Skip to content

Instantly share code, notes, and snippets.

@nsagot

nsagot/audit.log

Created April 13, 2024 09:55
Show Gist options
  • Save nsagot/a2b89f6f84df4eecce312fd03336b12a to your computer and use it in GitHub Desktop.
Save nsagot/a2b89f6f84df4eecce312fd03336b12a to your computer and use it in GitHub Desktop.
Download ZIP
Sample of audit.log (Debian 11)
Raw
audit.log
type=DAEMON_START msg=audit(1713001228.814:9691): op=start ver=3.0 format=enriched kernel=5.10.0-18-arm64 auid=4294967295 pid=1392 uid=0 ses=4294967295 subj=unconfined res=successAUID="unset" UID="root"
type=CONFIG_CHANGE msg=audit(1713001228.818:17): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
type=CONFIG_CHANGE msg=audit(1713001228.818:18): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
type=CONFIG_CHANGE msg=audit(1713001228.818:19): op=set audit_backlog_wait_time=60000 old=15000 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
type=SERVICE_START msg=audit(1713001228.822:20): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_END msg=audit(1713001228.998:21): pid=1260 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=CRED_DISP msg=audit(1713001228.998:22): pid=1260 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_ACCT msg=audit(1713001319.478:23): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_CMD msg=audit(1713001319.478:24): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='cwd="/home/debian" cmd="su" exe="/usr/bin/sudo" terminal=pts/0 res=success'UID="debian" AUID="debian"
type=CRED_REFR msg=audit(1713001319.478:25): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_START msg=audit(1713001319.478:26): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_AUTH msg=audit(1713001319.482:27): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=USER_ACCT msg=audit(1713001319.486:28): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=CRED_ACQ msg=audit(1713001319.486:29): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=USER_START msg=audit(1713001319.486:30): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=BPF msg=audit(1713001401.326:31): prog-id=45 op=UNLOAD
type=BPF msg=audit(1713001401.326:32): prog-id=44 op=UNLOAD
type=BPF msg=audit(1713001401.326:33): prog-id=43 op=UNLOAD
type=BPF msg=audit(1713001401.326:34): prog-id=42 op=UNLOAD
type=BPF msg=audit(1713001401.326:35): prog-id=41 op=UNLOAD
type=BPF msg=audit(1713001401.326:36): prog-id=40 op=UNLOAD
type=BPF msg=audit(1713001401.370:37): prog-id=48 op=UNLOAD
type=BPF msg=audit(1713001401.370:38): prog-id=47 op=UNLOAD
type=BPF msg=audit(1713001401.370:39): prog-id=46 op=UNLOAD
type=BPF msg=audit(1713001401.370:40): prog-id=50 op=UNLOAD
type=BPF msg=audit(1713001401.370:41): prog-id=49 op=UNLOAD
type=BPF msg=audit(1713001401.422:42): prog-id=51 op=LOAD
type=BPF msg=audit(1713001401.422:43): prog-id=52 op=LOAD
type=BPF msg=audit(1713001401.422:44): prog-id=53 op=LOAD
type=BPF msg=audit(1713001401.422:45): prog-id=54 op=LOAD
type=BPF msg=audit(1713001401.426:46): prog-id=55 op=LOAD
type=BPF msg=audit(1713001401.426:47): prog-id=56 op=LOAD
type=BPF msg=audit(1713001401.426:48): prog-id=57 op=LOAD
type=BPF msg=audit(1713001401.426:49): prog-id=58 op=LOAD
type=BPF msg=audit(1713001401.426:50): prog-id=59 op=LOAD
type=BPF msg=audit(1713001401.426:51): prog-id=60 op=LOAD
type=BPF msg=audit(1713001401.426:52): prog-id=61 op=LOAD
type=BPF msg=audit(1713001401.446:53): prog-id=56 op=UNLOAD
type=BPF msg=audit(1713001401.446:54): prog-id=55 op=UNLOAD
type=BPF msg=audit(1713001401.446:55): prog-id=54 op=UNLOAD
type=BPF msg=audit(1713001401.446:56): prog-id=53 op=UNLOAD
type=BPF msg=audit(1713001401.446:57): prog-id=52 op=UNLOAD
type=BPF msg=audit(1713001401.446:58): prog-id=51 op=UNLOAD
type=BPF msg=audit(1713001401.482:59): prog-id=59 op=UNLOAD
type=BPF msg=audit(1713001401.482:60): prog-id=58 op=UNLOAD
type=BPF msg=audit(1713001401.482:61): prog-id=57 op=UNLOAD
type=BPF msg=audit(1713001401.482:62): prog-id=61 op=UNLOAD
type=BPF msg=audit(1713001401.482:63): prog-id=60 op=UNLOAD
type=BPF msg=audit(1713001401.526:64): prog-id=62 op=LOAD
type=BPF msg=audit(1713001401.526:65): prog-id=63 op=LOAD
type=BPF msg=audit(1713001401.526:66): prog-id=64 op=LOAD
type=BPF msg=audit(1713001401.526:67): prog-id=65 op=LOAD
type=BPF msg=audit(1713001401.526:68): prog-id=66 op=LOAD
type=BPF msg=audit(1713001401.526:69): prog-id=67 op=LOAD
type=BPF msg=audit(1713001401.526:70): prog-id=68 op=LOAD
type=BPF msg=audit(1713001401.530:71): prog-id=69 op=LOAD
type=BPF msg=audit(1713001401.530:72): prog-id=70 op=LOAD
type=BPF msg=audit(1713001401.530:73): prog-id=71 op=LOAD
type=BPF msg=audit(1713001401.530:74): prog-id=72 op=LOAD
type=BPF msg=audit(1713001401.578:75): prog-id=67 op=UNLOAD
type=BPF msg=audit(1713001401.578:76): prog-id=66 op=UNLOAD
type=BPF msg=audit(1713001401.578:77): prog-id=65 op=UNLOAD
type=BPF msg=audit(1713001401.582:78): prog-id=64 op=UNLOAD
type=BPF msg=audit(1713001401.582:79): prog-id=63 op=UNLOAD
type=BPF msg=audit(1713001401.582:80): prog-id=62 op=UNLOAD
type=BPF msg=audit(1713001401.618:81): prog-id=70 op=UNLOAD
type=BPF msg=audit(1713001401.618:82): prog-id=69 op=UNLOAD
type=BPF msg=audit(1713001401.618:83): prog-id=68 op=UNLOAD
type=BPF msg=audit(1713001401.618:84): prog-id=72 op=UNLOAD
type=BPF msg=audit(1713001401.618:85): prog-id=71 op=UNLOAD
type=BPF msg=audit(1713001401.662:86): prog-id=73 op=LOAD
type=BPF msg=audit(1713001401.662:87): prog-id=74 op=LOAD
type=BPF msg=audit(1713001401.662:88): prog-id=75 op=LOAD
type=BPF msg=audit(1713001401.662:89): prog-id=76 op=LOAD
type=BPF msg=audit(1713001401.662:90): prog-id=77 op=LOAD
type=BPF msg=audit(1713001401.662:91): prog-id=78 op=LOAD
type=BPF msg=audit(1713001401.666:92): prog-id=79 op=LOAD
type=BPF msg=audit(1713001401.666:93): prog-id=80 op=LOAD
type=BPF msg=audit(1713001401.666:94): prog-id=81 op=LOAD
type=BPF msg=audit(1713001401.666:95): prog-id=82 op=LOAD
type=BPF msg=audit(1713001401.666:96): prog-id=83 op=LOAD
type=BPF msg=audit(1713001401.674:97): prog-id=78 op=UNLOAD
type=BPF msg=audit(1713001401.674:98): prog-id=77 op=UNLOAD
type=BPF msg=audit(1713001401.674:99): prog-id=76 op=UNLOAD
type=BPF msg=audit(1713001401.674:100): prog-id=75 op=UNLOAD
type=BPF msg=audit(1713001401.674:101): prog-id=74 op=UNLOAD
type=BPF msg=audit(1713001401.674:102): prog-id=73 op=UNLOAD
type=BPF msg=audit(1713001401.710:103): prog-id=81 op=UNLOAD
type=BPF msg=audit(1713001401.710:104): prog-id=80 op=UNLOAD
type=BPF msg=audit(1713001401.710:105): prog-id=79 op=UNLOAD
type=BPF msg=audit(1713001401.710:106): prog-id=83 op=UNLOAD
type=BPF msg=audit(1713001401.710:107): prog-id=82 op=UNLOAD
type=BPF msg=audit(1713001401.758:108): prog-id=84 op=LOAD
type=BPF msg=audit(1713001401.758:109): prog-id=85 op=LOAD
type=BPF msg=audit(1713001401.758:110): prog-id=86 op=LOAD
type=BPF msg=audit(1713001401.758:111): prog-id=87 op=LOAD
type=BPF msg=audit(1713001401.762:112): prog-id=88 op=LOAD
type=BPF msg=audit(1713001401.762:113): prog-id=89 op=LOAD
type=BPF msg=audit(1713001401.762:114): prog-id=90 op=LOAD
type=BPF msg=audit(1713001401.762:115): prog-id=91 op=LOAD
type=BPF msg=audit(1713001401.762:116): prog-id=92 op=LOAD
type=BPF msg=audit(1713001401.762:117): prog-id=93 op=LOAD
type=BPF msg=audit(1713001401.762:118): prog-id=94 op=LOAD
type=SERVICE_START msg=audit(1713001401.790:119): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1713001401.846:120): prog-id=89 op=UNLOAD
type=BPF msg=audit(1713001401.846:121): prog-id=88 op=UNLOAD
type=BPF msg=audit(1713001401.846:122): prog-id=87 op=UNLOAD
type=BPF msg=audit(1713001401.846:123): prog-id=86 op=UNLOAD
type=BPF msg=audit(1713001401.846:124): prog-id=85 op=UNLOAD
type=BPF msg=audit(1713001401.846:125): prog-id=84 op=UNLOAD
type=BPF msg=audit(1713001401.878:126): prog-id=92 op=UNLOAD
type=BPF msg=audit(1713001401.878:127): prog-id=91 op=UNLOAD
type=BPF msg=audit(1713001401.878:128): prog-id=90 op=UNLOAD
type=BPF msg=audit(1713001401.878:129): prog-id=94 op=UNLOAD
type=BPF msg=audit(1713001401.878:130): prog-id=93 op=UNLOAD
type=BPF msg=audit(1713001401.926:131): prog-id=95 op=LOAD
type=BPF msg=audit(1713001401.926:132): prog-id=96 op=LOAD
type=BPF msg=audit(1713001401.926:133): prog-id=97 op=LOAD
type=BPF msg=audit(1713001401.930:134): prog-id=98 op=LOAD
type=BPF msg=audit(1713001401.930:135): prog-id=99 op=LOAD
type=BPF msg=audit(1713001401.930:136): prog-id=100 op=LOAD
type=BPF msg=audit(1713001401.930:137): prog-id=101 op=LOAD
type=BPF msg=audit(1713001401.930:138): prog-id=102 op=LOAD
type=BPF msg=audit(1713001401.930:139): prog-id=103 op=LOAD
type=BPF msg=audit(1713001401.930:140): prog-id=104 op=LOAD
type=BPF msg=audit(1713001401.930:141): prog-id=105 op=LOAD
type=BPF msg=audit(1713001401.942:142): prog-id=100 op=UNLOAD
type=BPF msg=audit(1713001401.942:143): prog-id=99 op=UNLOAD
type=BPF msg=audit(1713001401.942:144): prog-id=98 op=UNLOAD
type=BPF msg=audit(1713001401.942:145): prog-id=97 op=UNLOAD
type=BPF msg=audit(1713001401.942:146): prog-id=96 op=UNLOAD
type=BPF msg=audit(1713001401.942:147): prog-id=95 op=UNLOAD
type=BPF msg=audit(1713001401.974:148): prog-id=103 op=UNLOAD
type=BPF msg=audit(1713001401.974:149): prog-id=102 op=UNLOAD
type=BPF msg=audit(1713001401.974:150): prog-id=101 op=UNLOAD
type=BPF msg=audit(1713001401.974:151): prog-id=105 op=UNLOAD
type=BPF msg=audit(1713001401.974:152): prog-id=104 op=UNLOAD
type=BPF msg=audit(1713001402.014:153): prog-id=106 op=LOAD
type=BPF msg=audit(1713001402.014:154): prog-id=107 op=LOAD
type=BPF msg=audit(1713001402.018:155): prog-id=108 op=LOAD
type=BPF msg=audit(1713001402.018:156): prog-id=109 op=LOAD
type=BPF msg=audit(1713001402.018:157): prog-id=110 op=LOAD
type=BPF msg=audit(1713001402.018:158): prog-id=111 op=LOAD
type=BPF msg=audit(1713001402.018:159): prog-id=112 op=LOAD
type=BPF msg=audit(1713001402.018:160): prog-id=113 op=LOAD
type=BPF msg=audit(1713001402.018:161): prog-id=114 op=LOAD
type=BPF msg=audit(1713001402.022:162): prog-id=115 op=LOAD
type=BPF msg=audit(1713001402.022:163): prog-id=116 op=LOAD
type=SERVICE_START msg=audit(1713001402.034:164): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache-htcacheclean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1713001402.070:165): prog-id=111 op=UNLOAD
type=BPF msg=audit(1713001402.070:166): prog-id=110 op=UNLOAD
type=BPF msg=audit(1713001402.070:167): prog-id=109 op=UNLOAD
type=BPF msg=audit(1713001402.070:168): prog-id=108 op=UNLOAD
type=BPF msg=audit(1713001402.070:169): prog-id=107 op=UNLOAD
type=BPF msg=audit(1713001402.070:170): prog-id=106 op=UNLOAD
type=BPF msg=audit(1713001402.106:171): prog-id=114 op=UNLOAD
type=BPF msg=audit(1713001402.106:172): prog-id=113 op=UNLOAD
type=BPF msg=audit(1713001402.106:173): prog-id=112 op=UNLOAD
type=BPF msg=audit(1713001402.106:174): prog-id=116 op=UNLOAD
type=BPF msg=audit(1713001402.106:175): prog-id=115 op=UNLOAD
type=BPF msg=audit(1713001402.150:176): prog-id=117 op=LOAD
type=BPF msg=audit(1713001402.150:177): prog-id=118 op=LOAD
type=BPF msg=audit(1713001402.150:178): prog-id=119 op=LOAD
type=BPF msg=audit(1713001402.154:179): prog-id=120 op=LOAD
type=BPF msg=audit(1713001402.154:180): prog-id=121 op=LOAD
type=BPF msg=audit(1713001402.154:181): prog-id=122 op=LOAD
type=BPF msg=audit(1713001402.154:182): prog-id=123 op=LOAD
type=BPF msg=audit(1713001402.154:183): prog-id=124 op=LOAD
type=BPF msg=audit(1713001402.154:184): prog-id=125 op=LOAD
type=BPF msg=audit(1713001402.154:185): prog-id=126 op=LOAD
type=BPF msg=audit(1713001402.154:186): prog-id=127 op=LOAD
type=BPF msg=audit(1713001402.166:187): prog-id=122 op=UNLOAD
type=BPF msg=audit(1713001402.166:188): prog-id=121 op=UNLOAD
type=BPF msg=audit(1713001402.166:189): prog-id=120 op=UNLOAD
type=BPF msg=audit(1713001402.166:190): prog-id=119 op=UNLOAD
type=BPF msg=audit(1713001402.166:191): prog-id=118 op=UNLOAD
type=BPF msg=audit(1713001402.166:192): prog-id=117 op=UNLOAD
type=BPF msg=audit(1713001402.198:193): prog-id=125 op=UNLOAD
type=BPF msg=audit(1713001402.198:194): prog-id=124 op=UNLOAD
type=BPF msg=audit(1713001402.198:195): prog-id=123 op=UNLOAD
type=BPF msg=audit(1713001402.198:196): prog-id=127 op=UNLOAD
type=BPF msg=audit(1713001402.198:197): prog-id=126 op=UNLOAD
type=BPF msg=audit(1713001402.238:198): prog-id=128 op=LOAD
type=BPF msg=audit(1713001402.238:199): prog-id=129 op=LOAD
type=BPF msg=audit(1713001402.238:200): prog-id=130 op=LOAD
type=BPF msg=audit(1713001402.242:201): prog-id=131 op=LOAD
type=BPF msg=audit(1713001402.242:202): prog-id=132 op=LOAD
type=BPF msg=audit(1713001402.242:203): prog-id=133 op=LOAD
type=BPF msg=audit(1713001402.242:204): prog-id=134 op=LOAD
type=BPF msg=audit(1713001402.242:205): prog-id=135 op=LOAD
type=BPF msg=audit(1713001402.242:206): prog-id=136 op=LOAD
type=BPF msg=audit(1713001402.242:207): prog-id=137 op=LOAD
type=BPF msg=audit(1713001402.242:208): prog-id=138 op=LOAD
type=BPF msg=audit(1713001402.250:209): prog-id=133 op=UNLOAD
type=BPF msg=audit(1713001402.250:210): prog-id=132 op=UNLOAD
type=BPF msg=audit(1713001402.250:211): prog-id=131 op=UNLOAD
type=BPF msg=audit(1713001402.250:212): prog-id=130 op=UNLOAD
type=BPF msg=audit(1713001402.250:213): prog-id=129 op=UNLOAD
type=BPF msg=audit(1713001402.250:214): prog-id=128 op=UNLOAD
type=BPF msg=audit(1713001402.286:215): prog-id=136 op=UNLOAD
type=BPF msg=audit(1713001402.286:216): prog-id=135 op=UNLOAD
type=BPF msg=audit(1713001402.286:217): prog-id=134 op=UNLOAD
type=BPF msg=audit(1713001402.286:218): prog-id=138 op=UNLOAD
type=BPF msg=audit(1713001402.286:219): prog-id=137 op=UNLOAD
type=BPF msg=audit(1713001402.326:220): prog-id=139 op=LOAD
type=BPF msg=audit(1713001402.330:221): prog-id=140 op=LOAD
type=BPF msg=audit(1713001402.330:222): prog-id=141 op=LOAD
type=BPF msg=audit(1713001402.330:223): prog-id=142 op=LOAD
type=BPF msg=audit(1713001402.330:224): prog-id=143 op=LOAD
type=BPF msg=audit(1713001402.330:225): prog-id=144 op=LOAD
type=BPF msg=audit(1713001402.330:226): prog-id=145 op=LOAD
type=BPF msg=audit(1713001402.330:227): prog-id=146 op=LOAD
type=BPF msg=audit(1713001402.330:228): prog-id=147 op=LOAD
type=BPF msg=audit(1713001402.334:229): prog-id=148 op=LOAD
type=BPF msg=audit(1713001402.334:230): prog-id=149 op=LOAD
type=USER_END msg=audit(1713001543.466:231): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=CRED_DISP msg=audit(1713001543.466:232): pid=1505 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=USER_END msg=audit(1713001543.486:233): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=CRED_DISP msg=audit(1713001543.486:234): pid=1504 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_ACCT msg=audit(1713001546.274:235): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_CMD msg=audit(1713001546.274:236): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='cwd="/home/debian" cmd="su" exe="/usr/bin/sudo" terminal=pts/0 res=success'UID="debian" AUID="debian"
type=CRED_REFR msg=audit(1713001546.274:237): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_START msg=audit(1713001546.274:238): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_AUTH msg=audit(1713001546.278:239): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=USER_ACCT msg=audit(1713001546.278:240): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=CRED_ACQ msg=audit(1713001546.278:241): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=USER_START msg=audit(1713001546.294:242): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=BPF msg=audit(1713001609.370:243): prog-id=144 op=UNLOAD
type=BPF msg=audit(1713001609.370:244): prog-id=143 op=UNLOAD
type=BPF msg=audit(1713001609.370:245): prog-id=142 op=UNLOAD
type=BPF msg=audit(1713001609.370:246): prog-id=141 op=UNLOAD
type=BPF msg=audit(1713001609.370:247): prog-id=140 op=UNLOAD
type=BPF msg=audit(1713001609.370:248): prog-id=139 op=UNLOAD
type=BPF msg=audit(1713001609.402:249): prog-id=147 op=UNLOAD
type=BPF msg=audit(1713001609.402:250): prog-id=146 op=UNLOAD
type=BPF msg=audit(1713001609.402:251): prog-id=145 op=UNLOAD
type=BPF msg=audit(1713001609.402:252): prog-id=149 op=UNLOAD
type=BPF msg=audit(1713001609.402:253): prog-id=148 op=UNLOAD
type=BPF msg=audit(1713001609.502:254): prog-id=150 op=LOAD
type=BPF msg=audit(1713001609.502:255): prog-id=151 op=LOAD
type=BPF msg=audit(1713001609.502:256): prog-id=152 op=LOAD
type=BPF msg=audit(1713001609.506:257): prog-id=153 op=LOAD
type=BPF msg=audit(1713001609.506:258): prog-id=154 op=LOAD
type=BPF msg=audit(1713001609.506:259): prog-id=155 op=LOAD
type=BPF msg=audit(1713001609.506:260): prog-id=156 op=LOAD
type=BPF msg=audit(1713001609.506:261): prog-id=157 op=LOAD
type=BPF msg=audit(1713001609.506:262): prog-id=158 op=LOAD
type=BPF msg=audit(1713001609.506:263): prog-id=159 op=LOAD
type=BPF msg=audit(1713001609.506:264): prog-id=160 op=LOAD
type=BPF msg=audit(1713001609.534:265): prog-id=155 op=UNLOAD
type=BPF msg=audit(1713001609.534:266): prog-id=154 op=UNLOAD
type=BPF msg=audit(1713001609.534:267): prog-id=153 op=UNLOAD
type=BPF msg=audit(1713001609.534:268): prog-id=152 op=UNLOAD
type=BPF msg=audit(1713001609.534:269): prog-id=151 op=UNLOAD
type=BPF msg=audit(1713001609.534:270): prog-id=150 op=UNLOAD
type=BPF msg=audit(1713001609.566:271): prog-id=158 op=UNLOAD
type=BPF msg=audit(1713001609.566:272): prog-id=157 op=UNLOAD
type=BPF msg=audit(1713001609.566:273): prog-id=156 op=UNLOAD
type=BPF msg=audit(1713001609.566:274): prog-id=160 op=UNLOAD
type=BPF msg=audit(1713001609.566:275): prog-id=159 op=UNLOAD
type=BPF msg=audit(1713001609.618:276): prog-id=161 op=LOAD
type=BPF msg=audit(1713001609.618:277): prog-id=162 op=LOAD
type=BPF msg=audit(1713001609.618:278): prog-id=163 op=LOAD
type=BPF msg=audit(1713001609.618:279): prog-id=164 op=LOAD
type=BPF msg=audit(1713001609.618:280): prog-id=165 op=LOAD
type=BPF msg=audit(1713001609.618:281): prog-id=166 op=LOAD
type=BPF msg=audit(1713001609.618:282): prog-id=167 op=LOAD
type=BPF msg=audit(1713001609.618:283): prog-id=168 op=LOAD
type=BPF msg=audit(1713001609.622:284): prog-id=169 op=LOAD
type=BPF msg=audit(1713001609.622:285): prog-id=170 op=LOAD
type=BPF msg=audit(1713001609.622:286): prog-id=171 op=LOAD
type=SERVICE_STOP msg=audit(1713001609.650:287): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ssh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001609.654:288): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apt-daily-upgrade comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001609.654:289): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apt-daily-upgrade comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001609.670:290): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ssh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_LOGIN msg=audit(1713001630.774:291): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct="debian" exe="/usr/sbin/sshd" hostname=? addr=192.168.64.1 terminal=sshd res=failed'UID="root" AUID="unset"
type=USER_LOGIN msg=audit(1713001630.774:292): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct="debian" exe="/usr/sbin/sshd" hostname=? addr=192.168.64.1 terminal=sshd res=failed'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1713001632.670:293): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:authentication grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1713001632.682:294): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1713001632.682:295): pid=3466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1713001632.682:296): pid=3466 uid=0 subj=unconfined old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=4 res=1UID="root" OLD-AUID="unset" AUID="debian"
