Created
April 13, 2024 09:55
-
-
Save nsagot/a2b89f6f84df4eecce312fd03336b12a to your computer and use it in GitHub Desktop.
Sample of audit.log (Debian 11)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
type=DAEMON_START msg=audit(1713001228.814:9691): op=start ver=3.0 format=enriched kernel=5.10.0-18-arm64 auid=4294967295 pid=1392 uid=0 ses=4294967295 subj=unconfined res=successAUID="unset" UID="root" | |
type=CONFIG_CHANGE msg=audit(1713001228.818:17): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset" | |
type=CONFIG_CHANGE msg=audit(1713001228.818:18): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset" | |
type=CONFIG_CHANGE msg=audit(1713001228.818:19): op=set audit_backlog_wait_time=60000 old=15000 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset" | |
type=SERVICE_START msg=audit(1713001228.822:20): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_END msg=audit(1713001228.998:21): pid=1260 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=CRED_DISP msg=audit(1713001228.998:22): pid=1260 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_ACCT msg=audit(1713001319.478:23): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_CMD msg=audit(1713001319.478:24): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='cwd="/home/debian" cmd="su" exe="/usr/bin/sudo" terminal=pts/0 res=success'UID="debian" AUID="debian" | |
type=CRED_REFR msg=audit(1713001319.478:25): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_START msg=audit(1713001319.478:26): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_AUTH msg=audit(1713001319.482:27): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=USER_ACCT msg=audit(1713001319.486:28): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=CRED_ACQ msg=audit(1713001319.486:29): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=USER_START msg=audit(1713001319.486:30): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=BPF msg=audit(1713001401.326:31): prog-id=45 op=UNLOAD | |
type=BPF msg=audit(1713001401.326:32): prog-id=44 op=UNLOAD | |
type=BPF msg=audit(1713001401.326:33): prog-id=43 op=UNLOAD | |
type=BPF msg=audit(1713001401.326:34): prog-id=42 op=UNLOAD | |
type=BPF msg=audit(1713001401.326:35): prog-id=41 op=UNLOAD | |
type=BPF msg=audit(1713001401.326:36): prog-id=40 op=UNLOAD | |
type=BPF msg=audit(1713001401.370:37): prog-id=48 op=UNLOAD | |
type=BPF msg=audit(1713001401.370:38): prog-id=47 op=UNLOAD | |
type=BPF msg=audit(1713001401.370:39): prog-id=46 op=UNLOAD | |
type=BPF msg=audit(1713001401.370:40): prog-id=50 op=UNLOAD | |
type=BPF msg=audit(1713001401.370:41): prog-id=49 op=UNLOAD | |
type=BPF msg=audit(1713001401.422:42): prog-id=51 op=LOAD | |
type=BPF msg=audit(1713001401.422:43): prog-id=52 op=LOAD | |
type=BPF msg=audit(1713001401.422:44): prog-id=53 op=LOAD | |
type=BPF msg=audit(1713001401.422:45): prog-id=54 op=LOAD | |
type=BPF msg=audit(1713001401.426:46): prog-id=55 op=LOAD | |
type=BPF msg=audit(1713001401.426:47): prog-id=56 op=LOAD | |
type=BPF msg=audit(1713001401.426:48): prog-id=57 op=LOAD | |
type=BPF msg=audit(1713001401.426:49): prog-id=58 op=LOAD | |
type=BPF msg=audit(1713001401.426:50): prog-id=59 op=LOAD | |
type=BPF msg=audit(1713001401.426:51): prog-id=60 op=LOAD | |
type=BPF msg=audit(1713001401.426:52): prog-id=61 op=LOAD | |
type=BPF msg=audit(1713001401.446:53): prog-id=56 op=UNLOAD | |
type=BPF msg=audit(1713001401.446:54): prog-id=55 op=UNLOAD | |
type=BPF msg=audit(1713001401.446:55): prog-id=54 op=UNLOAD | |
type=BPF msg=audit(1713001401.446:56): prog-id=53 op=UNLOAD | |
type=BPF msg=audit(1713001401.446:57): prog-id=52 op=UNLOAD | |
type=BPF msg=audit(1713001401.446:58): prog-id=51 op=UNLOAD | |
type=BPF msg=audit(1713001401.482:59): prog-id=59 op=UNLOAD | |
type=BPF msg=audit(1713001401.482:60): prog-id=58 op=UNLOAD | |
type=BPF msg=audit(1713001401.482:61): prog-id=57 op=UNLOAD | |
type=BPF msg=audit(1713001401.482:62): prog-id=61 op=UNLOAD | |
type=BPF msg=audit(1713001401.482:63): prog-id=60 op=UNLOAD | |
type=BPF msg=audit(1713001401.526:64): prog-id=62 op=LOAD | |
type=BPF msg=audit(1713001401.526:65): prog-id=63 op=LOAD | |
type=BPF msg=audit(1713001401.526:66): prog-id=64 op=LOAD | |
type=BPF msg=audit(1713001401.526:67): prog-id=65 op=LOAD | |
type=BPF msg=audit(1713001401.526:68): prog-id=66 op=LOAD | |
type=BPF msg=audit(1713001401.526:69): prog-id=67 op=LOAD | |
type=BPF msg=audit(1713001401.526:70): prog-id=68 op=LOAD | |
type=BPF msg=audit(1713001401.530:71): prog-id=69 op=LOAD | |
type=BPF msg=audit(1713001401.530:72): prog-id=70 op=LOAD | |
type=BPF msg=audit(1713001401.530:73): prog-id=71 op=LOAD | |
type=BPF msg=audit(1713001401.530:74): prog-id=72 op=LOAD | |
type=BPF msg=audit(1713001401.578:75): prog-id=67 op=UNLOAD | |
type=BPF msg=audit(1713001401.578:76): prog-id=66 op=UNLOAD | |
type=BPF msg=audit(1713001401.578:77): prog-id=65 op=UNLOAD | |
type=BPF msg=audit(1713001401.582:78): prog-id=64 op=UNLOAD | |
type=BPF msg=audit(1713001401.582:79): prog-id=63 op=UNLOAD | |
type=BPF msg=audit(1713001401.582:80): prog-id=62 op=UNLOAD | |
type=BPF msg=audit(1713001401.618:81): prog-id=70 op=UNLOAD | |
type=BPF msg=audit(1713001401.618:82): prog-id=69 op=UNLOAD | |
type=BPF msg=audit(1713001401.618:83): prog-id=68 op=UNLOAD | |
type=BPF msg=audit(1713001401.618:84): prog-id=72 op=UNLOAD | |
type=BPF msg=audit(1713001401.618:85): prog-id=71 op=UNLOAD | |
type=BPF msg=audit(1713001401.662:86): prog-id=73 op=LOAD | |
type=BPF msg=audit(1713001401.662:87): prog-id=74 op=LOAD | |
type=BPF msg=audit(1713001401.662:88): prog-id=75 op=LOAD | |
type=BPF msg=audit(1713001401.662:89): prog-id=76 op=LOAD | |
type=BPF msg=audit(1713001401.662:90): prog-id=77 op=LOAD | |
type=BPF msg=audit(1713001401.662:91): prog-id=78 op=LOAD | |
type=BPF msg=audit(1713001401.666:92): prog-id=79 op=LOAD | |
type=BPF msg=audit(1713001401.666:93): prog-id=80 op=LOAD | |
type=BPF msg=audit(1713001401.666:94): prog-id=81 op=LOAD | |
type=BPF msg=audit(1713001401.666:95): prog-id=82 op=LOAD | |
type=BPF msg=audit(1713001401.666:96): prog-id=83 op=LOAD | |
type=BPF msg=audit(1713001401.674:97): prog-id=78 op=UNLOAD | |
type=BPF msg=audit(1713001401.674:98): prog-id=77 op=UNLOAD | |
type=BPF msg=audit(1713001401.674:99): prog-id=76 op=UNLOAD | |
type=BPF msg=audit(1713001401.674:100): prog-id=75 op=UNLOAD | |
type=BPF msg=audit(1713001401.674:101): prog-id=74 op=UNLOAD | |
type=BPF msg=audit(1713001401.674:102): prog-id=73 op=UNLOAD | |
type=BPF msg=audit(1713001401.710:103): prog-id=81 op=UNLOAD | |
type=BPF msg=audit(1713001401.710:104): prog-id=80 op=UNLOAD | |
type=BPF msg=audit(1713001401.710:105): prog-id=79 op=UNLOAD | |
type=BPF msg=audit(1713001401.710:106): prog-id=83 op=UNLOAD | |
type=BPF msg=audit(1713001401.710:107): prog-id=82 op=UNLOAD | |
type=BPF msg=audit(1713001401.758:108): prog-id=84 op=LOAD | |
type=BPF msg=audit(1713001401.758:109): prog-id=85 op=LOAD | |
type=BPF msg=audit(1713001401.758:110): prog-id=86 op=LOAD | |
type=BPF msg=audit(1713001401.758:111): prog-id=87 op=LOAD | |
type=BPF msg=audit(1713001401.762:112): prog-id=88 op=LOAD | |
type=BPF msg=audit(1713001401.762:113): prog-id=89 op=LOAD | |
type=BPF msg=audit(1713001401.762:114): prog-id=90 op=LOAD | |
type=BPF msg=audit(1713001401.762:115): prog-id=91 op=LOAD | |
type=BPF msg=audit(1713001401.762:116): prog-id=92 op=LOAD | |
type=BPF msg=audit(1713001401.762:117): prog-id=93 op=LOAD | |
type=BPF msg=audit(1713001401.762:118): prog-id=94 op=LOAD | |
type=SERVICE_START msg=audit(1713001401.790:119): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=BPF msg=audit(1713001401.846:120): prog-id=89 op=UNLOAD | |
type=BPF msg=audit(1713001401.846:121): prog-id=88 op=UNLOAD | |
type=BPF msg=audit(1713001401.846:122): prog-id=87 op=UNLOAD | |
type=BPF msg=audit(1713001401.846:123): prog-id=86 op=UNLOAD | |
type=BPF msg=audit(1713001401.846:124): prog-id=85 op=UNLOAD | |
type=BPF msg=audit(1713001401.846:125): prog-id=84 op=UNLOAD | |
type=BPF msg=audit(1713001401.878:126): prog-id=92 op=UNLOAD | |
type=BPF msg=audit(1713001401.878:127): prog-id=91 op=UNLOAD | |
type=BPF msg=audit(1713001401.878:128): prog-id=90 op=UNLOAD | |
type=BPF msg=audit(1713001401.878:129): prog-id=94 op=UNLOAD | |
type=BPF msg=audit(1713001401.878:130): prog-id=93 op=UNLOAD | |
type=BPF msg=audit(1713001401.926:131): prog-id=95 op=LOAD | |
type=BPF msg=audit(1713001401.926:132): prog-id=96 op=LOAD | |
type=BPF msg=audit(1713001401.926:133): prog-id=97 op=LOAD | |
type=BPF msg=audit(1713001401.930:134): prog-id=98 op=LOAD | |
type=BPF msg=audit(1713001401.930:135): prog-id=99 op=LOAD | |
type=BPF msg=audit(1713001401.930:136): prog-id=100 op=LOAD | |
type=BPF msg=audit(1713001401.930:137): prog-id=101 op=LOAD | |
type=BPF msg=audit(1713001401.930:138): prog-id=102 op=LOAD | |
type=BPF msg=audit(1713001401.930:139): prog-id=103 op=LOAD | |
type=BPF msg=audit(1713001401.930:140): prog-id=104 op=LOAD | |
type=BPF msg=audit(1713001401.930:141): prog-id=105 op=LOAD | |
type=BPF msg=audit(1713001401.942:142): prog-id=100 op=UNLOAD | |
type=BPF msg=audit(1713001401.942:143): prog-id=99 op=UNLOAD | |
type=BPF msg=audit(1713001401.942:144): prog-id=98 op=UNLOAD | |
type=BPF msg=audit(1713001401.942:145): prog-id=97 op=UNLOAD | |
type=BPF msg=audit(1713001401.942:146): prog-id=96 op=UNLOAD | |
type=BPF msg=audit(1713001401.942:147): prog-id=95 op=UNLOAD | |
type=BPF msg=audit(1713001401.974:148): prog-id=103 op=UNLOAD | |
type=BPF msg=audit(1713001401.974:149): prog-id=102 op=UNLOAD | |
type=BPF msg=audit(1713001401.974:150): prog-id=101 op=UNLOAD | |
type=BPF msg=audit(1713001401.974:151): prog-id=105 op=UNLOAD | |
type=BPF msg=audit(1713001401.974:152): prog-id=104 op=UNLOAD | |
type=BPF msg=audit(1713001402.014:153): prog-id=106 op=LOAD | |
type=BPF msg=audit(1713001402.014:154): prog-id=107 op=LOAD | |
type=BPF msg=audit(1713001402.018:155): prog-id=108 op=LOAD | |
type=BPF msg=audit(1713001402.018:156): prog-id=109 op=LOAD | |
type=BPF msg=audit(1713001402.018:157): prog-id=110 op=LOAD | |
type=BPF msg=audit(1713001402.018:158): prog-id=111 op=LOAD | |
type=BPF msg=audit(1713001402.018:159): prog-id=112 op=LOAD | |
type=BPF msg=audit(1713001402.018:160): prog-id=113 op=LOAD | |
type=BPF msg=audit(1713001402.018:161): prog-id=114 op=LOAD | |
type=BPF msg=audit(1713001402.022:162): prog-id=115 op=LOAD | |
type=BPF msg=audit(1713001402.022:163): prog-id=116 op=LOAD | |
type=SERVICE_START msg=audit(1713001402.034:164): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache-htcacheclean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=BPF msg=audit(1713001402.070:165): prog-id=111 op=UNLOAD | |
type=BPF msg=audit(1713001402.070:166): prog-id=110 op=UNLOAD | |
type=BPF msg=audit(1713001402.070:167): prog-id=109 op=UNLOAD | |
type=BPF msg=audit(1713001402.070:168): prog-id=108 op=UNLOAD | |
type=BPF msg=audit(1713001402.070:169): prog-id=107 op=UNLOAD | |
type=BPF msg=audit(1713001402.070:170): prog-id=106 op=UNLOAD | |
type=BPF msg=audit(1713001402.106:171): prog-id=114 op=UNLOAD | |
type=BPF msg=audit(1713001402.106:172): prog-id=113 op=UNLOAD | |
type=BPF msg=audit(1713001402.106:173): prog-id=112 op=UNLOAD | |
type=BPF msg=audit(1713001402.106:174): prog-id=116 op=UNLOAD | |
type=BPF msg=audit(1713001402.106:175): prog-id=115 op=UNLOAD | |
type=BPF msg=audit(1713001402.150:176): prog-id=117 op=LOAD | |
type=BPF msg=audit(1713001402.150:177): prog-id=118 op=LOAD | |
type=BPF msg=audit(1713001402.150:178): prog-id=119 op=LOAD | |
type=BPF msg=audit(1713001402.154:179): prog-id=120 op=LOAD | |
type=BPF msg=audit(1713001402.154:180): prog-id=121 op=LOAD | |
type=BPF msg=audit(1713001402.154:181): prog-id=122 op=LOAD | |
type=BPF msg=audit(1713001402.154:182): prog-id=123 op=LOAD | |
type=BPF msg=audit(1713001402.154:183): prog-id=124 op=LOAD | |
type=BPF msg=audit(1713001402.154:184): prog-id=125 op=LOAD | |
type=BPF msg=audit(1713001402.154:185): prog-id=126 op=LOAD | |
type=BPF msg=audit(1713001402.154:186): prog-id=127 op=LOAD | |
type=BPF msg=audit(1713001402.166:187): prog-id=122 op=UNLOAD | |
type=BPF msg=audit(1713001402.166:188): prog-id=121 op=UNLOAD | |
type=BPF msg=audit(1713001402.166:189): prog-id=120 op=UNLOAD | |
type=BPF msg=audit(1713001402.166:190): prog-id=119 op=UNLOAD | |
type=BPF msg=audit(1713001402.166:191): prog-id=118 op=UNLOAD | |
type=BPF msg=audit(1713001402.166:192): prog-id=117 op=UNLOAD | |
type=BPF msg=audit(1713001402.198:193): prog-id=125 op=UNLOAD | |
type=BPF msg=audit(1713001402.198:194): prog-id=124 op=UNLOAD | |
type=BPF msg=audit(1713001402.198:195): prog-id=123 op=UNLOAD | |
type=BPF msg=audit(1713001402.198:196): prog-id=127 op=UNLOAD | |
type=BPF msg=audit(1713001402.198:197): prog-id=126 op=UNLOAD | |
type=BPF msg=audit(1713001402.238:198): prog-id=128 op=LOAD | |
type=BPF msg=audit(1713001402.238:199): prog-id=129 op=LOAD | |
type=BPF msg=audit(1713001402.238:200): prog-id=130 op=LOAD | |
type=BPF msg=audit(1713001402.242:201): prog-id=131 op=LOAD | |
type=BPF msg=audit(1713001402.242:202): prog-id=132 op=LOAD | |
type=BPF msg=audit(1713001402.242:203): prog-id=133 op=LOAD | |
type=BPF msg=audit(1713001402.242:204): prog-id=134 op=LOAD | |
type=BPF msg=audit(1713001402.242:205): prog-id=135 op=LOAD | |
type=BPF msg=audit(1713001402.242:206): prog-id=136 op=LOAD | |
type=BPF msg=audit(1713001402.242:207): prog-id=137 op=LOAD | |
type=BPF msg=audit(1713001402.242:208): prog-id=138 op=LOAD | |
type=BPF msg=audit(1713001402.250:209): prog-id=133 op=UNLOAD | |
type=BPF msg=audit(1713001402.250:210): prog-id=132 op=UNLOAD | |
type=BPF msg=audit(1713001402.250:211): prog-id=131 op=UNLOAD | |
type=BPF msg=audit(1713001402.250:212): prog-id=130 op=UNLOAD | |
type=BPF msg=audit(1713001402.250:213): prog-id=129 op=UNLOAD | |
type=BPF msg=audit(1713001402.250:214): prog-id=128 op=UNLOAD | |
type=BPF msg=audit(1713001402.286:215): prog-id=136 op=UNLOAD | |
type=BPF msg=audit(1713001402.286:216): prog-id=135 op=UNLOAD | |
type=BPF msg=audit(1713001402.286:217): prog-id=134 op=UNLOAD | |
type=BPF msg=audit(1713001402.286:218): prog-id=138 op=UNLOAD | |
type=BPF msg=audit(1713001402.286:219): prog-id=137 op=UNLOAD | |
type=BPF msg=audit(1713001402.326:220): prog-id=139 op=LOAD | |
type=BPF msg=audit(1713001402.330:221): prog-id=140 op=LOAD | |
type=BPF msg=audit(1713001402.330:222): prog-id=141 op=LOAD | |
type=BPF msg=audit(1713001402.330:223): prog-id=142 op=LOAD | |
type=BPF msg=audit(1713001402.330:224): prog-id=143 op=LOAD | |
type=BPF msg=audit(1713001402.330:225): prog-id=144 op=LOAD | |
type=BPF msg=audit(1713001402.330:226): prog-id=145 op=LOAD | |
type=BPF msg=audit(1713001402.330:227): prog-id=146 op=LOAD | |
type=BPF msg=audit(1713001402.330:228): prog-id=147 op=LOAD | |
type=BPF msg=audit(1713001402.334:229): prog-id=148 op=LOAD | |
type=BPF msg=audit(1713001402.334:230): prog-id=149 op=LOAD | |
type=USER_END msg=audit(1713001543.466:231): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=CRED_DISP msg=audit(1713001543.466:232): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=USER_END msg=audit(1713001543.486:233): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=CRED_DISP msg=audit(1713001543.486:234): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_ACCT msg=audit(1713001546.274:235): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_CMD msg=audit(1713001546.274:236): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='cwd="/home/debian" cmd="su" exe="/usr/bin/sudo" terminal=pts/0 res=success'UID="debian" AUID="debian" | |
type=CRED_REFR msg=audit(1713001546.274:237): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_START msg=audit(1713001546.274:238): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_AUTH msg=audit(1713001546.278:239): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=USER_ACCT msg=audit(1713001546.278:240): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=CRED_ACQ msg=audit(1713001546.278:241): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=USER_START msg=audit(1713001546.294:242): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=BPF msg=audit(1713001609.370:243): prog-id=144 op=UNLOAD | |
type=BPF msg=audit(1713001609.370:244): prog-id=143 op=UNLOAD | |
type=BPF msg=audit(1713001609.370:245): prog-id=142 op=UNLOAD | |
type=BPF msg=audit(1713001609.370:246): prog-id=141 op=UNLOAD | |
type=BPF msg=audit(1713001609.370:247): prog-id=140 op=UNLOAD | |
type=BPF msg=audit(1713001609.370:248): prog-id=139 op=UNLOAD | |
type=BPF msg=audit(1713001609.402:249): prog-id=147 op=UNLOAD | |
type=BPF msg=audit(1713001609.402:250): prog-id=146 op=UNLOAD | |
type=BPF msg=audit(1713001609.402:251): prog-id=145 op=UNLOAD | |
type=BPF msg=audit(1713001609.402:252): prog-id=149 op=UNLOAD | |
type=BPF msg=audit(1713001609.402:253): prog-id=148 op=UNLOAD | |
type=BPF msg=audit(1713001609.502:254): prog-id=150 op=LOAD | |
type=BPF msg=audit(1713001609.502:255): prog-id=151 op=LOAD | |
type=BPF msg=audit(1713001609.502:256): prog-id=152 op=LOAD | |
type=BPF msg=audit(1713001609.506:257): prog-id=153 op=LOAD | |
type=BPF msg=audit(1713001609.506:258): prog-id=154 op=LOAD | |
type=BPF msg=audit(1713001609.506:259): prog-id=155 op=LOAD | |
type=BPF msg=audit(1713001609.506:260): prog-id=156 op=LOAD | |
type=BPF msg=audit(1713001609.506:261): prog-id=157 op=LOAD | |
type=BPF msg=audit(1713001609.506:262): prog-id=158 op=LOAD | |
type=BPF msg=audit(1713001609.506:263): prog-id=159 op=LOAD | |
type=BPF msg=audit(1713001609.506:264): prog-id=160 op=LOAD | |
type=BPF msg=audit(1713001609.534:265): prog-id=155 op=UNLOAD | |
type=BPF msg=audit(1713001609.534:266): prog-id=154 op=UNLOAD | |
type=BPF msg=audit(1713001609.534:267): prog-id=153 op=UNLOAD | |
type=BPF msg=audit(1713001609.534:268): prog-id=152 op=UNLOAD | |
type=BPF msg=audit(1713001609.534:269): prog-id=151 op=UNLOAD | |
type=BPF msg=audit(1713001609.534:270): prog-id=150 op=UNLOAD | |
type=BPF msg=audit(1713001609.566:271): prog-id=158 op=UNLOAD | |
type=BPF msg=audit(1713001609.566:272): prog-id=157 op=UNLOAD | |
type=BPF msg=audit(1713001609.566:273): prog-id=156 op=UNLOAD | |
type=BPF msg=audit(1713001609.566:274): prog-id=160 op=UNLOAD | |
type=BPF msg=audit(1713001609.566:275): prog-id=159 op=UNLOAD | |
type=BPF msg=audit(1713001609.618:276): prog-id=161 op=LOAD | |
type=BPF msg=audit(1713001609.618:277): prog-id=162 op=LOAD | |
type=BPF msg=audit(1713001609.618:278): prog-id=163 op=LOAD | |
type=BPF msg=audit(1713001609.618:279): prog-id=164 op=LOAD | |
type=BPF msg=audit(1713001609.618:280): prog-id=165 op=LOAD | |
type=BPF msg=audit(1713001609.618:281): prog-id=166 op=LOAD | |
type=BPF msg=audit(1713001609.618:282): prog-id=167 op=LOAD | |
type=BPF msg=audit(1713001609.618:283): prog-id=168 op=LOAD | |
type=BPF msg=audit(1713001609.622:284): prog-id=169 op=LOAD | |
type=BPF msg=audit(1713001609.622:285): prog-id=170 op=LOAD | |
type=BPF msg=audit(1713001609.622:286): prog-id=171 op=LOAD | |
type=SERVICE_STOP msg=audit(1713001609.650:287): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ssh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001609.654:288): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apt-daily-upgrade comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001609.654:289): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apt-daily-upgrade comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001609.670:290): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ssh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_LOGIN msg=audit(1713001630.774:291): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct="debian" exe="/usr/sbin/sshd" hostname=? addr=192.168.64.1 terminal=sshd res=failed'UID="root" AUID="unset" | |
