ogf*dZdZdZddlZddlZddlZddlZddlZddlZddl Z ddl m Z m Z mZmZmZddlmZddlmZdd lmZmZmZdd lmZdd lmZmZmZdd l m!Z!mZ"dd l#m$Z$ddl%m%Z%ddl&m'Z'ddl(m)Z)ddl*m+Z+m,Z-m.Z.m/Z/m0Z0m1Z1m2Z3m4Z4m5Z5ddl6m7Z7e7e8Z,dZ9dZ:ee!jvZ>> time shift + %s min<)rdebugrsetTimetime)shifts r) _time_shiftr2Qs,*E2 b()r+ctjJtjjttjj tdz yy)z$Helper to wait observer becomes idleN) ObserversMain wait_empty MID_WAITTIME wait_idler+r)_observer_wait_idler;Ys: NN ..L) ..._banFounddsD*9>> <<FG>>$  <<@A$!&!r+)r5r6r>)rBrCrDrAs`` @r)_observer_wait_before_incrbanrE_s4 NN..))-"&)..r+ceZdZdZy) ExitExceptionzException upon a normal exitN__name__ __module__ __qualname____doc__r:r+r)rGrGt#r+rGceZdZdZy)FailExitExceptionzException upon abnormal exitNrHr:r+r)rOrOyrMr+rOcLttrtjdSy)Nrexit)lenINTERACTpopr's r)_test_input_commandrUsM a r+Fct||}|jdj||rdndz|jy)N )openwriterclose)fnmodelinesfs r) _write_filer`s4 "d^5 54b 12r+cd} t|}|j||jSS#||jwwxYwN)rYreadr[)r\r_s r) _read_filerdsE   2h! ]779Q]779s 2Acft|d}|dk(r t|d}d} |rtrd} tjt|| |Jdt |z|d}t jd } tjt|d d D]1} | jd } | j| rd} t| 3t jd} tjt|dd D]1} | jd } | j| rd} t| 3|rdnd} nftj|tt|d dddd|j!ddzddt|dzdt|dzdd|zdd d | r"tt|| dgd!dd"d#|zdf|z|rtt|d$dg|t"j$j&t(j*kr]t-t|d t-t|d|rt-t|d$| r| dk7rt-t|| |rXtrR|D]M} tj.tj0j3tt| t|| O|r|D]} t| d%|izdd&\}}t"j$j&t(j4krat7t"j$j&}t"j$j8d'kDr!d(d)t"j$j8zzf}|d*|fz}d+|d,t|dd-t|dd.|f|zd/dd0t7t:j<fzS)1Nconfigautozf2b-db.sqlite3 jail.confc X|Dcgc]}tt||s|c}Scc}w)z?Filters list of 'files' to contain only directories (under dir))rpjoin)dirfilesr_s r)ig_dirsz_start_params..ig_dirss# 4uU3]31 44 4s'')ignorez?We are about to overload use_stock_cfg from the one provided %s)action.dzfilter.dz ^dbfile\s*=z fail2ban.confT)inplacerWzdbfile = :memory:z ^backend\s*=backend = pollingz jail.localrXw [Definition]zloglevel = INFOz logtarget = %z%%zsyslogsocket = autoz socket = f2b.sockz pidfile = f2b.pidz dbfile = zdbmaxmatches = 100zdbpurgeage = 1d [INCLUDES] [DEFAULT]ztmp = zfail2ban.localtmp)r:INFOr-vz --loglevel-c-sz-p --logtargetz--syslogsocketz --timeout)rjrrcopytreeSTOCK_CONF_DIRreprrecompile fileinputinputrstripmatchprintosmkdirr`replaceunittestF2B log_levelrDEBUG _out_filesymlinkpathabspathrzstr verbosityr MAX_WAITTIME)ry use_stock use_stock_cfg logtargetdb f2b_localjailscreate_before_startcfgj_confrmrlinenvvvllevs r) _start_paramsrsw S(&L S"#"  %5 //.#g6  [DtMGZZ[ ,DMjj !ooeC94Hd ++d 4ggdm D;   jj!!ooeC5tDd ++d 4ggdm D;  ! A'A""A'c tjd|t|ft|r%|}t|d}t |s t|d}t j jtjkr:td}t |r t|ntjdd|t |stjdytjd |t|y tjd d kstjk(rtd d|dt!j"sytj$t&j(t!j*fdds$tj$t&j,tjdt!j" S#t.$r}tj1|Yd}~yd}~wwxYw)Nz cleanup: %rrvz fail2ban.pidf2b.logr4z no logfile %rzcleanup: no pidfile for %rTzcleanup pidfile: %rFzcleanup pid: %rrzpid z of z is invalidc0tj Srb)r pid_exists)rsr)z_kill_srv..+sE$4$4S$9 9r+rcleanup: kill ready)rr.rrjrrrrrrrlogrrgetpidrrrkillsignalSIGTERMr?SIGKILLr exception)rpiddirlogfilerrs @r) _kill_srvr smguW~67 'N & &) $'  6> *7 LLW]]* &) $' G_ W ::a'*w,,+V4 #W-'"K ,, #&AX # g> ??   #  ''#v~~ 91 =773,,$%   c " ""1 s ?AG%B G%% H .HH c.tfd}|S)zHelper to decorate tests which receive in the last argument tmpdir to pass to kill_srv To be used in tandem with @with_tmpdir cX|d} |g|t|S#t|wxYw)N)r)selfr(rr_s r)wrapperzwith_kill_srv..wrapper:s- H' D.4. W9Ws )r )r_rs` r) with_kill_srvr5s" (  r+cfd}|S)z}Helper to decorate tests uses foreground server (as thread), started directly in test-cases To be used only in subclasses cDttfd}|S)Nc d}t tfddi  tdj f}d|_|j t tff fd }|_tjfdtjjddjd  tj d j#  g|i||rWtj d j#jjd dr|j%t'S#t($rD}t+d |zj-}|rt+d|zj#d}~wwxYw#|rWtj d j#jjd dr|j%t'wxYw)Nrr_TestCaseWorkernametargetr(TctjddsFtjj t dst jfdtjddsjj|dt jfdtjjddjdddt d _ y) Nendrvc,jddduSNrgetphasesr)rzywith_foreground_server_thread.._deco_wrapper..wrapper.._stopAndWaitForServerEnd.._UYYud34?r+stopc,jddduSrrrsr)rzywith_foreground_server_thread.._deco_wrapper..wrapper.._stopAndWaitForServerEnd..drr+Shutdown successfulzExiting Fail2banTallwaitcyrbr:)r(r@s r)rzywith_foreground_server_thread.._deco_wrapper..wrapper.._stopAndWaitForServerEnd..hr+)r"rrrrrjrr?r8execCmdr assertTrue assertLoggedstopAndWaitForServerEnd)coderrrrys r)_stopAndWaitForServerEndzgwith_foreground_server_thread.._deco_wrapper..wrapper.._stopAndWaitForServerEnd[s IIeT "277>>%Y:O+P nn?N IIeT " ll4f- nn?N ooeiit,- -/AtR^_$@T!r+c,jddduS)Nstartrrsr)rzWwith_foreground_server_thread.._deco_wrapper..wrapper..ks599Wd34?r+r)rrz=== within server: begin ===z=== within server: end. ===rz=== Catch an exception: %sz#=== Error of server, log: === %s===)dictrr _testStartForegrounddaemonrSUCCESSFAILEDrrr?rrr _wait_for_srv DefLogSysr&pruneLogrr"rrgetLog) rryr(r@thrrrrrr_ startextras `` @@r)rzEwith_foreground_server_thread.._deco_wrapper..wrapperIs 2 656I{IjIK    % %  U # B BIHHJ(/&7 A A$._deco_wrapperHs)89 9t .r+r:)rrs` r)with_foreground_server_threadrCs =| r+ceZdZejZdZdZdZe ddZ ddZ dZ dZ d Zed d i d ZeedZy)Fail2banClientServerBasecyrbr:)rr(r@s r) _setLogLevelz%Fail2banClientServerBase._setLogLevelsr+ctj|dt_tj t_t|jt_ y)zCall before every test case.rN) rsetUpr DEF_LOGTARGETrlevel DEF_LOGLEVEL staticmethod _test_exitr_exitrs r)rzFail2banClientServerBase.setUps54 $&!&&t7/r+c|jt_tt_t t_tj|ty)zCall after every test case.N) _orig_exitrrSRV_DEF_LOGTARGETrrSRV_DEF_LOGLEVELrrtearDownr"rs r)r z!Fail2banClientServerBase.tearDowns2///*&(&d#r+c4|dk(r ttr%)rGrO)rs r)rz#Fail2banClientServerBase._test_exits QY   r+Ncsi t|dtjfdt}|rj drt d||r1tjfdt}|st dd|yy#t |r,tdjzjt|d }t|r t|t |stjd |xYw) Nruc@jdxs tSr)rr)rsocksr)rz8Fail2banClientServerBase._wait_for_srv..s % 0 @F4Lr+rz7Unexpected: Socket file does not exists. Start failed: c(djvS)N Server ready)rrsr)rz8Fail2banClientServerBase._wait_for_srv..s4;;=!@r+z.Unexpected: Server ready was not found, phase z. Start failed: z,=== Error by wait fot server, log: === %s===rz*No log file %s to examine details of error)rjrr?rrrrrrrrrrr.)rryreadyrrretrrs` ` @r)rz&Fail2banClientServerBase._wait_for_srvs  Z 4 @, O3 5!   ..@, OC         [! :T[[] JLMMO sI 3 Sk cN  ; ' LL=sCs A=BA>Dcj|j||jd|jdd|z|zy)Nrr) assertRaisesr)rexitTyperr(s r)rz Fail2banClientServerBase.execCmds9Hd44Q712,t36r+c||jddz}t|} |j||jS#|jwxYw)Nr~r)rrsendr[)rrr(rss r) execCmdDirectz&Fail2banClientServerBase.execCmdDirectsH [&&t,Q. /$ dm! &&,7791779s AActjdd|d< |jtd|zdd|d<d|d<tjdy#d|d<d|d<tjdwxYw)Nzstart of test workerTrz-fFrzend of test worker)rr.rr)rryrrs r)rz-Fail2banClientServerBase._testStartForegroundsv,,%&%.&<<;.85>5< <<$%5>5< <<$%s A!A7r)z[Thread]zstacksize = 128rc|j|jt|dd|jd|jt|d|jt|d|jt|ddy)Nrthreadz{'stacksize': 128}ping~~unknown~cmd~failed~~echo TEST-ECHO)rrrrrrryrs r)testStartForegroundz,Fail2banClientServerBase.testStartForegroundsa--/,,w UH5(),,w V,,,v{$<=,,w V[9r+c2tjstjdt |d}tj|}|j j }|jd|jt||d}ddi}fd}td |||f }|j jtd |zd d |d<|jjdddy#d |d<|jwxYw)NzSkip test because no databaseztmp.dbz#UPDATE fail2banDb SET version = 555r)rrrTchtjfdtsj|dyy)Ncd S)Nrr:rsr)rz[Fail2banClientServerBase.testStartFailsInForeground.._stopTimeout..sU6]!2r+r)rr?rr)rrrs `r) _stopTimeoutzIFail2banClientServerBase.testStartFailsInForeground.._stopTimeouts( ..2L A{F+ Br+rrrrFz/Attempt to travel to future version of databaseExit with code 255r)r Fail2BanDbrSkipTestrj_dbcursor executescriptr[rr rrrrr) rrydbnamercurrrr(rs ` r)testStartFailsInForegroundz3Fail2banClientServerBase.testStartFailsInForegrounds      : ;; X &  "  #9:))+cf D+ 4.