Skip to content

Commit

Permalink
fix(auditbeat/fim/fsnotify): remove time window where a child file op…
Browse files Browse the repository at this point in the history
…eration in of a directory can be lost
  • Loading branch information
pkoutsovasilis committed Apr 22, 2024
1 parent fe8ebd0 commit c7759a6
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 15 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
- Change cache processor documentation from `write_period` to `write_interval`. {pull}38561[38561]
- Fix cache processor expiries heap cleanup on partial file writes. {pull}38561[38561]
- Fix cache processor expiries infinite growth when large a large TTL is used and recurring keys are cached. {pull}38561[38561]
- Prevent scenario of losing children-related file events in a directory for recursive fsnotify backend of auditbeat file integrity module {pull}0[0]

*Auditbeat*

Expand Down
7 changes: 6 additions & 1 deletion auditbeat/module/file_integrity/monitor/monitor_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,11 @@ func TestRecursiveSubdirPermissions(t *testing.T) {
t.Skip("Skipping permissions test on Windows")
}

if os.Getuid() == 0 {
t.Skip("skipping as root can access every file and thus this unittest will fail")
return
}

// Create dir to be watched

dir, err := os.MkdirTemp("", "monitor")
Expand Down Expand Up @@ -202,7 +207,7 @@ func TestRecursiveSubdirPermissions(t *testing.T) {
for {
// No event is received
ev, err := readTimeout(t, watcher)
if err == errReadTimeout {
if errors.Is(err, errReadTimeout) {
break
}
assertNoError(t, err)
Expand Down
51 changes: 37 additions & 14 deletions auditbeat/module/file_integrity/monitor/recursive.go
Original file line number Diff line number Diff line change
Expand Up @@ -84,37 +84,60 @@ func (watcher *recursiveWatcher) ErrorChannel() <-chan error {
return watcher.inner.Errors
}

func (watcher *recursiveWatcher) watchFile(path string, info os.FileInfo) error {
var err error
if info == nil {
info, err = os.Lstat(path)
if err != nil {
return err
}
}

if info.IsDir() {
if err = watcher.tree.AddDir(path); err == nil {
if err = watcher.inner.Add(path); err != nil {
return fmt.Errorf("failed adding watcher to '%s': %w", path, err)
}
}
} else {
err = watcher.tree.AddFile(path)
}
return err
}

func (watcher *recursiveWatcher) addRecursive(path string) error {
if watcher.isExcludedPath(path) {
return nil
}

if err := watcher.watchFile(path, nil); err != nil {
return fmt.Errorf("failed adding watcher to '%s': %w", path, err)
}

var errs multierror.Errors
err := filepath.Walk(path, func(path string, info os.FileInfo, fnErr error) error {
if watcher.isExcludedPath(path) {
err := filepath.Walk(path, func(walkPath string, info os.FileInfo, fnErr error) error {
if walkPath == path {
return nil
}

if watcher.isExcludedPath(walkPath) {
return nil
}

if fnErr != nil {
errs = append(errs, fmt.Errorf("error walking path '%s': %w", path, fnErr))
errs = append(errs, fmt.Errorf("error walking path '%s': %w", walkPath, fnErr))
// If FileInfo is not nil, the directory entry can be processed
// even if there was some error
if info == nil {
return nil
}
}
var err error
if info.IsDir() {
if err = watcher.tree.AddDir(path); err == nil {
if err = watcher.inner.Add(path); err != nil {
errs = append(errs, fmt.Errorf("failed adding watcher to '%s': %w", path, err))
return nil
}
}
} else {
err = watcher.tree.AddFile(path)

if err := watcher.watchFile(walkPath, info); err != nil {
errs = append(errs, fmt.Errorf("failed adding watcher to '%s': %w", walkPath, err))
}
return err

return nil
})
watcher.log.Debugw("Added recursive watch", "path", path)

Expand Down

0 comments on commit c7759a6

Please sign in to comment.