From c61ba9f0de820258ae5af267fe84ef02ab53da14 Mon Sep 17 00:00:00 2001 From: Steven Hiscocks Date: Tue, 16 Jul 2013 23:47:28 +0100 Subject: [PATCH] ENH+BF: Allow multi lines regex to be tested with samples test case Multi line regex currently only flags on last line, and other lines must be labelled as not matched. TODO: Create extension to fail JSON data to allow tying together of multiple lines --- fail2ban/tests/files/logs/guacamole | 6 ++++++ fail2ban/tests/files/logs/sshd | 6 ++++++ fail2ban/tests/samplestestcase.py | 2 ++ 3 files changed, 14 insertions(+) diff --git a/fail2ban/tests/files/logs/guacamole b/fail2ban/tests/files/logs/guacamole index b0f82f30..3de67454 100644 --- a/fail2ban/tests/files/logs/guacamole +++ b/fail2ban/tests/files/logs/guacamole @@ -1,6 +1,12 @@ +# failJSON: { "match": false } apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn +# failJSON: { "time": "2013-04-15T20:34:08", "match": true , "host": "192.0.2.0" } WARNING: Authentication attempt from 192.0.2.0 for user "null" failed. +# failJSON: { "match": false } apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn +# failJSON: { "time": "2013-04-16T08:32:13", "match": true , "host": "192.0.2.0" } WARNING: Authentication attempt from 192.0.2.0 for user "null" failed. +# failJSON: { "match": false } apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn +# failJSON: { "time": "2013-04-16T08:32:28", "match": true , "host": "192.0.2.0" } WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed. diff --git a/fail2ban/tests/files/logs/sshd b/fail2ban/tests/files/logs/sshd index da0e88b9..6b1317f7 100644 --- a/fail2ban/tests/files/logs/sshd +++ b/fail2ban/tests/files/logs/sshd @@ -79,9 +79,15 @@ Apr 29 18:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error Jun 25 23:53:34 [sshd] User root from 1.2.3.4 not allowed because not listed in AllowUsers #12 +# failJSON: { "match": false } Apr 24 01:39:19 host sshd[3719]: User root not allowed because account is locked +# failJSON: { "match": false } Apr 24 01:39:19 host sshd[3719]: input_userauth_request: invalid user root [preauth] +# failJSON: { "time": "2005-04-24T01:39:19", "match": true , "host": "198.51.100.34" } Apr 24 01:39:19 host sshd[3719]: error: Received disconnect from 198.51.100.34: 11: Bye Bye [preauth] +# failJSON: { "match": false } May 27 00:16:33 host sshd[2364]: User root not allowed because account is locked +# failJSON: { "match": false } May 27 00:16:33 host sshd[2364]: input_userauth_request: invalid user root [preauth] +# failJSON: { "time": "2005-05-27T00:16:33", "match": true , "host": "198.51.100.76" } May 27 00:16:33 host sshd[2364]: Received disconnect from 198.51.100.76: 11: Bye Bye [preauth] diff --git a/fail2ban/tests/samplestestcase.py b/fail2ban/tests/samplestestcase.py index 73157416..fd41e51a 100644 --- a/fail2ban/tests/samplestestcase.py +++ b/fail2ban/tests/samplestestcase.py @@ -72,6 +72,8 @@ def testSampleRegexsFactory(name): for opt in filterConf.convert(): if opt[2] == "addfailregex": self.filter.addFailRegex(opt[3]) + elif opt[2] == "maxlines": + self.filter.setMaxLines(opt[3]) if not self.filter.getFailRegex(): # No fail regexs set: likely just common file for includes.