HOME

Mini Shell 1.0 Redirecting to https://devs.lapieza.net/iniciar-sesion Redirecting to https://devs.lapieza.net/iniciar-sesion.
DIR: /lib/python3/dist-packages/fail2ban/tests/__pycache__/
Current File : //lib/python3/dist-packages/fail2ban/tests/__pycache__/servertestcase.cpython-311.pyc
�

�Bd�q����dZdZdZddlZddlZddlZddlZddlZddlZddl	Z	ddl
mZmZm
Z
ddlmZddlmZdd	lmZmZdd
lmZddlmZddlmZdd
lmZddlmZddl m!Z!m"Z"m#Z#ddl$m%Z%m&Z&m'Z'ddl(m)Z)	ddlm*Z*n
#e+$rdZ*YnwxYwej,�-ej,�.e/��d��Z0dZ1e%d��Z2Gd�de��Z3Gd�de!��Z4Gd�de4��Z5Gd�de4��Z6Gd�d ej7��Z8Gd!�d"ej7��Z9Gd#�d$e��Z:Gd%�d&e!��Z;dd'l<m=Z=m>Z>m?Z?Gd(�d)e!��Z@dS)*z
Cyril Jaquierz Copyright (c) 2004 Cyril Jaquier�GPL�N�)�Regex�	FailRegex�RegexException)�actions)�Server)�DNSUtils�IPAddr)�Jail)�
JailThread)�	BanTicket)�Utils�)�	DummyJail)�LogCaptureTestCase�
with_alt_time�MyTime)�	getLogger�extractOptions�
PREFER_ENC)�version)�
filtersystemd�files�polling�fail2banc��eZdZd�Zd�ZdS)�
TestServerc��dS�N���self�args�kwargss   �?/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py�setLogLevelzTestServer.setLogLevel<����$�c��dSr r!r"s   r&�setLogTargetzTestServer.setLogTarget?r(r)N)�__name__�
__module__�__qualname__r'r+r!r)r&rr;s2�������������r)rc�H��eZdZeZ�fd�Z�fd�Zdd�Zdd�Zd	�Z	d
�Z
�xZS)�TransmitterBasec���tt|�����|���|_|jj|_d|_|j�|jt��dS)�Call before every test case.�	TestJail1N)
�superr0�setUp�TEST_SRV_CLASS�server�_Server__transm�transm�jailName�addJail�FAST_BACKEND�r#�	__class__s �r&r5zTransmitterBase.setUpGsg��������$�$�&�&�&��#�#�%�%�$�+���+�$�+��$�-��+���d�m�\�2�2�2�2�2r)c���|j���tt|�����dS�zCall after every test case.N)r7�quitr4r0�tearDownr=s �r&rBzTransmitterBase.tearDownQs;����+�����������'�'�)�)�)�)�)r)r rNFc���d||g}d|g}|�,|�d|��|�d|��|dkr|}�fd�}	|�|	|j�|����|	||f����|sD|�|	|j�|����|	d|f����dSdS)zoProcess set/get commands and compare both return values 
		with outValue if it was given otherwise with inValue�set�getNrr c�*���rt|��n|S)zPrepare value for comparison)�repr)�x�repr_s �r&�vz%TransmitterBase.setGetTest.<locals>.vds����"�4��7�7�7��#r)r)�insert�assertEqualr9�proceed)
r#�cmd�inValue�outValue�outCode�jailrI�setCmd�getCmdrJs
      `   r&�
setGetTestzTransmitterBase.setGetTestWs
���
�3�� �&��3�<�&�	��	�=�=��D����	�=�=��D���������8�$�$�$�$�$����1�1�T�[�(�(��0�0�1�1�1�1�g�x�5H�3I�3I�J�J�J�	�F����A�A�d�k�)�)�&�1�1�2�2�A�A�q�(�m�4D�4D�E�E�E�E�E�F�Fr)c�|�d||g}d|g}|�,|�d|��|�d|��|j�|��d}|�|j�|��dd��|�|j�|��d|f��dS)NrDrErr)rKr9rMrL)r#rNrOrRrSrT�	initValues       r&�
setGetTestNOKzTransmitterBase.setGetTestNOKms����3�� �&��3�<�&�	��	�=�=��D����	�=�=��D�����k�!�!�&�)�)�!�,�)����4�;�&�&�v�.�.�q�1�1�5�5�5����4�;�&�&�v�.�.��I��?�?�?�?�?r)c�`�d|z}d|z}|�|j�d||g��dgf��t|��D�]'\}}|j�d|||g��}|�|dtt
t|d����fdtt
t|d|dz�����fd���|j�d||g��}|�|dtt
t|d����fdtt
t|d|dz�����fd�����)t|��D�]'\}}|j�d|||g��}|�|dtt
t|d����fdtt
t||dzd�����fd���|j�d||g��}|�|dtt
t|d����fdtt
t||dzd�����fd�����)dS)	N�add�delrErrDrr)�level)rLr9rM�	enumerate�assertSortedEqual�list�map�str)	r#rN�valuesrR�cmdAdd�cmdDel�n�value�rets	         r&�jailAddDelTestzTransmitterBase.jailAddDelTestzs����3�;�&��3�;�&�����;����t�S�)�*�*�Q��G�5�5�5��F�#�#�h�h�h�a��	
��	�	�e�T�6�5�9�	:�	:�3����3�q�6�4��C��Q��(8�(8�#9�#9�:�Q��S��f�UY�VW�XY�VY�UY�l�E[�E[�@\�@\�<]�ef��g�g�g�	
��	�	�e�T�3�/�	0�	0�3����3�q�6�4��C��Q��(8�(8�#9�#9�:�Q��S��f�UY�VW�XY�VY�UY�l�E[�E[�@\�@\�<]�ef��g�g�g�g��F�#�#�h�h�h�a��	
��	�	�e�T�6�5�9�	:�	:�3����3�q�6�4��C��Q��(8�(8�#9�#9�:�Q��S��f�UV�WX�UX�UY�UY�l�E[�E[�@\�@\�<]�ef��g�g�g�	
��	�	�e�T�3�/�	0�	0�3����3�q�6�4��C��Q��(8�(8�#9�#9�:�Q��S��f�UV�WX�UX�UY�UY�l�E[�E[�@\�@\�<]�ef��g�g�g�g�	h�hr)c	���d|z}d|z}|�|j�d||g��dgf��t|��D]�\}}|�|j�d|||g��d|d|dz�f��|�|j�d||g��d|d|dz�f����t|��D]�\}}|�|j�d||dg��d||dzd�f��|�|j�d||g��d||dzd�f����dS)NrZr[rErrDr)rLr9rMr])	r#rN�inValues�	outValuesrRrcrdrerfs	         r&�jailAddDelRegexTestz#TransmitterBase.jailAddDelRegexTest�s����3�;�&��3�;�&�����;����t�S�)�*�*�Q��G�5�5�5��H�%�%���h�a������K�����f�e�4�5�5��	�$�1�Q�3�$����������K�����c�*�+�+��	�$�1�Q�3�$��������H�%�%���h�a������K�����f�a�0�1�1��	�!�A�#�$�$����������K�����c�*�+�+��	�!�A�#�$�$�������	�r))r rNF)r,r-r.rr6r5rBrUrXrhrl�
__classcell__�r>s@r&r0r0Cs����������3�3�3�3�3�*�*�*�*�*�F�F�F�F�,@�@�@�@�h�h�h�"������r)r0c�,�eZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zd�Z
d�Zd
�Zd�Zd�Zd�Zd�Zd�Zed���Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Z d�Z!d�Z"d �Z#d!�Z$d"�Z%d#�Z&d$�Z'd%�Z(d&�Z)d'�Z*d(�Z+d)�Z,d*�Z-d+�Z.d,�Z/d-�Z0d.S)/�Transmitterc�^�|�|j�����dSr )�assertFalser7�	isStarted�r#s r&�testServerIsNotStartedz"Transmitter.testServerIsNotStarted�s,�����4�;�(�(�*�*�+�+�+�+�+r)c�d�|�|j�dg��d��dS)N�stop�rN�rLr9rMrts r&�testStopServerzTransmitter.testStopServer�s0�����4�;�&�&��x�0�0�)�<�<�<�<�<r)c�d�|�|j�dg��d��dS)N�ping)r�pongryrts r&�testPingzTransmitter.testPing�s0�����4�;�&�&��x�0�0�+�>�>�>�>�>r)c�|�|�|j�dg��dtjf��dS)Nrr)rLr9rMrrts r&�testVersionzTransmitter.testVersion�s7�����4�;�&�&�	�{�3�3�a���5I�J�J�J�J�Jr)c�r�	|�|j�gd���d��|�t	j����|�d��|���|�|j�gd���d��|�t	j����|�d��|���|�|j�gd���d��|�d	��|���dS#|�|j�gd���d��|�d	��|���wxYw)
N)rD�	allowipv6�yes)rr�z
IPv6 is on)rDr��no�rr�zIPv6 is off)rDr��auto)rr�zIPv6 is auto)	rLr9rM�
assertTruer
�
IPv6IsAllowed�assertLogged�pruneLogrrrts r&�testSetIPv6zTransmitter.testSetIPv6�s���
6����D�K�'�'�(C�(C�(C�D�D�j�Q�Q�Q��?�?�8�)�+�+�,�,�,����\�"�"�"�D�M�M�O�O�O����D�K�'�'�(B�(B�(B�C�C�Y�O�O�O����H�*�,�,�-�-�-����]�#�#�#�T�]�]�_�_�_����D�K�'�'�(D�(D�(D�E�E�{�S�S�S����^�$�$�$�d�m�m�o�o�o�o�o�����D�K�'�'�(D�(D�(D�E�E�{�S�S�S����^�$�$�$�d�m�m�o�o�o�o���s
�C>E�AF6c��tjjs�tj��}|�|j�ddg��d��tj��}||z
}|�d|cxkodkncd|z���dS|�|j�ddg��d��dS)	N�sleepz0.1rxg
ףp=
�?g�������?zSleep was %g sec)�msgz0.0001)�unittest�F2B�fast�timerLr9rMr�)r#�t0�t1�dts    r&�	testSleepzTransmitter.testSleep�s���	��	�I��	���2����D�K�'�'��%�(8�9�9�9�E�E�E��	���2�
�R��2��?�?�4�"�?�?�?�?�s�?�?�?�?�(:�R�(?�?�@�@�@�@�@����D�K�'�'��(�(;�<�<�i�H�H�H�H�Hr)c���tjjstjdd��\}}nd}|�d|��|j�|j��|�	d|��|�	d|��|�	ddd��|�dd��|�	d	d
d��|�d	d��|j�
|jt��|�	d|��|j�|j��|�|j
�gd���d
��|�|j
�ddg��d
��|�|j
�gd���d
��|�|j
�ddg��d
��|�|j
�gd���d
��|�|j
�dd	g��d
��|j�
|jt��|�|j
�gd���d
��tjjs*tj|��tj|��dSdS)Nz.db�	fail2ban_z:memory:�dbfile�dbmaxmatches�100�d�LIZARD�
dbpurgeage�600�X)rDr��NonerxrE)rDr�r�)rDr��500)r�r��	memory_db�tempfile�mkstemprXr7�delJailr:rUr;r<rLr9rM�os�close�unlink)r#�tmp�tmpFilenames   r&�testDatabasezTransmitter.testDatabase�s
��	��	���&�u�k�:�:��3����;����X�{�+�+�+��+���d�m�$�$�$��/�/�(�K�(�(�(��/�/�(�K�(�(�(��/�/�.�%��-�-�-����^�X�.�.�.��/�/�,��s�+�+�+����\�8�,�,�,��+���d�m�\�2�2�2��/�/�(�K�(�(�(��+���d�m�$�$�$����4�;�&�&�������������4�;�&�&�	�8�����������4�;�&�&�!�!�!�#�#��������4�;�&�&�	�>�����������4�;�&�&����!�!��������4�;�&�&�	�<���������+���d�m�\�2�2�2����4�;�&�&����������
��	���8�C�=�=�=��9�[�������r)c��d}d}d}|�|j�d|dg��d|f��|�|j�d|g��d|f��|�|j�d|dg��dd��|�|j�d|d	g��d|f��|�|j�d|jdg��dd��|�|j�gd
���dd��dS)N�	TestJail2�	TestJail3�	TestJail4rZrrzinvalid backendrr�)rZ�--allr�rLr9rMr:)r#�jail2�jail3�jail4s    r&�testAddJailzTransmitter.testAddJail�sq��
�%�
�%�
�%�����;����u�i�0�1�1�A�u�:�?�?�?����4�;�&�&��u�~�6�6��E�
�C�C�C�����;����u�&7�8�9�9�!�<�a�A�A�A�����;����u�f�-�.�.��E�
�<�<�<�����;����t�}�i�8�9�9�!�<�a�A�A�A�����;���2�2�2�3�3�A�6��;�;�;�;�;r)c������j�d�jg��d��t	jtj����t
j	�fd�d�������j�d�jg��d����
�j�jj��dS)N�startrxc����j�d��o4t�j�d�jg��t��S)Nr�status�r7�isAlive�
isinstancer9rMr:�RuntimeErrorrts�r&�<lambda>z/Transmitter.testStartStopJail.<locals>.<lambda>�C���4�;���q�!�!�r�*�T�[�5H�5H�(�TX�Ta�Ib�5c�5c�eq�*r�*r�&r�r)�rw)
rLr9rMr:r�r�r�DEFAULT_SLEEP_TIMEr��wait_for�assertNotInr7�_Server__jailsrts`r&�testStartStopJailzTransmitter.testStartStopJails��������;������/�0�0�)�=�=�=��*�U�
%�&�&�&��/�/�5�>�r�r�r�r�����������;�����
�.�/�/��<�<�<����4�=�$�+�"<�=�=�=�=�=r)c�����j�dt�����j�d�jg��d�����j�ddg��d��tjtj
����tj�fd�d�������j�ddg��d����tj�fd�d������
�j�jj����
d�jj��dS)	Nr�r�rxc����j�d��o4t�j�d�jg��t��S)Nrr�r�rts�r&r�z2Transmitter.testStartStopAllJail.<locals>.<lambda>"r�r)r�rwr�c�8��t�jj��Sr )�lenr7r�rts�r&r�z2Transmitter.testStartStopAllJail.<locals>.<lambda>%s���s�4�;�3M�/N�/N�+N�r))r7r;r<rLr9rMr:r�r�rr�r�r�r�r�rts`r&�testStartStopAllJailz Transmitter.testStartStopAllJails]����+���k�<�0�0�0�����;������/�0�0�)�=�=�=�����;�����-�.�.�	�;�;�;�
�*�U�
%�&�&�&��/�/�5�>�r�r�r�r����������4�;�&�&���'8�9�9�9�E�E�E��/�/�5�>�#N�#N�#N�#N�PQ�R�R�T�T�T����4�=�$�+�"<�=�=�=����;��� :�;�;�;�;�;r)c�\�|�|j�d|jddg��d��|�|j�d|jddg��d��|�|j�d|jddg��dd	��dS)
NrD�idle�on�rT�off�rF�CATrrr�rts r&�testJailIdlezTransmitter.testJailIdle)s�������;����t�}�f�d�;�<�<���������;����t�}�f�e�<�=�=�
��������;����t�}�f�e�<�=�=�a�@������r)c�0�|�ddd|j���|�ddd|j���|�ddd|j���|�dd	d
|j���|�dd|j���dS)N�findtime�120�x�rR�60�<�30m�z-60i����Dog�rUr:rXrts r&�testJailFindTimezTransmitter.testJailFindTime4s����/�/�*�e�S�t�}�/�=�=�=��/�/�*�d�B�T�]�/�;�;�;��/�/�*�e�U���/�?�?�?��/�/�*�e�S�t�}�/�=�=�=����Z��T�]��;�;�;�;�;r)c�0�|�ddd|j���|�ddd|j���|�ddd|j���|�dd	d
|j���|�dd|j���dS)N�bantimer�r�r��50�2z-50i���z
15d 5h 30mi��Catr�rts r&�testJailBanTimezTransmitter.testJailBanTime;s����/�/�)�U�C�d�m�/�<�<�<��/�/�)�T�2�D�M�/�:�:�:��/�/�)�U�C�d�m�/�<�<�<��/�/�)�\�7���/�G�G�G����Y��D�M��:�:�:�:�:r)c�0�|�ddd|j���|�ddd|j���|�ddd|j���|�dd	d
|j���|�dd|j���dS)N�datepattern�%%%Y%m%d%H%M%S)r�z%YearMonthDay24hourMinuteSecondr��Epoch)Nr�z^Epoch)Nz{^LN-BEG}Epoch�TAI64N)Nr�z
%Cat%a%%%gr�rts r&�testDatePatternzTransmitter.testDatePatternBs����/�/�-�!1�8��
������/�/��'�?����@�@�@��/�/��(�4�4�=��J�J�J��/�/��(�,�4�=��B�B�B����]�L�t�}��E�E�E�E�Er)c�|�|�ddd|j���|�dd|j���dS)N�logtimezonezUTC+0400r�znot-a-time-zoner�rts r&�testLogTimeZonezTransmitter.testLogTimeZoneNsB���/�/�-��Z�d�m�/�L�L�L����]�$5�D�M��J�J�J�J�Jr)c�&�|�dd|j���|�dd|j���|�dd|j���d}|�|j�d|jd|g��d��dS)	N�usednsr�r��warnr��FishrDr�)rUr:rLr9rM�r#rfs  r&�testJailUseDNSzTransmitter.testJailUseDNSRs����/�/�(�E��
�/�6�6�6��/�/�(�F���/�7�7�7��/�/�(�D�t�}�/�5�5�5��%�����;����t�}�h��>�?�?������r)c��|j�|j��|�|j�d|jddddg��d��|�dddd�	��|�|j�d|jdd
g��d��|�dd�
��|�|j�d|jdddddg��d��|�dddd�	��|�dddd�	��|���|�|j�d|jdddg��dd��|�|j�d|jdddg��d��|�dddd�	��dS)NrD�banip�	192.0.2.1�	192.0.2.2)rr�
Ban 192.0.2.1�
Ban 192.0.2.2T��all�wait�Badger�rrz
Ban Badger�r��unbanipz192.0.2.255z192.0.2.254zUnban 192.0.2.1zUnban 192.0.2.2z192.0.2.255 is not bannedz192.0.2.254 is not bannedz--report-absentrr)rr)r7�	startJailr:rLr9rMr�r�rts r&�
testJailBanIPzTransmitter.testJailBanIP]s���+����
�&�&�&�����;����t�}�g�{�K�Q\�]�^�^�	�������O�_�$�T��J�J�J�����;����t�}�g�x�@�A�A�	�������L�t��,�,�,�����;���
�D�M�9�m�[�+�}�]�_�_�	�������%�'8�d���N�N�N����/�1L�RV�]a��b�b�b��-�-�/�/�/�����;���
�D�M�9�&7��G�I�I�IJ�L�LM�O�O�O�����;���
�D�M�9�m�]�C�E�E�EK�M�M�M����/�1L�RV�]a��b�b�b�b�br)c	�����j��j���fd�}��ddd�j���dD]+}dD]&}��||d|zg��d	���'�,��d
ddd�
����||d�dD����d	����dd�����dd�����d��dS)Nc�P���j�d�jd|g|z��S)NrD�attempt)r9rMr:)�ip�matchesr#s  �r&rz.Transmitter.testJailAttemptIP.<locals>.attempt}s)���
�+�
�
�u�d�m�Y��C�g�M�
N�
N�Nr)�maxretry�5�r�)rr)r�r��test failure %dr�z192.0.2.1:2z192.0.2.2:2Tr�c��g|]}d|z��S)rr!)�.0�is  r&�
<listcomp>z1Transmitter.testJailAttemptIP.<locals>.<listcomp>�s��G�G�G�!� 1�A� 5�G�G�Gr))r��rz192.0.2.2:5rr�r�)r7rr:rUrLr��assertNotLogged)r#rrrs`   r&�testJailAttemptIPzTransmitter.testJailAttemptIPzsG����+����
�&�&�&�O�O�O�O�O��/�/�*�c�1�4�=�/�9�9�9��C�C�a�
'�C�C�r����W�W�R�"3�a�"7�!8�9�9�6�B�B�B�B�C����M�=�d���F�F�F����7�7�2�G�G�w�G�G�G�H�H�&�Q�Q�Q����M���-�-�-����O�$��/�/�/�����'�'�'�'�'r)c�j��d}�j�|t���j�|��dddgf�fd�	}||g���||dddg���||d	ddd
g���||dgd��
��||dd	dg���||dd	g���||d	g���dS)N�TestJailBanListr!c���|�L���j�d|d|g��d����d|zd���|�L���j�d|d|g��d����d|zd������j�d	|dgt|��z��d
|fd���t
jt
j��d
z��dS)NrDr�r�zBan %sTrrzUnban %srErF)�
nestedOnlyr)	rLr9rMr�r^r_r�setTimer�)rRr�rr$�outListr#s     �r&�_getBanListTestz4Transmitter.testJailBanList.<locals>._getBanListTest�s+��������	�[���%��w��6�7�7��
�
�
�	���h��&�T��2�2�2�
�����	�[���%��y�'�:�;�;��
�
�
�	���j�7�*���6�6�6�����K�����g�.�t�D�z�z�9�:�:���L�U��$�$�$�
�>�&�+�-�-�!�#�$�$�$�$�$r))r�	127.0.0.1)z--with-timez:127.0.0.1 	2005-08-14 12:00:01 + 600 = 2005-08-14 12:10:01)r�r$r�192.168.0.1z<192.168.0.1 	2005-08-14 12:00:02 + 600 = 2005-08-14 12:10:02�192.168.1.10)rrr)r�r)rr)r7r;r<r)r#rRrs`  r&�testJailBanListzTransmitter.testJailBanList�sr���	�$��+���d�L�)�)�)��+�������#'��2�r�%�%�%�%�%�%�&�/�$�
������/�$�k�0@�I�J�L�L�L�L��/�$�m�2B�A�C�E�F�F�F�F��/�$�n�7�7�7�9�9�9�9��/�$���>�*�,�,�,�,��/�$���?������/�$�
�
������r)c���|�ddd|j���|�ddd|j���|�ddd|j���|�dd	|j���dS)
N�
maxmatchesr
rr��2r�-2����Duckr�rts r&�testJailMaxMatcheszTransmitter.testJailMaxMatches�sy���/�/�,��Q�T�]�/�;�;�;��/�/�,��Q�T�]�/�;�;�;��/�/�,��b�t�}�/�=�=�=����\�6��
��>�>�>�>�>r)c���|�ddd|j���|�ddd|j���|�ddd|j���|�dd	|j���dS)
Nr	r
rr�r!rr"r#r$r�rts r&�testJailMaxRetryzTransmitter.testJailMaxRetry�sy���/�/�*�c�1�4�=�/�9�9�9��/�/�*�c�1�4�=�/�9�9�9��/�/�*�d�B�T�]�/�;�;�;����Z��d�m��<�<�<�<�<r)c���|�ddd|j���|�ddd|j���|�dd|j���|�dd|j���dS)	N�maxlinesr
