tsohr/failure journal log

## failure journal log
Jun 09 13:55:23 sise audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jun 09 13:55:23 sise systemd[1]: Started Session c3 of user root.
Jun 09 13:55:23 sise sudo[240119]: pam_systemd(sudo:session): Failed to create session: Exchange full
Jun 09 13:55:23 sise sudo[240119]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jun 09 13:55:23 sise audit[240119]: USER_START pid=240119 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
Jun 09 13:55:23 sise audit[240143]: USER_AVC pid=240143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { rootok } for  scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=passwd permissive=0
                                     exe="/usr/bin/su" sauid=0 hostname=? addr=? terminal=?'
Jun 09 13:55:23 sise su[240143]: pam_unix(su-l:auth): auth could not identify password for [USER_ID]
Jun 09 13:55:23 sise audit[240143]: USER_AUTH pid=240143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:authentication grantors=? acct="USER_ID" exe="/usr/bin/su" hostname=? addr=? terminal=? res=failed'
Jun 09 13:55:26 sise su[240143]: FAILED SU (to USER_ID) root on none
Jun 09 13:55:27 sise sudo[240119]: pam_unix(sudo:session): session closed for user root
Jun 09 13:55:27 sise audit[240119]: USER_END pid=240119 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
Jun 09 13:55:27 sise audit[240119]: CRED_DISP pid=240119 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
Jun 09 13:55:27 sise systemd[1]: session-c3.scope: Succeeded.
Jun 09 13:55:27 sise systemd[1]: vboxautostart-service.service: Control process exited, code=exited, status=1/FAILURE
Jun 09 13:55:27 sise systemd[1]: vboxautostart-service.service: Failed with result 'exit-code'.
Jun 09 13:55:27 sise systemd[1]: Failed to start vboxautostart-service.service.

## su-l to be..
[root@sise pam.d]# cat su-l
#%PAM-1.0
session         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
auth            sufficient      pam_succeed_if.so uid = 0 use_uid quiet
password        sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet

auth            include         su
account         include         su
password        include         su
session         optional        pam_keyinit.so force revoke
session         include         su
	Jun 09 13:55:23 sise audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
	Jun 09 13:55:23 sise systemd[1]: Started Session c3 of user root.
	Jun 09 13:55:23 sise sudo[240119]: pam_systemd(sudo:session): Failed to create session: Exchange full
	Jun 09 13:55:23 sise sudo[240119]: pam_unix(sudo:session): session opened for user root by (uid=0)
	Jun 09 13:55:23 sise audit[240119]: USER_START pid=240119 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
	Jun 09 13:55:23 sise audit[240143]: USER_AVC pid=240143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { rootok } for scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=passwd permissive=0
	exe="/usr/bin/su" sauid=0 hostname=? addr=? terminal=?'
	Jun 09 13:55:23 sise su[240143]: pam_unix(su-l:auth): auth could not identify password for [USER_ID]
	Jun 09 13:55:23 sise audit[240143]: USER_AUTH pid=240143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:authentication grantors=? acct="USER_ID" exe="/usr/bin/su" hostname=? addr=? terminal=? res=failed'
	Jun 09 13:55:26 sise su[240143]: FAILED SU (to USER_ID) root on none
	Jun 09 13:55:27 sise sudo[240119]: pam_unix(sudo:session): session closed for user root
	Jun 09 13:55:27 sise audit[240119]: USER_END pid=240119 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
	Jun 09 13:55:27 sise audit[240119]: CRED_DISP pid=240119 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
	Jun 09 13:55:27 sise systemd[1]: session-c3.scope: Succeeded.
	Jun 09 13:55:27 sise systemd[1]: vboxautostart-service.service: Control process exited, code=exited, status=1/FAILURE
	Jun 09 13:55:27 sise systemd[1]: vboxautostart-service.service: Failed with result 'exit-code'.
	Jun 09 13:55:27 sise systemd[1]: Failed to start vboxautostart-service.service.
	[root@sise pam.d]# cat su-l
	#%PAM-1.0
	session sufficient pam_succeed_if.so uid = 0 use_uid quiet
	auth sufficient pam_succeed_if.so uid = 0 use_uid quiet
	password sufficient pam_succeed_if.so uid = 0 use_uid quiet
	account sufficient pam_succeed_if.so uid = 0 use_uid quiet

	auth include su
	account include su
	password include su
	session optional pam_keyinit.so force revoke
	session include su