type=USER_LOGIN msg=audit(1713001630.774:292): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct="debian" exe="/usr/sbin/sshd" hostname=? addr=192.168.64.1 terminal=sshd res=failed'UID="root" AUID="unset" | |
type=USER_AUTH msg=audit(1713001632.670:293): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:authentication grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset" | |
type=USER_ACCT msg=audit(1713001632.682:294): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset" | |
type=CRED_ACQ msg=audit(1713001632.682:295): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset" | |
type=LOGIN msg=audit(1713001632.682:296): pid=3466 uid=0 subj=unconfined old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=4 res=1UID="root" OLD-AUID="unset" AUID="debian" | |
type=USER_START msg=audit(1713001632.726:297): pid=3466 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_keyinit,pam_permit,pam_unix,pam_systemd,pam_mail,pam_limits,pam_env,pam_env,pam_selinux acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian" | |
type=CRED_ACQ msg=audit(1713001632.726:298): pid=3472 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian" | |
type=USER_LOGIN msg=audit(1713001632.738:299): pid=3466 uid=0 auid=1000 ses=4 subj=unconfined msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=/dev/pts/1 res=success'UID="root" AUID="debian" ID="debian" | |
type=USER_AUTH msg=audit(1713001636.138:300): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:authentication grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian" | |
type=USER_ACCT msg=audit(1713001636.138:301): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian" | |
type=USER_CMD msg=audit(1713001636.138:302): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='cwd="/home/debian" cmd="su" exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="debian" AUID="debian" | |
type=CRED_REFR msg=audit(1713001636.138:303): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian" | |
type=USER_START msg=audit(1713001636.138:304): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian" | |
type=USER_AUTH msg=audit(1713001636.142:305): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian" | |
type=USER_ACCT msg=audit(1713001636.142:306): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian" | |
type=CRED_ACQ msg=audit(1713001636.142:307): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian" | |
type=USER_START msg=audit(1713001636.146:308): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian" | |
type=DAEMON_END msg=audit(1713001682.225:9692): op=terminate auid=0 pid=1 subj=unconfined res=successAUID="root" | |
type=DAEMON_START msg=audit(1713001682.277:6650): op=start ver=3.0 format=enriched kernel=5.10.0-18-arm64 auid=4294967295 pid=3617 uid=0 ses=4294967295 subj=unconfined res=successAUID="unset" UID="root" | |
type=CONFIG_CHANGE msg=audit(1713001682.274:312): op=set audit_pid=3617 old=0 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset" | |
type=CONFIG_CHANGE msg=audit(1713001682.290:313): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset" | |
type=CONFIG_CHANGE msg=audit(1713001682.290:314): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:314): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffd32b27e0 a2=444 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:314): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:314): cwd="/" | |
type=PATH msg=audit(1713001682.290:314): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:314): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:315): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:315): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:315): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:315): cwd="/" | |
type=PATH msg=audit(1713001682.290:315): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:315): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:316): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:316): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:316): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:316): cwd="/" | |
type=PATH msg=audit(1713001682.290:316): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:316): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:317): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:317): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:317): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:317): cwd="/" | |
type=PATH msg=audit(1713001682.290:317): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:317): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:318): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:318): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:318): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:318): cwd="/" | |
type=PATH msg=audit(1713001682.290:318): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:318): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:319): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:319): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:319): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:319): cwd="/" | |
type=PATH msg=audit(1713001682.290:319): item=0 name="/etc/sudoers.d/" inode=536629 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:319): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:320): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:320): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:320): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.290:320): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:321): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:321): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:321): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:321): cwd="/" | |
type=PATH msg=audit(1713001682.290:321): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713001682.290:321): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:322): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:322): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:322): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.290:322): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:323): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:323): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:323): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:323): cwd="/" | |
type=PATH msg=audit(1713001682.290:323): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:323): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:324): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:324): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:324): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:324): cwd="/" | |
type=PATH msg=audit(1713001682.290:324): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:324): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:325): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:325): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:325): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:325): cwd="/" | |
type=PATH msg=audit(1713001682.290:325): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:325): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:326): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:326): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:326): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:326): cwd="/" | |
type=PATH msg=audit(1713001682.290:326): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:326): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:327): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:327): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:327): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:327): cwd="/" | |
type=PATH msg=audit(1713001682.290:327): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:327): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:328): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:328): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:328): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:328): cwd="/" | |
type=PATH msg=audit(1713001682.290:328): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:328): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:329): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:329): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:329): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:329): cwd="/" | |
type=PATH msg=audit(1713001682.290:329): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:329): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.290:330): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.290:330): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.290:330): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.290:330): cwd="/" | |
type=PATH msg=audit(1713001682.290:330): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.290:330): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:331): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:331): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:331): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:331): cwd="/" | |
type=PATH msg=audit(1713001682.294:331): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:331): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:332): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:332): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:332): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:332): cwd="/" | |
type=PATH msg=audit(1713001682.294:332): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:332): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:333): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:333): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:333): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:333): cwd="/" | |
type=PATH msg=audit(1713001682.294:333): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:333): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:334): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:334): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:334): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:334): cwd="/" | |
type=PATH msg=audit(1713001682.294:334): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:334): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:335): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-setuid" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:335): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:335): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.294:335): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:336): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-setuid" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:336): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:336): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.294:336): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:337): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:337): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:337): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:337): cwd="/" | |
type=PATH msg=audit(1713001682.294:337): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:337): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:338): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:338): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:338): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:338): cwd="/" | |
type=PATH msg=audit(1713001682.294:338): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:338): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:339): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:339): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:339): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:339): cwd="/" | |
type=PATH msg=audit(1713001682.294:339): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:339): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:340): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:340): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:340): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:340): cwd="/" | |
type=PATH msg=audit(1713001682.294:340): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:340): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:341): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:341): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:341): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:341): cwd="/" | |
type=PATH msg=audit(1713001682.294:341): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:341): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:342): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:342): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:342): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:342): cwd="/" | |
type=PATH msg=audit(1713001682.294:342): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:342): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:343): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:343): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:343): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:343): cwd="/" | |
type=PATH msg=audit(1713001682.294:343): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:343): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:344): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:344): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:344): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:344): cwd="/" | |
type=PATH msg=audit(1713001682.294:344): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:344): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:345): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:345): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:345): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:345): cwd="/" | |
type=PATH msg=audit(1713001682.294:345): item=0 name="/etc/security/" inode=523287 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:345): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:346): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:346): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:346): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:346): cwd="/" | |
type=PATH msg=audit(1713001682.294:346): item=0 name="/etc/security/" inode=523287 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:346): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:347): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:347): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffd32b27e0 a2=434 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:347): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.294:347): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:348): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:348): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffd32b27e0 a2=434 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:348): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.294:348): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:349): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:349): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffd32b27e0 a2=434 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:349): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.294:349): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:350): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:350): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffd32b27e0 a2=434 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:350): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.294:350): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:351): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:351): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffd32b27e0 a2=444 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:351): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:351): cwd="/" | |
type=PATH msg=audit(1713001682.294:351): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:351): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:352): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:352): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffd32b27e0 a2=444 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:352): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001682.294:352): cwd="/" | |
type=PATH msg=audit(1713001682.294:352): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001682.294:352): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:353): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.5.5-modification-audit" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:353): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:353): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.294:353): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001682.294:354): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.5.5-modification-audit" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001682.294:354): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001682.294:354): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001682.294:354): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=SERVICE_START msg=audit(1713001682.294:355): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_END msg=audit(1713001699.786:356): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=CRED_DISP msg=audit(1713001699.786:357): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=USER_END msg=audit(1713001699.790:358): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=CRED_DISP msg=audit(1713001699.790:359): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_END msg=audit(1713001699.802:360): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian" | |
type=CRED_DISP msg=audit(1713001699.802:361): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian" | |
type=USER_END msg=audit(1713001699.806:362): pid=3466 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_keyinit,pam_permit,pam_unix,pam_systemd,pam_mail,pam_limits,pam_env,pam_env,pam_selinux acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian" | |
type=CRED_DISP msg=audit(1713001699.806:363): pid=3466 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian" | |
type=SERVICE_STOP msg=audit(1713001699.806:364): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=lm-sensors comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_LOGOUT msg=audit(1713001699.810:365): pid=667 uid=0 auid=1000 ses=2 subj=unconfined msg='op=logout id=1000 exe="/usr/sbin/lightdm" hostname=debian addr=? terminal=/dev/tty7 res=success'UID="root" AUID="debian" ID="debian" | |
type=SERVICE_STOP msg=audit(1713001699.818:366): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=anacron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.822:367): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.822:368): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=rtkit-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.826:369): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=upower comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.830:370): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=qemu-guest-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.830:371): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.830:372): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=serial-getty@ttyAMA0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.830:373): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=colord comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.834:374): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.834:375): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache-htcacheclean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.838:376): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ssh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=BPF msg=audit(1713001699.850:377): prog-id=171 op=UNLOAD | |
type=BPF msg=audit(1713001699.850:378): prog-id=170 op=UNLOAD | |
type=SERVICE_STOP msg=audit(1713001699.850:379): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.850:380): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.858:381): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.862:382): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=hddtemp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.862:383): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.894:384): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=spice-vdagentd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.902:385): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=alsa-restore comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.906:386): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cups-browsed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.922:387): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ModemManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.922:388): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=avahi-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.926:389): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cups comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.926:390): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=udisks2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.946:391): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001699.974:392): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001700.206:393): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=lightdm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001700.226:394): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=plymouth-reboot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_END msg=audit(1713001701.806:395): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian" | |
type=CRED_DISP msg=audit(1713001701.806:396): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian" | |
type=SERVICE_STOP msg=audit(1713001701.850:397): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.870:398): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=BPF msg=audit(1713001701.878:399): prog-id=167 op=UNLOAD | |
type=SERVICE_STOP msg=audit(1713001701.878:400): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.882:401): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.894:402): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=networking comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.902:403): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=wpa_supplicant comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.954:404): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.970:405): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.990:406): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.990:407): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-modules-load comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SYSTEM_SHUTDOWN msg=audit(1713001701.994:408): pid=3701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001701.998:409): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=DAEMON_END msg=audit(1713001702.000:6651): op=terminate auid=0 pid=1 subj=unconfined res=successAUID="root" | |
type=DAEMON_START msg=audit(1713001714.518:7134): op=start ver=3.0 format=enriched kernel=5.10.0-18-arm64 auid=4294967295 pid=346 uid=0 ses=4294967295 subj=unconfined res=successAUID="unset" UID="root" | |
type=AVC msg=audit(1713001714.516:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/aarch64-linux-gnu/lightdm/lightdm-guest-session" pid=315 comm="apparmor_parser" | |
type=AVC msg=audit(1713001714.516:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/aarch64-linux-gnu/lightdm/lightdm-guest-session//chromium" pid=315 comm="apparmor_parser" | |
type=AVC msg=audit(1713001714.516:12): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=316 comm="apparmor_parser" | |
type=AVC msg=audit(1713001714.516:13): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd" pid=316 comm="apparmor_parser" | |
type=AVC msg=audit(1713001714.516:14): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=316 comm="apparmor_parser" | |
type=SERVICE_START msg=audit(1713001714.516:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apparmor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=CONFIG_CHANGE msg=audit(1713001714.536:16): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset" | |
type=CONFIG_CHANGE msg=audit(1713001714.536:17): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:17): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffc985abf0 a2=444 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:17): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:17): cwd="/" | |
type=PATH msg=audit(1713001714.536:17): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:17): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:18): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:18): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:18): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:18): cwd="/" | |
type=PATH msg=audit(1713001714.536:18): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:18): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:19): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:19): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:19): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:19): cwd="/" | |
type=PATH msg=audit(1713001714.536:19): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:19): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:20): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:20): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:20): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:20): cwd="/" | |
type=PATH msg=audit(1713001714.536:20): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:20): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:21): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:21): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:21): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:21): cwd="/" | |
type=PATH msg=audit(1713001714.536:21): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:21): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:22): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:22): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:22): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:22): cwd="/" | |
type=PATH msg=audit(1713001714.536:22): item=0 name="/etc/sudoers.d/" inode=536629 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:22): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:23): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:23): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:23): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.536:23): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:24): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:24): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:24): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:24): cwd="/" | |
type=PATH msg=audit(1713001714.536:24): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713001714.536:24): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:25): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:25): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:25): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.536:25): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:26): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:26): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:26): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:26): cwd="/" | |
type=PATH msg=audit(1713001714.536:26): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:26): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:27): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:27): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:27): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:27): cwd="/" | |
type=PATH msg=audit(1713001714.536:27): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:27): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:28): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:28): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:28): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:28): cwd="/" | |
type=PATH msg=audit(1713001714.536:28): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:28): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:29): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:29): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:29): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:29): cwd="/" | |
type=PATH msg=audit(1713001714.536:29): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:29): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:30): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:30): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:30): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:30): cwd="/" | |
type=PATH msg=audit(1713001714.536:30): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:30): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:31): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:31): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:31): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:31): cwd="/" | |