%,  e" ((* <<+-w75=779ET#5=779s ;C??D)r)TNN)rIrJrKrrrrrr rrrrrrrr$rrr2r:r+r)rrs##8  <6  & K9, :  :##r+rceZdZeefZdZdZedZ ee dZ ee dZ ee dZ edZdZy ) Fail2banClientTestc|jtttt|jtttt yrb)rrrjBINCLIENTSERVERrs r)testConsistencyz"Fail2banClientTest.testConsistencys2//&sF+,-//&sF+,-r+c|jtdd|jdtz|jd|j |jtdd|jt j |j |jtddd|jdt jz|j |jtdd d |jd y) Nr:-hUsage: Report bugs to z-Vz-vqz --versionz Fail2Ban vz --str2sec1d12h30m131400)rrrr7rr normVersionversionrs r)testClientUsagez"Fail2banClientTest.testClientUsages,,wD!I&'%&--/,,wD!O//12--/,,wE;/L?#:#::;--/,,wK4Hr+ct|d}|jt|d|jd|jd|j |jt|d|jdy)NTz-vvdz Loading filesz['set', 'logtarget',z--dp)rrrrrr#s r)testClientDumpz!Fail2banClientTest.testClientDump(sec4(+,,w V,O$*+--/,,w V,*+r+cRt|d}|jtd|zd|j|d||j d|j d |jt|dd|jt |d |j |jt d|zd|j d |j |jt|d |j d |j d|j |jt |d |j d |j dy#|j |jt|d |j d |j dwxYw)NTz-brrrExit with code 0r!r"r zServer already runningrrzFailed to access socket pathzIs fail2ban running?)rrrrrrrr#s r)testClientStartBackgroundInsidez2Fail2banClientTest.testClientStartBackgroundInside4sUc4(+,,w+-w7S$K8N#&' )<<fk:<< %=>==?<<+-w7-.==?<<f-*+'(--/,,v{F+23*+==?<<f-*+'(sA*EA F&c. t|t|d}tjjr|j t |dzntjtttf}tjd|||zdz}tj|tdd}|j!t#|xr|d |j%|d| |j'd |j) |j t |d d |j'd |j'd|j)|j t |dd|j'd|j)t+t|d} t-j.|t0j2t5j6tj8|j t:|ddt-j.|t0j<|j'd|j) d dl}tDgdz a"|j t |d|j'd|j'dd|j'd|j)tDgdz a"|j t |d|j'd|j'd|j'd |j'd|j)tDddgz a"|j t |d|j'd |j)|j t:|d!d"|j'd |j'd#|j)|j)|j t |d$|j'd|j'dy#t-j.|t0j<wxYw#t@$r}tjBd|zd}~wwxYw#|j)|j t |d$|j'd|j'dwxYw)%Nrr)r Start %s ...)--asyncrFTrCshelloutputrrrr!r"rGrz0.1zServer replied: pongrvz1e-10z timed outz%Skip test because of import error: %s)zecho INTERACT-ECHOstatusrQz-iz INTERACT-ECHOStatuszNumber of jail:)reloadrestartrQzReading config files:rzreload ~~unknown~jail~fail~~rQz@Failed during configuration: No section: '~~unknown~jail~fail~~'rRz~~unknown~jail~fail~~r)r)#rrjrrfastrrsys executabler6r7rr.r executeCmdrrrRrrrrrrrSIGSTOPr0sleepDEFAULT_SHORT_INTERVALrSIGCONTreadline ImportErrorr,rS)rryrcmdrrr\rs r)testClientStartBackgroundCallz0Fail2banClientTest.testClientStartBackgroundCallSscU3 -BC+ \\<<z12 ..%V, -3 <<$ { 2 23   #|5 N3??3s8&A'c4S1N#--/F)<<fk:[!'(==?<<fe4+,==? E#y1 23!GGC JJu++,LLfg6GGC [!==?I 8 <<d+_%X01'(==? 8 <<d+,-*+^$'(==? " 8<<d+WX==?<< X/FGWX)*==?==?<<f-*+'(cGGC I   CaG HHIN==?<<f-*+'(sMBQ AO7:AQ P E)Q 7&PQ Q)QQQ A Rc t|d}|jtdddt|dd|j dt|dzd z|j |jtddt|d d t|d d |j d|j t t|d dj|jtdddt|d d t|d d|j d|j tjt|d |jtdd |j d|j y)NrrJr:rLr}missrBase configuration directory  does not existrfr~rurRCould not find serveraLFail2ban seems to be in unexpected state (not running but the socket exists)r< rrrrjrrrYr[rremover#s r)testClientFailStartz&Fail2banClientTest.testClientFailStarts<c[9+,,vr dE#v&13eC6HHK\\]--/,,vrsH tU3 %;XG+,--/uS*s#))+,,vr dE#x($c:0FQbc--/))E#z "#,,vr4 I--/r+ct|d}|jt|dd|jd|j |jt|dddd|jd|j y) NrrJrRjailrdrLz--xxxz"Unexpected argument(s) for reload:)rrrrrr#s r)testClientFailCommandsz)Fail2banClientTest.testClientFailCommandssrc[9+,,v{ V+,--/,,v{ h)89--/r+cd}dD]d}d}t|d5}|rI|j|r/tjjst j ||dz}|rIdddfy#1swYqxYw)NgQ?)r rr4r)r heartbeatrrrTr0rY)r sleeptimeverbosecntrviss r)testVisualWaitz!Fail2banClientTest.testVisualWaitsv)g 47A# ]]_ )) jj QYT s A A--A6 N)rIrJrK _exec_clientr7rr9rBrrDrrHr_rirlrtr:r+r)r4r4s"F,.  , ,,,:W)W)r:" r+r4c~eZdZeefZdZeedZ eedZ eedZ edZ e ddid Zej j#d e d d dddZej j#de ddddddZe dZy)Fail2banServerTestc|jtdd|jdtz|jdy)Nr:r;r<r=)rrrr8rs r)testServerUsagez"Fail2banServerTest.testServerUsages4,,wD!I&'%&r+c*t|t|d}tjttt f}t jd|||zdz}tj|tdd}|jt|xr|d|j|d| |jd |j |j!t"|d d |j!t$|d |j|j!t"|d|jd|jdy#|j|j!t"|d|jd|jdwxYw)NrrJrKrFFTrMrrrr!r"r rrrG)rrjrUrVr6r8rr.rrWrrrRrrrrrrrryrr^rs r)testServerStartBackgroundz,Fail2banServerTest.testServerStartBackgrounds>cU3 -BC+ sF+,#,,~s# kG## l%M#//#c(%s1v&S$C0N#--/)<<fk:<< %=>==?<<f-*+'( ==?<<f-*+'(s /EA Fc t|d}|jtddt|d|j dt|dzdz|j t t|dd j|jtddt|d d t|d|j d |j tjt|dy) NrrJr:r}rarbrcrurerfr~rfrgr#s r)testServerFailStartz&Fail2banServerTest.testServerFailStart sc[9+,,vrsF 3eC6HHK\\]--/uS*s#))+,,vrsH tU3 %;=bc--/))E#z "#r+c t|d}t|d}|jd|jt|d|j dt t|ddd d d d d |jd |jt|d|j dddd|jd|jt|dd|j ddddy)NrrJrfz[test-phase 0]z--testz$OK: configuration test is successfulrhrerX [broken-jail]filter = broken-jail-filterenabled = truez[test-phase 0a].Unable to read the filter 'broken-jail-filter'zErrors in jail 'broken-jail'.z ERROR: test configuration failedTr*z[test-phase 0b]z-tr)rrjrrrrr`r)rryrrs r)testServerTestFailStartz*Fail2banServerTest.testServerTestFailStart!sc[9+ c8#-- !,,w X.:;eC%sB$&68--!",,v{H-D"%41 --!",,v{D'2D"%41r+cX ttd}tjttt f}t jd|||zdz}tj|tdd}|jt|xr|d|jd| |jd |jt jd |jt!tj"fd t|j%t'td |jd|j|jt!|jdy#|jt!wxYw)NzGf2b.log[format="SRV: %(relativeCreated)3d | %(message)s", datetime=off]rJrKrFFTrMrrrzKill server ... %sc0ttd S)Nrv)rrj)rysr)rz7Fail2banServerTest.testKillAfterStart..SsVE#y$9::r+rvrzcleanup: no pidfile for)rrjrUrVr6r8rr.rrWrrrRrrrrr? assertFalserr{s ` r)testKillAfterStartz%Fail2banServerTest.testKillAfterStart?sD#seCM/OP; ..%V, -3 <<$ { W $3   #|5 N3??3s8&A'c4S1^$==? <<$c*??9S>"..:LI6%Y/01)*--///)C.!-.??9S>"s C"F F)rrgrc t|dt|dt|dt|dtjtd dÈfd }dĈfd }|d |d |d ggdttdddddddtdgt t t jdzfdztdtd|jdtjjtjkr t|jt |d|j#dddt$|j#dz|j#d|j#dd d!|j#d"d#dt$|j#d$d%d&d!|jd'|d d(g)tjjtjkr t|jt |d|j#dt$*|j'd+dd!|j#dzdzd!|j#d,d-d!|j#d.d/d!|j#d0d1d!|j'd2|jd3|d g)|dd4dzd5dzd6dz7|jt |d|j#dt$*|j'd+dd!|j'd8|j#d,d9d!|j#d:|j#d;|j'd<|dd=>|d(dg)|jd?td@gt t t jdAzfdzt t t jdBzfdzzt t t jdCzfdzzt t t jdDzfdzztjjtjkr t|j#dEdFdt$|jt |dGdHdIdJ|j#dKt$*|j#dLdMdNdOdPdQdRd!|j'dSdTdUdVd!t)|j+|j-|dWdXdYgdZidHgd[igf|j+|j-|dWd\d]d^dXdYgdYdHgggf|j+|j-|d_dYdWd gdZ|j+|j-|d_dHdWd gd[|j/|j-|d_dYdWd`d d |j/|j-|d_dYdWdJd dX|j/|j-|d_dYdWd`dJd d dXg|jda|jt |dbdH|j#ddcdKdt$|j#dddedfdgd/dhdidjd! |j#dkdldt$|j'dmdnd!|jdo|jt |dGdHdIdp|jt |dGdHdIdq|j#drdsdt$t)|jdt|jt |d_dHdIdu|j#d]dvdpdqdt$|jdw|jt |d_dYdI|j#d\dxd`d]dvdt$|jdy|jt |dbdzdH|j#dd/dt$|j#dgd/dddedfd!|j#d{d|d!|j#d}|j'd~dd!|j'dPdQd!|d d=>|g)|jd|jt |ddY|j#dt$*|j#ddd!|j'dddd!|jd|d g|jt |d|j#dt$*|j#d|j#ddgd!|j#dzdzd!|jdtd@gt t t jdzfdzt t t jdzfdzzt t t jdzfdzztjjtjkr t|j#dddt$|j#ddddd!|j'd|jd|jt |dddd|j#dddt$|jd|jt |ddd|j#dddt$|jt |dddd|j#dddt$|jd|jt |ddGdYdIdd|j#dddt$|jt |ddGdYdd|j#dddt$|jd|jt |ddz|j#dt$*|j#dd+dd!|j'ddddNd!|jd|jt |ddd|j#ddd!|jd|d gd|jt0|d|j#dt$*|j#ddd!|jd|d g|jt |d|j#dt$*|jd|jt0|dddH|j#dt$*|j#d|j|jt |ddddH|j#dt$*|j'd.d/d!|jd|jt |dddd|j#dt$*|j#dddt$|jd|jt |ddGdYddd|jt |dd_dYd«|j#ddd!y)Nrf test1.logz test2.logz test3.logro test-action1TrXctdd|z}|stj|yt|ddddddd d d d |d |d|d|d|tj j tjkr t|yy)Nro%s.confrrrxz_exec_once = 0rXrsznorestored = %(_exec_once)sz restore = zinfo = z<_use_flush_ = echo '[%(name)s] %(actname)s: -- flushing IPs'z6actionstart = echo '[%(name)s] %(actname)s: ** start'z7actionreload = echo '[%(name)s] %(actname)s: .. reload'zMactionban = echo '[%(name)s] %(actname)s: ++ ban %(restore)s%(info)s'z;actionunban = echo '[%(name)s] %(actname)s: -- unban 'z5actionstop = echo '[%(name)s] %(actname)s: __ stop') rjrrhr`rrrrrr) actnameallowrrRbanunbanrr\rs r)_write_action_cfgzBFail2banServerTest.testServerReloadTest.._write_action_cfgks c:y7232 IIbM r3! B401|403 from datepattern = {^LN-BEG}EPOCHzignoreip = 127.0.0.1/8 ::1 [test-jail1] backend = filter =z action = rz* test-action1[name='%(__name__)s']r zj test-action2[name='%(__name__)s', restore='restored: ', info=', err-code: ']z test-action2[name='%(__name__)s', actname=test-action3, _exec_once=1, restore='restored: ', actionflush=<_use_flush_>] logpath = z z@ ^\s*error 401|403 from rz [test-jail2]r`rjrrrrrr)enabledactionsbackendrtest1logtest2logtest3logs r)_write_jail_cfgz@Fail2banServerTest.testServerReloadTest.._write_jail_cfgs"$uS+&$$$$$$$ $  $ J $#$!$$$!7*$-7$$ W 1$ W q$$ W (%$&8'$( !G|L8)$* !G|L8+$,J-$0 W H1$2W "3$45$67$6!7*7$6-77$89$< W q=$B W (C$D8E$FW "G$Jll - eC%&.r+)r test-action2r)rr r)rrrhrerrrrrz# failure 401 from 192.0.2.1: test 1rz[test-phase 1a]rRReload finished.z1 ticket(s) in 'test-jail1rzAdded logfile: %rz[test-jail1] Ban 192.0.2.1z-stdout: '[test-jail1] test-action1: ** start'z-stdout: '[test-jail1] test-action2: ** start'r*zPstdout: '[test-jail1] test-action2: ++ ban 192.0.2.1 restored: 0, err-code: 401'zAstdout: '[test-jail1] test-action3: ++ ban 192.0.2.1 restored: 0'rz)Errors in jail 'broken-jail'. Skipping...z:Jail 'broken-jail' skipped, because of wrong configurationz[test-phase 1b]r )rrz[test-jail1] Unban 192.0.2.1z.stdout: '[test-jail1] test-action1: .. reload'z.stdout: '[test-jail1] test-action2: .. reload'zCreating new jail 'test-jail2'zJail 'test-jail2' startedz4stdout: '[test-jail1] test-action3: -- flushing IPs'z,stdout: '[test-jail1] test-action3: __ stop'z7stdout: '[test-jail1] test-action3: -- unban 192.0.2.1'z[test-phase 2a]z+ echo '[] %s: started.'z, echo '[] %s: reloaded.'z+ echo '[] %s: stopped.')rrrRrzAdded logfile:z.stdout: '[test-jail1] test-action1: reloaded.'z7stdout: '[test-jail1] test-action2: -- unban 192.0.2.1'z,stdout: '[test-jail1] test-action2: __ stop'z7stdout: '[test-jail1] test-action1: -- unban 192.0.2.1'F)rrz[test-phase 2b]a+z# error 403 from 192.0.2.2: test 2z# error 403 from 192.0.2.3: test 2z# failure 401 from 192.0.2.4: test 2z# failure 401 from 192.0.2.8: test 2z2 ticket(s) in 'test-jail2z5 ticket(s) in 'test-jail1setz test-jail2banip 192.0.2.9z3 ticket(s) in 'test-jail2z[test-jail1] Ban 192.0.2.2z[test-jail1] Ban 192.0.2.3z[test-jail1] Ban 192.0.2.4z[test-jail1] Ban 192.0.2.8z[test-jail2] Ban 192.0.2.4z[test-jail2] Ban 192.0.2.8z[test-jail2] Ban 192.0.2.9z[test-jail2] Found 192.0.2.2z[test-jail2] Ban 192.0.2.2z[test-jail2] Found 192.0.2.3z[test-jail2] Ban 192.0.2.3bannedr test-jail1) 192.0.2.4 192.0.2.1 192.0.2.8 192.0.2.3 192.0.2.2)rrrrrz 192.0.2.222rrz[test-phase 2c]rSz Restore Banz[test-jail2] Unban 192.0.2.4z[test-jail2] Unban 192.0.2.8z[test-jail2] Unban 192.0.2.9zJail 'test-jail2' stoppedz"[test-jail2] Restore Ban 192.0.2.4z"[test-jail2] Restore Ban 192.0.2.8z"[test-jail2] Restore Ban 192.0.2.9zPstdout: '[test-jail2] test-action2: ++ ban 192.0.2.4 restored: 1, err-code: 401'zPstdout: '[test-jail2] test-action2: ++ ban 192.0.2.8 restored: 1, err-code: 401'zAstdout: '[test-jail2] test-action3: ++ ban 192.0.2.4 restored: 1'zAstdout: '[test-jail2] test-action3: ++ ban 192.0.2.8 restored: 1'z[test-phase 2d]z 192.0.2.21z 192.0.2.22z5stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22z6stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22 z[test-phase 2d.1]rWrz[test-phase 2d.2]rz[test-phase 2e]z--unbanz7stdout: '[test-jail2] test-action2: -- unban 192.0.2.21z8stdout: '[test-jail2] test-action2: -- unban 192.0.2.22'z4stdout: '[test-jail2] test-action3: -- flushing IPs'z8stdout: '[test-jail2] test-action3: -- unban 192.0.2.21'z8stdout: '[test-jail2] test-action3: -- unban 192.0.2.22'z[test-phase 3]zReload jail 'test-jail1'zJail 'test-jail1' reloadedzReload jail 'test-jail2'zJail 'test-jail2' reloadedzJail 'test-jail1' startedz[test-phase 4])rzStopping jail 'test-jail2'zRemoved logfile: %rz[test-phase 5]z# failure 401 from 192.0.2.1: test 5z# error 403 from 192.0.2.5: test 5z# failure 401 from 192.0.2.6: test 5z6 ticket(s) in 'test-jail1z%[test-jail1] 192.0.2.1 already bannedz[test-jail1] Found 192.0.2.1z[test-jail1] Found 192.0.2.6z[test-jail1] Ban 192.0.2.6z[test-jail1] Found 192.0.2.5z[test-phase 6a]rLrz 192.0.2.5z 192.0.2.6z192.0.2.5 is not bannedz[test-jail1] Unban 192.0.2.6z[test-phase 6b]z 192.0.2.2/31z[test-jail1] Unban 192.0.2.2z[test-jail1] Unban 192.0.2.3z 192.0.2.8/31z192.0.2.100/31z[test-jail1] Unban 192.0.2.8z192.0.2.100/31 is not bannedz[test-phase 6c]z 192.0.2.96/28z192.0.2.112/28z[test-jail1] Ban 192.0.2.96/28z[test-jail1] Ban 192.0.2.112/28unbanipz 192.0.2.64/26z [test-jail1] Unban 192.0.2.96/28z![test-jail1] Unban 192.0.2.112/28z[test-phase 7]z[test-jail1] Unban 192.0.2.4zJail 'test-jail1' stoppedz[test-phase 7b]--allzFlush ban listz'Unbanned 0, 0 ticket(s) in 'test-jail1'z[test-phase 8a]zxxx-unknown-backend-zzz)rrz0Restart jail 'test-jail1' (reason: 'polling' != zUnknown backend z[test-phase 8b]z[test-phase end-1]z$the jail 'test-jail2' does not existz --if-existsz[test-phase end-2] --restartz[test-phase end-3] addignoreipz 192.0.2.1/32z2001:DB8::1/96ignoreip)rTrXrXrXrXrX))rr r:polling)rjrrr`rrrr0rrrrrrrrrrr8assertNotLoggedr;assertSortedEqualr assertEqualr) rryrrrrrrrs @@@@r)testServerReloadTestz'Fail2banServerTest.testServerReloadTest[s2 c8# 3 $( 3 $( 3 $(((5j !"6:/10''''TN+N+1#w/ eC%sB$&68hgC $6 7:_ _adeeg h h--!" \\gmm+ X,,w X.T >'(230122>UF , 3.?TK --!"1Q%  \\gmm+ X,,w X.&\:!T+!!t-33?#D*91t=<>--!"1#N 7. H 8> I 7. HJ,,w X.&\:!T+'(33?<>13<>N%81Q% --!" hFKKMCCEIV[[] DDFJKV[[] DDFJK V[[] DDFJK \\gmm+ XT >,,w ,.l4T+!!  ++K  TU:; ++K [+}689^lL12<8 ++K,""#%'EF++K,""#%'+,4%%k,+//024574%%k,+//024574%%k,+{<<=?BCQI--!",,w  lT > !!!'''T UU , FF  --!",,w ,/,,w ,/:;LZ --#$,,w UL'4H \]rdatepattern = ^Epochz3failregex = ^ failure "[^"]+" - z maxretry = 1r)rrrct|d}dd|iz}dd|iz}t|dttt j dzttt j dzttt j dzttt j d zttt j d z|j d d d ddddtt|t|}|jd||jd||jd||jd||jd||j ddd|j dddt|jt|dddd t|t|}|jd||jd||jd||jd||jd||jt|j d!t|t|}|j|d"y)#Nrfrryz%(tmp)s/blck-lst.mapw+z" failure "125-000-001" - 192.0.2.1z" failure "125-000-002" - 192.0.2.1u1 failure "125-000-003" - 192.0.2.1 (òðåòèé)u1 failure "125-000-004" - 192.0.2.1 (òðåòèé)z" failure "125-000-005" - 192.0.2.1z [nginx-blck-lst] Ban 125-000-001z [nginx-blck-lst] Ban 125-000-002z [nginx-blck-lst] Ban 125-000-003z [nginx-blck-lst] Ban 125-000-004z [nginx-blck-lst] Ban 125-000-005z 5 ticket(s)Trz\125-000-001 1; z\125-000-002 1; z\125-000-003 1; z\125-000-004 1; z\125-000-005 1; zstdout: 'nginx -qt'zstdout: 'nginx -s reload'r*zstdout: '*** curl --fail --data-urlencode server=Fail2Ban --data apikey=TEST-API-KEY --data service=nginx-blck-lst z=stdout: ' --data format=text --user-agent fail2ban-test-agentrz 125-000-001z 125-000-002z 125-000-005z5[nginx-blck-lst] Flush ticket(s) with nginx-block-maprX)rjr`rrrr0rr8rrdassertInrr assertNotInrr)rryrrlgfnmpfnmps r)testServerActions_NginxBlockMapz2Fail2banServerTest.testServerActions_NginxBlockMapGs5. c8# $s| 3$ 5#, .$ dDs6;;=AAs6;;=AAs6;;=\\s6;;=\\s6;;=AA %%%%% , D/$"--$b)--$b)--$b)--$b)--$b))+FDQQB , ,,w Wm]MZ D/$"',',',--$b)--$b)w'KL D/$"2rr+z sendmail-auth)filter)%(tmp)s/test.logT)rxzdbmaxmatches = 1)atest_action = dummy[actionstart_on_demand=1, init="start: %(__name__)s", target="%(tmp)s/test.txt", actionban='; echo "found: / , banned: / " echo ""; printf "=====\n%%b\n=====\n\n" "" >> ', actionstop='; echo "stats - found: , banned: "']z[sendmail-auth]rqrlogpath = %(tmp)s/test.logaction = %(test_action)sz%filter = sendmail-auth[logtype=short]rrzmaxmatches = 2rz[sendmail-reject]rqrrrz'filter = sendmail-reject[logtype=short]rrr)rrrrc t|d}dd|iz}dd|iz}tttjdztttjdztttjdzf}tttjdztttjd ztttjd zf}|j d t |d g||jd dddtt|t|}|d} |j| ||ddD]} |j| ||j dt |dg||jddddtt|t|}|D]} |j| ||j d|jt|ddd|jddddddtt|}|d } |j| |j| ||dd D]%} |j| |j| |'|jd!ddtt|}|d } |j| |j| ||dd D]%} |j| |j| |'|j d"|j!t|j#t%|y)#Nrfrryz%(tmp)s/test.txtz] smtp1 sm-mta[5133]: s1000000000001: [192.0.2.1]: possible SMTP attack: command=AUTH, count=1z] smtp1 sm-mta[5133]: s1000000000002: [192.0.2.1]: possible SMTP attack: command=AUTH, count=2z] smtp1 sm-mta[5133]: s1000000000003: [192.0.2.1]: possible SMTP attack: command=AUTH, count=3z smtp1 sm-mta[21134]: s2000000000001: ruleset=check_rcpt, arg1=<123@example.com>, relay=xxx.dynamic.example.com [192.0.2.2], reject=550 5.7.1 <123@example.com>... Relaying denied. Proper authentication required.z smtp1 sm-mta[21134]: s2000000000002: ruleset=check_rcpt, arg1=<345@example.com>, relay=xxx.dynamic.example.com [192.0.2.2], reject=550 5.7.1 <345@example.com>... Relaying denied. Proper authentication required.z smtp1 sm-mta[21134]: s3000000000003: ruleset=check_rcpt, arg1=<567@example.com>, relay=xxx.dynamic.example.com [192.0.2.2], reject=550 5.7.1 <567@example.com>... Relaying denied. Proper authentication required.z[test-phase sendmail-auth]rz[sendmail-auth] Ban 192.0.2.1z%stdout: 'found: 0 / 3, banned: 1 / 1'z1 ticket(s) in 'sendmail-auth'Trrrz[test-phase sendmail-reject]rz[sendmail-reject] Ban 192.0.2.2z 1 ticket(s) in 'sendmail-reject'z[test-phase restart sendmail-*]rRrrrz3stdout: 'stats sendmail-auth - found: 3, banned: 1'z5stdout: 'stats sendmail-reject - found: 3, banned: 1'z%[sendmail-auth] Restore Ban 192.0.2.1rz'[sendmail-reject] Restore Ban 192.0.2.2z[test-phase stop server])rjrrrr0rr`rr8rrdrrrrrrrr) rryrrrtofn smaut_msg smrej_msgtdms r)testServerJails_Sendmailz+Fail2banServerTest.testServerJails_SendmailsNR c8# ucl *$ ucl *$s6;;=||s6;;=||s6;;=||) s6;;=sss6;;=sss6;;=ss) --,- dD%9%"%L#LB D/$"l!1b QR=a==B--./ dD%9%$&M%4lD D/$" a==B--12,,w  ['#8:*,LRV]i k $"m!A--2 Qr?aAr,.PVZamo$"m!A--2 Qr?aAr--*+w'6$< r+c  t|dt|d tjtdd8fd }d9 fd }|dd |d d |t d |j d |j t |d t dgtttjdzfdzt|jdddtt|j dtdt|jddddtt|j dd t fdt dgtttjdzfdz|jdddt|j d |j t |d!d"d#d$|jd%d&dtd t|j d'td(t|jd)dtt|j d*|j