Skip to content

Fix auditd watchdog Json response format break by invalid control character issue #22709

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jun 4, 2025

Conversation

liuh-80
Copy link
Contributor

@liuh-80 liuh-80 commented May 27, 2025

Fix auditd watchdog Json response format break by invalid control character issue

Why I did it

auditd watchdog some time return an invalid Json response, which will break test case:

E Failed: Invalid JSON response from auditd watchdog: {
E "auditd_conf":"FAIL (sha1 = efcce7fdf80e5ef917c40d60a2b6de55c9cfb466 -, expected = 7cdbd1450570c7c12bdc67115b46d9ae778cbd76)",
E "syslog_conf":"FAIL (syslog.conf does not contain 'active = yes': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^active = yes' /etc/audit/plugins.d/syslog.conf' failed with status 1: )",
E "auditd_rules":"FAIL (rules sha1 = 93e0a1416d3c3e12c2a708abe20e58c55c8d6d62 -, expected 77e0d8ff297ab3089b234fcd97a20e1c05380f3e)",
E "auditd_service":"FAIL (auditd.service does not contain 'CPUQuota=10%': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^CPUQuota=10%' /lib/systemd/system/auditd.service' failed with status 1: )",
E "auditd_active":"OK",
E "rate_limit":"FAIL (rate_limit: enabled 1
E failure 1
E pid 109644
E rate_limit 2000
E backlog_limit 8192
E lost 0
E backlog 0
E backlog_wait_time 60000
E backlog_wait_time_actual 0
E loginuid_immutable 0 unlocked
E mismatch with config file setting: 1000)"
E } exception: Invalid control character at: line 7 column 44 (char 760)

Work item tracking
  • Microsoft ADO 32313402

How I did it

Escape result before build Json response:

How to verify it

Pass all test case.

Manually verify format issue fixed:
{
"auditd_conf":"FAIL (sha1 = efcce7fdf80e5ef917c40d60a2b6de55c9cfb466 -)",
"syslog_conf":"FAIL (syslog.conf does not contain 'active = yes': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^active = yes' /etc/audit/plugins.d/syslog.conf' failed with status 1: )",
"auditd_rules":"FAIL (rules sha1 = da39a3ee5e6b4b0d3255bfef95601890afd80709 -, expected f88174f901ec8709bacaf325158f10ec62909d13)",
"auditd_service":"FAIL (auditd.service does not contain 'CPUQuota=10%': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^CPUQuota=10%' /lib/systemd/system/auditd.service' failed with status 1: )",
"auditd_active":"OK",
"auditd_reload":"OK",
"rate_limit":"FAIL (rate_limit: enabled 1\nfailure 1\npid 332282\nrate_limit 2000\nbacklog_limit 8192\nlost 0\nbacklog 0\nbacklog_wait_time 60000\nbacklog_wait_time_actual 0\nloginuid_immutable 0 unlocked\n mismatch with config file setting: 1000)"
}

Which release branch to backport (provide reason below if selected)

  • 202205
  • 202211
  • 202305
  • 202311
  • 202405
  • 202411
  • 202505

Tested branch (Please provide the tested image version)

Description for the changelog

Fix auditd watchdog Json response format break by invalid control character issue

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@mssonicbld
Copy link
Collaborator

/azp run Azure.sonic-buildimage

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@liuh-80
Copy link
Contributor Author

liuh-80 commented Jun 3, 2025

Close and re-open to trigger image build

@liuh-80 liuh-80 closed this Jun 3, 2025
@liuh-80 liuh-80 reopened this Jun 3, 2025
@liuh-80
Copy link
Contributor Author

liuh-80 commented Jun 3, 2025

/azpw run Azure.sonic-buildimage

@liuh-80 liuh-80 marked this pull request as ready for review June 3, 2025 13:02
@liuh-80 liuh-80 requested a review from lguohan as a code owner June 3, 2025 13:02
@qiluo-msft
Copy link
Collaborator

/azp run Azure.sonic-buildimage

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@qiluo-msft qiluo-msft enabled auto-merge (squash) June 3, 2025 21:07
@qiluo-msft qiluo-msft merged commit 5518c94 into sonic-net:master Jun 4, 2025
17 checks passed
qiluo-msft pushed a commit to sonic-net/sonic-mgmt that referenced this pull request Jun 4, 2025
Add test_rate_limit to auditd watchdod test cases

Why I did it
Auditd watchgod container add ratelimit check in this PR:
sonic-net/sonic-buildimage#22620

Also, json format fix in this PR:
sonic-net/sonic-buildimage#22709

Add new test case to prevent regression

Work item tracking
Microsoft ADO (number only):32313402
How I did it
Add test_rate_limit to auditd watchdod test cases

How to verify it
Pass all test case.
dakotac-arista pushed a commit to dakotac-arista/sonic-buildimage that referenced this pull request Jun 5, 2025
…racter issue (sonic-net#22709)

Fix auditd watchdog Json response format break by invalid control character issue

Why I did it
auditd watchdog some time return an invalid Json response, which will break test case:

E Failed: Invalid JSON response from auditd watchdog: {
E "auditd_conf":"FAIL (sha1 = efcce7fdf80e5ef917c40d60a2b6de55c9cfb466 -, expected = 7cdbd1450570c7c12bdc67115b46d9ae778cbd76)",
E "syslog_conf":"FAIL (syslog.conf does not contain 'active = yes': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^active = yes' /etc/audit/plugins.d/syslog.conf' failed with status 1: )",
E "auditd_rules":"FAIL (rules sha1 = 93e0a1416d3c3e12c2a708abe20e58c55c8d6d62 -, expected 77e0d8ff297ab3089b234fcd97a20e1c05380f3e)",
E "auditd_service":"FAIL (auditd.service does not contain 'CPUQuota=10%': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^CPUQuota=10%' /lib/systemd/system/auditd.service' failed with status 1: )",
E "auditd_active":"OK",
E "rate_limit":"FAIL (rate_limit: enabled 1
E failure 1
E pid 109644
E rate_limit 2000
E backlog_limit 8192
E lost 0
E backlog 0
E backlog_wait_time 60000
E backlog_wait_time_actual 0
E loginuid_immutable 0 unlocked
E mismatch with config file setting: 1000)"
E } exception: Invalid control character at: line 7 column 44 (char 760)

Work item tracking
Microsoft ADO 32313402
How I did it
Escape result before build Json response:

How to verify it
Pass all test case.

Manually verify format issue fixed:
{
"auditd_conf":"FAIL (sha1 = efcce7fdf80e5ef917c40d60a2b6de55c9cfb466 -)",
"syslog_conf":"FAIL (syslog.conf does not contain 'active = yes': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^active = yes' /etc/audit/plugins.d/syslog.conf' failed with status 1: )",
"auditd_rules":"FAIL (rules sha1 = da39a3ee5e6b4b0d3255bfef95601890afd80709 -, expected f88174f901ec8709bacaf325158f10ec62909d13)",
"auditd_service":"FAIL (auditd.service does not contain 'CPUQuota=10%': Command 'nsenter --target 1 --pid --mount --uts --ipc --net grep '^CPUQuota=10%' /lib/systemd/system/auditd.service' failed with status 1: )",
"auditd_active":"OK",
"auditd_reload":"OK",
"rate_limit":"FAIL (rate_limit: enabled 1\nfailure 1\npid 332282\nrate_limit 2000\nbacklog_limit 8192\nlost 0\nbacklog 0\nbacklog_wait_time 60000\nbacklog_wait_time_actual 0\nloginuid_immutable 0 unlocked\n mismatch with config file setting: 1000)"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants