go-audit test fail

[c-stefan]

• I've read and understood the Contributing guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.
• I've searched for any related issues and avoided creating a duplicate issue.

Description

Test run fails.

Reproducible in:

go-audit version:
OS version(s): CentOS 6.8
go version go1.7.3 linux/amd64

Steps:

go test -v

=== RUN Test_loadConfig
--- PASS: Test_loadConfig (0.00s)
=== RUN Test_setRules
Flushed existing audit rules
Flushed existing audit rules
Flushed existing audit rules
Added audit rule 1
Added audit rule 3
--- PASS: Test_setRules (0.00s)
=== RUN Test_createFileOutput
--- FAIL: Test_createFileOutput (0.00s)
Error Trace: audit_test.go:160
Error: Expected value not to be nil.
Messages: An error is expected but got nil.
Error Trace: audit_test.go:161
Error: Expected nil, but got: &main.AuditWriter{e:(*json.Encoder)(0xc4201423c0), w:(*os.File)(0xc420030148), attempts:1}

=== RUN Test_createSyslogOutput
--- FAIL: Test_createSyslogOutput (0.00s)
Error Trace: audit_test.go:205
Error: Expected nil, but got: &errors.errorString{s:"Failed to open syslog writer. Error: dial tcp [::]:38761: connect: no route to host"}
Error Trace: audit_test.go:206
Error: Expected value not to be nil.
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x48c6c0]
goroutine 8 [running]:
panic(0x7e85c0, 0xc420010120)
/usr/lib/golang/src/runtime/panic.go:500 +0x1a1
testing.tRunner.func1(0xc420092600)
/usr/lib/golang/src/testing/testing.go:579 +0x25d
panic(0x7e85c0, 0xc420010120)
/usr/lib/golang/src/runtime/panic.go:458 +0x243
go-audit.Test_createSyslogOutput(0xc420092600)
/root/go/src/go-audit/audit_test.go:207 +0xdc0
testing.tRunner(0xc420092600, 0x88a0f8)
/usr/lib/golang/src/testing/testing.go:610 +0x81
created by testing.(*T).Run
/usr/lib/golang/src/testing/testing.go:646 +0x2ec
exit status 2
FAIL go-audit 0.011s

[nbrownus]

Can you tell me more about the environment you are running these tests in?

[c-stefan]

It seems the selinux was in permissive mode. I disabled it and this is what it looks like:
=== RUN Test_loadConfig
--- PASS: Test_loadConfig (0.00s)
=== RUN Test_setRules
Flushed existing audit rules
Flushed existing audit rules
Flushed existing audit rules
Added audit rule 1
Added audit rule 3
--- PASS: Test_setRules (0.00s)
=== RUN Test_createFileOutput
--- FAIL: Test_createFileOutput (0.00s)
Error Trace: audit_test.go:160
Error: Expected value not to be nil.
Messages: An error is expected but got nil.
Error Trace: audit_test.go:161
Error: Expected nil, but got: &main.AuditWriter{e:(*json.Encoder)(0xc42016a230), w:(*os.File)(0xc42008a140), attempts:1}
=== RUN Test_createSyslogOutput
--- PASS: Test_createSyslogOutput (0.00s)
=== RUN Test_createStdOutOutput
--- PASS: Test_createStdOutOutput (0.00s)
=== RUN Test_createOutput
--- PASS: Test_createOutput (0.00s)
=== RUN TestNetlinkClient_KeepConnection
--- PASS: TestNetlinkClient_KeepConnection (0.00s)
=== RUN TestNetlinkClient_SendReceive
--- PASS: TestNetlinkClient_SendReceive (0.00s)
=== RUN TestNewNetlinkClient
--- PASS: TestNewNetlinkClient (0.00s)
=== RUN TestMarshallerConstants
--- PASS: TestMarshallerConstants (0.00s)
=== RUN TestAuditMarshaller_Consume
--- PASS: TestAuditMarshaller_Consume (2.00s)
=== RUN TestAuditMarshaller_completeMessage
--- SKIP: TestAuditMarshaller_completeMessage (0.00s)
marshaller_test.go:125:
=== RUN TestAuditConstants
--- PASS: TestAuditConstants (0.00s)
=== RUN TestNewAuditMessage
--- PASS: TestNewAuditMessage (0.00s)
=== RUN TestAuditMessageGroup_AddMessage
--- PASS: TestAuditMessageGroup_AddMessage (0.00s)
=== RUN TestNewAuditMessageGroup
--- PASS: TestNewAuditMessageGroup (0.00s)
=== RUN Test_getUsername
--- PASS: Test_getUsername (0.00s)
=== RUN TestAuditMessageGroup_mapUids
--- PASS: TestAuditMessageGroup_mapUids (0.00s)
FAIL
exit status 1
FAIL go-audit 2.016s

[nbrownus]

That test is pretty brittle and assumes you are running without super user permissions. I am guessing you are running the tests as root?

[bob22233]

Same error for me.

# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.1 LTS
Release:	16.04
Codename:	xenial
# whoami
root
# id
uid=0(root) gid=0(root) groups=0(root)
# go version
go version go1.7.4 linux/amd64

Running on AWS.
Potentially related, I realized this problem when I tried running ./go-audit -config go-audit.yaml using https://github.com/slackhq/go-audit/blob/master/go-audit.yaml.example and noticed I had no stdout or log file output. So I figured I'd try running the tests.

[nbrownus]

The test is making sure errors opening a log file for writing is passed back to the caller, the way the test works assumes the running user will not have write access a file, which is not true for root.

I assume you haven't disabled auditd on your machine yet, only one process can currently see events from kernel audit. Try disabling auditd with systemctl stop auditd.service.

[bob22233]

That's fixed. Thank you.