2022-03-09 13:45:36 +00:00
|
|
|
#!/usr/bin/env bats
|
|
|
|
# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
|
|
|
|
|
|
|
|
set -u
|
|
|
|
|
|
|
|
fake_log() {
|
|
|
|
for _ in $(seq 1 6); do
|
|
|
|
echo "$(LC_ALL=C date '+%b %d %H:%M:%S ')"'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424'
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
setup_file() {
|
2022-03-18 09:13:12 +00:00
|
|
|
load "../lib/setup_file.sh"
|
2022-03-09 13:45:36 +00:00
|
|
|
# we reset config and data, and only run the daemon once for all the tests in this file
|
|
|
|
./instance-data load
|
2023-11-24 14:57:32 +00:00
|
|
|
|
|
|
|
cscli collections install crowdsecurity/sshd --error
|
|
|
|
cscli parsers install crowdsecurity/syslog-logs --error
|
|
|
|
cscli parsers install crowdsecurity/dateparse-enrich --error
|
|
|
|
|
2022-03-09 13:45:36 +00:00
|
|
|
./instance-crowdsec start
|
|
|
|
}
|
|
|
|
|
|
|
|
teardown_file() {
|
2022-03-18 09:13:12 +00:00
|
|
|
load "../lib/teardown_file.sh"
|
2022-03-09 13:45:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
setup() {
|
|
|
|
load "../lib/setup.sh"
|
|
|
|
}
|
|
|
|
|
|
|
|
#----------
|
|
|
|
|
2023-01-20 15:14:26 +00:00
|
|
|
@test "-type and -dsn are required together" {
|
|
|
|
rune -1 "${CROWDSEC}" -no-api -type syslog
|
|
|
|
assert_stderr --partial "-type requires a -dsn argument"
|
|
|
|
rune -1 "${CROWDSEC}" -no-api -dsn file:///dev/fd/0
|
|
|
|
assert_stderr --partial "-dsn requires a -type argument"
|
|
|
|
}
|
|
|
|
|
2023-03-03 10:06:27 +00:00
|
|
|
@test "the one-shot mode works" {
|
|
|
|
rune -0 "${CROWDSEC}" -dsn file://<(fake_log) -type syslog -no-api
|
|
|
|
refute_output
|
|
|
|
assert_stderr --partial "single file mode : log_media=stdout daemonize=false"
|
|
|
|
assert_stderr --regexp "Adding file .* to filelist"
|
|
|
|
assert_stderr --regexp "reading .* at once"
|
|
|
|
assert_stderr --regexp "Acquisition is finished, shutting down"
|
|
|
|
assert_stderr --regexp "Killing parser routines"
|
|
|
|
assert_stderr --regexp "Bucket routine exiting"
|
|
|
|
assert_stderr --regexp "crowdsec shutdown"
|
|
|
|
}
|
|
|
|
|
2022-07-01 09:03:40 +00:00
|
|
|
@test "we have one decision" {
|
2023-01-20 15:14:26 +00:00
|
|
|
rune -0 cscli decisions list -o json
|
|
|
|
rune -0 jq '. | length' <(output)
|
2022-03-09 13:45:36 +00:00
|
|
|
assert_output 1
|
|
|
|
}
|
|
|
|
|
2022-07-01 09:03:40 +00:00
|
|
|
@test "1.1.1.172 has been banned" {
|
2023-01-20 15:14:26 +00:00
|
|
|
rune -0 cscli decisions list -o json
|
|
|
|
rune -0 jq -r '.[].decisions[0].value' <(output)
|
2022-03-09 13:45:36 +00:00
|
|
|
assert_output '1.1.1.172'
|
|
|
|
}
|
|
|
|
|
2022-07-01 09:03:40 +00:00
|
|
|
@test "1.1.1.172 has been banned (range/contained: -r 1.1.1.0/24 --contained)" {
|
2023-01-20 15:14:26 +00:00
|
|
|
rune -0 cscli decisions list -r 1.1.1.0/24 --contained -o json
|
|
|
|
rune -0 jq -r '.[].decisions[0].value' <(output)
|
2022-03-09 13:45:36 +00:00
|
|
|
assert_output '1.1.1.172'
|
|
|
|
}
|
|
|
|
|
2022-07-01 09:03:40 +00:00
|
|
|
@test "1.1.1.172 has not been banned (range/NOT-contained: -r 1.1.2.0/24)" {
|
2023-01-20 15:14:26 +00:00
|
|
|
rune -0 cscli decisions list -r 1.1.2.0/24 -o json
|
2023-08-03 10:51:50 +00:00
|
|
|
assert_json '[]'
|
2022-03-09 13:45:36 +00:00
|
|
|
}
|
|
|
|
|
2022-07-01 09:03:40 +00:00
|
|
|
@test "1.1.1.172 has been banned (exact: -i 1.1.1.172)" {
|
2023-01-20 15:14:26 +00:00
|
|
|
rune -0 cscli decisions list -i 1.1.1.172 -o json
|
|
|
|
rune -0 jq -r '.[].decisions[0].value' <(output)
|
2022-03-09 13:45:36 +00:00
|
|
|
assert_output '1.1.1.172'
|
|
|
|
}
|
|
|
|
|
2022-07-01 09:03:40 +00:00
|
|
|
@test "1.1.1.173 has not been banned (exact: -i 1.1.1.173)" {
|
2023-01-20 15:14:26 +00:00
|
|
|
rune -0 cscli decisions list -i 1.1.1.173 -o json
|
2023-08-03 10:51:50 +00:00
|
|
|
assert_json '[]'
|
2022-03-09 13:45:36 +00:00
|
|
|
}
|