o ×¼_bTã@s˜dZdZdZddlZddlZddlZddlmZddlm Z m Z m Z m Z m Z dd lmZmZmZmZdd lmZee_d d „Zee_ ej ej e¡d ¡Zej ej e¡d¡Zdadd„Zdd„ZGdd„deƒZdd„Z dZ!dZ"dZ#dZ$dZ%ej ed¡Z&ej ed¡Z'ej ed¡Z(dZ)d Z*d!Z+ej ed"d#¡Z,ej ed$d%¡Z-ej ed&¡Z.ej ed$d'¡Z/ej ed"d(¡Z0ej ed$d)¡Z1Gd*d+„d+eƒZ2dS),z Serg BresterzHCopyright (c) 2015 Serg G. Brester (sebres), 2008- Fail2Ban ContributorsÚGPLéNé)Ú fail2banregex)Ú Fail2banRegexÚget_opt_parserÚexec_command_lineÚoutputÚ str2LogLevelé)Ú setUpMyTimeÚtearDownMyTimeÚLogCaptureTestCaseÚlogSys)Ú CONFIG_DIRcGst |d¡dS)Nr)rÚnotice)Úargs©rúF/usr/lib/python3/dist-packages/fail2ban/tests/fail2banregextestcase.pyÚ _test_output%srÚconfigÚfilescGs@tƒ}| t|ƒ¡\}}|jdvrt t|jƒ¡||t|ƒfS)N)rÚwarning)rÚ parse_argsÚlistÚ log_levelrÚsetLevelr r)rÚparserÚoptsrrrÚ_Fail2banRegex/s  rcGst|Ž\}}}| |¡S©N)rÚstart)rrÚ fail2banRegexrrrÚ _test_exec7s r"c@seZdZdd„ZdS)Ú ExitExceptioncCs||_d||_dS)NzExit with code: %s)ÚcodeÚmsg)Úselfr$rrrÚ__init__<szExitException.__init__N)Ú__name__Ú __module__Ú __qualname__r'rrrrr#;s r#c Gsèd dd„}tjtjtjdœ}d}|t_tsttjdƒatt_t_zBztt |ƒƒWnt y?}z |j }WYd}~nd}~wwW|dt_|dt_|dt_|SW|dt_|dt_|dt_|S|dt_|dt_|dt_w) NrcSst|ƒ‚r)r#)r$rrrÚ_exitAsz&_test_exec_command_line.._exit)ÚexitÚstdoutÚstderrÚwr,r-r.)r) Úsysr,r-r.ÚDEV_NULLÚopenÚosÚdevnullrrr#r$)rr+Ú_orgÚ _exit_codeÚerrrÚ_test_exec_command_line@s2  €ÿÿ   û    ý  r8zRDec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 192.0.2.0zB[sshd] error: PAM: Authentication failure for kevin from 192.0.2.0z˜(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) z8Authentication failure for .*? from $z.*? from $ztestcase01.logztestcase02.logztestcase-wrong-char.loga"Nov 28 09:16:03 srv sshd[32307]: Failed publickey for git from 192.0.2.1 port 57904 ssh2: ECDSA 0e:ff:xx:xx:xx:xx:xx:xx:xx:xx:xx:... Nov 28 09:16:03 srv sshd[32307]: Failed publickey for git from 192.0.2.1 port 57904 ssh2: RSA 04:bc:xx:xx:xx:xx:xx:xx:xx:xx:xx:... Nov 28 09:16:03 srv sshd[32307]: Postponed publickey for git from 192.0.2.1 port 57904 ssh2 [preauth] Nov 28 09:16:05 srv sshd[32310]: Failed publickey for git from 192.0.2.2 port 57910 ssh2: ECDSA 1e:fe:xx:xx:xx:xx:xx:xx:xx:xx:xx:... Nov 28 09:16:05 srv sshd[32310]: Failed publickey for git from 192.0.2.2 port 57910 ssh2: RSA 14:ba:xx:xx:xx:xx:xx:xx:xx:xx:xx:... Nov 28 09:16:05 srv sshd[32310]: Disconnecting: Too many authentication failures for git [preauth] Nov 28 09:16:05 srv sshd[32310]: Connection closed by 192.0.2.2 [preauth]z„Nov 28 09:16:06 srv sshd[32307]: Accepted publickey for git from 192.0.2.1 port 57904 ssh2: DSA 36:48:xx:xx:xx:xx:xx:xx:xx:xx:xx:...zINov 28 09:16:06 srv sshd[32307]: Connection closed by 192.0.2.1 [preauth]ÚlogsÚsshdzfilter.dz sshd.confzzzz-sshd-obsolete-multiline.logz zzz-sshd-obsolete-multiline.confzzzz-generic-examplezzzz-generic-example.confc@seZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Zd9d:„Zd;d<„Z d=d>„Z!d?d@„Z"dAdB„Z#dCS)DÚFail2banRegexTestcCót |¡tƒdS)zCall before every test case.N)r ÚsetUpr ©r&rrrr=yó  zFail2banRegexTest.setUpcCr<)zCall after every test case.N)r ÚtearDownr r>rrrr@~r?zFail2banRegexTest.tearDowncCs| tddƒ¡| d¡dS)NÚtestz.** from $ú$Unable to compile regular expression©Ú assertFalser"Ú assertLoggedr>rrrÚ testWrongREƒsÿzFail2banRegexTest.testWrongREcCs$| tdddddƒ¡| d¡dS)Nú --datepatternú{^LN-BEG}EPOCHrAz.*? from $z.**rBrCr>rrrÚtestWrongIngnoreRE‰s þz$Fail2banRegexTest.testWrongIngnoreREc Cs&| tddddtdƒ¡| d¡dS)NrGú*^(?:%a )?%b %d %H:%M:%S(?:\.%f)?(?: %ExY)?ú--print-all-matchedú--print-no-missedú+Authentication failure for .*? from $ú.Lines: 1 lines, 0 ignored, 1 matched, 0 missed©Ú assertTruer"ÚSTR_00rEr>rrrÚtestDirectFoundsüz!Fail2banRegexTest.testDirectFoundcCs | tdtdƒ¡| d¡dS)Nú--print-all-missedzXYZ from $z.Lines: 1 lines, 0 ignored, 0 matched, 1 missedrOr>rrrÚtestDirectNotFound™s ýz$Fail2banRegexTest.testDirectNotFoundcCs"| tdtddƒ¡| d¡dS)Nú--print-all-ignoredrMzkevin from 192.0.2.0$z.Lines: 1 lines, 1 ignored, 0 matched, 0 missedrOr>rrrÚtestDirectIgnored¡süz#Fail2banRegexTest.testDirectIgnoredcCsL| tdddttƒ¡| d¡| d¡| d¡| d¡| d¡dS) NrGrJrKú0Lines: 19 lines, 0 ignored, 16 matched, 3 missedúError decoding linez6Continuing to process line ignoring invalid characterszVDez 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128zVDec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10©rPr"Ú FILENAME_01ÚRE_00rEr>rrrÚtestDirectRE_1ªsý    z Fail2banRegexTest.testDirectRE_1c Cs&| tddddttƒ¡| d¡dS)NrGrJrKú--rawz0Lines: 19 lines, 0 ignored, 19 matched, 0 missedrYr>rrrÚtestDirectRE_1raw¸s ýz#Fail2banRegexTest.testDirectRE_1rawc Cs\| tdddddttƒ¡| d¡| ¡| tddd d ƒ¡|jd d d | d¡dS)NrGrJrKr]z --usedns=norWú-dú^Epochz1490349000 test failed.dns.chz^\s*test \S+rNT©Úallz)Unable to find a corresponding IP address)rPr"rZr[rEÚpruneLogÚassertNotLoggedr>rrrÚtestDirectRE_1raw_noDnsÀsý þz)Fail2banRegexTest.testDirectRE_1raw_noDnscCs$| tdddttƒ¡| d¡dS)NrGrJrKú/Lines: 13 lines, 0 ignored, 5 matched, 8 missed©rPr"Ú FILENAME_02r[rEr>rrrÚtestDirectRE_2Ðs ýz Fail2banRegexTest.testDirectRE_2c Cs@| tdddddddttƒ ¡| d¡| d ¡| d ¡dS) NrGrJz --timezonezUTC+0200z --verboseú--verbose-daterLrfz&141.3.81.106 Sun Aug 14 11:53:59 2005z&141.3.81.106 Sun Aug 14 11:54:59 2005rgr>rrrÚ testVerboseØsü  zFail2banRegexTest.testVerbosec Csv| tdddddddttdƒ ¡|jd d d d | ¡| tddd dtddƒ¡|jddd d |jddd d dS)Nú-lrú-vrjrKrUú-cr:ú8[29116]: User root not allowed because account is lockedz)[29116]: Received disconnect from 1.2.3.4Traú-vvzRDec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 192.0.2.1zsshd[logtype=short]zReal filter options :z'logtype': 'short'ú'logtype': 'file'ú'logtype': 'journal')rPr"rÚ FILENAME_SSHDrErcrdr>rrrÚtestVerboseFullSshdäs$üÿüz%Fail2banRegexTest.testVerboseFullSshdc Cs0| tddddttdƒ¡|jdddd d dS) NrlrrKrnzsshd.conf[mode=normal]z"[29116]: Connection from 192.0.2.4roú+[29116]: Received disconnect from 192.0.2.4Tra)rPr"rÚFILENAME_ZZZ_SSHDrEr>rrrÚ testFastSshdúsü ýzFail2banRegexTest.testFastSshdc Cs>| tdddddtj t¡ttj t¡ƒ¡|jddddS) NrlrrKrSrnruTra) rPr"r3ÚpathÚdirnameÚFILTER_ZZZ_SSHDrvÚbasenamerEr>rrrÚtestMultilineSshds  ü ÿz#Fail2banRegexTest.testMultilineSshdcCs| tddttdƒ¡dS)Nrlrz [mode=test])rPr"ÚFILENAME_ZZZ_GENÚFILTER_ZZZ_GENr>rrrÚtestFullGenerics þz!Fail2banRegexTest.testFullGenericc CsldD]1}| d|¡| tddddddd d |d d ƒ ¡| d |d|df¡|jddddqdS)N)réz[test-phase %s]ú--usednsÚnor_r`rKú --maxlinesÚ5z1490349000 TEST-NL úL1490349000 FAIL 1490349000 TEST1 1490349001 TEST2 1490349001 HOST 192.0.2.34ú*^\s*FAIL\s*$^\s*HOST \s*$z0Lines: %s lines, 0 ignored, 2 matched, %s missedérz| 1490349000 FAILz| 1490349001 HOST 192.0.2.34Tra)rcrPr"rE)r&ÚpreLinesrrrÚtestDirectMultilineBufsÿüöz(Fail2banRegexTest.testDirectMultilineBufc Cs:| tddddddddd d ƒ ¡| d ¡| d d ¡dS)Nrr‚r_r`ú --debuggexrKrƒr„r…r†ú.Lines: 4 lines, 0 ignored, 2 matched, 2 missedz&flags=mz?flags=m©rPr"rEr>rrrÚtestDirectMultilineBufDebuggex)sý z0Fail2banRegexTest.testDirectMultilineBufDebuggexc Cs,| tddddddddd ƒ ¡| d ¡dS) Nrr‚r_r`rKz-LÚ2z)1490349000 FAIL: failure host: 192.0.2.35z^\s*FAIL:\s*.