2022-03-09 13:45:36 +00:00
|
|
|
#!/usr/bin/env bats
|
|
|
|
# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
|
|
|
|
|
|
|
|
set -u
|
|
|
|
|
|
|
|
fake_log() {
|
|
|
|
for _ in $(seq 1 6); do
|
|
|
|
echo "$(LC_ALL=C date '+%b %d %H:%M:%S ')"'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424'
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
setup_file() {
|
2022-03-18 09:13:12 +00:00
|
|
|
load "../lib/setup_file.sh"
|
2022-03-09 13:45:36 +00:00
|
|
|
# we reset config and data, but run the daemon only in the tests that need it
|
|
|
|
./instance-data load
|
2023-11-24 14:57:32 +00:00
|
|
|
|
|
|
|
cscli collections install crowdsecurity/sshd --error
|
|
|
|
cscli parsers install crowdsecurity/syslog-logs --error
|
|
|
|
cscli parsers install crowdsecurity/dateparse-enrich --error
|
|
|
|
|
2022-03-09 13:45:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
teardown_file() {
|
2022-03-18 09:13:12 +00:00
|
|
|
load "../lib/teardown_file.sh"
|
2022-03-09 13:45:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
setup() {
|
|
|
|
load "../lib/setup.sh"
|
|
|
|
}
|
|
|
|
|
|
|
|
teardown() {
|
|
|
|
./instance-crowdsec stop
|
|
|
|
}
|
|
|
|
|
|
|
|
#----------
|
|
|
|
|
2022-07-01 09:03:40 +00:00
|
|
|
@test "1.1.1.172 has been banned" {
|
2022-03-10 11:19:02 +00:00
|
|
|
tmpfile=$(TMPDIR="${BATS_TEST_TMPDIR}" mktemp)
|
2022-03-09 13:45:36 +00:00
|
|
|
touch "${tmpfile}"
|
2022-07-01 20:45:55 +00:00
|
|
|
ACQUIS_YAML=$(config_get '.crowdsec_service.acquisition_path')
|
2022-07-01 09:03:40 +00:00
|
|
|
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
|
2022-03-09 13:45:36 +00:00
|
|
|
|
|
|
|
./instance-crowdsec start
|
2024-02-13 13:22:19 +00:00
|
|
|
|
|
|
|
sleep 0.2
|
|
|
|
|
2022-03-09 13:45:36 +00:00
|
|
|
fake_log >>"${tmpfile}"
|
2024-02-13 13:22:19 +00:00
|
|
|
|
|
|
|
sleep 0.2
|
|
|
|
|
2022-03-09 13:45:36 +00:00
|
|
|
rm -f -- "${tmpfile}"
|
2024-02-13 13:22:19 +00:00
|
|
|
|
|
|
|
found=0
|
|
|
|
# this may take some time in CI
|
|
|
|
for _ in $(seq 1 10); do
|
|
|
|
if cscli decisions list -o json | jq -r '.[].decisions[0].value' | grep -q '1.1.1.172'; then
|
|
|
|
found=1
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
sleep 0.2
|
|
|
|
done
|
|
|
|
assert_equal 1 "${found}"
|
2022-03-09 13:45:36 +00:00
|
|
|
}
|