Comments (6)
nbrownus
commented on September 28, 2024
Can you tell me more about the environment you are running these tests in?
from go-audit.
c-stefan
commented on September 28, 2024
It seems the selinux was in permissive mode. I disabled it and this is what it looks like:
=== RUN Test_loadConfig
--- PASS: Test_loadConfig (0.00s)
=== RUN Test_setRules
Flushed existing audit rules
Flushed existing audit rules
Flushed existing audit rules
Added audit rule 1
Added audit rule 3
--- PASS: Test_setRules (0.00s)
=== RUN Test_createFileOutput
--- FAIL: Test_createFileOutput (0.00s)
Error Trace: audit_test.go:160
Error: Expected value not to be nil.
Messages: An error is expected but got nil.
Error Trace: audit_test.go:161
Error: Expected nil, but got: &main.AuditWriter{e:(*json.Encoder)(0xc42016a230), w:(*os.File)(0xc42008a140), attempts:1}
=== RUN Test_createSyslogOutput
--- PASS: Test_createSyslogOutput (0.00s)
=== RUN Test_createStdOutOutput
--- PASS: Test_createStdOutOutput (0.00s)
=== RUN Test_createOutput
--- PASS: Test_createOutput (0.00s)
=== RUN TestNetlinkClient_KeepConnection
--- PASS: TestNetlinkClient_KeepConnection (0.00s)
=== RUN TestNetlinkClient_SendReceive
--- PASS: TestNetlinkClient_SendReceive (0.00s)
=== RUN TestNewNetlinkClient
--- PASS: TestNewNetlinkClient (0.00s)
=== RUN TestMarshallerConstants
--- PASS: TestMarshallerConstants (0.00s)
=== RUN TestAuditMarshaller_Consume
--- PASS: TestAuditMarshaller_Consume (2.00s)
=== RUN TestAuditMarshaller_completeMessage
--- SKIP: TestAuditMarshaller_completeMessage (0.00s)
marshaller_test.go:125:
=== RUN TestAuditConstants
--- PASS: TestAuditConstants (0.00s)
=== RUN TestNewAuditMessage
--- PASS: TestNewAuditMessage (0.00s)
=== RUN TestAuditMessageGroup_AddMessage
--- PASS: TestAuditMessageGroup_AddMessage (0.00s)
=== RUN TestNewAuditMessageGroup
--- PASS: TestNewAuditMessageGroup (0.00s)
=== RUN Test_getUsername
--- PASS: Test_getUsername (0.00s)
=== RUN TestAuditMessageGroup_mapUids
--- PASS: TestAuditMessageGroup_mapUids (0.00s)
FAIL
exit status 1
FAIL go-audit 2.016s
from go-audit.
nbrownus
commented on September 28, 2024
That test is pretty brittle and assumes you are running without super user permissions. I am guessing you are running the tests as root?
from go-audit.
bob22233
commented on September 28, 2024
Same error for me.
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
# whoami
root
# id
uid=0(root) gid=0(root) groups=0(root)
# go version
go version go1.7.4 linux/amd64
Running on AWS.
Potentially related, I realized this problem when I tried running ./go-audit -config go-audit.yaml using https://github.com/slackhq/go-audit/blob/master/go-audit.yaml.example and noticed I had no stdout or log file output. So I figured I'd try running the tests.
from go-audit.
nbrownus
commented on September 28, 2024
The test is making sure errors opening a log file for writing is passed back to the caller, the way the test works assumes the running user will not have write access a file, which is not true for root.
I assume you haven't disabled auditd on your machine yet, only one process can currently see events from kernel audit. Try disabling auditd with systemctl stop auditd.service.
from go-audit.
bob22233
commented on September 28, 2024
That's fixed. Thank you.
from go-audit.
Related Issues (20)
- How to filter to command run in local0 to 7
- Reverse Function for Filters
- Including node hostname/ip info in log HOT 2
- Failed to open syslog writer on LXC HOT 1
- Pre-compiled version? HOT 3
- Replacing auditd with go-audit HOT 1
- wrong app name in syslogs HOT 1
- extras.go does not support disabled container auditing HOT 3
- LXD support
- Migrate away from govendor to go modules
- Migrate from "syscall" to "golang.org/x/sys/unix"
- Consider using code generation (ex: easyjson) for JSON models
- no tags/releases HOT 3
- go-audit relies on github.com/capsule8/capsule8, which was deleted or made private HOT 1
- "type":1305 AUDIT_CONFIG_CHANGE log noise HOT 2
- Do we need to implement logrotate for the go-audit.log file?
- Publish debian packages
- Process dies and go-audit stops logging HOT 2
- Enhance request for ECS compatible go-audit output
- When go-audit and linux auditd are started at the same time, go-audit cannot obtain any data. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-audit.