bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/scripts/func_tests/tests_post-install_4cold-logs.sh

#! /usr/bin/env bash
# -*- coding: utf-8 -*-

source tests_base.sh


# install sshd collection

${CCSCLI} collections install breakteam/sshd
${CCSCLI} decisions delete --all
${SYSTEMCTL} reload synsec


# generate a fake bf log -> cold logs processing
rm  -f ssh-bf.log

for i in `seq 1 10` ; do 
    echo `date '+%b %d %H:%M:%S '`'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424' >> ssh-bf.log
done;

${SYNSEC} -file ./ssh-bf.log -type syslog -no-api

${CCSCLI} decisions list -o=json | ${JQ} '. | length == 1' || fail "expected exactly one decision"
${CCSCLI} decisions list -o=json | ${JQ} '.[].decisions[0].value == "1.1.1.172"'  || fail "(exact) expected ban on 1.1.1.172"
${CCSCLI} decisions list -r 1.1.1.0/24 -o=json --contained | ${JQ} '.[].decisions[0].value == "1.1.1.172"' || fail "(range/contained) expected ban on 1.1.1.172"
${CCSCLI} decisions list -r 1.1.2.0/24 -o=json | ${JQ} '. == null'  || fail "(range/NOT-contained) expected no ban on 1.1.1.172"
${CCSCLI} decisions list -i 1.1.1.172 -o=json | ${JQ} '.[].decisions[0].value == "1.1.1.172"'  || fail "(range/NOT-contained) expected ban on 1.1.1.172"
${CCSCLI} decisions list -i 1.1.1.173 -o=json | ${JQ} '. == null' || fail "(exact) expected no ban on 1.1.1.173"

# generate a live ssh bf

${CCSCLI} decisions delete --all

echo "" | sudo tee -a /etc/synsec/acquis.yaml > /dev/null
echo "filename: /tmp/test.log" | sudo tee -a /etc/synsec/acquis.yaml > /dev/null
echo "labels:" | sudo tee -a /etc/synsec/acquis.yaml > /dev/null
echo "  type: syslog" | sudo tee -a /etc/synsec/acquis.yaml > /dev/null
touch /tmp/test.log

${SYSTEMCTL} restart synsec
sleep 1
${SYSTEMCTL} status synsec
cat ssh-bf.log >> /tmp/test.log

sleep 2

${CCSCLI} decisions list -o=json | ${JQ} '.[].decisions[0].value == "1.1.1.172"' || fail "(live) expected ban on 1.1.1.172"