Skip to content

Commit 5518c94

Browse files
authored
Fix auditd watchdog Json response format break by invalid control character issue (#22709)
Fix auditd watchdog Json response format break by invalid control character issue Why I did it auditd watchdog some time return an invalid Json response, which will break test case: E Failed: Invalid JSON response from auditd watchdog: { E "auditd_conf":"FAIL (sha1 = efcce7fdf80e5ef917c40d60a2b6de55c9cfb466 -, expected = 7cdbd1450570c7c12bdc67115b46d9ae778cbd76)", E "syslog_conf":"FAIL (syslog.conf does not contain 'active = yes': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^active = yes' /etc/audit/plugins.d/syslog.conf' failed with status 1: )", E "auditd_rules":"FAIL (rules sha1 = 93e0a1416d3c3e12c2a708abe20e58c55c8d6d62 -, expected 77e0d8ff297ab3089b234fcd97a20e1c05380f3e)", E "auditd_service":"FAIL (auditd.service does not contain 'CPUQuota=10%': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^CPUQuota=10%' /lib/systemd/system/auditd.service' failed with status 1: )", E "auditd_active":"OK", E "rate_limit":"FAIL (rate_limit: enabled 1 E failure 1 E pid 109644 E rate_limit 2000 E backlog_limit 8192 E lost 0 E backlog 0 E backlog_wait_time 60000 E backlog_wait_time_actual 0 E loginuid_immutable 0 unlocked E mismatch with config file setting: 1000)" E } exception: Invalid control character at: line 7 column 44 (char 760) Work item tracking Microsoft ADO 32313402 How I did it Escape result before build Json response: How to verify it Pass all test case. Manually verify format issue fixed: { "auditd_conf":"FAIL (sha1 = efcce7fdf80e5ef917c40d60a2b6de55c9cfb466 -)", "syslog_conf":"FAIL (syslog.conf does not contain 'active = yes': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^active = yes' /etc/audit/plugins.d/syslog.conf' failed with status 1: )", "auditd_rules":"FAIL (rules sha1 = da39a3ee5e6b4b0d3255bfef95601890afd80709 -, expected f88174f901ec8709bacaf325158f10ec62909d13)", "auditd_service":"FAIL (auditd.service does not contain 'CPUQuota=10%': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^CPUQuota=10%' /lib/systemd/system/auditd.service' failed with status 1: )", "auditd_active":"OK", "auditd_reload":"OK", "rate_limit":"FAIL (rate_limit: enabled 1\nfailure 1\npid 332282\nrate_limit 2000\nbacklog_limit 8192\nlost 0\nbacklog 0\nbacklog_wait_time 60000\nbacklog_wait_time_actual 0\nloginuid_immutable 0 unlocked\n mismatch with config file setting: 1000)" }
1 parent 80d660d commit 5518c94

File tree

3 files changed

+95
-14
lines changed

3 files changed

+95
-14
lines changed

dockers/docker-auditd-watchdog/watchdog/Cargo.lock

Lines changed: 80 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dockers/docker-auditd-watchdog/watchdog/Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,4 @@ edition = "2021"
55

66
[dependencies]
77
regex = "1.11.1"
8+
serde_json = "1.0.140"

dockers/docker-auditd-watchdog/watchdog/src/main.rs

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -176,24 +176,24 @@ fn main() {
176176
println!("Received request: {}", req_str);
177177
}
178178

179-
let conf_result = check_auditd_conf();
180-
let syslog_result = check_syslog_conf();
181-
let rules_result = check_auditd_rules();
182-
let srvc_result = check_auditd_service();
183-
let srvc_active = check_auditd_active();
184-
let reload_result = check_auditd_reload_status();
185-
let rate_limit_result = check_auditd_rate_limit_status();
179+
let conf_result = serde_json::to_string(&check_auditd_conf()).unwrap();
180+
let syslog_result = serde_json::to_string(&check_syslog_conf()).unwrap();
181+
let rules_result = serde_json::to_string(&check_auditd_rules()).unwrap();
182+
let srvc_result = serde_json::to_string(&check_auditd_service()).unwrap();
183+
let srvc_active = serde_json::to_string(&check_auditd_active()).unwrap();
184+
let reload_result = serde_json::to_string(&check_auditd_reload_status()).unwrap();
185+
let rate_limit_result = serde_json::to_string(&check_auditd_rate_limit_status()).unwrap();
186186

187187
// Build a JSON object
188188
let json_body = format!(
189189
r#"{{
190-
"auditd_conf":"{}",
191-
"syslog_conf":"{}",
192-
"auditd_rules":"{}",
193-
"auditd_service":"{}",
194-
"auditd_active":"{}",
195-
"auditd_reload":"{}",
196-
"rate_limit":"{}"
190+
"auditd_conf":{},
191+
"syslog_conf":{},
192+
"auditd_rules":{},
193+
"auditd_service":{},
194+
"auditd_active":{},
195+
"auditd_reload":{},
196+
"rate_limit":{}
197197
}}"#,
198198
conf_result,
199199
syslog_result,

0 commit comments

Comments
 (0)