type=PATH msg=audit(1713001714.536:31): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:31): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:32): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:32): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:32): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:32): cwd="/" | |
type=PATH msg=audit(1713001714.536:32): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:32): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:33): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:33): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:33): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:33): cwd="/" | |
type=PATH msg=audit(1713001714.536:33): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:33): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:34): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:34): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:34): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:34): cwd="/" | |
type=PATH msg=audit(1713001714.536:34): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:34): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:35): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:35): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:35): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:35): cwd="/" | |
type=PATH msg=audit(1713001714.536:35): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:35): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:36): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:36): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:36): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:36): cwd="/" | |
type=PATH msg=audit(1713001714.536:36): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:36): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:37): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:37): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:37): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:37): cwd="/" | |
type=PATH msg=audit(1713001714.536:37): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:37): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:38): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-setuid" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:38): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:38): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.536:38): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:39): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-setuid" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:39): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:39): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.536:39): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:40): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:40): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:40): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:40): cwd="/" | |
type=PATH msg=audit(1713001714.536:40): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:40): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:41): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:41): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:41): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:41): cwd="/" | |
type=PATH msg=audit(1713001714.536:41): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:41): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:42): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:42): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:42): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:42): cwd="/" | |
type=PATH msg=audit(1713001714.536:42): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:42): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:43): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:43): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:43): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:43): cwd="/" | |
type=PATH msg=audit(1713001714.536:43): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:43): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:44): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:44): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:44): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:44): cwd="/" | |
type=PATH msg=audit(1713001714.536:44): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:44): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:45): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:45): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:45): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:45): cwd="/" | |
type=PATH msg=audit(1713001714.536:45): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:45): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:46): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:46): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:46): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:46): cwd="/" | |
type=PATH msg=audit(1713001714.536:46): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:46): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.536:47): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.536:47): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.536:47): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.536:47): cwd="/" | |
type=PATH msg=audit(1713001714.536:47): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.536:47): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:48): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:48): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:48): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.540:48): cwd="/" | |
type=PATH msg=audit(1713001714.540:48): item=0 name="/etc/security/" inode=523287 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.540:48): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:49): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:49): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:49): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.540:49): cwd="/" | |
type=PATH msg=audit(1713001714.540:49): item=0 name="/etc/security/" inode=523287 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.540:49): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:50): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:50): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffc985abf0 a2=434 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:50): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.540:50): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:51): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:51): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffc985abf0 a2=434 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:51): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.540:51): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:52): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:52): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffc985abf0 a2=434 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:52): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.540:52): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:53): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:53): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffc985abf0 a2=434 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:53): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.540:53): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:54): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:54): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffc985abf0 a2=444 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:54): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.540:54): cwd="/" | |
type=PATH msg=audit(1713001714.540:54): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.540:54): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:55): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:55): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffc985abf0 a2=444 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:55): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=CWD msg=audit(1713001714.540:55): cwd="/" | |
type=PATH msg=audit(1713001714.540:55): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001714.540:55): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:56): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.5.5-modification-audit" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:56): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:56): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.540:56): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=CONFIG_CHANGE msg=audit(1713001714.540:57): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.5.5-modification-audit" list=4 res=1AUID="unset" | |
type=SYSCALL msg=audit(1713001714.540:57): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=SOCKADDR msg=audit(1713001714.540:57): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 } | |
type=PROCTITLE msg=audit(1713001714.540:57): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 | |
type=SERVICE_START msg=audit(1713001714.540:58): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SYSTEM_BOOT msg=audit(1713001714.544:59): pid=415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.548:60): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.556:61): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=anacron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.560:62): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.560:63): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.572:64): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=qemu-guest-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=BPF msg=audit(1713001714.576:65): prog-id=9 op=LOAD | |