rr�r!rr"r$r�rts r&�testJailMaxLineszTransmitter.testJailMaxLines�sz���/�/�*�c�1�4�=�/�9�9�9��/�/�*�c�1�4�=�/�9�9�9����Z��D�M��:�:�:����Z��d�m��<�<�<�<�<r)c��|�dd|j���|�dd|j���|�ddt|j���|�dd|j���dS)N�logencodingzUTF-8r��asciir��Monkey)rUr:rrXrts r&�testJailLogEncodingzTransmitter.testJailLogEncoding�s���/�/�-��t�}�/�=�=�=��/�/�-��t�}�/�=�=�=��/�/�-����
��������]�H�4�=��A�A�A�A�Ar)c
��|�dtj�td��tj�td��tj�td��g|j��tj�td��}|�|j�d|jd|g��d|gf��|�|j�d|jd|g��d|gf��|�|j�d	|jdg��d|gf��|�|j�d|jd
|g��dgf��|�|j�d|jd|dg��d|gf��|�|j�d|jd|dg��d|gf��|�|j�d|jd|d
g��dd��|�|j�d|jd|||g��dd��dS)N�logpath�testcase01.logztestcase02.logztestcase03.logztestcase04.logrD�
addlogpathrrE�
dellogpath�tail�head�badgerr)	rhr��path�join�TEST_FILES_DIRr:rLr9rMr�s  r&�testJailLogPathzTransmitter.testJailLogPath�s��������G�L�L��!1�2�2��G�L�L��!1�2�2��G�L�L��!1�2�2��
�=����
�'�,�,�~�'7�
8�
8�%�����;����t�}�l�E�B�C�C���w�<��������;����t�}�l�E�B�C�C���w�<��������;����t�}�i�8�9�9���w�<��������;����t�}�l�E�B�C�C��r�7��������;���
�D�M�<���7�9�9���w�<��������;���
�D�M�<���7�9�9���w�<��������;���
�D�M�<���9�;�;�;<�>���������;���
�D�M�<���u�=�?�?�?@�B������r)c��d}|j�d|jd|g��}|�t	|dt
����dS)Nzthis_file_shouldn't_existrDr3r)r9rMr:r�r��IOError)r#rf�results   r&�testJailLogPathInvalidFilez&Transmitter.testJailLogPathInvalidFile�sR��
%�%��;���	�4�=�,��.�0�0�&��/�/�*�V�A�Y��0�0�1�1�1�1�1r)c�.�tjd���}|dz}tj||��|j�d|jd|g��}|�t|dt����tj
|��dS)N�tmp_fail2ban_broken_symlink)�prefixz.slinkrDr3r)r��mktempr��symlinkr9rMr:r�r�r=r�)r#�name�snamer>s    r&�testJailLogPathBrokenSymlinkz(Transmitter.testJailLogPathBrokenSymlinks���	�� =�	>�	>�	>�$�
��/�%��*�T�5�����;���	�4�=�,��.�0�0�&��/�/�*�V�A�Y��0�0�1�1�1��)�E�����r)c�X�|�dgd�|j��d}|�|j�d|jd|g��d|gf��|�|j�d|jd|g��d|gf��|�|j�d|jdg��d|gf��|�|j�d|jd|g��dgf��|�|j�d|jd	g��d
��|�|j�d|jd	dg��d��|�|j�d|jd	g��d��dS)
N�ignoreip)rz192.168.1.1z8.8.8.8rrD�addignoreiprrE�delignoreip�
ignoreselfr�Fr�)rhr:rLr9rMr�s  r&�testJailIgnoreIPzTransmitter.testJailIgnoreIP
s������
����
�=�����%�����;����t�}�m�U�C�D�D���w�<��������;����t�}�m�U�C�D�D���w�<��������;����t�}�j�9�:�:���w�<��������;����t�}�m�U�C�D�D��r�7��������;����t�}�l�;�<�<���������;����t�}�l�E�B�C�C�
��������;����t�}�l�;�<�<�
�����r)c�@�|�dd|j���dS)N�
ignorecommandzbin/ignore-command <ip>r��rUr:rts r&�testJailIgnoreCommandz!Transmitter.testJailIgnoreCommand2s#���/�/�/�#<�4�=�/�Q�Q�Q�Q�Qr)c��|�ddgd�|j���|�ddd|j���dS)N�ignorecachez%key="<ip>",max-time=1d,max-count=9999)z<ip>i'i�Qr��rPrts r&�testJailIgnoreCachezTransmitter.testJailIgnoreCache5sT���/�/�-�*�����
������/�/�-��T��
�/�>�>�>�>�>r)c�@�|�dd|j���dS)N�	prefregexz^Testr�rPrts r&�testJailPrefRegexzTransmitter.testJailPrefRegex<s"���/�/�+�w�T�]�/�;�;�;�;�;r)c
��|�dgd�dtjd��zdtjd��zdtjd��zg|j��|�|j�d|jdd	g��d
d��|�|j�d|jddg��d
d��dS)
N�	failregex)zuser john at <HOST>�Admin user login from <HOST>z failed attempt from <HOST> againzuser john at %s�<HOST>�Admin user login from %szfailed attempt from %s againrD�addfailregexz
No host regexrri��rlr�_resolveHostTagr:rLr9rMrts r&�
testJailRegexzTransmitter.testJailRegex?s
�����;������.�x�8�8�9��%�"7��"A�"A�B�"�e�&;�H�&E�&E�F��
�=��������;���
�D�M�>�?�;�=�=�=>�@���������;���
�D�M�>�3�/�1�1�12�4������r)c	�h�|�dgd�ddtjd��zdg|j��|�|j�d|jdd	g��d
d��|�|j�d|jddg��d
d��dS)
N�ignoreregex)�	user johnr[�Dont match me!rdr]r\rerD�addignoreregexzInvalid [regexrrr�r_rts r&�testJailIgnoreRegexzTransmitter.testJailIgnoreRegexWs������=������%�"7��"A�"A�B���
�=��������;���
�D�M�+�-=�>�@�@�@A�C���������;���
�D�M�+�R�0�2�2�23�5������r)c	���|jg}|�|j�dg��ddt	|��fdd�|��fgf��|j�dt��|�	d��|�|j�dg��ddt	|��fdd�|��fgf��dS)Nr�rzNumber of jailz	Jail listz, r�)
r:rLr9rMr�r9r7r;r<�append)r#�jailss  r&�
testStatuszTransmitter.testStatusos����=�/�%����4�;�&�&��z�2�2��	�3�u�:�:�&��d�i�i��6F�6F�(G�H�I�K�K�K��+���k�<�0�0�0��,�,�{�������4�;�&�&��z�2�2��	�3�u�:�:�&��d�i�i��6F�6F�(G�H�I�K�K�K�K�Kr)c
��|�|j�d|jg��dddddgfgfddd	d
gfgfgf��dS)Nr�r�Filter�zCurrently failedr�zTotal failedr�	File list�Actions�zCurrently bannedr�zTotal bannedr�Banned IP listr�rts r&�testJailStatuszTransmitter.testJailStatusxs������4�;�&�&��$�-�'@�A�A������B����
��������
�
�����r)c
��|�|j�d|jdg��dddddgfgfdd	d
dgfgfgf��dS)Nr��basicrrmrnrorprqrrrsrtr�rts r&�testJailStatusBasiczTransmitter.testJailStatusBasic�s������4�;�&�&��$�-��'I�J�J������B����
��������
�
�����r)c
��|�|j�d|jdg��dddddgfgfdd	d
dgfgfgf��dS)Nr��INVALIDrrmrnrorprqrrrsrtr�rts r&�testJailStatusBasicKwargz$Transmitter.testJailStatusBasicKwarg�s������4�;�&�&��$�-��'K�L�L������B����
��������
�
�����r)c
�"�tj���	ddl}ddl}g}n#t
$rdg}YnwxYw|�|j�d|j	dg��dddddgfgfd	d
ddgfd
|fd|fd|fgfgf��dS)Nr�errorr��cymrurmrnrorprqrrrsrtzBanned ASN listzBanned Country listzBanned RIR list)
r�r��SkipIfNoNetwork�
dns.exception�dns.resolver�ImportErrorrLr9rMr:)r#�dnsrfs   r&�testJailStatusCymruzTransmitter.testJailStatusCymru�s��
�,��� � � �����������5�5��
�����9�5�5�5�����
���4�;�&�&��$�-��'I�J�J������B����
�������%� ��e�$��%� �
"��
������s�+�
;�;c�z�d}gd�}gd�}|�|j�d|jd|g��d|f��|�|j�d|jdg��d	d|��t	||��D]@\}}|�|j�d|jd
|||g��d|f���At	||��D]?\}}|�|j�d|jd
||g��d|f���@|�|j�d|jd
|ddg��d
��|�|j�d|jd
|dg��d
��|�|j�d|jd
|dg��dd	��|�|j�d|jd
|ddg��d��|�|j�d|jd
|dg��d��|�|j�d|jd|g��d��|�|j�d|jddg��dd	��dS)N�TestCaseAction)�actionstart�
actionstop�actioncheck�	actionban�actionunban)zAction StartzAction StopzAction Checkz
Action BanzAction UnbanrD�	addactionrrErr�action�KEY�VALUE)rr��
InvalidKey�timeout�10)r�
�	delactionrxz
Doesn't exist)rLr9rMr:�zip)r#r��cmdList�cmdValueListrNrfs      r&�
testActionzTransmitter.testAction�sk���&�
�
�
�'����,�����;����t�}�k�6�B�C�C��v�;��������;���
�D�M�9�%�'�'�'(�*�*+�-�	�������.�.���j�c�5�����K����T�]�H�f�c�5�9�;�;���J��������.�.���j�c�5�����K�����
�x���E�F�F���J���������;���
�D�M�8�V�U�G�<�>�>���������;���
�D�M�8�V�U�3�5�5���������;���
�D�M�8�V�\�:�<�<�<=�?���������;���
�D�M�8�V�Y��=�?�?�
��������;���
�D�M�8�V�Y�7�9�9�
��������;����t�}�k�6�B�C�C���������;���
�D�M�;��8�:�:�:;�=�=>�@�@�@�@�@r)c��d}|j�d|jd|tj�tdd��dg��}|�|d|f��|�|j�d|jd	|g��d
ddg��|�|j�d|jd
|dg��d��|�|j�d|jd
|dg��d��|�|j�d|jd|g��d
gd���|�|j�d|jd
|ddg��d��|�|j�d|jd
|ddg��d��|�|j�d|jd
|ddg��d��dS)Nr�rDr��action.dz	action.pyz{"opt1": "value"}rrE�actionpropertiesr�opt1�opt2r�)rrfrx�
actionmethods)�ban�rebanr�rw�
testmethod�unbanr�z{"text": "world!"})rzHello world! value�
another value)rr�)rzHello world! another value)	r9rMr:r�r8r9r:rLr^)r#r��outs   r&�$testPythonActionMethodsAndPropertiesz0Transmitter.testPythonActionMethodsAndPropertiesse���&�����	�4�=�+�v��G�L�L���[�9�9���	�	�#����3��F��$�$�$�����;����t�}��� �!�!�!"�$�
�F���������;����t�}�h��
��
�
���������;����t�}�h��
��
�
���������;����t�}�o�
��
�
�
��;�;�;�=�=�=�����;����t�}�h���&�(�)�)���������;����t�}�h��
�O������������;����t�}�h���&�(�)�)�$�&�&�&�&�&r)c�r�|�|j�ddg��dd��dS)Nrz�COMMANDrrryrts r&�testNOKzTransmitter.testNOK,s8�����4�;�&�&�	�9�'=�>�>�q�A�!�D�D�D�D�Dr)c�r�|�|j�gd���dd��dS)N)rDrzr�rrryrts r&�
testSetNOKzTransmitter.testSetNOK/�E������;���4�4�4�5�5�a�8��<�<�<�<�<r)c�r�|�|j�gd���dd��dS)N)rErzr�rrryrts r&�
testGetNOKzTransmitter.testGetNOK3r�r)c�r�|�|j�gd���dd��dS)N)r�rzr�rrryrts r&�
testStatusNOKzTransmitter.testStatusNOK7sE������;���7�7�7�8�8��;�A�?�?�?�?�?r)c
�^�tstjd���d}|j�|d��gd�}t|��D]N\}}|�|j�d|d|g��dd�|d|d	z�D��f���Ot|��D]N\}}|�|j�d|d
|g��dd�||d	zd�D��f���Od}|�|j�d|d|g��d|ggf��|�|j�d|d|g��d|g|ggf��|�|j�d|d
|g��d|ggf��|�|j�d|d
|g��dgf��gd
�}|�|j�d|dg|z��ddgddggf��|�|j�d|d
g|dd	�z��dddggf��|�|j�d|d
g|dd�z��dgf��d}|j�d|d|g��}|�	t|d	t����d}|j�d|d
|g��}|�	t|d	t����dS)N�&systemd python interface not availabler��systemd��_SYSTEMD_UNIT=sshd.servicezTEST_FIELD1=ABCz_HOSTNAME=example.comrD�addjournalmatchrc��g|]}|g��Sr!r!�r�vals  r&rz0Transmitter.testJournalMatch.<locals>.<listcomp>I���'�'�'�3�#��'�'�'r)r�deljournalmatchc��g|]}|g��Sr!r!r�s  r&rz0Transmitter.testJournalMatch.<locals>.<listcomp>Nr�r)�
_COMM=sshd)r��+r��_UID=0r�r�rzThis isn't valid!zFIELD=NotPresent)rr��SkipTestr7r;r]rLr9rMr�r��
ValueError)r#r:rbrerfr>s      r&�testJournalMatchzTransmitter.testJournalMatch;s��	�E�	�	�C�	D�	D�D�
�(��+���h�	�*�*�*����&�
�F�#�#�*�*�h�a������K����X�(�%�0�2�2��'�'�&��!�A�#��,�'�'�'�(�*�*�*�*��F�#�#�*�*�h�a������K����X�(�%�0�2�2��'�'�&��1����,�'�'�'�(�*�*�*�*��%�����;���
�H�'��/�1�1����y�>��������;���
�H�'��/�1�1����%�������
����;���
�H�'��/�1�1����y�>����
����;���
�H�'��/�1�1��r�7����
>�>�>�%�����;���
�H�'�(�5�0�2�2����5�x�@�A�B�D�D�D�����;���
�H�'�(�5��!��9�4�6�6��	%�x�0�1�2�4�4�4�����;���
�H�'�(�5����9�4�6�6��r�7�����%��;���	�8�&��.�0�0�&��/�/�*�V�A�Y�
�3�3�4�4�4��%��;���	�8�&��.�0�0�&��/�/�*�V�A�Y�
�3�3�4�4�4�4�4r)c
� �tstjd���|�d��d}|j�|d��gd�}t
|��D]N\}}|�|j�	d|d|g��dd	�|d|d
z�D��f���Ot
|��D]N\}}|�|j�	d|d|g��dd�||d
zd�D��f���OdS)
Nr�Tr�zsystemd[journalflags=2]r�rDr�rc��g|]}|g��Sr!r!r�s  r&rz5Transmitter.testJournalFlagsMatch.<locals>.<listcomp>�r�r)rr�c��g|]}|g��Sr!r!r�s  r&rz5Transmitter.testJournalFlagsMatch.<locals>.<listcomp>�r�r))
rr�r�r�r7r;r]rLr9rM)r#r:rbrerfs     r&�testJournalFlagsMatchz!Transmitter.testJournalFlagsMatch�sf��	�E�	�	�C�	D�	D�D��/�/�$����
�(��+���h� 9�:�:�:����&�
�F�#�#�*�*�h�a������K����X�(�%�0�2�2��'�'�&��!�A�#��,�'�'�'�(�*�*�*�*��F�#�#�*�*�h�a������K����X�(�%�0�2�2��'�'�&��1����,�'�'�'�(�*�*�*�*�*�*r)N)1r,r-r.rurzr~r�r�r�r�r�r�r�r�r�r�r�r�r�rrrrr%r'r*r/r;r?rGrMrQrUrXrargrkrurxr{r�r�r�r�r�r�r�r�r�r!r)r&rprp�s�������,�,�,�
=�=�=�?�?�?�K�K�K�6�6�6�	I�	I�	I�.�.�.�`;�;�;�$
>�
>�
>�<�<�<�$	�	�	�<�<�<�;�;�;�
F�
F�
F�K�K�K�	�	�	�c�c�c�:(�(�(�&�)�)��-�)�V?�?�?�=�=�=�=�=�=�B�B�B�(�(�(�T2�2�2����#�#�#�JR�R�R�?�?�?�<�<�<����0���0K�K�K����$���$���$���<:@�:@�:@�x"&�"&�"&�HE�E�E�<�<�<�<�<�<�?�?�?�E5�E5�E5�N*�*�*�*�*r)rpc�L��eZdZeZ�fd�Zd�Zd�Zd�Zd�Z	d�Z
d�Zd�Z�xZ
S)	�TransmitterLoggingc����tt|�����|j�d��|j�d��|j�d��dS)N�	/dev/null�CRITICALr�)r4r�r5r7r+r'�setSyslogSocketr=s �r&r5zTransmitterLogging.setUp�sh�����D�!�!�'�'�)�)�)��+���;�'�'�'��+���*�%�%�%��+���f�%�%�%�%�%r)c���g}td��D]L}tjdd��}|�|d��t	j|d���M|D]}|�d|���d}|�d|��|j�	gd���|D]}t	j
|���|�dd	d
��|�ddd��dS)
Nr�r�transmitterrr�	logtarget�/this/path/should/not/exist)rDr�r�zSTDOUT[format="%(message)s"]�STDOUTz!STDERR[datetime=off, padding=off]�STDERR)�ranger�r�rir�r�rUrXr9rM�remove)r#�
logTargets�_�tmpFile�	logTargetrfs      r&�
testLogTargetz TransmitterLogging.testLogTarget�s���*���8�8���a�
�
�j�-�
8�
8�7�
���W�Q�Z� � � ��8�G�A�J������+�+�i��?�?�;�	�*�*�*�*�(�%����[�%�(�(�(��+���7�7�7�8�8�8����i��9�Y������/�/�+�=�x�H�H�H��/�/�+�B�H�M�M�M�M�Mr)c�L�tj�d��stjd���|�|j���d��|�dd��|�|j���d��dS)N�/dev/logz'/dev/log' not presentr�r��SYSLOG)	r�r8�existsr�r�r�r7�getSyslogSocketrUrts r&�testLogTargetSYSLOGz&TransmitterLogging.testLogTargetSYSLOG�s���	����
�	#�	#�5�	�	�3�	4�	4�4��/�/�$�+�-�-�/�/��8�8�8��/�/�+�x�(�(�(��/�/�$�+�-�-�/�/��<�<�<�<�<r)c�2�|�dd��dS)N�syslogsocketz/dev/log/NEW/PATH)rUrts r&�testSyslogSocketz#TransmitterLogging.testSyslogSocket�s���/�/�.�"5�6�6�6�6�6r)c�T�|�dd��|�dd��|�dd��|jdiitdtd��d�	��d
�t	j��dvotj�d����dS)
Nr�r�r�r�r�rzFailed to change log targetT)rQrPrI)TF)�Linux)r�r�)	rUrX�dict�	Exception�platform�systemr�r8r�rts r&�testSyslogSocketNOKz&TransmitterLogging.testSyslogSocketNOK�s����/�/�.�"?�@�@�@����[�(�+�+�+��/�/�.�*�-�-�-��$�/����
���7�8�8�
�"�"�"�������J�&�E�2�7�>�>�*�+E�+E�
G�����r)c���|�dd��|�dd��|�dd��|�dd��|�dd��|�dd��|�dd��|�dd	��|�dd
��|�ddd
��|�dd��dS)
N�loglevel�
HEAVYDEBUG�
TRACEDEBUG�9�DEBUG�INFO�NOTICE�WARNING�ERRORr��cRiTiCaL�Bird)rUrXrts r&�testLogLevelzTransmitterLogging.testLogLevel�s����/�/�*�l�+�+�+��/�/�*�l�+�+�+��/�/�*�c�"�"�"��/�/�*�g�&�&�&��/�/�*�f�%�%�%��/�/�*�h�'�'�'��/�/�*�i�(�(�(��/�/�*�g�&�&�&��/�/�*�j�)�)�)��/�/�*�j�*�5�5�5����Z��(�(�(�(�(r)c�f�|�|j�dg��d��	tjd��\}}tj|��|j�d��|�|j�dd|g��d|f��td��}|�
d	��	tjd��\}}tj|��tj||��|�
d
��|�|j�dg��d��|�
d��t|d��5}t|��}|�d
��dkrt|��}|�|�d����t|��}|�|�d����	t|��}|�d��dkr!|�t$|j��n|�d|z��n#t$$rYnwxYwddd��n#1swxYwYt|d��5}t|��}|�d��dkrt|��}|�|�d����|�t$|j��|���ddd��n#1swxYwYtj|��n#tj|��wxYw		tj|��n:#t,$rYn.wxYw#	tj|��w#t,$rYwwxYwxYw|�|j�gd���d��|�|j�dg��d��dS)N�	flushlogs)rzrolled overzfail2ban.logr�rDr�rrzBefore file movedzAfter file movedzAfter flushlogs�rzChanged logging target tozBefore file moved
zAfter file moved
zCommand: ['flushlogs']zCException StopIteration or Command: ['flushlogs'] expected. Got: %szrollover performed onzAfter flushlogs
)rDr�r�)rr�)r�flushed)rLr9rMr�r�r�r�r7r'r�warning�rename�open�next�findr��endswith�assertRaises�
StopIteration�__next__�failr��OSError)	r#�f�fn�l�f2�fn2�line1�line2res	         r&�
testFlushLogsz TransmitterLogging.testFlushLogs�sS�����4�;�&�&��}�5�5�7I�J�J�J�*	���N�+�+�5�1�b��8�A�;�;�;��;���9�%�%�%����D�K�'�'���R�(@�A�A�A�r�7�K�K�K�����1��9�9�
 �!�!�!����~�.�.�G�B���H�R�L�L�L��I�b�#�����I�I� �!�!�!����T�[�(�(�+��7�7�9K�L�L�L��I�I�� � � �	
�c�#����!�
�!�W�W�U�
�
�
�.�/�/�1�4�4��1�g�g�e�	�_�_�U�^�^�$9�:�:�;�;�;�
�!�W�W�U�	�_�_�U�^�^�$8�9�9�:�:�:��
�q�'�'�a�	
���(�	)�	)�A�	-�	-������
�3�3�3�3��y�y�V�YZ�Z�[�[�[�������
�d�����������������������
�b������
�!�W�W�U�
�
�
�*�+�+�q�0�0��1�g�g�e�	�_�_�U�^�^�$7�8�8�9�9�9�	���}�a�j�1�1�1��W�W�Y�Y�Y�
�������������������I�c�N�N�N�N��B�I�c�N�N�N�N����N�	��I�b�M�M�M�M��
�	�	�	��D�	�����	��I�b�M�M�M�M��
�	�	�	��D�	����������4�;�&�&�'E�'E�'E�F�F�
�V�V�V����4�;�&�&��}�5�5�~�F�F�F�F�Fs��BN(�B)M(�7BJ
�A!I1�0J
�1
I>�;J
�=I>�>J
�M(�
J�M(�J�M(�(BM�<M(�M�M(�M�M(�N(�(M>�>N(�N�
N%�$N%�(O�*N?�>O�?
O�	O�O�Oc��|�ddd|j���|�ddd|j���|�dd	d
|j���|�ddd|j���|�d
d|j���|�ddd|j���|�ddd|j���dS)Nzbantime.increment�trueTr�zbantime.rndtime�30minr�zbantime.maxtimez	1000 daysi\&zbantime.factorr!zbantime.formulazGban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)zbantime.multipliersz1 5 30 60 300 720 1440 2880zbantime.overalljailsrPrts r&�testBanTimeIncrz"TransmitterLogging.testBanTimeIncr
s����/�/�%�v�t�$�-�/�H�H�H��/�/�#�W�e�$�-�/�H�H�H��/�/�#�[�-�d�m�/�T�T�T��/�/�"�C��4�=�/�A�A�A��/�/�#�%n�uy�vC�/�D�D�D��/�/�'�)F�He�lp�ly�/�z�z�z��/�/�(�&�&�t�}�/�M�M�M�M�Mr))r,r-r.r	r6r5r�r�r�r�r�rrrmrns@r&r�r��s����������&�&�&�&�&�N�N�N�(=�=�=�7�7�7�
�
�
�)�)�)�.G�.G�.G�`N�N�N�N�N�N�Nr)r�c��eZdZd�ZdS)�	JailTestsc�^�d}t|��}|�|j|��dS)N�veryveryverylongname)rrLrE)r#�longnamerRs   r&�testLongNamezJailTests.testLongNames0��
#�(�	
�h���$����4�9�h�'�'�'�'�'r)N)r,r-r.rr!r)r&rrs#������(�(�(�(�(r)rc� �eZdZd�Zd�Zd�ZdS)�
RegexTestsc���|�ttd��|�ttd��|�ttd��dS)NrT� �	)rrrrts r&�testInitzRegexTests.testInit"sP�����N�E�2�.�.�.����N�E�3�/�/�/����N�E�4�0�0�0�0�0r)c��|�ttd�����dd��d��|�ttd�����d����dS)N�a�"�'z
Regex('a')r\z
FailRegex()rLrar�replacer�r�
startswithrts r&�testStrzRegexTests.testStr(sj�����3�u�S�z�z�?�?�*�*�3��4�4�l�C�C�C��/�/�#�i��)�)�*�*�5�5�l�C�C�D�D�D�D�Dr)c�^
�|�ttd��|�ttd��|�td����|�td����|�td����|�td����|�td����|�td����|�td	����td
��}|�|�����|�dg��|�|�����|�t|j��td��}|�|�����|�d
g��|�|�����|�t|j��td��}|�|�����|�dg��|�|�����|�|���d��|�dg��|�|�����|�|���d��|�dg��|�|�����|�|���d��td��}|�|�����|�dg��|�|�����|�|�	��d��td��}|�dg��|�
��}|�||jfd��|�dg��|�
��}|�||jfd��|�dg��|�
��}|�||jfd��|�dg��|�
��}|�||jfd��td ��}|�d!g��|�
��}|�||jfd"��|�d#g��|�
��}|�||jfd��|�d$g��|�
��}|�||jfd%��|�d&g��|�
��}|�||jfd'��dS)(NrTz^test no group$z^test <HOST> group$z^test <IP4> group$z^test <IP6> group$z^test <DNS> group$z<^test id group: ip:port = <F-ID><IP4>(?::<F-PORT/>)?</F-ID>$z-^test id group: user:\(<F-ID>[^\)]+</F-ID>\)$z#^test id group: anything = <F-ID/>$z	%%<HOST>?)z%%rTrTz#%%inet(?:=<F-IP4/>|inet6=<F-IP6/>)?)z%%inet=testrTrTz(%%(?:inet(?:=<IP4>|6=<IP6>)?|dns=<DNS>?))z%%inet=192.0.2.1rTrTr�)z%%inet6=2001:DB8::rTrT�
2001:DB8::)z%%dns=example.comrTrTzexample.com)z%test id group: user:(test login name)rTrTztest login namez%%net=<SUBNET>)z%%net=192.0.2.1rTrT)r��inet4)z%%net=192.0.2.1/24rTrT)z192.0.2.0/24r&)z%%net=2001:DB8:FF:FF::1rTrT)z2001:db8:ff:ff::1�inet6)z%%net=2001:DB8:FF:FF::1/60rTrT)z2001:db8:ff:f0::/60r'z%%ip="<ADDR>", mask="<CIDR>?")z%%ip="192.0.2.2", mask=""rTrT)r�r&)z%%ip="192.0.2.2", mask="24"rTrT)z"%%ip="2001:DB8:2FF:FF::1", mask=""rTrT)z2001:db8:2ff:ff::1r')z$%%ip="2001:DB8:2FF:FF::1", mask="60"rTrT)z2001:db8:2ff:f0::/60r')rrrr�rr�
hasMatched�search�getHostrL�	getFailID�getIP�	familyStr)r#�frrs   r&�testHostzRegexTests.testHost.s������N�I�r�2�2�2����N�I�/@�A�A�A��/�/�)�2�3�3�4�4�4��/�/�)�1�2�2�3�3�3��/�/�)�1�2�2�3�3�3��/�/�)�1�2�2�3�3�3��/�/�)�[�\�\�]�]�]��/�/�)�L�M�M�N�N�N��/�/�)�B�C�C�D�D�D�����"����2�=�=�?�?�#�#�#��)�)�\�N�����/�/�"�-�-�/�/�"�"�"����N�B�J�/�/�/��7�8�8�"����2�=�=�?�?�#�#�#��)�)�
"�#�$�$�$��/�/�"�-�-�/�/�"�"�"����N�B�J�/�/�/��<�=�=�"����2�=�=�?�?�#�#�#��)�)�
'�(�)�)�)��/�/�"�-�-�/�/�"�"�"����2�:�:�<�<��-�-�-��)�)�
)�*�+�+�+��/�/�"�-�-�/�/�"�"�"����2�:�:�<�<��.�.�.��)�)�
(�)�*�*�*��/�/�"�-�-�/�/�"�"�"����2�:�:�<�<��/�/�/��A�B�B�"����2�=�=�?�?�#�#�#��)�)�
<�=�>�>�>��/�/�"�-�-�/�/�"�"�"����2�<�<�>�>�#4�5�5�5��"�#�#�"��)�)�
&�'�(�(�(�	�x�x�z�z�"����B���%�'=�>�>�>��)�)�
)�*�+�+�+�	�x�x�z�z�"����B���%�'@�A�A�A��)�)�
.�/�0�0�0�	�x�x�z�z�"����B���%�'E�F�F�F��)�)�
1�2�3�3�3�	�x�x�z�z�"����B���%�'G�H�H�H��1�2�2�"��)�)�
0�1�2�2�2�	�x�x�z�z�"����B���%�'=�>�>�>��)�)�
2�3�4�4�4�	�x�x�z�z�"����B���%�'@�A�A�A��)�)�
9�:�;�;�;�	�x�x�z�z�"����B���%�'F�G�G�G��)�)�
;�<�=�=�=�	�x�x�z�z�"����B���%�'H�I�I�I�I�Ir)N)r,r-r.rr#r/r!r)r&rr sN������1�1�1�E�E�E�DJ�DJ�DJ�DJ�DJr)rc��eZdZd�ZdS)�
_BadThreadc� �td���)Nzrun bad thread exception)r�rts r&�runz_BadThread.runvs���/�0�0�0r)N)r,r-r.r3r!r)r&r1r1us#������1�1�1�1�1r)r1c� �eZdZd�Zd�Zd�ZdS)�LoggingTestsc��td��}|�|jjd��|�|jd��dS)Nzfail2ban.some.string.with.namerz
fail2ban.name)rrL�parentrE)r#�
testLogSyss  r&�testGetF2BLoggerzLoggingTests.testGetF2BLogger|sJ���9�:�:�*����:�$�)�:�6�6�6����:�?�O�4�4�4�4�4r)c����tj}g��fd�t_	t��}|���|�����t
j��fd�d����|t_n#|t_wxYw��d����	t���d����	�ddt��dS)Nc�.����|��Sr )ri)r$rHs �r&r�z5LoggingTests.testFail2BanExceptHook.<locals>.<lambda>�s���Q�X�X�d�^�^�r)c�L��t���o��d��S)N�Unhandled exception)r��
_is_logged)r#rHs��r&r�z5LoggingTests.testFail2BanExceptHook.<locals>.<lambda>�s���C��F�F�,]�t���G\�7]�7]�r)r�r=rr)�sys�__excepthook__r1r�r9r�rr�r�rLr�r�)r#�prev_exchook�	badThreadrHs`  @r&�testFail2BanExceptHookz#LoggingTests.testFail2BanExceptHook�s������#�,��!�3�3�3�3�#��%��|�|�9��?�?�����>�>�����?�?�E�N�$]�$]�$]�$]�$]�_`�a�a�c�c�c�$�3�����3��$�$�$�$����)�*�*�*����3�q�6�6�1�������1�Q�4��7�L�)�)�)�)�)s�A"B�Bc��g}tjdd��\}}tj|��|�|��tjdd��\}}tj|��|�|��t��}	|�||d���|�|�����|�	d��|�
��|D]5}tj�|��rtj
|���6dS#|�
��|D]5}tj�|��rtj
|���6wxYw)Nz
fail2ban.sockzf2b-testzfail2ban.pidF)�forcezServer already running)r�r�r�r�rirr�rrrsr�rAr8r�r�)r#�	tmp_files�sock_fd�	sock_name�
pidfile_fd�pidfile_namer7rs        r&�testStartFailedSockExistsz&LoggingTests.testStartFailedSockExists�sm���)��'���D�D��'�9��(�7�������9����%�-�n�j�I�I��*�l��(�:�������<� � � ��<�<�&��	�<�<�	�<�u�<�5�5�5����F�$�$�&�&�'�'�'����-�.�.�.�	�;�;�=�=�=����q�	�w�~�~�a�����Y�q�\�\�\�����
�;�;�=�=�=����q�	�w�~�~�a�����Y�q�\�\�\�����s�AD6�6AFN)r,r-r.r9rCrKr!r)r&r5r5zsA������5�5�5�

*�
*�
*�����r)r5)�ActionReader�JailsReader�
CONFIG_DIRc�l��eZdZ�fd�Z�fd�Z�fd�Zdd�Zd�Zd�Zd�Z	d	�Z
d
�Zd�Zdd�Z
d
�Z�xZS)�ServerConfigReaderTestsc�V��tt|��j|i|��i|_dSr )r4rP�__init__�#_ServerConfigReaderTests__share_cfg)r#r$r%r>s   �r&rRz ServerConfigReaderTests.__init__�s4���/�%���&�&�/��@��@�@�@��$���r)c�d��tt|�����g|_dS)r2N)r4rPr5�_execCmdLstr=s �r&r5zServerConfigReaderTests.setUp�s.������&�&�,�,�.�.�.��$���r)c�V��tt|�����dSr@)r4rPrBr=s �r&rBz ServerConfigReaderTests.tearDown�s&������&�&�/�/�1�1�1�1�1r)r�c���|�d��D]M}|�d��st�d|���3t�|���NdS)N�
�#zexec-cmd: `%s`T)�splitr"�logSys�debug)r#�realCmdr�rs    r&�_executeCmdz#ServerConfigReaderTests._executeCmd�s_���=�=������a�
�,�,�s�
�
��
�L�L�!�1�%�%�%�%�
�L�L��O�O�O�O�	
�r)c��t|d��sit��}i|_dD]Q\}}t|��}|�d��t
j�||��|j|<�R|jS)N�__aInfos))�ipv4r�)�ipv6r%r�)�hasattrr� _ServerConfigReaderTests__aInfosr�
setBanTime�_actionsrq�
ActionInfo)r#�dmyjail�tr�tickets     r&�_testActionInfosz(ServerConfigReaderTests._testActionInfos�s���	��z�	"�	"�D�
�[�[�7��4�=�?�D�D�u�q�"�
�r�]�]�F�
���c�����'�2�2�6�7�C�C�D�M�!���	
��r)c���|j}|���}|D�]Q}||jD�]?}||j|}t�d��t�d|dz|jz��t�d��t
|tj��s��|j	|_
t�d��|���|���t�d��|���|�
|d��t�d��|���|�|d��t�d��|���|�
|d	��t�d
��|���|�|d	��t�d��|���|�����A��SdS)N�4# ==================================================�
# == %-44s ==� - �# === start ===�# === ban-ipv4 ===ra�# === unban ipv4 ===�# === ban ipv6 ===rb�# === unban ipv6 ===�# === stop ===)r�rkrr[r\�_namer�rf�
CommandActionr^�
executeCmdr�r�r�r�rw)r#r7rj�aInfosrRrr�s       r&�_testExecActionsz(ServerConfigReaderTests._testExecActions�s���
�
�%�� � �"�"�&����d��$�K����q�
�4�[�
 ��
#�F�
�L�L�"�#�#�#�
�L�L��$��,���"=�>�>�>�
�L�L�"�#�#�#��f�h�4�5�5�?�x��(�F��
�L�L�"�#�#�#�T�]�]�_�_�_�
�L�L�N�N�N�
�L�L�%�&�&�&��
�
����
�J�J�v�f�~����
�L�L�'�(�(�(�$�-�-�/�/�/�
�L�L���� � � �
�L�L�%�&�&�&��
�
����
�J�J�v�f�~����
�L�L�'�(�(�(�$�-�-�/�/�/�
�L�L���� � � �
�L�L�!�"�"�"�D�M�M�O�O�O�
�K�K�M�M�M�M�5��r)c�f�tj�d���ttd|j���}|�|�����|�|�����|�	d���}t��}|j}|j}|D�]H}|ddk�r8|ddkrd|d	<n�t|��d
kr�|ddkr�|d	dkrvtj�t"d
|d��}tj�|��s%tj�t"d��}||d
<nDtjjr3t|��d
kr |ddvr|d	dkr
d|d<d|d
<	||����#t($r&}|�d|�d|����Yd}~��@d}~wwxYw��Jtjjs|�|��dSdS)NT��stock)�basedir�force_enable�share_config)�allow_no_filesrr�rZrrr�rDr3�logsrr2)rDz	multi-setr^zDUMMY-REGEX <HOST>zCommand z has failed. Received )r�r��SkipIfCfgMissingrMrNrSr��read�
getOptions�convertrr8�_Transmitter__commandHandlerr�r�r8r9r:r�r�r�rrz)	r#rj�streamr7r9�
cmdHandlerrNr�es	         r&�testCheckStockJailActionsz1ServerConfigReaderTests.testCheckStockJailActions�s:��
�,���d��+�+�+�
�j�t�$�JZ�
[�
[�
[�%��/�/�%�*�*�,�,�����/�/�%�"�"�$�$�%�%�%��=�=��=�-�-�&��<�<�&��!�&��2�*��@�@�c�	�!�f����
�1�v�����S��V�V�

�S���A���#�a�&�E�/�/�c�!�f��.D�.D�
�'�,�,�~�v�s�1�v�
6�
6�R�
�G�N�N�2���:�
�7�<�<��(8�9�9�b��S��V�V�
��	�#���X�X��\�\�c�!�f� 4�4�4��Q��>�9Q�9Q��S��V�"�S��V�@��Z��_�_�_�_���@�@�@�	�Y�Y�Y�s�s�s�A�A�>�?�?�?�?�?�?�?�?�����@����/�>
��	�!����� � � � � �!�!s�G�
H�G?�?Hc�d�|�d|��}t|��\}}d|dgg}t||||jt���}|�|�����|�i��|�|�	����|S)Nz%(__name__)srZr)r�r~)
r!rrLrSrNr�r�r��extendr�)r#rR�act�actName�actOptr�r�s       r&�getDefaultJailStreamz,ServerConfigReaderTests.getDefaultJailStreams������N�D�)�)�#�"�3�'�'�/�'�6�	�4����&��
�D�&�� �*�6�6�6�&��/�/�&�+�+�-�-� � � ����B�����-�-���� � �!�!�!�	�-r)c�T�tj�d���tj���ddl}t��}|j}|�tj�	tdd����D]�}tj�|���dd��}|�
d|z|��}|D]0}|�|��\}}	|�|d���1|�|����dS)	NTr|rr�z*.confz.confrTzj-)r�r�r��
SkipIfFast�globrr8r�r8r9rN�basenamer!r�rMrLrz)
r#r�r7r9�actCfgr�r�rNrg�ress
          r&�testCheckStockAllActionsz0ServerConfigReaderTests.testCheckStockAllActions+s��
�,���d��+�+�+�
�,������
�+�+�+��<�<�&��!�&��	�	�"�'�,�,�z�:�x�H�H�I�I�	!�	!�f�	��	�	�&�	!�	!�	)�	)�'�2�	6�	6�3��%�%�d�3�h��4�4�6����s��~�~�c�"�"�H�C�����S�!��������� � � � �	!�	!r)c���tj�d���ddddddd	d
ddd
ddddd�
fdddddddddddddddd�
fd d!d"d#d$d%d&d'd(d)d*d+�	fd,d-d"d#d.d/d0d1d2�fd3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdB�
fdCdDd5d6d7dEdFdGdHdIdJdKdLdMdNdB�
fdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]dB�
fd^d_d`dadSdbdcdddedfdgdhdidjdkdB�
fdldmd5d6dSdndodpdqdrdsdtdudvdwdB�
fdxdyd5d6dSdzd{d|d}d~dd�d�d�d�dB�
fd�d�d�d�d�d�d�d�d�d�d�d�d�d��fd�d�d�d�d�d�d�d�d�d�d�d�d�d��fd�d�d�d�d�d�d�d�d�d�d�d�d�d��fd�d�d�d�d�d�d�d�d�d�d�d�d�d�d��fd�d�d�d�d�d�d�d�d�d�d�d�d�d��fd�d�d�d�d�d�d�d�d�d�d�d�d�d��fd�d�d�d�d�d�d�d�d�d�d�d�dל
fd�d�d�d�d�d�d�d�d�d�d�d�dל
fd�d�d�d�d�d�d�d�d2�fd�d�d�d�d�d�d�d�d2�ff}t��}|j}|j}|D]O\}}}|�||��}|D]0}	|�|	��\}
}|�|
d���1�P|j	}|�
��}
|D�]	\}}}||jD�]�}||j|}t�
d��t�
d�|d�z|jz��t�
d��|�t!|t"j����|j|_|�d���|���|�d���r|j|d�d�di�nF|�d���r1|�d���r|j|d�|d�zd�di�|�d���|�|
d���|�d���r>|j|�d�|�d�d�����|d�zd�di�|�d���r|j|d�d�di�|j|d�d�di�|j|�dd�di�|��d��|�|
d���|j|�dd�di�|j|�dd�di�|��d��|�|
�d��|�d���r>|j|�d�|�d�d�����|d�zd�di�|�d���r|j|d�d�di�|j|�dd�di�|j|�dd�di�|��d��|�|
�d��|j|�dd�di�|j|�dd�di�|��d	��r�|��d
��|�|
d��d��|j|��d|�d�d�����|�d	zd�di�|��d
��r(|�d
|�d	kr|j|�d
d�di�|��d
��r�|��d��|�|
�d�d��|j|��d|�d�d�����|�d
zd�di�|��d	��r(|�d	|�d
kr|j|�d	d�di�|��d��r>|��d��|���|j|�dd�di�|��d��|���|��d��r+|j|�d�d���|�dzd�di������dS(NTr|z
j-w-nft-mpzQnftables-multiport[name=%(__name__)s, port="http,https", protocol="tcp,udp,sctp"])zip �	ipv4_addrzaddr-)zip6 �	ipv6_addrzaddr6-)�`nft add table inet f2b-table`�W`nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}`�9`for proto in $(echo 'tcp,udp,sctp' | sed 's/,/ /g'); do`�`done`)zG`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`z�`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`)zH`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`z�`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`)zG`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || zH`{ nft flush set inet f2b-table addr6-set-j-w-nft-mp 2> /dev/null; } || )z�`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`�5`nft delete rule inet f2b-table f2b-chain $hdl; done`z3`nft delete set inet f2b-table addr-set-j-w-nft-mp`z�`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`r�z4`nft delete set inet f2b-table addr6-set-j-w-nft-mp`)zO`nft list chain inet f2b-table f2b-chain | grep -q '@addr-set-j-w-nft-mp[ \t]'`)zP`nft list chain inet f2b-table f2b-chain | grep -q '@addr6-set-j-w-nft-mp[ \t]'`)zD`nft add element inet f2b-table addr-set-j-w-nft-mp \{ 192.0.2.1 \}`)zG`nft delete element inet f2b-table addr-set-j-w-nft-mp \{ 192.0.2.1 \}`)zF`nft add element inet f2b-table addr6-set-j-w-nft-mp \{ 2001:db8:: \}`)zI`nft delete element inet f2b-table addr6-set-j-w-nft-mp \{ 2001:db8:: \}`)
�ip4�ip6�*-start�	ip4-start�	ip6-start�flushrw�	ip4-check�	ip6-check�ip4-ban�	ip4-unban�ip6-ban�	ip6-unbanz
j-w-nft-apz8nftables-allports[name=%(__name__)s, protocol="tcp,udp"])r�r�)zG`nft add set inet f2b-table addr-set-j-w-nft-ap \{ type ipv4_addr\; \}`zg`nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp,udp \} ip saddr @addr-set-j-w-nft-ap reject`)zH`nft add set inet f2b-table addr6-set-j-w-nft-ap \{ type ipv6_addr\; \}`zi`nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp,udp \} ip6 saddr @addr6-set-j-w-nft-ap reject`)zG`{ nft flush set inet f2b-table addr-set-j-w-nft-ap 2> /dev/null; } || zH`{ nft flush set inet f2b-table addr6-set-j-w-nft-ap 2> /dev/null; } || )z�`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`r�z3`nft delete set inet f2b-table addr-set-j-w-nft-ap`z�`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`r�z4`nft delete set inet f2b-table addr6-set-j-w-nft-ap`)zO`nft list chain inet f2b-table f2b-chain | grep -q '@addr-set-j-w-nft-ap[ \t]'`)zP`nft list chain inet f2b-table f2b-chain | grep -q '@addr6-set-j-w-nft-ap[ \t]'`)zD`nft add element inet f2b-table addr-set-j-w-nft-ap \{ 192.0.2.1 \}`)zG`nft delete element inet f2b-table addr-set-j-w-nft-ap \{ 192.0.2.1 \}`)zF`nft add element inet f2b-table addr6-set-j-w-nft-ap \{ 2001:db8:: \}`)zI`nft delete element inet f2b-table addr6-set-j-w-nft-ap \{ 2001:db8:: \}`zj-dummyzodummy[name=%(__name__)s, init="=='<family>/<ip>'==bt:<bantime>==bc:<bancount>==", target="/tmp/fail2ban.dummy"])z
family: inet4)z
family: inet6)z$`printf %b "=='/'==bt:600==bc:0==\n"z7`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- started"`)z9`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- clear all"`)z7`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- stopped"`)zP`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"`)zR`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"`)zQ`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"`)zS`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"`)	r�r�r�r�rwr�r�r�r�zj-hostsdenyzPhostsdeny[name=%(__name__)s, actionstop="rm <file>", file="/tmp/fail2ban.dummy"])z5`printf %b "ALL: 192.0.2.1\n" >> /tmp/fail2ban.dummy`)z^`IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /tmp/fail2ban.dummy`)z8`printf %b "ALL: [2001:db8::]\n" >> /tmp/fail2ban.dummy`)za`IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /tmp/fail2ban.dummy`)r�r�r�r�r�r�zj-w-iptables-mpzwiptables-multiport[name=%(__name__)s, bantime="10m", port="http,https", protocol="tcp,udp,sctp", chain="<known/chain>"])�
`iptables �icmp-port-unreachable)�`ip6tables �icmp6-port-unreachable)r�r�)z�`{ iptables -w -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-mp || true; iptables -w -A f2b-j-w-iptables-mp -j RETURN; }`z�`{ iptables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`)z�`{ ip6tables -w -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-mp || true; ip6tables -w -A f2b-j-w-iptables-mp -j RETURN; }`zq`{ ip6tables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || z]{ ip6tables -w -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`)�$`iptables -w -F f2b-j-w-iptables-mp`�%`ip6tables -w -F f2b-j-w-iptables-mp`)zX`iptables -w -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`r�z$`iptables -w -X f2b-j-w-iptables-mp`zY`ip6tables -w -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`r�z%`ip6tables -w -X f2b-j-w-iptables-mp`)zX`iptables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`)zY`ip6tables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`)za`iptables -w -I f2b-j-w-iptables-mp 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z_`iptables -w -D f2b-j-w-iptables-mp -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)zd`ip6tables -w -I f2b-j-w-iptables-mp 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zb`ip6tables -w -D f2b-j-w-iptables-mp -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)
r�r��*-start-stop-checkr�r�r�rwr�r�r�r�r�r�zj-w-iptables-apzciptables-allports[name=%(__name__)s, bantime="10m", protocol="tcp,udp,sctp", chain="<known/chain>"])z�`{ iptables -w -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-ap || true; iptables -w -A f2b-j-w-iptables-ap -j RETURN; }`zO`{ iptables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || z;{ iptables -w -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`)z�`{ ip6tables -w -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-ap || true; ip6tables -w -A f2b-j-w-iptables-ap -j RETURN; }`zP`{ ip6tables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || z<{ ip6tables -w -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`)�$`iptables -w -F f2b-j-w-iptables-ap`�%`ip6tables -w -F f2b-j-w-iptables-ap`)z7`iptables -w -D INPUT -p $proto -j f2b-j-w-iptables-ap`r�z$`iptables -w -X f2b-j-w-iptables-ap`z8`ip6tables -w -D INPUT -p $proto -j f2b-j-w-iptables-ap`r�z%`ip6tables -w -X f2b-j-w-iptables-ap`)z7`iptables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap`)z8`ip6tables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap`)za`iptables -w -I f2b-j-w-iptables-ap 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z_`iptables -w -D f2b-j-w-iptables-ap -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)zd`ip6tables -w -I f2b-j-w-iptables-ap 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zb`ip6tables -w -D f2b-j-w-iptables-ap -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-ipsetz\iptables-ipset-proto6[name=%(__name__)s, port="http", protocol="tcp", chain="<known/chain>"])z f2b-j-w-iptables-ipset )z f2b-j-w-iptables-ipset6 )z0`for proto in $(echo 'tcp' | sed 's/,/ /g'); do`r�)z?`ipset -exist create f2b-j-w-iptables-ipset hash:ip timeout 0 `aJ`{ iptables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable; }`)zL`ipset -exist create f2b-j-w-iptables-ipset6 hash:ip timeout 0 family inet6`aP`{ ip6tables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable; }`)�$`ipset flush f2b-j-w-iptables-ipset`�%`ipset flush f2b-j-w-iptables-ipset6`)z�`iptables -w -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`r�z&`ipset destroy f2b-j-w-iptables-ipset`z�`ip6tables -w -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`r�z'`ipset destroy f2b-j-w-iptables-ipset6`)z�`iptables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`)z�`ip6tables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`)z=`ipset -exist add f2b-j-w-iptables-ipset 192.0.2.1 timeout 0`)z3`ipset -exist del f2b-j-w-iptables-ipset 192.0.2.1`)z?`ipset -exist add f2b-j-w-iptables-ipset6 2001:db8:: timeout 0`)z5`ipset -exist del f2b-j-w-iptables-ipset6 2001:db8::`zj-w-iptables-ipset-apzHiptables-ipset-proto6-allports[name=%(__name__)s, chain="<known/chain>"])z f2b-j-w-iptables-ipset-ap )z f2b-j-w-iptables-ipset-ap6 )zB`ipset -exist create f2b-j-w-iptables-ipset-ap hash:ip timeout 0 `a`{ iptables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable; })zO`ipset -exist create f2b-j-w-iptables-ipset-ap6 hash:ip timeout 0 family inet6`a`{ ip6tables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable; })�'`ipset flush f2b-j-w-iptables-ipset-ap`�(`ipset flush f2b-j-w-iptables-ipset-ap6`)z`iptables -w -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`r�z)`ipset destroy f2b-j-w-iptables-ipset-ap`z�`ip6tables -w -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`r�z*`ipset destroy f2b-j-w-iptables-ipset-ap6`)z`iptables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`)z�`ip6tables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`)z@`ipset -exist add f2b-j-w-iptables-ipset-ap 192.0.2.1 timeout 0`)z6`ipset -exist del f2b-j-w-iptables-ipset-ap 192.0.2.1`)zB`ipset -exist add f2b-j-w-iptables-ipset-ap6 2001:db8:: timeout 0`)z8`ipset -exist del f2b-j-w-iptables-ipset-ap6 2001:db8::`zj-w-iptablesz^iptables[name=%(__name__)s, bantime="10m", port="http", protocol="tcp", chain="<known/chain>"])z�`{ iptables -w -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables || true; iptables -w -A f2b-j-w-iptables -j RETURN; }z�`{ iptables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`)z�`{ ip6tables -w -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables || true; ip6tables -w -A f2b-j-w-iptables -j RETURN; }z�`{ ip6tables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`)�!`iptables -w -F f2b-j-w-iptables`�"`ip6tables -w -F f2b-j-w-iptables`)zA`iptables -w -D INPUT -p $proto --dport http -j f2b-j-w-iptables`r�z!`iptables -w -X f2b-j-w-iptables`zB`ip6tables -w -D INPUT -p $proto --dport http -j f2b-j-w-iptables`r�z"`ip6tables -w -X f2b-j-w-iptables`)zA`iptables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables`)zB`ip6tables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables`)z^`iptables -w -I f2b-j-w-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z\`iptables -w -D f2b-j-w-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)za`ip6tables -w -I f2b-j-w-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z_`ip6tables -w -D f2b-j-w-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-newzbiptables-new[name=%(__name__)s, bantime="10m", port="http", protocol="tcp", chain="<known/chain>"])z�`{ iptables -w -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-new || true; iptables -w -A f2b-j-w-iptables-new -j RETURN; }`z�`{ iptables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`)z�`{ ip6tables -w -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-new || true; ip6tables -w -A f2b-j-w-iptables-new -j RETURN; }`z�`{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`)�%`iptables -w -F f2b-j-w-iptables-new`�&`ip6tables -w -F f2b-j-w-iptables-new`)zZ`iptables -w -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`r�z%`iptables -w -X f2b-j-w-iptables-new`z[`ip6tables -w -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`r�z&`ip6tables -w -X f2b-j-w-iptables-new`)zZ`iptables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`)z[`ip6tables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`)zb`iptables -w -I f2b-j-w-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z``iptables -w -D f2b-j-w-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)ze`ip6tables -w -I f2b-j-w-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zc`ip6tables -w -D f2b-j-w-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-xtrezPiptables-xt_recent-echo[name=%(__name__)s, bantime="10m", chain="<known/chain>"])r�z/f2b-j-w-iptables-xtre`)r�z/f2b-j-w-iptables-xtre6`)a"`{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; }`)a(`{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; }`)z4`echo / > /proc/net/xt_recent/f2b-j-w-iptables-xtre`�`if [ `id -u` -eq 0 ];then`z�`iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable;`�`fi`z5`echo / > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`r�z�`ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable;`r�)z�`{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z�`{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre6`)z=`echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z=`echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z?`echo +2001:db8:: > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`)z?`echo -2001:db8:: > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`)r�r�r�r�rwr�r�r�r�r�r�zj-w-pfz2pf[name=%(__name__)s, actionstart_on_demand=false]r!)zF`echo "table <f2b-j-w-pf> persist counters" | pfctl -a f2b/j-w-pf -f-`z
port="<port>"z\`echo "block quick proto tcp from <f2b-j-w-pf> to any port $port" | pfctl -a f2b/j-w-pf -f-`)�,`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T flush`)zT`pfctl -a f2b/j-w-pf -sr 2>/dev/null | grep -v f2b-j-w-pf | pfctl -a f2b/j-w-pf -f-`r�z+`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T kill`)z.`pfctl -a f2b/j-w-pf -sr | grep -q f2b-j-w-pf`)z4`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T add 192.0.2.1`)z7`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T delete 192.0.2.1`)z5`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T add 2001:db8::`)z8`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T delete 2001:db8::`)r�r�r�r�rwr�r�r�r�r�r�z	j-w-pf-mpz@pf[actiontype=<multiport>][name=%(__name__)s, port="http,https"])zL`echo "table <f2b-j-w-pf-mp> persist counters" | pfctl -a f2b/j-w-pf-mp -f-`zport="http,https"zb`echo "block quick proto tcp from <f2b-j-w-pf-mp> to any port $port" | pfctl -a f2b/j-w-pf-mp -f-`)�2`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T flush`)z]`pfctl -a f2b/j-w-pf-mp -sr 2>/dev/null | grep -v f2b-j-w-pf-mp | pfctl -a f2b/j-w-pf-mp -f-`r�z1`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T kill`)z4`pfctl -a f2b/j-w-pf-mp -sr | grep -q f2b-j-w-pf-mp`)z:`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T add 192.0.2.1`)z=`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T delete 192.0.2.1`)z;`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T add 2001:db8::`)z>`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T delete 2001:db8::`z	j-w-pf-apzHpf[actiontype=<allports>, actionstart_on_demand=true][name=%(__name__)s])zL`echo "table <f2b-j-w-pf-ap> persist counters" | pfctl -a f2b/j-w-pf-ap -f-`zW`echo "block quick proto tcp from <f2b-j-w-pf-ap> to any" | pfctl -a f2b/j-w-pf-ap -f-`)�2`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T flush`)z]`pfctl -a f2b/j-w-pf-ap -sr 2>/dev/null | grep -v f2b-j-w-pf-ap | pfctl -a f2b/j-w-pf-ap -f-`r�z1`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T kill`)z4`pfctl -a f2b/j-w-pf-ap -sr | grep -q f2b-j-w-pf-ap`)z:`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T add 192.0.2.1`)z=`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T delete 192.0.2.1`)z;`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T add 2001:db8::`)z>`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T delete 2001:db8::`)r�r�r�r�r�rwr�r�r�r�r�r�zj-w-fwcmd-mpzqfirewallcmd-multiport[name=%(__name__)s, bantime="10m", port="http,https", protocol="tcp", chain="<known/chain>"])z ipv4 r�)z ipv6 r�)z@`firewall-cmd --direct --add-chain ipv4 filter f2b-j-w-fwcmd-mp`zN`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-mp 1000 -j RETURN`z�`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`)z@`firewall-cmd --direct --add-chain ipv6 filter f2b-j-w-fwcmd-mp`zN`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-mp 1000 -j RETURN`z�`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`)z�`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-rules ipv4 filter f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-chain ipv4 filter f2b-j-w-fwcmd-mp`z�`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-rules ipv6 filter f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-chain ipv6 filter f2b-j-w-fwcmd-mp`)zc`firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-mp$'`)zc`firewall-cmd --direct --get-chains ipv6 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-mp$'`)z|`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-mp 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv4 filter f2b-j-w-fwcmd-mp 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z~`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-mp 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z�`firewall-cmd --direct --remove-rule ipv6 filter f2b-j-w-fwcmd-mp 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-fwcmd-apz]firewallcmd-allports[name=%(__name__)s, bantime="10m", protocol="tcp", chain="<known/chain>"])z@`firewall-cmd --direct --add-chain ipv4 filter f2b-j-w-fwcmd-ap`zN`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-ap 1000 -j RETURN`zQ`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`)z@`firewall-cmd --direct --add-chain ipv6 filter f2b-j-w-fwcmd-ap`zN`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-ap 1000 -j RETURN`zQ`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`)zT`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-rules ipv4 filter f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-chain ipv4 filter f2b-j-w-fwcmd-ap`zT`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-rules ipv6 filter f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-chain ipv6 filter f2b-j-w-fwcmd-ap`)zc`firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-ap$'`)zc`firewall-cmd --direct --get-chains ipv6 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-ap$'`)z|`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-ap 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv4 filter f2b-j-w-fwcmd-ap 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z~`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-ap 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z�`firewall-cmd --direct --remove-rule ipv6 filter f2b-j-w-fwcmd-ap 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-fwcmd-ipsetzXfirewallcmd-ipset[name=%(__name__)s, port="http", protocol="tcp", chain="<known/chain>"])z f2b-j-w-fwcmd-ipset )z f2b-j-w-fwcmd-ipset6 )z<`ipset -exist create f2b-j-w-fwcmd-ipset hash:ip timeout 0 `z�`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`)zI`ipset -exist create f2b-j-w-fwcmd-ipset6 hash:ip timeout 0 family inet6`z�`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`)�!`ipset flush f2b-j-w-fwcmd-ipset`�"`ipset flush f2b-j-w-fwcmd-ipset6`)z�`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`r�z#`ipset destroy f2b-j-w-fwcmd-ipset`z�`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`r�z$`ipset destroy f2b-j-w-fwcmd-ipset6`)z:`ipset -exist add f2b-j-w-fwcmd-ipset 192.0.2.1 timeout 0`)z0`ipset -exist del f2b-j-w-fwcmd-ipset 192.0.2.1`)z<`ipset -exist add f2b-j-w-fwcmd-ipset6 2001:db8:: timeout 0`)z2`ipset -exist del f2b-j-w-fwcmd-ipset6 2001:db8::`)
r�r�r�r�r�rwr�r�r�r�zj-w-fwcmd-ipset-apzbfirewallcmd-ipset[name=%(__name__)s, actiontype=<allports>, protocol="tcp", chain="<known/chain>"])z f2b-j-w-fwcmd-ipset-ap )z f2b-j-w-fwcmd-ipset-ap6 )z?`ipset -exist create f2b-j-w-fwcmd-ipset-ap hash:ip timeout 0 `z�`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`)zL`ipset -exist create f2b-j-w-fwcmd-ipset-ap6 hash:ip timeout 0 family inet6`z�`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`)�$`ipset flush f2b-j-w-fwcmd-ipset-ap`�%`ipset flush f2b-j-w-fwcmd-ipset-ap6`)z�`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`r�z&`ipset destroy f2b-j-w-fwcmd-ipset-ap`z�`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`r�z'`ipset destroy f2b-j-w-fwcmd-ipset-ap6`)z=`ipset -exist add f2b-j-w-fwcmd-ipset-ap 192.0.2.1 timeout 0`)z3`ipset -exist del f2b-j-w-fwcmd-ipset-ap 192.0.2.1`)z?`ipset -exist add f2b-j-w-fwcmd-ipset-ap6 2001:db8:: timeout 0`)z5`ipset -exist del f2b-j-w-fwcmd-ipset-ap6 2001:db8::`z
j-fwcmd-rrz4firewallcmd-rich-rules[port="22:24", protocol="tcp"])z
family='ipv4'r�)z
family='ipv6'r�)z�`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`)z�`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`)z� `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`)z�`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`z
j-fwcmd-rlz6firewallcmd-rich-logging[port="22:24", protocol="tcp"])a
`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`)a
`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`)a
 `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`)a`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`rrmrnrorpr�r�r�r�rqrar�r�r�r�rrr�rsrbr�r�rtr�r�z# === check ipv4 ===�familyz*-checkr�z# === check ipv6 ===r�z# === flush ===rurw)r�r�r�rr8r�r�rMrLr�rkrr[r\rvr�r�rfrwr^rxr�r�rEr�rr�r��_invariantCheckr�rw)r#�testJailsActionsr7r9r�rRr��testsr�rNrgr�rjryrr�s                r&�testCheckStockCommandActionsz4ServerConfigReaderTests.testCheckStockCommandActions?s
��
�,���d��+�+�+��e�(�1P�����
�������Y/h�/h�/�b�L�(�1P�����
�������S,O�,O�,�\�E��&8���
�����+G�G��4�e��&8�����h�h�� �Q�2�;d��
���
�������]1S�1S�1�f�|�2�;d��
���
�������]1�1�1�f�x�(�1O��
�
�
�
�������Y/{�/{�/�b�g�+�4U��
�
�
�
�������Y/j�/j�/�b�t�2�;d��
���
�������]1w�1w�1�f�|�2�;d��
���
�������]1�1�1�f�k�4�=h���	
�������C$n�$n�$�L
�B�
�b��
�
�
E�D�J�M�K�N�)E�E��.�S�
�b��
�
�
K�J�P�S�Q�T�)V�V��.�[�
�b����
�
K�J�P�S�Q�T�)^�^��.�H�.�7[��
�

�������G&J�&J�&�P�s�.�7[��
�

�������G&v�&v�&�P�q�%�.I����
�����?"t�"t�"�H�~�(�1O����
�����?"A�"A�"�H�H�6�?k�����K�K�� �J�6�?k�����M�M��Y[��x�<�<�&��!�&��2�*�*�
�
��d�C���%�%�d�C�0�0�6����s��~�~�c�"�"�H�C�����S�!������
�
�%�� � �"�"�&�*�>j�>j��d�C���$�K��<j�<j�q�
�4�[�
 ��
#�F�
�L�L�"�#�#�#�
�L�L��$��,���"=�>�>�>�
�L�L�"�#�#�#��O�O�J�v�x�'=�>�>�?�?�?��(�F���M�M�#�$�$�$�
�L�L�N�N�N��y�y����L��T���g��1�D�1�1�1�1�	���;�	�	�L�E�I�I�k�$:�$:�L��T��5��-�e�K�.@�@�K�d�K�K�K��M�M�&�'�'�'�
�J�J�v�f�~�����y�y����J�0�t�0�%�)�)�I�u�y�y�Qe�gi�Gj�Gj�2k�2k�lq�r}�l~�2~� J�EI� J� J� J��y�y����R�3�t�3�U�;�5G�R�T�R�R�R��D��u�Y�'�2�T�2�2�2��D��%��,�1�D�1�1�1��M�M�(�)�)�)�
�L�L���� � � ��D��u�[�)�4�t�4�4�4��D��%��,�1�D�1�1�1��M�M�&�'�'�'�
�J�J�v�f�~�����y�y����J�0�t�0�%�)�)�I�u�y�y�Qe�gi�Gj�Gj�2k�2k�lq�r}�l~�2~� J�EI� J� J� J��y�y����R�3�t�3�U�;�5G�R�T�R�R�R��D��u�Y�'�2�T�2�2�2��D��%��,�1�D�1�1�1��M�M�(�)�)�)�
�L�L���� � � ��D��u�[�)�4�t�4�4�4��D��%��,�1�D�1�1�1��y�y����:�	�]�]�)�*�*�*����F�6�N�8�4�5�5�5��T���	�	�)�U�Y�Y�7K�R�-P�-P�Q�Q�RW�Xc�Rd�d�o�jn�o�o�o�
�	�	�+���:�5��#5��{�9K�#K�#K��d��E�+�.�9�D�9�9�9��y�y����:�	�]�]�)�*�*�*����F�6�N�8�4�5�5�5��T���	�	�)�U�Y�Y�7K�R�-P�-P�Q�Q�RW�Xc�Rd�d�o�jn�o�o�o�
�	�	�+���:�5��#5��{�9K�#K�#K��d��E�+�.�9�D�9�9�9��y�y����2�	�]�]�$�%�%�%��\�\�^�^�^��T���g��1�D�1�1�1��M�M�"�#�#�#�
�K�K�M�M�M��y�y����i�+�$�+�U�Y�Y�7K�R�-P�-P�QV�W]�Q^�-^�i�dh�i�i�i��y<j�>j�>jr)c��|}t|t��r|d}tjdd|��}tjdd�|d��}t|t��r||d<n|}tj�||���S)Nrz\)\s*\|\s*(\S*mail\b[^\n]*)z$) | cat; printf "\\n... | "; echo \1z\bADDRESSES=\$\(dig\s[^\n]+c��dS)Nz@ADDRESSES="abuse-1@abuse-test-server, abuse-2@abuse-test-server"r!)�ms r&r�z9ServerConfigReaderTests._executeMailCmd.<locals>.<lambda>s��
O�r)r)r�)r�r_�re�subrfrwrx)r#r]r�rNs    r&�_executeMailCmdz'ServerConfigReaderTests._executeMailCmdvs����#�������	���3�
��-�*�C�	1�	1�#�	��-�O�O���	�	�#��������7�1�:�:�
�7�	�	�	*�	*�7�G�	*�	D�	D�Dr)c�h�tj�d���ddtj�td��zdzdztj�td��zd	zd
difdd
tj�td��zdzdztj�td��zd	zd
difddtj�td��zdzdztj�td��zdzddd�fddddd�ff}t��}|j}|j	}|D]O\}}}|�
||��}|D]0}	|�|	��\}
}|�|
d���1�P|j
}td��}
td��}t��}|D�]Q\}}}||jD�];}||j|}t"�d��t"�d|dz|jz��t"�d��|j|_d
|
fd|ffD]�\}}|�|��s�|�d |z��t1|��}|�d!��|�d"d#g��t6j�||��}|�|��|j||d$di�����=��SdS)%NTr|zj-mail-whois-linesz\mail-whois-lines[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd="mail -s", logpath="r2rXz	         ztestcase01a.logz8", _whois_command="echo '-- information about <ip> --'"]r�)�;The IP 87.142.124.10 has just been banned by Fail2Ban afterz(100 attempts against j-mail-whois-lines.�.Here is more information about 87.142.124.10 :�%-- information about 87.142.124.10 --�2Lines containing failures of 87.142.124.10 (max 2)�etestcase01.log:Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10�etestcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10zj-sendmail-whois-lineszxsendmail-whois-lines[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd='testmail -f "<sender>" "<dest>"', logpath=")r�z,100 attempts against j-sendmail-whois-lines.r�r�r�r�r�zj-complain-abusez�complain[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd="mail -s 'Hostname: <ip-host>, family: <family>' - ",debug=1,logpath="z", ])�6try to resolve 10.124.142.87.abuse-contacts.abusix.orgr�r�r�zymail -s Hostname: test-host, family: inet4 - Abuse from 87.142.124.10 abuse-1@abuse-test-server abuse-2@abuse-test-server)�htry to resolve 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.orgz0Lines containing failures of 2001:db8::1 (max 2)zwmail -s Hostname: test-host, family: inet6 - Abuse from 2001:db8::1 abuse-1@abuse-test-server abuse-2@abuse-test-server)r�r�zj-xarf-abusezIxarf-login-attack[name=%(__name__)s, mailcmd="mail", mailargs="",debug=1])r�z8We have detected abuse from the IP address 87.142.124.10�VDec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10�UDec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10�8mail abuse-1@abuse-test-server abuse-2@abuse-test-server)r�z6We have detected abuse from the IP address 2001:db8::1r�rz
87.142.124.10z2001:db8::1rmrnror�z# === %s ===r�r�r�r�) r�r�r�r�r8r9r:rr8r�r�rMrLr�rrrr[r\rvr�rxrEr�r�
setAttempt�
setMatchesrfrqrgr�r�)r#r�r7r9r�rRr�r�r�rNrgr�rjrarbrhrr��testrrjs                     r&�testComplexMailActionMultiLogz5ServerConfigReaderTests.testComplexMailActionMultiLog�s���
�,���d��+�+�+����G�L�L��1A�B�B�C�FJ�J��	��W�\�\�.�2C�D�D�	E�H
�	
���
��(���G�L�L��1A�B�B�C�FJ�J��	��W�\�\�.�2C�D�D�	E�H
�	
���
��(��
�G�L�L��1A�B�B�C�
FJ�J��
��W�\�\�.�2C�D�D�
E�H
�

������8�
�����
�M^��~�<�<�&��!�&��2�*�*�
�
��d�C���%�%�d�C�0�0�6����s��~�~�c�"�"�H�C�����S�!������
�
�%�	��	 �	 �$�	�
�	�	�$��K�K�'�*�/�/��d�C���$�K��/�/�q�
�4�[�
 ��
#�F�
�L�L�"�#�#�#�
�L�L��$��,���"=�>�>�>�
�L�L�"�#�#�#��,�F��!�4�(�9�d�*;�<�/�/�
��r��I�I�d�O�O�%�X�	�]�]�>�D�(�)�)�)���m�m�V����s�������^�]�������)�)�&�'�:�:�V��Z�Z������T���d��.��.�.�.�.�/�/�/�/r))r�)r,r-r.rRr5rBr^rkrzr�r�r�r�r�r�rmrns@r&rPrP�s�����������������
2�2�2�2�2�������� � � �D1!�1!�1!�f
�
�
�!�!�!�(uj�uj�uj�nE�E�E�E�$K/�K/�K/�K/�K/�K/�K/r)rP)A�
__author__�
__copyright__�__license__r�r�r�r�r�r?r��server.failregexrrrr7rrf�
server.serverr	�server.ipdnsr
r�server.jailr�server.jailthreadr
�
server.ticketr�server.utilsr�	dummyjailr�utilsrrr�helpersrrrrTrrr�r8r9�dirname�__file__r:r<r[rr0rpr��TestCaserrr1r5�clientreadertestcaserLrMrNrPr!r)r&�<module>r�s���.�
�2�
���������������	�	�	�	�	�	�	�	�
�
�
�
�����?�?�?�?�?�?�?�?�?�?�(�(�(�(�(�(�"�"�"�"�"�"�+�+�+�+�+�+�+�+�������*�*�*�*�*�*�%�%�%�%�%�%� � � � � � � � � � � � �<�<�<�<�<�<�<�<�<�<�;�;�;�;�;�;�;�;�;�;��������#�#�#�#�#�#�#������������������b�g�o�o�h�7�7��A�A����	��:�	�	�����������[�[�[�[�[�(�[�[�[�|u*�u*�u*�u*�u*�/�u*�u*�u*�p{N�{N�{N�{N�{N��{N�{N�{N�|(�(�(�(�(��!�(�(�(�RJ�RJ�RJ�RJ�RJ��"�RJ�RJ�RJ�j1�1�1�1�1��1�1�1�
'�'�'�'�'�%�'�'�'�TH�G�G�G�G�G�G�G�G�G�m/�m/�m/�m/�m/�0�m/�m/�m/�m/�m/s�:B�B�
B