public void TestLogFileCustomSource() { string fullPath = Path.Combine(tempPath, "test1.txt"); using (IPBanLogFileScanner scanner = new IPBanIPAddressLogFileScanner(this, TestDnsLookup.Instance, source: "SSH", pathAndMask: pathAndMask, recursive: false, regexFailure: "(?<source_ssh1>SSH1 (?<ipaddress>.+))|(?<source_ssh2>SSH2 (?<ipaddress>.+))|(?<source_ssh4>SSH4 (?<ipaddress>.+))|(SSH Default (?<ipaddress>.+))", regexSuccess: null, pingIntervalMilliseconds: 0)) { IPBanExtensionMethods.FileWriteAllTextWithRetry(fullPath, string.Empty); scanner.PingFiles(); File.AppendAllText(fullPath, "SSH1 97.97.97.97\n"); File.AppendAllText(fullPath, "SSH2 98.97.97.97\n"); File.AppendAllText(fullPath, "SSH3 99.97.97.97\n"); // fail File.AppendAllText(fullPath, "SSH Default 100.97.97.97\n"); scanner.PingFiles(); Assert.AreEqual(3, failedIPAddresses.Count, "Did not find all expected ip addresses"); Assert.AreEqual("97.97.97.97", failedIPAddresses[0].IPAddress); Assert.AreEqual("ssh1", failedIPAddresses[0].Source); Assert.AreEqual("98.97.97.97", failedIPAddresses[1].IPAddress); Assert.AreEqual("ssh2", failedIPAddresses[1].Source); Assert.AreEqual("100.97.97.97", failedIPAddresses[2].IPAddress); Assert.AreEqual("SSH", failedIPAddresses[2].Source); } }
public void TestLogFileParserMaskReplace() { string pathAndMask = Path.Combine(tempPath, "log-{year}-{month}-{day}.txt"); using (IPBanLogFileScanner scanner = new IPBanIPAddressLogFileScanner(this, TestDnsLookup.Instance, source: "SSH", pathAndMask: pathAndMask, recursive: false, regexFailure: "fail, ip: (?<ipaddress>.+), user: (?<username>.*?)", regexSuccess: "success, ip: (?<ipaddress>.+), user: (?<username>.*?)", pingIntervalMilliseconds: 0)) { string filePath = Path.Combine(tempPath, "log-2019-05-05.txt"); IPBanService.UtcNow = new DateTime(2019, 5, 5, 1, 1, 1, DateTimeKind.Utc); IPBanExtensionMethods.FileWriteAllTextWithRetry(filePath, string.Empty); scanner.PingFiles(); File.AppendAllText(filePath, "fail, ip: 99.99.99.99, user: testuser\n"); File.AppendAllText(filePath, "success, ip: 98.99.99.99, user: testuser\n"); scanner.PingFiles(); Assert.AreEqual(1, failedIPAddresses.Count, "Did not find all expected ip addresses"); Assert.AreEqual("99.99.99.99", failedIPAddresses[0].IPAddress); Assert.AreEqual(1, successIPAddresses.Count, "Did not find all expected ip addresses"); Assert.AreEqual("98.99.99.99", successIPAddresses[0].IPAddress); // move date to non-match on log file IPBanService.UtcNow = new DateTime(2019, 6, 5, 1, 1, 1, DateTimeKind.Utc); File.AppendAllText(filePath, "fail, ip: 97.99.99.99, user: testuser\n"); File.AppendAllText(filePath, "success, ip: 96.99.99.99, user: testuser\n"); scanner.PingFiles(); // should be no change in parsing as file should have dropped out Assert.AreEqual(1, failedIPAddresses.Count, "Did not find all expected ip addresses"); Assert.AreEqual("99.99.99.99", failedIPAddresses[0].IPAddress); Assert.AreEqual(1, successIPAddresses.Count, "Did not find all expected ip addresses"); Assert.AreEqual("98.99.99.99", successIPAddresses[0].IPAddress); } }
public void TestPlugin() { if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { // prime Linux log files IPBanPlugin.IPBanLoginFailed("SSH", "User1", "78.88.88.88"); foreach (IPBanLogFileScanner toParse in service.LogFilesToParse) { toParse.PingFiles(); } } service.RunCycle().Sync(); for (int i = 0; i < 5; i++) { IPBanPlugin.IPBanLoginFailed("SSH", "User1", "88.88.88.88"); service.RunCycle().Sync(); // attempt to read failed logins, if they do not match, sleep a bit and try again for (int j = 0; j < 10 && (!service.DB.TryGetIPAddress("88.88.88.88", out IPBanDB.IPAddressEntry e) || e.FailedLoginCount != i + 1); j++) { System.Threading.Thread.Sleep(100); foreach (IPBanLogFileScanner toParse in service.LogFilesToParse) { toParse.PingFiles(); } service.RunCycle().Sync(); } IPBanService.UtcNow += TimeSpan.FromMinutes(5.0); } service.RunCycle().Sync(); Assert.IsTrue(service.Firewall.IsIPAddressBlocked("88.88.88.88", out _)); if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { string toDelete = $"/var/log/ipbancustom_{IPBanPlugin.ProcessName}.log"; IPBanExtensionMethods.FileDeleteWithRetry(toDelete); } // by default, Windows plugin goes to event viewer, we want to also make sure custom log files work on Windows if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { // prime log file to parse string file = @"C:/IPBanCustomLogs/ipbancustom_test.log"; Directory.CreateDirectory(Path.GetDirectoryName(file)); IPBanExtensionMethods.FileWriteAllTextWithRetry(file, "awerfoajwerp jaeowr paojwer " + Environment.NewLine); service.RunCycle().Sync(); System.Threading.Thread.Sleep(100); foreach (IPBanLogFileScanner toParse in service.LogFilesToParse) { toParse.PingFiles(); } string data = "ipban failed login, ip address: 99.99.99.99, source: SSH, user: User2" + Environment.NewLine; for (int i = 0; i < 5; i++) { File.AppendAllText(file, data); IPBanService.UtcNow += TimeSpan.FromMinutes(5.0); foreach (IPBanLogFileScanner toParse in service.LogFilesToParse) { toParse.PingFiles(); } // attempt to read failed logins, if they do not match, sleep a bit and try again for (int j = 0; j < 10 && (!service.DB.TryGetIPAddress("99.99.99.99", out IPBanDB.IPAddressEntry e) || e.FailedLoginCount != i + 1); j++) { System.Threading.Thread.Sleep(100); service.RunCycle().Sync(); } service.RunCycle().Sync(); } try { Assert.IsTrue(service.Firewall.IsIPAddressBlocked("99.99.99.99", out _)); } finally { IPBanExtensionMethods.FileDeleteWithRetry(file); Directory.Delete(Path.GetDirectoryName(file)); using (EventLog appLog = new EventLog("Application", System.Environment.MachineName)) { appLog.Clear(); } } } }
public void SimpleLogParseTest() { string fullPath = Path.Combine(tempPath, "test1.txt"); using (IPBanLogFileScanner scanner = new IPBanIPAddressLogFileScanner(this, TestDnsLookup.Instance, source: "SSH", pathAndMask: pathAndMask, recursive: false, regexFailure: "__prefix__(?<ipaddress>.+)__suffix(__(?<username>.*?)__end)?", regexSuccess: "success_prefix__(?<ipaddress>.+)__suffix(__(?<username>.*?)__end)?", pingIntervalMilliseconds: 0)) { StreamWriter writer = new StreamWriter(CreateFile(fullPath), Encoding.UTF8) { AutoFlush = true }; // scan once before writing any data, otherwise scanner starts at aned of file and will miss // the first data written scanner.PingFiles(); // start off with one ip, do not write the last newline, we will do that later writer.Write("asdasdasdasdasdasd "); writer.Write("__prefix__1.1.1.1__suffix message repeated 3 times"); scanner.PingFiles(); Assert.AreEqual(0, failedIPAddresses.Count, "Should not have found ip address yet"); // now write a newline, this should make it pickup the line writer.WriteLine(" aaa "); writer.WriteLine(); scanner.PingFiles(); Assert.AreEqual(1, failedIPAddresses.Count, "Did not find all expected ip addresses"); Assert.AreEqual("1.1.1.1", failedIPAddresses[0].IPAddress, "First ip address is wrong"); Assert.AreEqual("SSH", failedIPAddresses[0].Source, "First ip source is wrong"); Assert.AreEqual(3, failedIPAddresses[0].Count, "Repeat count is wrong"); Assert.IsNull(failedIPAddresses[0].UserName, "First user name should be null"); scanner.PingFiles(); Assert.AreEqual(1, failedIPAddresses.Count, "Should not have found more ip address yet"); writer.WriteLine("aowefjapweojfopaejfpaoe4231 343240-302843 -204 8-23084 -0"); writer.WriteLine("__prefix__2.2.2.2__suffix__THISUSER__end"); writer.WriteLine("success_prefix__4.4.4.4__suffix__THISUSER__end"); scanner.PingFiles(); Assert.AreEqual(2, failedIPAddresses.Count, "Did not find all expected ip addresses"); Assert.AreEqual("2.2.2.2", failedIPAddresses[1].IPAddress, "Second ip address is wrong"); Assert.AreEqual("SSH", failedIPAddresses[1].Source, "First ip source is wrong"); Assert.AreEqual("THISUSER", failedIPAddresses[1].UserName, "Second user name is wrong"); Assert.AreEqual(1, failedIPAddresses[1].Count, "Repeat count is wrong"); Assert.AreEqual(1, successIPAddresses.Count); Assert.IsTrue(successIPAddresses[0].Type == IPAddressEventType.SuccessfulLogin); Assert.AreEqual("4.4.4.4", successIPAddresses[0].IPAddress); Assert.AreEqual("SSH", successIPAddresses[0].Source); Assert.AreEqual("THISUSER", successIPAddresses[0].UserName); writer.Close(); IPBanExtensionMethods.FileDeleteWithRetry(fullPath); writer = new StreamWriter(CreateFile(fullPath), Encoding.UTF8) { AutoFlush = true }; writer.WriteLine("__prefix__3.3.3.3__suffix message repeated 4 times"); scanner.PingFiles(); Assert.AreEqual(3, failedIPAddresses.Count, "Did not find all expected ip addresses"); Assert.AreEqual("3.3.3.3", failedIPAddresses[2].IPAddress, "Second ip address is wrong"); Assert.AreEqual("SSH", failedIPAddresses[2].Source, "First ip source is wrong"); Assert.AreEqual(4, failedIPAddresses[2].Count, "Repeat count is wrong"); writer.Close(); } }