*\nhost:\s+$z.Lines: 2 lines, 0 ignored, 2 matched, 0 missedrŒr>rrrÚtestSinglelineWithNLinContent3s  ýz/Fail2banRegexTest.testSinglelineWithNLinContentc Cs(| tdddddddƒ¡| d¡dS) Nz-rr_ú^\[{LEPOCH}\]\s+rƒr„z£[1516469849] 192.0.2.1 FAIL: failure [1516469849551] 192.0.2.2 FAIL: failure [1516469849551000] 192.0.2.3 FAIL: failure [1516469849551.000] 192.0.2.4 FAIL: failurez^ FAIL\bú.Lines: 4 lines, 0 ignored, 4 matched, 0 missedrŒr>rrrÚtestRegexEpochPatterns<s  úz(Fail2banRegexTest.testRegexEpochPatternsc Cs8| tdddddddƒ¡| d¡|jd d d d dS) Nrpr_rrƒr„zª[1516469849] 192.0.2.1 FAIL: failure [1516469849] 192.0.2.1/24 FAIL: failure [1516469849] 2001:DB8:FF:FF::1 FAIL: failure [1516469849] 2001:DB8:FF:FF::1/60 FAIL: failure z^ FAIL\br‘z 192.0.2.0/24z2001:db8:ff:f0::/60TrarŒr>rrrÚtestRegexSubnetGs ú z!Fail2banRegexTest.testRegexSubnetcCsh| tddttƒ¡| d¡| ¡| tddddƒ¡| tdƒ¡| ¡| tddddƒ¡| ¡| tddd d ƒ¡| td ƒ¡| ¡| tdd ttƒ¡|jd dddd| ¡| tdd ttƒ¡|jddddd| ¡| tddttƒ¡| t¡| ¡| tddttƒ¡| d¡| ¡| tddttƒ¡| d¡| ¡dS)Nú-oÚidÚkevinz"1591983743.667 192.0.2.1 192.0.2.2z(^\s* \S+)z 192.0.2.1ú 192.0.2.2z#1591983743.667 left 192.0.2.3 rightzM^\s*\S+ \S+z+1591983743.667 left [192.0.2.4]:12345 rightzc^\s*\S+ : \S+)z[192.0.2.4]:12345ÚleftÚrightÚrowz['kevin'z'ip4': '192.0.2.0'z'fid': 'kevin'Traz ['192.0.2.0'z'user': 'kevin'r%Úuserz, , z192.0.2.0, kevin, inet4)rPr"rQÚRE_00_IDrErcÚstrÚ RE_00_USERr>rrrÚtestFrmtOutputSsF  þ þ þ    z Fail2banRegexTest.testFrmtOutputc Cst| tddddttƒ¡|jddddd | ¡| tdd ddttƒ¡|jddd |jdddd | ¡dS) Nr_rHr”zFound-ID:z*Found a match but no valid date/time foundzMatch without a timestamp:zFound-ID:kevinTraz{NONE})rPr"Ú STR_00_NODTrœrErcrdr>rrrÚtestNoDateTime~s ýÿþ z Fail2banRegexTest.testNoDateTimec Csptjjdd| tdddtddtdtd ƒ¡t d¡}| d |d vo+d |d v¡|j d |d d |d dd|  d¡|  d¡| tdddtddtdtdƒ¡|j d |dd |dd |d d |d dd|  d¡|  d¡| tdddtddtdt dƒ¡t d¡dd…t  d¡d d…}|j d|dd|d d|d dddS)NT©Ústockr”z, , rnrr‚Ú z&sshd[logtype=short, publickey=invalid]r—éþÿÿÿéÿÿÿÿz192.0.2.2, git, raz192.0.2.1, git, zA[test-phase 1] mode=aggressive & publickey=nofail + OK (accepted)z$sshd[logtype=short, mode=aggressive]éüÿÿÿéýÿÿÿzL[test-phase 2] mode=aggressive & publickey=nofail + FAIL (closed on preauth)rr) ÚunittestÚF2BÚSkipIfCfgMissingrPr"rÚ STR_ML_SSHDÚSTR_ML_SSHD_OKÚsplitrErdrcÚSTR_ML_SSHD_FAIL)r&ÚlinesrrrÚtestFrmtOutputWrapMLsL  þ   ý    þ    û    þ$    üz&Fail2banRegexTest.testFrmtOutputWrapMLcCs| tttƒ¡dSr)rDr"r}r>rrrÚtestWrongFilterFile½s ÿz%Fail2banRegexTest.testWrongFilterFilecCsddlm}| ¡dS)Nr)Ú_decode_line_warn)Ú server.filterr³Úclear)r&r³rrrÚ_resetÃs  zFail2banRegexTest._resetc Csdtjjdd| ¡| tddddttƒ¡| d¡| d¡| d ¡| d ¡| d ¡dS) NTr¢rlrrGrJr‹rXz7Continuing to process line ignoring invalid characters:zMNov 8 00:16:12 main sshd[32548]: input_userauth_request: invalid user llincozkNov 8 00:16:12 main sshd[32547]: pam_succeed_if(sshd:auth): error retrieving information about user llinco© r©rªr«r¶rPr"ÚFILENAME_WRONGCHARÚ FILTER_SSHDrEr>rrrÚ testWronCharÈsý    zFail2banRegexTest.testWronCharc CsVtjjdd| ¡| tddddddttd ƒ ¡| d ¡| d ¡| d ¡dS) NTr¢rlrrGrJrŠrKz llinco[^\\]rXz.Lines: 4 lines, 1 ignored, 2 matched, 1 missedzhttps://r·r>rrrÚtestWronCharDebuggexØsû  z&Fail2banRegexTest.testWronCharDebuggexcCsP| tƒd¡| ¡| tdƒd¡| t ¡¡| ¡| tdƒd¡dS)Nrz-Vz --version)ÚassertNotEqualr8rcÚ assertEqualrErÚ normVersionr>rrrÚtestExecCmdLine_Usageçs z'Fail2banRegexTest.testExecCmdLine_UsagecCó$| tddtdƒd¡| d¡dS)NrlÚinforMrrN)r½r8rQrEr>rrrÚtestExecCmdLine_Directïóþýz(Fail2banRegexTest.testExecCmdLine_DirectcCrÀ)NrlrÁzAuthentication failurerzNo failure-id group in )r¼r8rQrEr>rrrÚtestExecCmdLine_MissFailIDörÃz,Fail2banRegexTest.testExecCmdLine_MissFailIDc CsR| tddddddƒd¡| d¡| ¡| td ddddƒd¡| d ¡dS) Nrlrr_z%:%.%-ÚLOGÚRErz ERROR: Failed to set datepatternrmzFailed to set datepattern)r¼r8rErcr>rrrÚtestExecCmdLine_ErrorParamýs ÿþ  ÿþz,Fail2banRegexTest.testExecCmdLine_ErrorParamcCs‚tjst d¡‚| tdtddƒ¡| d¡| d¡| d¡|  ¡| tdtdd dƒ¡| d¡| d¡dS) Nz.Skip test because no systemd backend availablezsystemd-journalz,[journalmatch="SYSLOG_IDENTIFIER=dummy",z; failregex="^dummy regex, never match xxx"]rrrqz.Lines: 0 lines, 0 ignored, 0 matched, 0 missedz[logtype=file,z, journalmatch="SYSLOG_IDENTIFIER=dummy",) rÚ FilterSystemdr©ÚSkipTestrPr"r~rErdrcr>rrrÚtestLogtypeSystemdJournal s0 ÿþÿ   ÿþýÿ z+Fail2banRegexTest.testLogtypeSystemdJournalN)$r(r)r*r=r@rFrIrRrTrVr\r^rerirkrtrwr|rr‰rrr’r“rŸr¡r±r²r¶rºr»r¿rÂrÄrÇrÊrrrrr;wsD         +- r;)3Ú __author__Ú __copyright__Ú __license__r3r0r©ÚclientrÚclient.fail2banregexrrrrr Úutilsr r r rrrrxÚjoinryÚ__file__ÚTEST_CONFIG_DIRÚTEST_FILES_DIRr1rr"Ú Exceptionr#r8rQr r[rœržrZrhr¸r¬r­r¯rsr¹rvrzr}r~r;rrrrÚsL