type=BPF msg=audit(1713001714.576:66): prog-id=10 op=LOAD | |
type=BPF msg=audit(1713001714.576:67): prog-id=11 op=LOAD | |
type=SERVICE_START msg=audit(1713001714.580:68): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=networking comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.584:69): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=lm-sensors comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SYSCALL msg=audit(1713001714.600:70): arch=c00000b7 syscall=112 success=yes exit=0 a0=0 a1=ffffcf05a038 a2=3b9ac9ff a3=1908fb38 items=0 ppid=1 pid=459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu-ga" exe="/usr/sbin/qemu-ga" subj=unconfined key="10.4.2b-time-change"ARCH=aarch64 SYSCALL=clock_settime AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=TIME_INJOFFSET msg=audit(1713001714.600:70): sec=-1 nsec=815445417 | |
type=PROCTITLE msg=audit(1713001714.600:70): proctitle="/usr/sbin/qemu-ga" | |
type=SERVICE_START msg=audit(1713001714.432:71): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.436:72): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=e2scrub_reap comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001714.436:73): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=e2scrub_reap comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.448:74): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=alsa-restore comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.448:75): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.448:76): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=avahi-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.452:77): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=wpa_supplicant comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.460:78): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.488:79): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.500:80): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=BPF msg=audit(1713001714.504:81): prog-id=12 op=LOAD | |
type=BPF msg=audit(1713001714.504:82): prog-id=13 op=LOAD | |
type=BPF msg=audit(1713001714.504:83): prog-id=14 op=LOAD | |
type=SERVICE_START msg=audit(1713001714.528:84): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=udisks2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=AVC msg=audit(1713001714.532:85): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=492 comm="cupsd" capability=12 capname="net_admin" | |
type=SYSCALL msg=audit(1713001714.532:85): arch=c00000b7 syscall=208 success=no exit=-1 a0=a a1=1 a2=20 a3=ffffc9693134 items=0 ppid=1 pid=492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cupsd" exe="/usr/sbin/cupsd" subj=/usr/sbin/cupsd (enforce) key=(null)ARCH=aarch64 SYSCALL=setsockopt AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=PROCTITLE msg=audit(1713001714.532:85): proctitle=2F7573722F7362696E2F6375707364002D6C | |
type=SERVICE_START msg=audit(1713001714.536:86): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cups comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.536:87): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cups-browsed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.536:88): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ssh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.536:89): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.540:90): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.540:91): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.544:92): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=serial-getty@ttyAMA0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.544:93): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=lightdm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.564:94): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ModemManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.564:95): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=AVC msg=audit(1713001714.576:96): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=528 comm="cups-browsed" capability=23 capname="sys_nice" | |
type=SYSCALL msg=audit(1713001714.576:96): arch=c00000b7 syscall=274 success=yes exit=0 a0=210 a1=aaaaccfbc470 a2=0 a3=3 items=0 ppid=1 pid=528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cups-browsed" exe="/usr/sbin/cups-browsed" subj=/usr/sbin/cups-browsed (enforce) key=(null)ARCH=aarch64 SYSCALL=sched_setattr AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=PROCTITLE msg=audit(1713001714.576:96): proctitle="/usr/sbin/cups-browsed" | |
type=SERVICE_START msg=audit(1713001714.580:97): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.856:98): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.872:99): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=hddtemp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SYSTEM_RUNLEVEL msg=audit(1713001714.876:100): pid=649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='old-level=N new-level=5 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.876:101): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001714.876:102): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=CRED_ACQ msg=audit(1713001714.980:103): pid=654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001714.988:104): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user-runtime-dir@113 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_ACCT msg=audit(1713001714.992:105): pid=658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=CRED_ACQ msg=audit(1713001714.992:106): pid=658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=LOGIN msg=audit(1713001714.992:107): pid=658 uid=0 subj=unconfined old-auid=4294967295 auid=113 tty=(none) old-ses=4294967295 ses=1 res=1UID="root" OLD-AUID="unset" AUID="lightdm" | |
type=SYSCALL msg=audit(1713001714.992:107): arch=c00000b7 syscall=64 success=yes exit=3 a0=7 a1=ffffd92b60b0 a2=3 a3=0 items=0 ppid=1 pid=658 auid=113 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=write AUID="lightdm" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=PROCTITLE msg=audit(1713001714.992:107): proctitle="(systemd)" | |
type=USER_START msg=audit(1713001714.996:108): pid=658 uid=0 auid=113 ses=1 subj=unconfined msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_limits,pam_permit,pam_unix,pam_keyinit,pam_systemd acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="lightdm" | |
type=USYS_CONFIG msg=audit(1713001714.996:109): pid=467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001715.052:110): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user@113 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_START msg=audit(1713001715.060:111): pid=654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_unix,pam_systemd acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'UID="root" AUID="unset" | |
type=SERVICE_START msg=audit(1713001715.080:112): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=rtkit-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_LOGIN msg=audit(1713001716.556:113): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct="debian" exe="/usr/sbin/sshd" hostname=? addr=192.168.64.1 terminal=sshd res=failed'UID="root" AUID="unset" | |
type=USER_LOGIN msg=audit(1713001716.564:114): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct="debian" exe="/usr/sbin/sshd" hostname=? addr=192.168.64.1 terminal=sshd res=failed'UID="root" AUID="unset" | |
type=USER_AUTH msg=audit(1713001718.388:115): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:authentication grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset" | |
type=USER_ACCT msg=audit(1713001718.400:116): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset" | |
type=CRED_ACQ msg=audit(1713001718.400:117): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset" | |
type=LOGIN msg=audit(1713001718.400:118): pid=737 uid=0 subj=unconfined old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1UID="root" OLD-AUID="unset" AUID="debian" | |
type=SYSCALL msg=audit(1713001718.400:118): arch=c00000b7 syscall=64 success=yes exit=4 a0=3 a1=ffffe67feaa0 a2=4 a3=ffff963e9010 items=0 ppid=527 pid=737 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="sshd" exe="/usr/sbin/sshd" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=write AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=PROCTITLE msg=audit(1713001718.400:118): proctitle=737368643A2064656269616E205B707269765D | |
type=SERVICE_START msg=audit(1713001718.412:119): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_ACCT msg=audit(1713001718.416:120): pid=748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=CRED_ACQ msg=audit(1713001718.416:121): pid=748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=LOGIN msg=audit(1713001718.416:122): pid=748 uid=0 subj=unconfined old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=3 res=1UID="root" OLD-AUID="unset" AUID="debian" | |
type=SYSCALL msg=audit(1713001718.416:122): arch=c00000b7 syscall=64 success=yes exit=4 a0=7 a1=ffffd92b60b0 a2=4 a3=0 items=0 ppid=1 pid=748 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=write AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=PROCTITLE msg=audit(1713001718.416:122): proctitle="(systemd)" | |
type=USER_START msg=audit(1713001718.416:123): pid=748 uid=0 auid=1000 ses=3 subj=unconfined msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_limits,pam_permit,pam_unix,pam_keyinit,pam_systemd acct="debian" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="debian" | |
type=SERVICE_START msg=audit(1713001718.452:124): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_START msg=audit(1713001718.460:125): pid=737 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_keyinit,pam_permit,pam_unix,pam_systemd,pam_mail,pam_limits,pam_env,pam_env,pam_selinux acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian" | |
type=CRED_ACQ msg=audit(1713001718.460:126): pid=768 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian" | |
type=USER_LOGIN msg=audit(1713001718.476:127): pid=737 uid=0 auid=1000 ses=2 subj=unconfined msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=/dev/pts/0 res=success'UID="root" AUID="debian" ID="debian" | |
type=SYSCALL msg=audit(1713001721.136:128): arch=c00000b7 syscall=221 success=yes exit=0 a0=aaaad463e040 a1=aaaad4632f50 a2=aaaad4635f40 a3=ffff858be640 items=3 ppid=769 pid=776 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=unconfined key="10.2.5.b-elevated-privs-setuid"ARCH=aarch64 SYSCALL=execve AUID="debian" UID="debian" GID="debian" EUID="root" SUID="root" FSUID="root" EGID="debian" SGID="debian" FSGID="debian" | |
type=EXECVE msg=audit(1713001721.136:128): argc=2 a0="sudo" a1="su" | |
type=CWD msg=audit(1713001721.136:128): cwd="/home/debian" | |
type=PATH msg=audit(1713001721.136:128): item=0 name="/usr/bin/sudo" inode=411641 dev=fe:02 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PATH msg=audit(1713001721.136:128): item=1 name="/usr/bin/sudo" inode=411641 dev=fe:02 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PATH msg=audit(1713001721.136:128): item=2 name="/lib/ld-linux-aarch64.so.1" inode=392466 dev=fe:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" | |
type=PROCTITLE msg=audit(1713001721.136:128): proctitle=7375646F007375 | |
type=SYSCALL msg=audit(1713001721.164:129): arch=c00000b7 syscall=147 success=yes exit=0 a0=0 a1=ffffffff a2=ffffffff a3=ffff86823358 items=0 ppid=769 pid=776 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=unconfined key="10.2.5.b-elevated-privs-session"ARCH=aarch64 SYSCALL=setresuid AUID="debian" UID="root" GID="debian" EUID="root" SUID="root" FSUID="root" EGID="debian" SGID="debian" FSGID="debian" | |
type=PROCTITLE msg=audit(1713001721.164:129): proctitle=7375646F007375 | |
type=USER_AUTH msg=audit(1713001722.120:130): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:authentication grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_ACCT msg=audit(1713001722.120:131): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_CMD msg=audit(1713001722.120:132): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='cwd="/home/debian" cmd="su" exe="/usr/bin/sudo" terminal=pts/0 res=success'UID="debian" AUID="debian" | |
type=CRED_REFR msg=audit(1713001722.120:133): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=USER_START msg=audit(1713001722.120:134): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian" | |
type=SYSCALL msg=audit(1713001722.120:135): arch=c00000b7 syscall=147 success=yes exit=0 a0=0 a1=0 a2=0 a3=ffff86823358 items=0 ppid=776 pid=777 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=unconfined key="10.2.5.b-elevated-privs-session"ARCH=aarch64 SYSCALL=setresuid AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=PROCTITLE msg=audit(1713001722.120:135): proctitle=7375646F007375 | |
type=USER_AUTH msg=audit(1713001722.124:136): pid=777 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=USER_ACCT msg=audit(1713001722.124:137): pid=777 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=CRED_ACQ msg=audit(1713001722.128:138): pid=777 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=USER_START msg=audit(1713001722.128:139): pid=777 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=SYSCALL msg=audit(1713001722.128:140): arch=c00000b7 syscall=146 success=yes exit=0 a0=0 a1=ffffc370a518 a2=ffffc370a180 a3=ffffb8509358 items=0 ppid=777 pid=778 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="su" exe="/usr/bin/su" subj=unconfined key="10.2.5.b-elevated-privs-session"ARCH=aarch64 SYSCALL=setuid AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=PROCTITLE msg=audit(1713001722.128:140): proctitle="su" | |
type=SERVICE_STOP msg=audit(1713001724.936:141): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SYSCALL msg=audit(1713001729.632:142): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=aaaaf6556d70 a2=84800 a3=0 items=1 ppid=777 pid=778 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="bash" exe="/usr/bin/bash" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=CWD msg=audit(1713001729.632:142): cwd="/home/debian" | |
type=PATH msg=audit(1713001729.632:142): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713001729.632:142): proctitle="su" | |
type=SYSCALL msg=audit(1713001730.140:143): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=ffffd5c5889a a2=0 a3=0 items=1 ppid=778 pid=779 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cat" exe="/usr/bin/cat" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=CWD msg=audit(1713001730.140:143): cwd="/home/debian" | |
type=PATH msg=audit(1713001730.140:143): item=0 name="/var/log/audit/audit.log" inode=916940 dev=fe:02 mode=0100640 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713001730.140:143): proctitle=636174002F7661722F6C6F672F61756469742F61756469742E6C6F67 | |
type=SERVICE_STOP msg=audit(1713001744.280:144): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-fsckd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=SERVICE_STOP msg=audit(1713001744.568:145): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=BPF msg=audit(1713001744.620:146): prog-id=14 op=UNLOAD | |
type=BPF msg=audit(1713001744.620:147): prog-id=13 op=UNLOAD | |
type=BPF msg=audit(1713001744.620:148): prog-id=12 op=UNLOAD | |
type=SYSCALL msg=audit(1713001748.720:149): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=ffffe2bee89a a2=0 a3=0 items=1 ppid=778 pid=785 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cat" exe="/usr/bin/cat" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=CWD msg=audit(1713001748.720:149): cwd="/home/debian" | |
type=PATH msg=audit(1713001748.720:149): item=0 name="/var/log/audit/audit.log" inode=916940 dev=fe:02 mode=0100640 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713001748.720:149): proctitle=636174002F7661722F6C6F672F61756469742F61756469742E6C6F67 | |
type=SERVICE_START msg=audit(1713001768.236:150): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" | |
type=USER_ACCT msg=audit(1713001827.888:151): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian" | |
type=USER_CMD msg=audit(1713001827.888:152): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='cwd="/home/debian" cmd=6170742D67657420696E7374616C6C20646E737574696C73 exe="/usr/bin/sudo" terminal=pts/0 res=success'UID="root" AUID="debian" | |
type=CRED_REFR msg=audit(1713001827.888:153): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian" | |
type=USER_START msg=audit(1713001827.888:154): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian" | |
type=SYSCALL msg=audit(1713001827.892:155): arch=c00000b7 syscall=147 success=yes exit=0 a0=0 a1=0 a2=0 a3=ffff8b8f2358 items=0 ppid=1230 pid=1231 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=unconfined key="10.2.5.b-elevated-privs-session"ARCH=aarch64 SYSCALL=setresuid AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=PROCTITLE msg=audit(1713001827.892:155): proctitle=7375646F006170742D67657400696E7374616C6C00646E737574696C73 | |
type=USER_END msg=audit(1713001829.888:156): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian" | |
type=CRED_DISP msg=audit(1713001829.888:157): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian" | |
type=SYSCALL msg=audit(1713001952.596:158): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=aaaaf6558d70 a2=84800 a3=0 items=1 ppid=777 pid=778 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="bash" exe="/usr/bin/bash" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=CWD msg=audit(1713001952.596:158): cwd="/home/debian" | |
type=PATH msg=audit(1713001952.596:158): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713001952.596:158): proctitle="su" | |
type=SYSCALL msg=audit(1713001959.604:159): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=aaab12893490 a2=0 a3=0 items=1 ppid=778 pid=1542 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="curl" exe="/usr/bin/curl" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=CWD msg=audit(1713001959.604:159): cwd="/home/debian" | |
type=PATH msg=audit(1713001959.604:159): item=0 name="/var/log/audit/audit.log" inode=916940 dev=fe:02 mode=0100640 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713001959.604:159): proctitle=6375726C002D2D75706C6F61642D66696C65002F7661722F6C6F672F61756469742F61756469742E6C6F670068747470733A2F2F7472616E736665722E73682F61756469742E6C6F67 | |
type=SYSCALL msg=audit(1713002003.008:160): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=aaaaf6558730 a2=84800 a3=0 items=1 ppid=777 pid=778 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="bash" exe="/usr/bin/bash" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=CWD msg=audit(1713002003.008:160): cwd="/home/debian" | |
type=PATH msg=audit(1713002003.008:160): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713002003.008:160): proctitle="su" | |
type=SYSCALL msg=audit(1713002007.576:161): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=fffff99ea88e a2=0 a3=0 items=1 ppid=778 pid=1544 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cp" exe="/usr/bin/cp" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" | |
type=CWD msg=audit(1713002007.576:161): cwd="/home/debian" | |
type=PATH msg=audit(1713002007.576:161): item=0 name="/var/log/audit/audit.log" inode=916940 dev=fe:02 mode=0100640 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm" | |
type=PROCTITLE msg=audit(1713002007.576:161): proctitle=6370002F7661722F6C6F672F61756469742F61756469742E6C6F67002F686F6D652F64656269616E2F |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment