date = ticket.getTime()
|
||||
ip = ticket.getIP()
|
||||
found = (ip, attempts, date)
|
||||
|
||||
self.assertEqual(found, output)
|
||||
|
||||
def testGetFailures03(self):
|
||||
output = ('203.162.223.135', 6, 1124013544.0)
|
||||
|
||||
self.__filter.addLogPath(GetFailures.FILENAME_03)
|
||||
self.__filter.setFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
|
||||
|
||||
self.__filter.getFailures(GetFailures.FILENAME_03)
|
||||
|
||||
ticket = self.__filter.failManager.toBan()
|
||||
|
||||
attempts = ticket.getAttempt()
|
||||
date = ticket.getTime()
|
||||
ip = ticket.getIP()
|
||||
found = (ip, attempts, date)
|
||||
|
||||
self.assertEqual(found, output)
|
||||
|
||||
def testGetFailures04(self):
|
||||
output = [('212.41.96.186', 4, 1124013600.0),
|
||||
('212.41.96.185', 4, 1124013598.0)]
|
||||
|
||||
self.__filter.addLogPath(GetFailures.FILENAME_04)
|
||||
self.__filter.setFailRegex("Invalid user .* (?P<host>\S*)")
|
||||
|
||||
self.__filter.getFailures(GetFailures.FILENAME_04)
|
||||
|
||||
try:
|
||||
for i in range(2):
|
||||
ticket = self.__filter.failManager.toBan()
|
||||
attempts = ticket.getAttempt()
|
||||
date = ticket.getTime()
|
||||
ip = ticket.getIP()
|
||||
found = (ip, attempts, date)
|
||||
self.assertEqual(found, output[i])
|
||||
except FailManagerEmpty:
|
||||
pass
|
||||
|
||||
Loading…
Reference in New Issue