t |d!d"d#d$|jd%d+dt|j d,t!d-d.it"j$  fd/} j'd0| j'd0d1t)j*fd2t, j. t0j2j4rd3nd4df fd5 }| _|j7t |j9d6|j; j<|j? j@ddd-<|jd6d7 jCy):NrfrrorTc tdd|z}t|ddddd|rdndd tjjt j kr t|yy) NrorrrrxrXrszeactionban = printf %%s "[%(name)s] %(actname)s: ++ ban -c -t : "ziactionprolong = printf %%s "[%(name)s] %(actname)s: ++ prolong -c -t : "zBactionunban = printf %%b '[%(name)s] %(actname)s: -- unban ')rjr`rrrrrr)rprolongr\rs r)rz@Fail2banServerTest.testServerObserver.._write_action_cfgsa c:y7232r3mrHll - bM.r+cttdddddddddd d d dd d |zddddzdddtjjt j krttdyy)NrhrrrwrXrxrrz findtime = 1mz bantime = 5mzbantime.increment = truerrrrz*action = test-action1[name='%(__name__)s']z* test-action2[name='%(__name__)s']rzXfailregex = ^\s*failure 401|403 from :\s*.*$rr)rrrs r)rz>Fail2banServerTest.testServerObserver.._write_jail_cfg%suS+&""L7*J008_!$ll - eC%&.r+F)rrrrrz[test-phase 0) time-0]rRrz> failure 401 from 192.0.2.11: I'm bad "hacker" `` $(echo test)rzDstdout: '[test-jail1] test-action1: ++ ban 192.0.2.11 -c 1 -t 300 : zDstdout: '[test-jail1] test-action2: ++ ban 192.0.2.11 -c 1 -t 300 : rz[test-phase 1) time+10m] z7stdout: '[test-jail1] test-action1: -- unban 192.0.2.11z7stdout: '[test-jail1] test-action2: -- unban 192.0.2.11z0 ticket(s) in 'test-jail1'z[test-phase 2) time+10m]cSrbr:)wakeObssr)rz7Fail2banServerTest.testServerObserver..`sr+rzC failure 401 from 192.0.2.11: I'm very bad "hacker" `` $(echo test)r zDstdout: '[test-jail1] test-action1: ++ ban 192.0.2.11 -c 2 -t 300 : zDstdout: '[test-jail1] test-action2: ++ ban 192.0.2.11 -c 2 -t 300 : z"[test-phase 2) time+10m - get-ips]rrrz --with-timez 192.0.2.11z+ 300 =z[test-phase 2) time+11m]rzHstdout: '[test-jail1] test-action2: ++ prolong 192.0.2.11 -c 2 -t 600 : z"[test-phase 2) time+11m - get-ips]z+ 600 =z'[test-phase end) stop on busy observer]staterctjddd<tjfdtj tjdy)Nz!++ observer enters busy state ...rrcddk(S)Nrr r:resr)rzMFail2banServerTest.testServerObserver.._long_action..s!G*/r+z-- observer leaves busy state.)rr&rr?rdb_purge)reobsMainsr) _long_actionz;Fail2banServerTest.testServerObserver.._long_actionsA ;;231W:>>)<8  ;;/0r+callcyrbr:r:r+r)rz7Fail2banServerTest.testServerObserver..rr+cddk(S)Nrrr:rsr)rz7Fail2banServerTest.testServerObserver..s7qr+g{Gz?g?c||Srbr:)wtime forceQuit obsMain_stops r)_stopz4Fail2banServerTest.testServerObserver.._stops ui ((r+zobserver leaves busy stater)rT)r)"rjrrr`rrrrrrr0r;rr8r2rEr"r5r6addrr?rrrrrTrrridler_ObserverThread__dbr) rryrrrrrrerrrrrs @@@@@@r)testServerObserverz%Fail2banServerTest.testServerObserversD c8# 3 $(((5j !" '.NE:ND9 h--(),,w X. hV[[] aacfggII , --*+ b/<<  ,  --*+ '0 hV[[] ffhkllII , --45,,w UL'=Q<9 '--*+ a.M , --45,,w UL'=Q<9--9:l! NN'1  ++fl# ++fl#..(,7,#<<,,4#$)',w'347<< 7..5!G*0t< ,,.r+N)rIrJrK _exec_serverr8rryrrr|r~rrrrrrskip_if_cfg_missingrrr_testServerStartStoptestServerStartStopr:r+r)rwrwsN"F,' )).$$$118//6 D&>:h@;h@V ,,""*;"<7   ,*:+=,:x ,,""/":.  &,&NN!O&;PN!` !O"Od r+rw)FNz /dev/nullz:memory:r:)rXN)` __author__ __copyright__ __license__rrrrUr0rros.pathrrjrrrr functoolsr threadingr clientr rrclient.fail2bancmdlinerclient.fail2banclientrrurrclient.fail2banserverrrrXrr server.mytimer server.utilsrutilsrrrrrrrr rr!r"helpersr#rIr7r8 getServerPathr6r maxWaitTimerr8rrrr r*rOr2r5r;rErGrOrrrSrU input_command PRODUCTIONdumpFilerr`rdrrrrrrrr4rwr:r+r)rs8, [   AADD4ZZU" ???  8    *n**,-||'' (A(AB ||'' (A(AB ,a/((&& *    - 1=&*O11 55    3""  ' '   7;;@Un  ) X .0CLF#1F#RV1VrA 1A r+