Skip to content

Commit

Permalink
chore: add dropbear tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@LaurenceJJones
LaurenceJJones committed Jan 25, 2025
1 parent da83098 commit 9c34d79
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 8 deletions.
4 changes: 3 additions & 1 deletion .tests/dropbear-logs/dropbear-logs.log
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
Exit (root): Disconnect received
Bad PAM password attempt for 'foobar' from 192.168.9.163:49242
Login attempt for nonexistent user from 192.168.9.163:49906
Login attempt for nonexistent user from 192.168.9.163:49906
Exit before auth from <8.218.205.116:35928>: Bad buf_getptr

38 changes: 31 additions & 7 deletions .tests/dropbear-logs/parser.assert
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,35 @@
len(results) == 3
len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 3
len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 4
results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "Exit (root): Disconnect received"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "dropbear"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "dropbear-logs.log"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "Bad PAM password attempt for 'foobar' from 192.168.9.163:49242"
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "dropbear"
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"] == "dropbear-logs.log"
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true
results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "Login attempt for nonexistent user from 192.168.9.163:49906"
results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "dropbear"
results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"] == "dropbear-logs.log"
results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 3
results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false
results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true
results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "Exit before auth from <8.218.205.116:35928>: Bad buf_getptr"
results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "dropbear"
results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"] == "dropbear-logs.log"
results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 4
results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
len(results["s01-parse"]["crowdsecurity/dropbear-logs"]) == 3
results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false
len(results["s01-parse"]["crowdsecurity/dropbear-logs"]) == 4
results["s01-parse"]["crowdsecurity/dropbear-logs"][0].Success == false
results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Success == true
results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Parsed["message"] == "Bad PAM password attempt for 'foobar' from 192.168.9.163:49242"
Expand All @@ -33,13 +43,27 @@ results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Meta["log_type"] == "
results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Meta["service"] == "dropbear"
results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Meta["source_ip"] == "192.168.9.163"
results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Meta["target_user"] == "foobar"
results["s01-parse"]["crowdsecurity/dropbear-logs"][1].Evt.Whitelisted == false
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Success == true
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["program"] == "dropbear"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["source_ip"] == "192.168.9.163"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["message"] == "Login attempt for nonexistent user from 192.168.9.163:49906"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["port"] == "49906"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["program"] == "dropbear"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Parsed["source_ip"] == "192.168.9.163"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["datasource_path"] == "dropbear-logs.log"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["datasource_type"] == "file"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["log_type"] == "ssh_failed-auth"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["service"] == "dropbear"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["source_ip"] == "192.168.9.163"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["datasource_path"] == "dropbear-logs.log"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Meta["datasource_type"] == "file"
results["s01-parse"]["crowdsecurity/dropbear-logs"][2].Evt.Whitelisted == false
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Success == true
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Parsed["message"] == "Exit before auth from <8.218.205.116:35928>: Bad buf_getptr"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Parsed["port"] == "35928"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Parsed["program"] == "dropbear"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Parsed["source_ip"] == "8.218.205.116"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["datasource_path"] == "dropbear-logs.log"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["datasource_type"] == "file"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["log_type"] == "ssh_failed-auth"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["service"] == "dropbear"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Meta["source_ip"] == "8.218.205.116"
results["s01-parse"]["crowdsecurity/dropbear-logs"][3].Evt.Whitelisted == false
len(results["success"][""]) == 0

0 comments on commit 9c34d79

Please sign in to comment.