-
Notifications
You must be signed in to change notification settings - Fork 839
Add test_rate_limit to auditd watchdog test cases #18555
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
/azp run |
Waiting for sonic-net/sonic-buildimage#22620 merge |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
Add rate_limit check to auditd container watchdog Why I did it Auditd container recently enable rate limit, need watch dock to check this change applied correctly. Work item tracking Microsoft ADO (number only):32313402 How I did it Add rate_limit check to auditd container watchdog How to verify it Pass all test case. New test case added by: sonic-net/sonic-mgmt#18555 Manually verified the feature works, checked 4 cases: running config match with /etc/audit/audit.rules, will return: OK running config mismatch with /etc/audit/audit.rules, will return: FAIL (rate_limit: {} mismatch with config file setting: {}) running config rate limit no set, but rate limit set in /etc/audit/audit.rules, will return: FAIL (rate_limit not set = {}, config file setting: {}) rate limit disabled in /etc/audit/audit.rules, will return: OK
Depends on sonic-net/sonic-buildimage#22658 merge first |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
This PR depends on sonic-net/sonic-buildimage#22709 merge first |
|
||
# watchdog will report FAIL when auditd running config mismatch with config file | ||
duthost.command(r"sudo cp /etc/audit/rules.d/audit.rules /etc/audit.rules_backup") | ||
duthost.command(r"sudo sed -i -e '$a\'$'\n''-r 1000' /etc/audit/rules.d/audit.rules") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this won't happen, because the next line will change running rate limit to 2000
Will close this PR and open later, because found watch dog json format issue, which need fix first: sonic-net/sonic-buildimage#22709 |
Add test_rate_limit to auditd watchdod test cases
Why I did it
Auditd watchgod container add ratelimit check in this PR:
sonic-net/sonic-buildimage#22620
Also, json format fix in this PR:
sonic-net/sonic-buildimage#22709
Add new test case to prevent regression
Work item tracking
How I did it
Add test_rate_limit to auditd watchdod test cases
How to verify it
Pass all test case.
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Add test_rate_limit to auditd watchdod test cases
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)