type=USER_START msg=audit(1713001632.726:297): pid=3466 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_keyinit,pam_permit,pam_unix,pam_systemd,pam_mail,pam_limits,pam_env,pam_env,pam_selinux acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian"
type=CRED_ACQ msg=audit(1713001632.726:298): pid=3472 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian"
type=USER_LOGIN msg=audit(1713001632.738:299): pid=3466 uid=0 auid=1000 ses=4 subj=unconfined msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=/dev/pts/1 res=success'UID="root" AUID="debian" ID="debian"
type=USER_AUTH msg=audit(1713001636.138:300): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:authentication grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian"
type=USER_ACCT msg=audit(1713001636.138:301): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian"
type=USER_CMD msg=audit(1713001636.138:302): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='cwd="/home/debian" cmd="su" exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="debian" AUID="debian"
type=CRED_REFR msg=audit(1713001636.138:303): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian"
type=USER_START msg=audit(1713001636.138:304): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian"
type=USER_AUTH msg=audit(1713001636.142:305): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian"
type=USER_ACCT msg=audit(1713001636.142:306): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian"
type=CRED_ACQ msg=audit(1713001636.142:307): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian"
type=USER_START msg=audit(1713001636.146:308): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian"
type=DAEMON_END msg=audit(1713001682.225:9692): op=terminate auid=0 pid=1 subj=unconfined res=successAUID="root"
type=DAEMON_START msg=audit(1713001682.277:6650): op=start ver=3.0 format=enriched kernel=5.10.0-18-arm64 auid=4294967295 pid=3617 uid=0 ses=4294967295 subj=unconfined res=successAUID="unset" UID="root"
type=CONFIG_CHANGE msg=audit(1713001682.274:312): op=set audit_pid=3617 old=0 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
type=CONFIG_CHANGE msg=audit(1713001682.290:313): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
type=CONFIG_CHANGE msg=audit(1713001682.290:314): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:314): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffd32b27e0 a2=444 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:314): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:314): cwd="/"
type=PATH msg=audit(1713001682.290:314): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:314): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:315): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:315): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:315): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:315): cwd="/"
type=PATH msg=audit(1713001682.290:315): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:315): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:316): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:316): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:316): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:316): cwd="/"
type=PATH msg=audit(1713001682.290:316): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:316): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:317): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:317): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:317): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:317): cwd="/"
type=PATH msg=audit(1713001682.290:317): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:317): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:318): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:318): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:318): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:318): cwd="/"
type=PATH msg=audit(1713001682.290:318): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:318): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:319): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:319): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:319): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:319): cwd="/"
type=PATH msg=audit(1713001682.290:319): item=0 name="/etc/sudoers.d/" inode=536629 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:319): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:320): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:320): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:320): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.290:320): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:321): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:321): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:321): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:321): cwd="/"
type=PATH msg=audit(1713001682.290:321): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713001682.290:321): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:322): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:322): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:322): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.290:322): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:323): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:323): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:323): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:323): cwd="/"
type=PATH msg=audit(1713001682.290:323): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:323): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:324): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:324): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:324): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:324): cwd="/"
type=PATH msg=audit(1713001682.290:324): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:324): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:325): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:325): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:325): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:325): cwd="/"
type=PATH msg=audit(1713001682.290:325): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:325): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:326): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:326): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:326): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:326): cwd="/"
type=PATH msg=audit(1713001682.290:326): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:326): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:327): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:327): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:327): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:327): cwd="/"
type=PATH msg=audit(1713001682.290:327): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:327): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:328): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:328): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:328): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:328): cwd="/"
type=PATH msg=audit(1713001682.290:328): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:328): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:329): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:329): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:329): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:329): cwd="/"
type=PATH msg=audit(1713001682.290:329): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:329): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.290:330): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.290:330): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.290:330): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.290:330): cwd="/"
type=PATH msg=audit(1713001682.290:330): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.290:330): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:331): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:331): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:331): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:331): cwd="/"
type=PATH msg=audit(1713001682.294:331): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:331): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:332): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:332): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:332): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:332): cwd="/"
type=PATH msg=audit(1713001682.294:332): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:332): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:333): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:333): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:333): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:333): cwd="/"
type=PATH msg=audit(1713001682.294:333): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:333): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:334): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:334): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffd32b27e0 a2=44c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:334): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:334): cwd="/"
type=PATH msg=audit(1713001682.294:334): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:334): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:335): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-setuid" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:335): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:335): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.294:335): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:336): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-setuid" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:336): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:336): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.294:336): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:337): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:337): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:337): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:337): cwd="/"
type=PATH msg=audit(1713001682.294:337): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:337): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:338): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:338): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:338): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:338): cwd="/"
type=PATH msg=audit(1713001682.294:338): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:338): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:339): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:339): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:339): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:339): cwd="/"
type=PATH msg=audit(1713001682.294:339): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:339): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:340): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:340): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:340): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:340): cwd="/"
type=PATH msg=audit(1713001682.294:340): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:340): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:341): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:341): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:341): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:341): cwd="/"
type=PATH msg=audit(1713001682.294:341): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:341): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:342): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:342): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffd32b27e0 a2=440 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:342): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:342): cwd="/"
type=PATH msg=audit(1713001682.294:342): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:342): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:343): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:343): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:343): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:343): cwd="/"
type=PATH msg=audit(1713001682.294:343): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:343): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:344): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:344): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffd32b27e0 a2=43c a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:344): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:344): cwd="/"
type=PATH msg=audit(1713001682.294:344): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:344): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:345): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:345): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:345): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:345): cwd="/"
type=PATH msg=audit(1713001682.294:345): item=0 name="/etc/security/" inode=523287 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:345): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:346): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:346): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:346): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:346): cwd="/"
type=PATH msg=audit(1713001682.294:346): item=0 name="/etc/security/" inode=523287 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:346): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:347): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:347): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffd32b27e0 a2=434 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:347): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.294:347): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:348): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:348): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffd32b27e0 a2=434 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:348): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.294:348): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:349): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:349): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffd32b27e0 a2=434 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:349): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.294:349): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:350): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:350): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffd32b27e0 a2=434 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:350): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.294:350): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:351): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:351): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffd32b27e0 a2=444 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:351): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:351): cwd="/"
type=PATH msg=audit(1713001682.294:351): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:351): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:352): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:352): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffd32b27e0 a2=444 a3=0 items=1 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:352): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001682.294:352): cwd="/"
type=PATH msg=audit(1713001682.294:352): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001682.294:352): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:353): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.5.5-modification-audit" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:353): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:353): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.294:353): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001682.294:354): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.5.5-modification-audit" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001682.294:354): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffd32b27e0 a2=448 a3=0 items=0 ppid=3620 pid=3633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001682.294:354): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001682.294:354): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=SERVICE_START msg=audit(1713001682.294:355): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_END msg=audit(1713001699.786:356): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=CRED_DISP msg=audit(1713001699.786:357): pid=2961 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=USER_END msg=audit(1713001699.790:358): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=CRED_DISP msg=audit(1713001699.790:359): pid=2960 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_END msg=audit(1713001699.802:360): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian"
type=CRED_DISP msg=audit(1713001699.802:361): pid=3477 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/1 res=success'UID="root" AUID="debian"
type=USER_END msg=audit(1713001699.806:362): pid=3466 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_keyinit,pam_permit,pam_unix,pam_systemd,pam_mail,pam_limits,pam_env,pam_env,pam_selinux acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian"
type=CRED_DISP msg=audit(1713001699.806:363): pid=3466 uid=0 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian"
type=SERVICE_STOP msg=audit(1713001699.806:364): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=lm-sensors comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_LOGOUT msg=audit(1713001699.810:365): pid=667 uid=0 auid=1000 ses=2 subj=unconfined msg='op=logout id=1000 exe="/usr/sbin/lightdm" hostname=debian addr=? terminal=/dev/tty7 res=success'UID="root" AUID="debian" ID="debian"
type=SERVICE_STOP msg=audit(1713001699.818:366): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=anacron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.822:367): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.822:368): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=rtkit-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.826:369): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=upower comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.830:370): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=qemu-guest-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.830:371): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.830:372): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=serial-getty@ttyAMA0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.830:373): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=colord comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.834:374): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.834:375): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache-htcacheclean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.838:376): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ssh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1713001699.850:377): prog-id=171 op=UNLOAD
type=BPF msg=audit(1713001699.850:378): prog-id=170 op=UNLOAD
