Skip to content

Commit a9354ec

Browse files
authored
Add test_rate_limit to auditd watchdog test cases (#18555)
Add test_rate_limit to auditd watchdod test cases Why I did it Auditd watchgod container add ratelimit check in this PR: sonic-net/sonic-buildimage#22620 Also, json format fix in this PR: sonic-net/sonic-buildimage#22709 Add new test case to prevent regression Work item tracking Microsoft ADO (number only):32313402 How I did it Add test_rate_limit to auditd watchdod test cases How to verify it Pass all test case.
1 parent d6a1e57 commit a9354ec

File tree

1 file changed

+44
-1
lines changed

1 file changed

+44
-1
lines changed

tests/auditd/test_auditd.py

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,8 @@ def test_auditd_watchdog_functionality(duthosts, enum_rand_one_per_hwsku_hostnam
8484
"auditd_rules",
8585
"auditd_service",
8686
"auditd_active",
87-
"auditd_reload"
87+
"auditd_reload",
88+
"rate_limit"
8889
]
8990

9091
# Check if all expected keys exist and have the value "OK"
@@ -267,3 +268,45 @@ def test_32bit_failure(duthosts, enum_rand_one_per_hwsku_hostname, check_auditd_
267268
output = duthost.command(DOCKER_EXEC_CMD.format(container_name) +
268269
"'{} {}'".format(NSENTER_CMD, CURL_CMD), module_ignore_errors=True)["stdout"]
269270
pytest_assert('"auditd_reload":"FAIL ' in output, "Auditd watchdog reports auditd container is healthy")
271+
272+
273+
def debug_log(duthost):
274+
content = duthost.command(r"sudo cat /etc/audit/rules.d/audit.rules", module_ignore_errors=True)["stdout"]
275+
logger.warning("Content of /etc/audit/rules.d/audit.rules: {}".format(content))
276+
277+
running_config = duthost.command(r"sudo auditctl -s", module_ignore_errors=True)["stdout"]
278+
logger.warning("Auditd running config: {}".format(running_config))
279+
280+
281+
def read_watchdog(duthost):
282+
output = duthost.command(DOCKER_EXEC_CMD.format("auditd_watchdog") +
283+
"'{} {}'".format(NSENTER_CMD, CURL_CMD), module_ignore_errors=True)["stdout"]
284+
try:
285+
return json.loads(output)
286+
except json.JSONDecodeError as e:
287+
pytest.fail("Invalid JSON response from auditd watchdog: {} exception: {}".format(output, e))
288+
289+
290+
def test_rate_limit(duthosts, enum_rand_one_per_hwsku_hostname):
291+
duthost = duthosts[enum_rand_one_per_hwsku_hostname]
292+
verify_container_running(duthost, "auditd_watchdog")
293+
294+
debug_log(duthost)
295+
rate_limit_status = read_watchdog(duthost).get("rate_limit")
296+
pytest_assert(rate_limit_status == "OK",
297+
"Auditd watchdog check rate limit failed for: {}".format(rate_limit_status))
298+
299+
# watchdog will report FAIL when auditd running config mismatch with config file
300+
duthost.command(r"sudo cp /etc/audit/rules.d/audit.rules /etc/audit.rules_backup")
301+
duthost.command(r"sudo sed -i -e '$a\'$'\n''-r 1000' /etc/audit/rules.d/audit.rules")
302+
duthost.command(r"sudo auditctl -r 2000")
303+
304+
debug_log(duthost)
305+
rate_limit_status = read_watchdog(duthost).get("rate_limit")
306+
307+
# revert change before check result, so assert failed will not break next test
308+
duthost.command(r"sudo cp /etc/audit.rules_backup /etc/audit/rules.d/audit.rules")
309+
duthost.command(r"sudo service auditd restart")
310+
311+
pytest_assert(rate_limit_status.startswith("FAIL (rate_limit: "),
312+
"Auditd watchdog check rate limit failed for: {}".format(rate_limit_status))

0 commit comments

Comments
 (0)