Beispiel #1
0
        public void TestPlugin()
        {
            if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
            {
                // prime Linux log files
                IPBanPlugin.IPBanLoginFailed("SSH", "User1", "78.88.88.88");
                foreach (IPBanLogFileScanner toParse in service.LogFilesToParse)
                {
                    toParse.PingFiles();
                }
            }
            service.RunCycle().Sync();
            for (int i = 0; i < 5; i++)
            {
                IPBanPlugin.IPBanLoginFailed("SSH", "User1", "88.88.88.88");
                service.RunCycle().Sync();
                for (int j = 0; j < 10 && service.DB.GetIPAddress("88.88.88.88")?.FailedLoginCount != i + 1; j++)
                {
                    System.Threading.Thread.Sleep(100);
                    foreach (IPBanLogFileScanner toParse in service.LogFilesToParse)
                    {
                        toParse.PingFiles();
                    }
                    service.RunCycle().Sync();
                }
                IPBanService.UtcNow += TimeSpan.FromMinutes(5.0);
            }
            service.RunCycle().Sync();
            Assert.IsTrue(service.Firewall.IsIPAddressBlocked("88.88.88.88", out _));

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
            {
                File.Delete($"/var/log/ipbancustom_{IPBanPlugin.ProcessName}.log");
            }

            // by default, Windows plugin goes to event viewer, we want to also make sure custom log files work on Windows
            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
            {
                // prime log file to parse
                string file = @"C:/IPBanCustomLogs/ipbancustom_test.log";
                Directory.CreateDirectory(Path.GetDirectoryName(file));
                File.WriteAllText(file, "awerfoajwerp jaeowr paojwer " + Environment.NewLine);
                service.RunCycle().Sync();
                System.Threading.Thread.Sleep(100);
                foreach (IPBanLogFileScanner toParse in service.LogFilesToParse)
                {
                    toParse.PingFiles();
                }
                string data = "ipban failed login, ip address: 99.99.99.99, source: SSH, user: User2" + Environment.NewLine;
                for (int i = 0; i < 5; i++)
                {
                    File.AppendAllText(file, data);
                    IPBanService.UtcNow += TimeSpan.FromMinutes(5.0);
                    foreach (IPBanLogFileScanner toParse in service.LogFilesToParse)
                    {
                        toParse.PingFiles();
                    }
                    for (int j = 0; j < 10 && service.DB.GetIPAddress("99.99.99.99")?.FailedLoginCount != i + 1; j++)
                    {
                        System.Threading.Thread.Sleep(100);
                        service.RunCycle().Sync();
                    }
                    service.RunCycle().Sync();
                }
                try
                {
                    Assert.IsTrue(service.Firewall.IsIPAddressBlocked("99.99.99.99", out _));
                }
                finally
                {
                    File.Delete(file);
                    Directory.Delete(Path.GetDirectoryName(file));
                    using (EventLog appLog = new EventLog("Application", System.Environment.MachineName))
                    {
                        appLog.Clear();
                    }
                }
            }
        }
Beispiel #2
0
        public void TestPlugin()
        {
            if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
            {
                // prime Linux log files
                IPBanPlugin.IPBanLoginFailed("SSH", "User1", "78.88.88.88");
            }
            service.RunCycle().Sync();
            for (int i = 0; i < 5; i++)
            {
                IPBanPlugin.IPBanLoginFailed("SSH", "User1", "88.88.88.88");
                service.RunCycle().Sync();

                // attempt to read failed logins, if they do not match, sleep a bit and try again
                for (int j = 0; j < 10 && (!service.DB.TryGetIPAddress("88.88.88.88", out IPBanDB.IPAddressEntry e) || e.FailedLoginCount != i + 1); j++)
                {
                    System.Threading.Thread.Sleep(100);
                    service.RunCycle().Sync();
                }
                IPBanService.UtcNow += TimeSpan.FromMinutes(5.0);
            }
            service.RunCycle().Sync();
            Assert.IsTrue(service.Firewall.IsIPAddressBlocked("88.88.88.88", out _));

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
            {
                string toDelete = $"/var/log/ipbancustom_{IPBanPlugin.ProcessName}.log";
                ExtensionMethods.FileDeleteWithRetry(toDelete);
            }

            // by default, Windows plugin goes to event viewer, we want to also make sure custom log files work on Windows
            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
            {
                // prime log file to parse
                string file = @"C:/IPBanCustomLogs/ipbancustom_test.log";
                Directory.CreateDirectory(Path.GetDirectoryName(file));
                ExtensionMethods.FileWriteAllTextWithRetry(file, "awerfoajwerp jaeowr paojwer " + Environment.NewLine);
                service.RunCycle().Sync();
                System.Threading.Thread.Sleep(100);
                service.RunCycle().Sync();
                string data = "ipban failed login, ip address: 99.99.99.99, source: SSH, user: User2" + Environment.NewLine;
                for (int i = 0; i < 5; i++)
                {
                    File.AppendAllText(file, data);
                    IPBanService.UtcNow += TimeSpan.FromMinutes(5.0);
                    service.RunCycle().Sync();

                    // attempt to read failed logins, if they do not match, sleep a bit and try again
                    for (int j = 0; j < 10 && (!service.DB.TryGetIPAddress("99.99.99.99", out IPBanDB.IPAddressEntry e) || e.FailedLoginCount != i + 1); j++)
                    {
                        System.Threading.Thread.Sleep(100);
                        service.RunCycle().Sync();
                    }
                    service.RunCycle().Sync();
                }
                try
                {
                    Assert.IsTrue(service.Firewall.IsIPAddressBlocked("99.99.99.99", out _));
                }
                finally
                {
                    ExtensionMethods.DirectoryDeleteWithRetry(Path.GetDirectoryName(file));
                    using EventLog appLog = new EventLog("Application", System.Environment.MachineName);
                    appLog.Clear();
                }
            }
        }