type=SERVICE_STOP msg=audit(1713001699.850:379): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.850:380): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.858:381): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.862:382): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=hddtemp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.862:383): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.894:384): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=spice-vdagentd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.902:385): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=alsa-restore comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.906:386): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cups-browsed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.922:387): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ModemManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.922:388): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=avahi-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.926:389): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cups comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.926:390): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=udisks2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.946:391): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001699.974:392): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001700.206:393): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=lightdm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001700.226:394): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=plymouth-reboot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_END msg=audit(1713001701.806:395): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian"
type=CRED_DISP msg=audit(1713001701.806:396): pid=3476 uid=1000 auid=1000 ses=4 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="debian" AUID="debian"
type=SERVICE_STOP msg=audit(1713001701.850:397): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.870:398): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1713001701.878:399): prog-id=167 op=UNLOAD
type=SERVICE_STOP msg=audit(1713001701.878:400): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.882:401): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.894:402): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=networking comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.902:403): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=wpa_supplicant comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.954:404): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.970:405): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.990:406): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.990:407): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-modules-load comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSTEM_SHUTDOWN msg=audit(1713001701.994:408): pid=3701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001701.998:409): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=DAEMON_END msg=audit(1713001702.000:6651): op=terminate auid=0 pid=1 subj=unconfined res=successAUID="root"
type=DAEMON_START msg=audit(1713001714.518:7134): op=start ver=3.0 format=enriched kernel=5.10.0-18-arm64 auid=4294967295 pid=346 uid=0 ses=4294967295 subj=unconfined res=successAUID="unset" UID="root"
type=AVC msg=audit(1713001714.516:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/aarch64-linux-gnu/lightdm/lightdm-guest-session" pid=315 comm="apparmor_parser"
type=AVC msg=audit(1713001714.516:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/aarch64-linux-gnu/lightdm/lightdm-guest-session//chromium" pid=315 comm="apparmor_parser"
type=AVC msg=audit(1713001714.516:12): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=316 comm="apparmor_parser"
type=AVC msg=audit(1713001714.516:13): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd" pid=316 comm="apparmor_parser"
type=AVC msg=audit(1713001714.516:14): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=316 comm="apparmor_parser"
type=SERVICE_START msg=audit(1713001714.516:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apparmor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CONFIG_CHANGE msg=audit(1713001714.536:16): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
type=CONFIG_CHANGE msg=audit(1713001714.536:17): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:17): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffc985abf0 a2=444 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:17): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:17): cwd="/"
type=PATH msg=audit(1713001714.536:17): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:17): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:18): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:18): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:18): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:18): cwd="/"
type=PATH msg=audit(1713001714.536:18): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:18): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:19): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:19): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:19): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:19): cwd="/"
type=PATH msg=audit(1713001714.536:19): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:19): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:20): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:20): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:20): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:20): cwd="/"
type=PATH msg=audit(1713001714.536:20): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:20): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:21): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:21): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:21): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:21): cwd="/"
type=PATH msg=audit(1713001714.536:21): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:21): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:22): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:22): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:22): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:22): cwd="/"
type=PATH msg=audit(1713001714.536:22): item=0 name="/etc/sudoers.d/" inode=536629 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:22): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:23): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.2-priv-config-changes" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:23): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:23): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.536:23): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:24): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:24): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:24): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:24): cwd="/"
type=PATH msg=audit(1713001714.536:24): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713001714.536:24): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:25): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:25): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:25): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.536:25): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:26): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:26): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:26): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:26): cwd="/"
type=PATH msg=audit(1713001714.536:26): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:26): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:27): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:27): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:27): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:27): cwd="/"
type=PATH msg=audit(1713001714.536:27): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:27): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:28): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:28): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:28): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:28): cwd="/"
type=PATH msg=audit(1713001714.536:28): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:28): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:29): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:29): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:29): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:29): cwd="/"
type=PATH msg=audit(1713001714.536:29): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:29): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:30): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:30): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:30): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:30): cwd="/"
type=PATH msg=audit(1713001714.536:30): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:30): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:31): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:31): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:31): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:31): cwd="/"
type=PATH msg=audit(1713001714.536:31): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:31): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:32): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:32): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:32): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:32): cwd="/"
type=PATH msg=audit(1713001714.536:32): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:32): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:33): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.3-access-audit-trail" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:33): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:33): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:33): cwd="/"
type=PATH msg=audit(1713001714.536:33): item=0 name="/usr/sbin/" inode=392451 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:33): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:34): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:34): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:34): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:34): cwd="/"
type=PATH msg=audit(1713001714.536:34): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:34): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:35): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:35): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:35): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:35): cwd="/"
type=PATH msg=audit(1713001714.536:35): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:35): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:36): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:36): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:36): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:36): cwd="/"
type=PATH msg=audit(1713001714.536:36): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:36): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:37): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-session" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:37): arch=c00000b7 syscall=206 success=yes exit=1100 a0=3 a1=ffffc985abf0 a2=44c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:37): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:37): cwd="/"
type=PATH msg=audit(1713001714.536:37): item=0 name="/usr/bin/" inode=392450 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:37): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:38): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-setuid" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:38): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:38): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.536:38): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:39): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.b-elevated-privs-setuid" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:39): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:39): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.536:39): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:40): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:40): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:40): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:40): cwd="/"
type=PATH msg=audit(1713001714.536:40): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:40): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:41): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:41): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:41): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:41): cwd="/"
type=PATH msg=audit(1713001714.536:41): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:41): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:42): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:42): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:42): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:42): cwd="/"
type=PATH msg=audit(1713001714.536:42): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:42): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:43): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:43): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:43): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:43): cwd="/"
type=PATH msg=audit(1713001714.536:43): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:43): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:44): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:44): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:44): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:44): cwd="/"
type=PATH msg=audit(1713001714.536:44): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:44): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:45): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:45): arch=c00000b7 syscall=206 success=yes exit=1088 a0=3 a1=ffffc985abf0 a2=440 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:45): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:45): cwd="/"
type=PATH msg=audit(1713001714.536:45): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:45): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:46): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:46): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:46): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:46): cwd="/"
type=PATH msg=audit(1713001714.536:46): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:46): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.536:47): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.536:47): arch=c00000b7 syscall=206 success=yes exit=1084 a0=3 a1=ffffc985abf0 a2=43c a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.536:47): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.536:47): cwd="/"
type=PATH msg=audit(1713001714.536:47): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.536:47): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:48): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:48): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:48): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.540:48): cwd="/"
type=PATH msg=audit(1713001714.540:48): item=0 name="/etc/security/" inode=523287 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.540:48): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:49): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.2.5.c-accounts" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:49): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:49): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.540:49): cwd="/"
type=PATH msg=audit(1713001714.540:49): item=0 name="/etc/security/" inode=523287 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.540:49): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:50): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:50): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffc985abf0 a2=434 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:50): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.540:50): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:51): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:51): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffc985abf0 a2=434 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:51): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.540:51): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:52): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:52): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffc985abf0 a2=434 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:52): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.540:52): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:53): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:53): arch=c00000b7 syscall=206 success=yes exit=1076 a0=3 a1=ffffc985abf0 a2=434 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:53): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.540:53): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:54): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:54): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffc985abf0 a2=444 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:54): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.540:54): cwd="/"
type=PATH msg=audit(1713001714.540:54): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.540:54): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:55): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.4.2b-time-change" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:55): arch=c00000b7 syscall=206 success=yes exit=1092 a0=3 a1=ffffc985abf0 a2=444 a3=0 items=1 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:55): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=CWD msg=audit(1713001714.540:55): cwd="/"
type=PATH msg=audit(1713001714.540:55): item=0 name="/etc/" inode=523265 dev=fe:02 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001714.540:55): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:56): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.5.5-modification-audit" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:56): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:56): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.540:56): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1713001714.540:57): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="10.5.5-modification-audit" list=4 res=1AUID="unset"
type=SYSCALL msg=audit(1713001714.540:57): arch=c00000b7 syscall=206 success=yes exit=1096 a0=3 a1=ffffc985abf0 a2=448 a3=0 items=0 ppid=352 pid=395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=SOCKADDR msg=audit(1713001714.540:57): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
type=PROCTITLE msg=audit(1713001714.540:57): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=SERVICE_START msg=audit(1713001714.540:58): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSTEM_BOOT msg=audit(1713001714.544:59): pid=415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.548:60): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.556:61): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=anacron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.560:62): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.560:63): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.572:64): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=qemu-guest-agent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1713001714.576:65): prog-id=9 op=LOAD
type=BPF msg=audit(1713001714.576:66): prog-id=10 op=LOAD
type=BPF msg=audit(1713001714.576:67): prog-id=11 op=LOAD
type=SERVICE_START msg=audit(1713001714.580:68): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=networking comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.584:69): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=lm-sensors comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSCALL msg=audit(1713001714.600:70): arch=c00000b7 syscall=112 success=yes exit=0 a0=0 a1=ffffcf05a038 a2=3b9ac9ff a3=1908fb38 items=0 ppid=1 pid=459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu-ga" exe="/usr/sbin/qemu-ga" subj=unconfined key="10.4.2b-time-change"ARCH=aarch64 SYSCALL=clock_settime AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=TIME_INJOFFSET msg=audit(1713001714.600:70): sec=-1 nsec=815445417
type=PROCTITLE msg=audit(1713001714.600:70): proctitle="/usr/sbin/qemu-ga"
type=SERVICE_START msg=audit(1713001714.432:71): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.436:72): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=e2scrub_reap comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001714.436:73): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=e2scrub_reap comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.448:74): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=alsa-restore comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.448:75): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.448:76): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=avahi-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.452:77): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=wpa_supplicant comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.460:78): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.488:79): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.500:80): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1713001714.504:81): prog-id=12 op=LOAD
type=BPF msg=audit(1713001714.504:82): prog-id=13 op=LOAD
type=BPF msg=audit(1713001714.504:83): prog-id=14 op=LOAD
type=SERVICE_START msg=audit(1713001714.528:84): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=udisks2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=AVC msg=audit(1713001714.532:85): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=492 comm="cupsd" capability=12 capname="net_admin"
type=SYSCALL msg=audit(1713001714.532:85): arch=c00000b7 syscall=208 success=no exit=-1 a0=a a1=1 a2=20 a3=ffffc9693134 items=0 ppid=1 pid=492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cupsd" exe="/usr/sbin/cupsd" subj=/usr/sbin/cupsd (enforce) key=(null)ARCH=aarch64 SYSCALL=setsockopt AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1713001714.532:85): proctitle=2F7573722F7362696E2F6375707364002D6C
type=SERVICE_START msg=audit(1713001714.536:86): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cups comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.536:87): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=cups-browsed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.536:88): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ssh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.536:89): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.540:90): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.540:91): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.544:92): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=serial-getty@ttyAMA0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.544:93): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=lightdm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.564:94): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=ModemManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.564:95): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=apache2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=AVC msg=audit(1713001714.576:96): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=528 comm="cups-browsed" capability=23 capname="sys_nice"
type=SYSCALL msg=audit(1713001714.576:96): arch=c00000b7 syscall=274 success=yes exit=0 a0=210 a1=aaaaccfbc470 a2=0 a3=3 items=0 ppid=1 pid=528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cups-browsed" exe="/usr/sbin/cups-browsed" subj=/usr/sbin/cups-browsed (enforce) key=(null)ARCH=aarch64 SYSCALL=sched_setattr AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1713001714.576:96): proctitle="/usr/sbin/cups-browsed"
type=SERVICE_START msg=audit(1713001714.580:97): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.856:98): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.872:99): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=hddtemp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSTEM_RUNLEVEL msg=audit(1713001714.876:100): pid=649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='old-level=N new-level=5 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.876:101): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001714.876:102): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1713001714.980:103): pid=654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001714.988:104): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user-runtime-dir@113 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1713001714.992:105): pid=658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1713001714.992:106): pid=658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1713001714.992:107): pid=658 uid=0 subj=unconfined old-auid=4294967295 auid=113 tty=(none) old-ses=4294967295 ses=1 res=1UID="root" OLD-AUID="unset" AUID="lightdm"
type=SYSCALL msg=audit(1713001714.992:107): arch=c00000b7 syscall=64 success=yes exit=3 a0=7 a1=ffffd92b60b0 a2=3 a3=0 items=0 ppid=1 pid=658 auid=113 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=write AUID="lightdm" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1713001714.992:107): proctitle="(systemd)"
type=USER_START msg=audit(1713001714.996:108): pid=658 uid=0 auid=113 ses=1 subj=unconfined msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_limits,pam_permit,pam_unix,pam_keyinit,pam_systemd acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="lightdm"
type=USYS_CONFIG msg=audit(1713001714.996:109): pid=467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001715.052:110): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user@113 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1713001715.060:111): pid=654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_unix,pam_systemd acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1713001715.080:112): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=rtkit-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_LOGIN msg=audit(1713001716.556:113): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct="debian" exe="/usr/sbin/sshd" hostname=? addr=192.168.64.1 terminal=sshd res=failed'UID="root" AUID="unset"
type=USER_LOGIN msg=audit(1713001716.564:114): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct="debian" exe="/usr/sbin/sshd" hostname=? addr=192.168.64.1 terminal=sshd res=failed'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1713001718.388:115): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:authentication grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1713001718.400:116): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1713001718.400:117): pid=737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1713001718.400:118): pid=737 uid=0 subj=unconfined old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1UID="root" OLD-AUID="unset" AUID="debian"
type=SYSCALL msg=audit(1713001718.400:118): arch=c00000b7 syscall=64 success=yes exit=4 a0=3 a1=ffffe67feaa0 a2=4 a3=ffff963e9010 items=0 ppid=527 pid=737 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="sshd" exe="/usr/sbin/sshd" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=write AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1713001718.400:118): proctitle=737368643A2064656269616E205B707269765D
type=SERVICE_START msg=audit(1713001718.412:119): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1713001718.416:120): pid=748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1713001718.416:121): pid=748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1713001718.416:122): pid=748 uid=0 subj=unconfined old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=3 res=1UID="root" OLD-AUID="unset" AUID="debian"
type=SYSCALL msg=audit(1713001718.416:122): arch=c00000b7 syscall=64 success=yes exit=4 a0=7 a1=ffffd92b60b0 a2=4 a3=0 items=0 ppid=1 pid=748 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=unconfined key=(null)ARCH=aarch64 SYSCALL=write AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1713001718.416:122): proctitle="(systemd)"
type=USER_START msg=audit(1713001718.416:123): pid=748 uid=0 auid=1000 ses=3 subj=unconfined msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_limits,pam_permit,pam_unix,pam_keyinit,pam_systemd acct="debian" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="debian"
type=SERVICE_START msg=audit(1713001718.452:124): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1713001718.460:125): pid=737 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_keyinit,pam_permit,pam_unix,pam_systemd,pam_mail,pam_limits,pam_env,pam_env,pam_selinux acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian"
type=CRED_ACQ msg=audit(1713001718.460:126): pid=768 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="debian" exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=ssh res=success'UID="root" AUID="debian"
type=USER_LOGIN msg=audit(1713001718.476:127): pid=737 uid=0 auid=1000 ses=2 subj=unconfined msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=192.168.64.1 addr=192.168.64.1 terminal=/dev/pts/0 res=success'UID="root" AUID="debian" ID="debian"
type=SYSCALL msg=audit(1713001721.136:128): arch=c00000b7 syscall=221 success=yes exit=0 a0=aaaad463e040 a1=aaaad4632f50 a2=aaaad4635f40 a3=ffff858be640 items=3 ppid=769 pid=776 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=unconfined key="10.2.5.b-elevated-privs-setuid"ARCH=aarch64 SYSCALL=execve AUID="debian" UID="debian" GID="debian" EUID="root" SUID="root" FSUID="root" EGID="debian" SGID="debian" FSGID="debian"
type=EXECVE msg=audit(1713001721.136:128): argc=2 a0="sudo" a1="su"
type=CWD msg=audit(1713001721.136:128): cwd="/home/debian"
type=PATH msg=audit(1713001721.136:128): item=0 name="/usr/bin/sudo" inode=411641 dev=fe:02 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PATH msg=audit(1713001721.136:128): item=1 name="/usr/bin/sudo" inode=411641 dev=fe:02 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PATH msg=audit(1713001721.136:128): item=2 name="/lib/ld-linux-aarch64.so.1" inode=392466 dev=fe:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1713001721.136:128): proctitle=7375646F007375
type=SYSCALL msg=audit(1713001721.164:129): arch=c00000b7 syscall=147 success=yes exit=0 a0=0 a1=ffffffff a2=ffffffff a3=ffff86823358 items=0 ppid=769 pid=776 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=unconfined key="10.2.5.b-elevated-privs-session"ARCH=aarch64 SYSCALL=setresuid AUID="debian" UID="root" GID="debian" EUID="root" SUID="root" FSUID="root" EGID="debian" SGID="debian" FSGID="debian"
type=PROCTITLE msg=audit(1713001721.164:129): proctitle=7375646F007375
type=USER_AUTH msg=audit(1713001722.120:130): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:authentication grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_ACCT msg=audit(1713001722.120:131): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="debian" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_CMD msg=audit(1713001722.120:132): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='cwd="/home/debian" cmd="su" exe="/usr/bin/sudo" terminal=pts/0 res=success'UID="debian" AUID="debian"
type=CRED_REFR msg=audit(1713001722.120:133): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=USER_START msg=audit(1713001722.120:134): pid=776 uid=1000 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="debian" AUID="debian"
type=SYSCALL msg=audit(1713001722.120:135): arch=c00000b7 syscall=147 success=yes exit=0 a0=0 a1=0 a2=0 a3=ffff86823358 items=0 ppid=776 pid=777 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=unconfined key="10.2.5.b-elevated-privs-session"ARCH=aarch64 SYSCALL=setresuid AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1713001722.120:135): proctitle=7375646F007375
type=USER_AUTH msg=audit(1713001722.124:136): pid=777 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=USER_ACCT msg=audit(1713001722.124:137): pid=777 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=CRED_ACQ msg=audit(1713001722.128:138): pid=777 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=USER_START msg=audit(1713001722.128:139): pid=777 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_mail,pam_limits,pam_permit,pam_unix,pam_systemd acct="root" exe="/usr/bin/su" hostname=debian addr=? terminal=pts/0 res=success'UID="root" AUID="debian"
type=SYSCALL msg=audit(1713001722.128:140): arch=c00000b7 syscall=146 success=yes exit=0 a0=0 a1=ffffc370a518 a2=ffffc370a180 a3=ffffb8509358 items=0 ppid=777 pid=778 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="su" exe="/usr/bin/su" subj=unconfined key="10.2.5.b-elevated-privs-session"ARCH=aarch64 SYSCALL=setuid AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1713001722.128:140): proctitle="su"
type=SERVICE_STOP msg=audit(1713001724.936:141): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSCALL msg=audit(1713001729.632:142): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=aaaaf6556d70 a2=84800 a3=0 items=1 ppid=777 pid=778 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="bash" exe="/usr/bin/bash" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1713001729.632:142): cwd="/home/debian"
type=PATH msg=audit(1713001729.632:142): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713001729.632:142): proctitle="su"
type=SYSCALL msg=audit(1713001730.140:143): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=ffffd5c5889a a2=0 a3=0 items=1 ppid=778 pid=779 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cat" exe="/usr/bin/cat" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1713001730.140:143): cwd="/home/debian"
type=PATH msg=audit(1713001730.140:143): item=0 name="/var/log/audit/audit.log" inode=916940 dev=fe:02 mode=0100640 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713001730.140:143): proctitle=636174002F7661722F6C6F672F61756469742F61756469742E6C6F67
type=SERVICE_STOP msg=audit(1713001744.280:144): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-fsckd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1713001744.568:145): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1713001744.620:146): prog-id=14 op=UNLOAD
type=BPF msg=audit(1713001744.620:147): prog-id=13 op=UNLOAD
type=BPF msg=audit(1713001744.620:148): prog-id=12 op=UNLOAD
type=SYSCALL msg=audit(1713001748.720:149): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=ffffe2bee89a a2=0 a3=0 items=1 ppid=778 pid=785 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cat" exe="/usr/bin/cat" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1713001748.720:149): cwd="/home/debian"
type=PATH msg=audit(1713001748.720:149): item=0 name="/var/log/audit/audit.log" inode=916940 dev=fe:02 mode=0100640 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713001748.720:149): proctitle=636174002F7661722F6C6F672F61756469742F61756469742E6C6F67
type=SERVICE_START msg=audit(1713001768.236:150): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1713001827.888:151): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian"
type=USER_CMD msg=audit(1713001827.888:152): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='cwd="/home/debian" cmd=6170742D67657420696E7374616C6C20646E737574696C73 exe="/usr/bin/sudo" terminal=pts/0 res=success'UID="root" AUID="debian"
type=CRED_REFR msg=audit(1713001827.888:153): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian"
type=USER_START msg=audit(1713001827.888:154): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_open grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian"
type=SYSCALL msg=audit(1713001827.892:155): arch=c00000b7 syscall=147 success=yes exit=0 a0=0 a1=0 a2=0 a3=ffff8b8f2358 items=0 ppid=1230 pid=1231 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=unconfined key="10.2.5.b-elevated-privs-session"ARCH=aarch64 SYSCALL=setresuid AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1713001827.892:155): proctitle=7375646F006170742D67657400696E7374616C6C00646E737574696C73
type=USER_END msg=audit(1713001829.888:156): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:session_close grantors=pam_permit,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian"
type=CRED_DISP msg=audit(1713001829.888:157): pid=1230 uid=0 auid=1000 ses=2 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'UID="root" AUID="debian"
type=SYSCALL msg=audit(1713001952.596:158): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=aaaaf6558d70 a2=84800 a3=0 items=1 ppid=777 pid=778 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="bash" exe="/usr/bin/bash" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1713001952.596:158): cwd="/home/debian"
type=PATH msg=audit(1713001952.596:158): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713001952.596:158): proctitle="su"
type=SYSCALL msg=audit(1713001959.604:159): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=aaab12893490 a2=0 a3=0 items=1 ppid=778 pid=1542 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="curl" exe="/usr/bin/curl" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1713001959.604:159): cwd="/home/debian"
type=PATH msg=audit(1713001959.604:159): item=0 name="/var/log/audit/audit.log" inode=916940 dev=fe:02 mode=0100640 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713001959.604:159): proctitle=6375726C002D2D75706C6F61642D66696C65002F7661722F6C6F672F61756469742F61756469742E6C6F670068747470733A2F2F7472616E736665722E73682F61756469742E6C6F67
type=SYSCALL msg=audit(1713002003.008:160): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=aaaaf6558730 a2=84800 a3=0 items=1 ppid=777 pid=778 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="bash" exe="/usr/bin/bash" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1713002003.008:160): cwd="/home/debian"
type=PATH msg=audit(1713002003.008:160): item=0 name="/var/log/audit/" inode=916878 dev=fe:02 mode=040750 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713002003.008:160): proctitle="su"
type=SYSCALL msg=audit(1713002007.576:161): arch=c00000b7 syscall=56 success=yes exit=3 a0=ffffffffffffff9c a1=fffff99ea88e a2=0 a3=0 items=1 ppid=778 pid=1544 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cp" exe="/usr/bin/cp" subj=unconfined key="10.2.3-access-audit-trail"ARCH=aarch64 SYSCALL=openat AUID="debian" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1713002007.576:161): cwd="/home/debian"
type=PATH msg=audit(1713002007.576:161): item=0 name="/var/log/audit/audit.log" inode=916940 dev=fe:02 mode=0100640 ouid=0 ogid=4 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="adm"
type=PROCTITLE msg=audit(1713002007.576:161): proctitle=6370002F7661722F6C6F672F61756469742F61756469742E6C6F67002F686F6D652F64656269616E2F
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment