Skip to content

Add test_rate_limit to auditd watchdog test cases #18555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 4, 2025

Conversation

liuh-80
Copy link
Contributor

@liuh-80 liuh-80 commented May 22, 2025

Add test_rate_limit to auditd watchdod test cases

Why I did it

Auditd watchgod container add ratelimit check in this PR:
sonic-net/sonic-buildimage#22620

Also, json format fix in this PR:
sonic-net/sonic-buildimage#22709

Add new test case to prevent regression

Work item tracking
  • Microsoft ADO (number only):32313402

How I did it

Add test_rate_limit to auditd watchdod test cases

How to verify it

Pass all test case.

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

Description for the changelog

Add test_rate_limit to auditd watchdod test cases

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@mssonicbld
Copy link
Collaborator

/azp run

@liuh-80
Copy link
Contributor Author

liuh-80 commented May 22, 2025

Waiting for sonic-net/sonic-buildimage#22620 merge

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld
Copy link
Collaborator

/azp run

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

qiluo-msft pushed a commit to sonic-net/sonic-buildimage that referenced this pull request May 26, 2025
Add rate_limit check to auditd container watchdog

Why I did it
Auditd container recently enable rate limit, need watch dock to check this change applied correctly.

Work item tracking
Microsoft ADO (number only):32313402
How I did it
Add rate_limit check to auditd container watchdog

How to verify it
Pass all test case.

New test case added by: sonic-net/sonic-mgmt#18555

Manually verified the feature works, checked 4 cases:

running config match with /etc/audit/audit.rules, will return: OK
running config mismatch with /etc/audit/audit.rules, will return: FAIL (rate_limit: {} mismatch with config file setting: {})
running config rate limit no set, but rate limit set in /etc/audit/audit.rules, will return: FAIL (rate_limit not set = {}, config file setting: {})
rate limit disabled in /etc/audit/audit.rules, will return: OK
@liuh-80
Copy link
Contributor Author

liuh-80 commented May 27, 2025

Depends on sonic-net/sonic-buildimage#22658 merge first
Currently watchdog will always reload config, which will break new test case in this PR.

@mssonicbld
Copy link
Collaborator

/azp run

Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@liuh-80 liuh-80 changed the title Add test_rate_limit to auditd watchdod test cases Add test_rate_limit to auditd watchdog test cases Jun 3, 2025
@liuh-80 liuh-80 marked this pull request as ready for review June 3, 2025 05:17
@liuh-80
Copy link
Contributor Author

liuh-80 commented Jun 3, 2025

This PR depends on sonic-net/sonic-buildimage#22709 merge first


# watchdog will report FAIL when auditd running config mismatch with config file
duthost.command(r"sudo cp /etc/audit/rules.d/audit.rules /etc/audit.rules_backup")
duthost.command(r"sudo sed -i -e '$a\'$'\n''-r 1000' /etc/audit/rules.d/audit.rules")
Copy link
Contributor

@qiluo-msft qiluo-msft Jun 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1000

If this is hard-coded, it may be difficult to change the constant in buildimage repo, because it will fail testcase. #Closed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, this won't happen, because the next line will change running rate limit to 2000

@liuh-80
Copy link
Contributor Author

liuh-80 commented Jun 3, 2025

Will close this PR and open later, because found watch dog json format issue, which need fix first: sonic-net/sonic-buildimage#22709

@liuh-80 liuh-80 closed this Jun 3, 2025
@liuh-80 liuh-80 reopened this Jun 3, 2025
@qiluo-msft qiluo-msft merged commit a9354ec into sonic-net:master Jun 4, 2025
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants