github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/40_cold-logs.bats

github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/40_cold-logs.bats (about)

     1  #!/usr/bin/env bats
     2  # vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
     3  
     4  set -u
     5  
     6  fake_log() {
     7      for _ in $(seq 1 6); do
     8          echo "$(LC_ALL=C date '+%b %d %H:%M:%S ')"'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424'
     9      done
    10  }
    11  
    12  setup_file() {
    13      load "../lib/setup_file.sh"
    14      # we reset config and data, and only run the daemon once for all the tests in this file
    15      ./instance-data load
    16  
    17      cscli collections install crowdsecurity/sshd --error
    18      cscli parsers install crowdsecurity/syslog-logs --error
    19      cscli parsers install crowdsecurity/dateparse-enrich --error
    20  
    21      ./instance-crowdsec start
    22  }
    23  
    24  teardown_file() {
    25      load "../lib/teardown_file.sh"
    26  }
    27  
    28  setup() {
    29      load "../lib/setup.sh"
    30  }
    31  
    32  #----------
    33  
    34  @test "-type and -dsn are required together" {
    35      rune -1 "${CROWDSEC}" -no-api -type syslog
    36      assert_stderr --partial "-type requires a -dsn argument"
    37      rune -1 "${CROWDSEC}" -no-api -dsn file:///dev/fd/0
    38      assert_stderr --partial "-dsn requires a -type argument"
    39  }
    40  
    41  @test "the one-shot mode works" {
    42      rune -0 "${CROWDSEC}" -dsn file://<(fake_log) -type syslog -no-api
    43      refute_output
    44      assert_stderr --partial "single file mode : log_media=stdout daemonize=false"
    45      assert_stderr --regexp "Adding file .* to filelist"
    46      assert_stderr --regexp "reading .* at once"
    47      assert_stderr --regexp "Acquisition is finished, shutting down"
    48      assert_stderr --regexp "Killing parser routines"
    49      assert_stderr --regexp "Bucket routine exiting"
    50      assert_stderr --regexp "crowdsec shutdown"
    51  }
    52  
    53  @test "we have one decision" {
    54      rune -0 cscli decisions list -o json
    55      rune -0 jq '. | length' <(output)
    56      assert_output 1
    57  }
    58  
    59  @test "1.1.1.172 has been banned" {
    60      rune -0 cscli decisions list -o json
    61      rune -0 jq -r '.[].decisions[0].value' <(output)
    62      assert_output '1.1.1.172'
    63  }
    64  
    65  @test "1.1.1.172 has been banned (range/contained: -r 1.1.1.0/24 --contained)" {
    66      rune -0 cscli decisions list -r 1.1.1.0/24 --contained -o json
    67      rune -0 jq -r '.[].decisions[0].value' <(output)
    68      assert_output '1.1.1.172'
    69  }
    70  
    71  @test "1.1.1.172 has not been banned (range/NOT-contained: -r 1.1.2.0/24)" {
    72      rune -0 cscli decisions list -r 1.1.2.0/24 -o json
    73      assert_json '[]'
    74  }
    75  
    76  @test "1.1.1.172 has been banned (exact: -i 1.1.1.172)" {
    77      rune -0 cscli decisions list -i 1.1.1.172 -o json
    78      rune -0 jq -r '.[].decisions[0].value' <(output)
    79      assert_output '1.1.1.172'
    80  }
    81  
    82  @test "1.1.1.173 has not been banned (exact: -i 1.1.1.173)" {
    83      rune -0 cscli decisions list -i 1.1.1.173 -o json
    84      assert_json '[]'
    85  }