API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 18th, 2019
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 68.98 KB | None | 0 0
raw download clone embed print report
  1. 003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_socket"
  2. [404310.996805] type=1327 audit(1570434873.571:3588540): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  3. [404310.996897] type=1300 audit(1570434873.571:3588541): arch=c000003e syscall=42 success=no exit=-115 a0=2cb a1=7f17ee78c140 a2=10 a3=5d9aef39 items=0 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_connect"
  4. [404310.996901] type=1306 audit(1570434873.571:3588541): saddr=020000500A0297090000000000000000
  5. [404316.005740] audit_printk_skb: 318 callbacks suppressed
  6. [404316.005770] type=1300 audit(1570434878.580:3588575): arch=c000003e syscall=2 success=yes exit=735 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  7. [404316.005784] type=1302 audit(1570434878.580:3588575): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  8. [404316.005790] type=1327 audit(1570434878.580:3588575): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  9. [404316.190095] type=1300 audit(1570434878.764:3588576): arch=c000003e syscall=2 success=yes exit=735 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  10. [404316.190105] type=1302 audit(1570434878.764:3588576): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  11. [404316.190109] type=1327 audit(1570434878.764:3588576): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  12. [404316.218414] type=1300 audit(1570434878.792:3588577): arch=c000003e syscall=2 success=yes exit=735 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  13. [404316.218428] type=1302 audit(1570434878.792:3588577): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  14. [404316.218434] type=1327 audit(1570434878.792:3588577): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  15. [404316.223964] type=1300 audit(1570434878.798:3588578): arch=c000003e syscall=2 success=yes exit=735 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  16. [404321.095600] audit_printk_skb: 771 callbacks suppressed
  17. [404321.095604] type=1300 audit(1570434883.669:3588653): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=9016 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  18. [404321.095608] type=1306 audit(1570434883.669:3588653): saddr=0A00BCBB0000000000000000000000000000FFFF0A02011900000000
  19. [404321.095610] type=1327 audit(1570434883.669:3588653): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  20. [404321.318569] type=1300 audit(1570434883.892:3588654): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  21. [404321.318591] type=1302 audit(1570434883.892:3588654): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  22. [404321.318596] type=1327 audit(1570434883.892:3588654): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  23. [404321.514823] type=1300 audit(1570434884.089:3588655): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=21249 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  24. [404321.514831] type=1306 audit(1570434884.089:3588655): saddr=0A00BCE40000000000000000000000000000FFFF0A02011900000000
  25. [404321.514849] type=1327 audit(1570434884.089:3588655): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  26. [404321.518620] type=1300 audit(1570434884.092:3588656): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  27. [404326.266969] audit_printk_skb: 372 callbacks suppressed
  28. [404326.266974] type=1300 audit(1570434888.841:3588696): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  29. [404326.266982] type=1302 audit(1570434888.841:3588696): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  30. [404326.266986] type=1327 audit(1570434888.841:3588696): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  31. [404326.470749] type=1300 audit(1570434889.044:3588697): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  32. [404326.470782] type=1302 audit(1570434889.044:3588697): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  33. [404326.470787] type=1327 audit(1570434889.044:3588697): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  34. [404326.606451] type=1300 audit(1570434889.180:3588698): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  35. [404326.606461] type=1302 audit(1570434889.180:3588698): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  36. [404326.606486] type=1327 audit(1570434889.180:3588698): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  37. [404326.623994] type=1300 audit(1570434889.198:3588699): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  38. [404331.608889] audit_printk_skb: 687 callbacks suppressed
  39. [404331.608893] type=1300 audit(1570434894.182:3588763): arch=c000003e syscall=43 success=yes exit=6 a0=4 a1=7ffe54877a10 a2=7ffe54877988 a3=0 items=0 ppid=13491 pid=13496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" key="pt_siem_api_accept"
  40. [404331.608897] type=1306 audit(1570434894.182:3588763): saddr=0200D0F60A02FD420000000000000000
  41. [404331.608900] type=1327 audit(1570434894.182:3588763): proctitle=2F7573722F7362696E2F7A61626269785F6167656E74643A206C697374656E6572202333205B77616974696E6720666F7220636F6E6E656374696F6E5D
  42. [404331.933588] type=1300 audit(1570434894.507:3588764): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=4872 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  43. [404331.933594] type=1306 audit(1570434894.507:3588764): saddr=0A00BF8D0000000000000000000000000000FFFF0A02011900000000
  44. [404331.933597] type=1327 audit(1570434894.507:3588764): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  45. [404332.509276] type=1300 audit(1570434895.083:3588765): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=1216 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  46. [404332.509282] type=1306 audit(1570434895.083:3588765): saddr=0A00BFB60000000000000000000000000000FFFF0A02011900000000
  47. [404332.509285] type=1327 audit(1570434895.083:3588765): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  48. [404332.769789] type=1300 audit(1570434895.343:3588766): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  49. [404336.761514] audit_printk_skb: 453 callbacks suppressed
  50. [404336.761518] type=1300 audit(1570434899.335:3588817): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=4872 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  51. [404336.761522] type=1306 audit(1570434899.335:3588817): saddr=0A00EDDC0000000000000000000000000000FFFF0A02FD4200000000
  52. [404336.761525] type=1327 audit(1570434899.335:3588817): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  53. [404336.867997] type=1300 audit(1570434899.442:3588818): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=1216 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  54. [404336.868003] type=1306 audit(1570434899.442:3588818): saddr=0A00C1270000000000000000000000000000FFFF0A02011900000000
  55. [404336.868005] type=1327 audit(1570434899.442:3588818): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  56. [404336.933743] type=1300 audit(1570434899.507:3588819): arch=c000003e syscall=59 success=yes exit=0 a0=7ff1ba3e1f89 a1=7ff1a9ff85e0 a2=7ffc7280d180 a3=7ff1b47407f8 items=2 ppid=12924 pid=30576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" key="pt_siem_execve_root"
  57. [404336.933751] type=1309 audit(1570434899.507:3588819): argc=3 a0="sh" a1="-c" a2="users"
  58. [404336.933758] type=1302 audit(1570434899.507:3588819): item=0 name="/bin/sh" inode=2101960 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  59. [404336.933763] type=1302 audit(1570434899.507:3588819): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  60. [404341.783198] audit_printk_skb: 1011 callbacks suppressed
  61. [404341.783202] type=1300 audit(1570434904.356:3588925): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=21249 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  62. [404341.783206] type=1306 audit(1570434904.356:3588925): saddr=0A00C2D80000000000000000000000000000FFFF0A02011900000000
  63. [404341.783209] type=1327 audit(1570434904.356:3588925): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  64. [404342.001215] type=1300 audit(1570434903.558:3588926): arch=c000003e syscall=43 success=yes exit=6 a0=4 a1=7ffe54877a10 a2=7ffe54877988 a3=0 items=0 ppid=13491 pid=13496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" key="pt_siem_api_accept"
  65. [404342.001221] type=1306 audit(1570434903.558:3588926): saddr=0200D6C40A02FD420000000000000000
  66. [404342.001224] type=1327 audit(1570434903.558:3588926): proctitle=2F7573722F7362696E2F7A61626269785F6167656E74643A206C697374656E6572202333205B77616974696E6720666F7220636F6E6E656374696F6E5D
  67. [404342.305217] type=1300 audit(1570434904.878:3588927): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=9148 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  68. [404342.305223] type=1306 audit(1570434904.878:3588927): saddr=0A00C3050000000000000000000000000000FFFF0A02011900000000
  69. [404342.305226] type=1327 audit(1570434904.878:3588927): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  70. [404342.697195] type=1300 audit(1570434905.270:3588928): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=19272 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  71. [404346.874338] audit_printk_skb: 315 callbacks suppressed
  72. [404346.874342] type=1300 audit(1570434909.447:3588962): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  73. [404346.874350] type=1302 audit(1570434909.447:3588962): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  74. [404346.874353] type=1327 audit(1570434909.447:3588962): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  75. [404346.875481] type=1300 audit(1570434909.448:3588963): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  76. [404346.875489] type=1322 audit(1570434909.448:3588963): pid=6121 cap_pi=0000000400000002 cap_pp=0000000400002c0f cap_pe=0000000400000002 cap_pa=0000000000000000
  77. [404346.875491] type=1327 audit(1570434909.448:3588963): proctitle="/opt/secretnet/sbin/snsyslog-ng"
  78. [404346.875555] type=1300 audit(1570434909.448:3588964): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  79. [404346.875560] type=1322 audit(1570434909.448:3588964): pid=6121 cap_pi=0000000400000003 cap_pp=0000000400002c0f cap_pe=0000000400000003 cap_pa=0000000000000000
  80. [404346.875562] type=1327 audit(1570434909.448:3588964): proctitle="/opt/secretnet/sbin/snsyslog-ng"
  81. [404346.875585] type=1300 audit(1570434909.448:3588965): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  82. [404352.023539] audit_printk_skb: 954 callbacks suppressed
  83. [404352.023543] type=1300 audit(1570434914.595:3589061): arch=c000003e syscall=59 success=yes exit=0 a0=7ff1ba3e1f89 a1=7ff1a9ff85e0 a2=7ffc7280d180 a3=7ff1b47407f8 items=2 ppid=12924 pid=30688 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" key="pt_siem_execve_root"
  84. [404352.023549] type=1309 audit(1570434914.595:3589061): argc=3 a0="sh" a1="-c" a2="users"
  85. [404352.023555] type=1302 audit(1570434914.595:3589061): item=0 name="/bin/sh" inode=2101960 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  86. [404352.023560] type=1302 audit(1570434914.595:3589061): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  87. [404352.023564] type=1327 audit(1570434914.595:3589061): proctitle=7368002D63007573657273
  88. [404352.026970] type=1300 audit(1570434914.599:3589062): arch=c000003e syscall=59 success=yes exit=0 a0=1fada30 a1=1fadd10 a2=1facc30 a3=7ffd436c41a0 items=2 ppid=12924 pid=30688 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="users" exe="/usr/bin/users" key="pt_siem_execve_root"
  89. [404352.026975] type=1309 audit(1570434914.599:3589062): argc=1 a0="users"
  90. [404352.026981] type=1302 audit(1570434914.599:3589062): item=0 name="/usr/bin/users" inode=2099045 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  91. [404352.026986] type=1302 audit(1570434914.599:3589062): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  92. [404352.026988] type=1327 audit(1570434914.599:3589062): proctitle=7368002D63007573657273
  93. [404357.314162] audit_printk_skb: 426 callbacks suppressed
  94. [404357.314167] type=1300 audit(1570434919.887:3589110): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=2522 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  95. [404357.314171] type=1306 audit(1570434919.887:3589110): saddr=0A00C7F30000000000000000000000000000FFFF0A02011900000000
  96. [404357.314173] type=1327 audit(1570434919.887:3589110): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  97. [404357.559345] type=1300 audit(1570434920.133:3589111): arch=c000003e syscall=43 success=yes exit=6 a0=4 a1=7ffe54877a10 a2=7ffe54877988 a3=0 items=0 ppid=13491 pid=13496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" key="pt_siem_api_accept"
  98. [404357.559352] type=1306 audit(1570434920.133:3589111): saddr=0200DE580A02FD420000000000000000
  99. [404357.559355] type=1327 audit(1570434920.133:3589111): proctitle=2F7573722F7362696E2F7A61626269785F6167656E74643A206C697374656E6572202333205B77616974696E6720666F7220636F6E6E656374696F6E5D
  100. [404357.594329] type=1300 audit(1570434920.168:3589112): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=8333 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  101. [404357.594335] type=1306 audit(1570434920.168:3589112): saddr=0A00C80B0000000000000000000000000000FFFF0A02011900000000
  102. [404357.594338] type=1327 audit(1570434920.168:3589112): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  103. [404357.628207] type=1300 audit(1570434917.281:3589113): arch=c000003e syscall=43 success=yes exit=6 a0=4 a1=7ffe54877a10 a2=7ffe54877988 a3=0 items=0 ppid=13491 pid=13495 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" key="pt_siem_api_accept"
  104. [404362.350168] audit_printk_skb: 822 callbacks suppressed
  105. [404362.350172] type=1300 audit(1570434924.923:3589192): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  106. [404362.350180] type=1302 audit(1570434924.923:3589192): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  107. [404362.350183] type=1327 audit(1570434924.923:3589192): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  108. [404362.365125] type=1300 audit(1570434924.938:3589193): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  109. [404362.365135] type=1302 audit(1570434924.938:3589193): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  110. [404362.365138] type=1327 audit(1570434924.938:3589193): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  111. [404362.374116] type=1300 audit(1570434924.947:3589194): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  112. [404362.374124] type=1302 audit(1570434924.947:3589194): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  113. [404362.374141] type=1327 audit(1570434924.947:3589194): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  114. [404362.374543] type=1300 audit(1570434924.948:3589195): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  115. [404367.434899] audit_printk_skb: 288 callbacks suppressed
  116. [404367.434904] type=1300 audit(1570434930.008:3589224): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=9016 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  117. [404367.434908] type=1306 audit(1570434930.008:3589224): saddr=0A00CBCA0000000000000000000000000000FFFF0A02011900000000
  118. [404367.434911] type=1327 audit(1570434930.008:3589224): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  119. [404367.480842] type=1300 audit(1570434930.054:3589225): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=2522 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  120. [404367.480848] type=1306 audit(1570434930.054:3589225): saddr=0A00CBCD0000000000000000000000000000FFFF0A02011900000000
  121. [404367.480851] type=1327 audit(1570434930.054:3589225): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  122. [404367.516792] type=1300 audit(1570434930.090:3589226): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=8333 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  123. [404367.516798] type=1306 audit(1570434930.090:3589226): saddr=0A00CBCF0000000000000000000000000000FFFF0A02011900000000
  124. [404367.516802] type=1327 audit(1570434930.090:3589226): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  125. [404367.715842] type=1300 audit(1570434930.289:3589227): arch=c000003e syscall=41 success=yes exit=7 a0=2 a1=2 a2=0 a3=63 items=0 ppid=1 pid=5650 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="vmtoolsd" exe="/usr/bin/vmtoolsd" key="pt_siem_api_socket"
  126. [404372.557448] audit_printk_skb: 1014 callbacks suppressed
  127. [404372.557452] type=1300 audit(1570434935.129:3589332): arch=c000003e syscall=257 success=yes exit=735 a0=ffffffffffffff9c a1=7f15d33b7a98 a2=90800 a3=0 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_home_read"
  128. [404372.557461] type=1302 audit(1570434935.129:3589332): item=0 name="/home/usr1cv8/.1cv8/1C/1cv8/conf/" inode=524321 dev=08:21 mode=040755 ouid=997 ogid=1003 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  129. [404372.557465] type=1327 audit(1570434935.129:3589332): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  130. [404372.725239] type=1300 audit(1570434935.298:3589333): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=21249 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  131. [404372.725279] type=1306 audit(1570434935.298:3589333): saddr=0A00CDCE0000000000000000000000000000FFFF0A02011900000000
  132. [404372.725286] type=1327 audit(1570434935.298:3589333): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  133. [404372.996917] type=1300 audit(1570434935.570:3589334): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  134. [404372.996928] type=1302 audit(1570434935.570:3589334): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  135. [404372.996932] type=1327 audit(1570434935.570:3589334): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  136. [404373.017640] type=1300 audit(1570434935.591:3589335): arch=c000003e syscall=2 success=yes exit=715 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  137. [404377.825045] audit_printk_skb: 417 callbacks suppressed
  138. [404377.825049] type=1300 audit(1570434940.398:3589380): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=9016 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  139. [404377.825053] type=1306 audit(1570434940.398:3589380): saddr=0A00CFD50000000000000000000000000000FFFF0A02011900000000
  140. [404377.825055] type=1327 audit(1570434940.398:3589380): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  141. [404377.861359] type=1300 audit(1570434940.434:3589381): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=1250 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  142. [404377.861365] type=1306 audit(1570434940.434:3589381): saddr=0A00CFDC0000000000000000000000000000FFFF0A02011900000000
  143. [404377.861368] type=1327 audit(1570434940.434:3589381): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  144. [404377.864022] type=1300 audit(1570434940.437:3589382): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=8333 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  145. [404377.864027] type=1306 audit(1570434940.437:3589382): saddr=0A00CFDE0000000000000000000000000000FFFF0A02011900000000
  146. [404377.864030] type=1327 audit(1570434940.437:3589382): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  147. [404378.240991] type=1300 audit(1570434940.814:3589383): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=1216 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  148. [404383.023626] audit_printk_skb: 768 callbacks suppressed
  149. [404383.023631] type=1300 audit(1570434945.596:3589456): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=8333 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  150. [404383.023650] type=1306 audit(1570434945.596:3589456): saddr=0A00D2000000000000000000000000000000FFFF0A02011900000000
  151. [404383.023654] type=1327 audit(1570434945.596:3589456): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  152. [404383.183878] type=1300 audit(1570434945.757:3589457): arch=c000003e syscall=2 success=yes exit=712 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  153. [404383.183888] type=1302 audit(1570434945.757:3589457): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  154. [404383.183892] type=1327 audit(1570434945.757:3589457): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  155. [404383.401020] type=1300 audit(1570434945.974:3589458): arch=c000003e syscall=2 success=yes exit=712 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  156. [404383.401030] type=1302 audit(1570434945.974:3589458): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  157. [404383.401034] type=1327 audit(1570434945.974:3589458): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  158. [404383.434759] type=1300 audit(1570434946.008:3589459): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=4872 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  159. [404388.223996] audit_printk_skb: 357 callbacks suppressed
  160. [404388.224000] type=1300 audit(1570434950.797:3589500): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=4872 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  161. [404388.224004] type=1306 audit(1570434950.797:3589500): saddr=0A00D34B0000000000000000000000000000FFFF0A02011900000000
  162. [404388.224007] type=1327 audit(1570434950.797:3589500): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  163. [404388.434212] type=1300 audit(1570434950.999:3589501): arch=c000003e syscall=59 success=yes exit=0 a0=7ff1ba3e1f89 a1=7ff1a9ff85e0 a2=7ffc7280d180 a3=7ff1b47407f8 items=2 ppid=12924 pid=30931 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" key="pt_siem_execve_root"
  164. [404388.434221] type=1309 audit(1570434950.999:3589501): argc=3 a0="sh" a1="-c" a2="users"
  165. [404388.434227] type=1302 audit(1570434950.999:3589501): item=0 name="/bin/sh" inode=2101960 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  166. [404388.434232] type=1302 audit(1570434950.999:3589501): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  167. [404388.434237] type=1327 audit(1570434950.999:3589501): proctitle=7368002D63007573657273
  168. [404388.440900] type=1300 audit(1570434951.010:3589502): arch=c000003e syscall=59 success=yes exit=0 a0=ab3a30 a1=ab3d10 a2=ab2c30 a3=7ffeb4a767a0 items=2 ppid=12924 pid=30931 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="users" exe="/usr/bin/users" key="pt_siem_execve_root"
  169. [404388.440909] type=1309 audit(1570434951.010:3589502): argc=1 a0="users"
  170. [404393.558222] audit_printk_skb: 837 callbacks suppressed
  171. [404393.558227] type=1300 audit(1570434956.131:3589585): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=9148 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  172. [404393.558232] type=1306 audit(1570434956.131:3589585): saddr=0A00D54E0000000000000000000000000000FFFF0A02011900000000
  173. [404393.558234] type=1327 audit(1570434956.131:3589585): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  174. [404393.663985] type=1300 audit(1570434956.237:3589586): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=2522 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  175. [404393.663992] type=1306 audit(1570434956.237:3589586): saddr=0A00D5550000000000000000000000000000FFFF0A02011900000000
  176. [404393.663995] type=1327 audit(1570434956.237:3589586): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  177. [404393.811323] type=1300 audit(1570434956.384:3589587): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=8333 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  178. [404393.811329] type=1306 audit(1570434956.384:3589587): saddr=0A00D55F0000000000000000000000000000FFFF0A02011900000000
  179. [404393.811332] type=1327 audit(1570434956.384:3589587): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  180. [404394.125968] type=1300 audit(1570434956.699:3589588): arch=c000003e syscall=2 success=yes exit=712 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  181. [404398.689051] audit_printk_skb: 507 callbacks suppressed
  182. [404398.689055] type=1300 audit(1570434961.262:3589647): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=7381 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  183. [404398.689059] type=1306 audit(1570434961.262:3589647): saddr=0A00A1800000000000000000000000000000FFFF0A02FD4200000000
  184. [404398.689062] type=1327 audit(1570434961.262:3589647): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  185. [404398.965813] type=1300 audit(1570434961.538:3589648): arch=c000003e syscall=43 success=yes exit=5 a0=11 a1=7fb120001968 a2=7fb13db76c14 a3=1 items=0 ppid=1438 pid=23882 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_accept"
  186. [404398.965820] type=1306 audit(1570434961.538:3589648): saddr=0200F43D0A8F02410000000000000000
  187. [404398.965823] type=1327 audit(1570434961.538:3589648): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640064666134616265362D653862352D313165392D663038652D303035303536623631
  188. [404398.965863] type=1300 audit(1570434961.538:3589649): arch=c000003e syscall=43 success=no exit=-11 a0=11 a1=7fb11c005a58 a2=7fb13db76c14 a3=7fb13db76bb0 items=0 ppid=1438 pid=23882 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_accept"
  189. [404398.965867] type=1327 audit(1570434961.538:3589649): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640064666134616265362D653862352D313165392D663038652D303035303536623631
  190. [404399.225348] type=1300 audit(1570434961.794:3589650): arch=c000003e syscall=59 success=yes exit=0 a0=7f48c42fef89 a1=7f48b0ff5b00 a2=7ffd7054f100 a3=7f48b0ff99d0 items=2 ppid=12760 pid=31004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" key="pt_siem_execve_root"
  191. [404399.225357] type=1309 audit(1570434961.794:3589650): argc=3 a0="sh" a1="-c" a2=2F6F70742F7365637265746E65742F7362696E2F756576656E742071756572792D786D6C20616C6C
  192. [404403.767079] audit_printk_skb: 804 callbacks suppressed
  193. [404403.767083] type=1300 audit(1570434966.339:3589729): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=7381 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  194. [404403.767087] type=1306 audit(1570434966.339:3589729): saddr=0A00D78A0000000000000000000000000000FFFF0A02011900000000
  195. [404403.767090] type=1327 audit(1570434966.339:3589729): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  196. [404403.838385] type=1300 audit(1570434966.406:3589730): arch=c000003e syscall=59 success=yes exit=0 a0=7ff1ba3e1f89 a1=7ff1a9ff85e0 a2=7ffc7280d180 a3=7ff1b47407f8 items=2 ppid=12924 pid=31043 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" key="pt_siem_execve_root"
  197. [404403.838393] type=1309 audit(1570434966.406:3589730): argc=3 a0="sh" a1="-c" a2="users"
  198. [404403.838400] type=1302 audit(1570434966.406:3589730): item=0 name="/bin/sh" inode=2101960 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  199. [404403.838404] type=1302 audit(1570434966.406:3589730): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  200. [404403.838409] type=1327 audit(1570434966.406:3589730): proctitle=7368002D63007573657273
  201. [404403.845484] type=1300 audit(1570434966.413:3589731): arch=c000003e syscall=59 success=yes exit=0 a0=1a3fa30 a1=1a3fd10 a2=1a3ec30 a3=7fff823d51e0 items=2 ppid=12924 pid=31043 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="users" exe="/usr/bin/users" key="pt_siem_execve_root"
  202. [404403.845502] type=1309 audit(1570434966.413:3589731): argc=1 a0="users"
  203. [404408.831513] audit_printk_skb: 399 callbacks suppressed
  204. [404408.831517] type=1300 audit(1570434971.403:3589775): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=21249 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  205. [404408.831521] type=1306 audit(1570434971.403:3589775): saddr=0A00D8CC0000000000000000000000000000FFFF0A02011900000000
  206. [404408.831524] type=1327 audit(1570434971.403:3589775): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  207. [404408.834498] type=1300 audit(1570434971.406:3589776): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  208. [404408.834505] type=1322 audit(1570434971.406:3589776): pid=6121 cap_pi=0000000400000002 cap_pp=0000000400002c0f cap_pe=0000000400000002 cap_pa=0000000000000000
  209. [404408.834507] type=1327 audit(1570434971.406:3589776): proctitle="/opt/secretnet/sbin/snsyslog-ng"
  210. [404408.834575] type=1300 audit(1570434971.406:3589777): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  211. [404408.834579] type=1322 audit(1570434971.406:3589777): pid=6121 cap_pi=0000000400000003 cap_pp=0000000400002c0f cap_pe=0000000400000003 cap_pa=0000000000000000
  212. [404408.834582] type=1327 audit(1570434971.406:3589777): proctitle="/opt/secretnet/sbin/snsyslog-ng"
  213. [404408.834604] type=1300 audit(1570434971.406:3589778): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  214. [404413.843683] audit_printk_skb: 1038 callbacks suppressed
  215. [404413.843687] type=1300 audit(1570434976.415:3589880): arch=c000003e syscall=43 success=yes exit=6 a0=4 a1=7ffe54877a10 a2=7ffe54877988 a3=0 items=0 ppid=13491 pid=13494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" key="pt_siem_api_accept"
  216. [404413.843691] type=1306 audit(1570434976.415:3589880): saddr=020090CE0A02FD420000000000000000
  217. [404413.843694] type=1327 audit(1570434976.415:3589880): proctitle=2F7573722F7362696E2F7A61626269785F6167656E74643A206C697374656E6572202331205B77616974696E6720666F7220636F6E6E656374696F6E5D
  218. [404414.043018] type=1300 audit(1570434976.614:3589881): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=1250 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  219. [404414.043024] type=1306 audit(1570434976.614:3589881): saddr=0A00DA650000000000000000000000000000FFFF0A02011900000000
  220. [404414.043027] type=1327 audit(1570434976.614:3589881): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  221. [404414.095726] type=1300 audit(1570434976.667:3589882): arch=c000003e syscall=43 success=yes exit=5 a0=11 a1=7fb11c005a58 a2=7fb13db76c14 a3=1 items=0 ppid=1438 pid=23882 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_accept"
  222. [404414.095732] type=1306 audit(1570434976.667:3589882): saddr=0200F43E0A8F02410000000000000000
  223. [404414.095736] type=1327 audit(1570434976.667:3589882): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640064666134616265362D653862352D313165392D663038652D303035303536623631
  224. [404414.095761] type=1300 audit(1570434976.667:3589883): arch=c000003e syscall=43 success=no exit=-11 a0=11 a1=7fb11c006348 a2=7fb13db76c14 a3=7fb13db76bb0 items=0 ppid=1438 pid=23882 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_accept"
  225. [404419.028387] audit_printk_skb: 204 callbacks suppressed
  226. [404419.028392] type=1300 audit(1570434981.597:3589904): arch=c000003e syscall=59 success=yes exit=0 a0=7ff1ba3e1f89 a1=7ff1a9ff85e0 a2=7ffc7280d180 a3=7ff1b47407f8 items=2 ppid=12924 pid=31145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" key="pt_siem_execve_root"
  227. [404419.028416] type=1309 audit(1570434981.597:3589904): argc=3 a0="sh" a1="-c" a2="users"
  228. [404419.028423] type=1302 audit(1570434981.597:3589904): item=0 name="/bin/sh" inode=2101960 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  229. [404419.028428] type=1302 audit(1570434981.597:3589904): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  230. [404419.028433] type=1327 audit(1570434981.597:3589904): proctitle=7368002D63007573657273
  231. [404419.036549] type=1300 audit(1570434981.604:3589905): arch=c000003e syscall=59 success=yes exit=0 a0=22d6a30 a1=22d6d10 a2=22d5c30 a3=7ffd4569c1a0 items=2 ppid=12924 pid=31145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="users" exe="/usr/bin/users" key="pt_siem_execve_root"
  232. [404419.036556] type=1309 audit(1570434981.604:3589905): argc=1 a0="users"
  233. [404419.036562] type=1302 audit(1570434981.604:3589905): item=0 name="/usr/bin/users" inode=2099045 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  234. [404419.036567] type=1302 audit(1570434981.604:3589905): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  235. [404419.036570] type=1327 audit(1570434981.604:3589905): proctitle=7368002D63007573657273
  236. [404424.124829] audit_printk_skb: 1161 callbacks suppressed
  237. [404424.124833] type=1300 audit(1570434986.697:3590016): arch=c000003e syscall=43 success=yes exit=6 a0=4 a1=7ffe54877a10 a2=7ffe54877988 a3=0 items=0 ppid=13491 pid=13495 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" key="pt_siem_api_accept"
  238. [404424.124837] type=1306 audit(1570434986.697:3590016): saddr=020095E00A02FD420000000000000000
  239. [404424.124840] type=1327 audit(1570434986.697:3590016): proctitle=2F7573722F7362696E2F7A61626269785F6167656E74643A206C697374656E6572202332205B77616974696E6720666F7220636F6E6E656374696F6E5D
  240. [404425.155299] type=1300 audit(1570434987.727:3590017): arch=c000003e syscall=288 success=yes exit=16 a0=4 a1=7ffdf2c3b630 a2=7ffdf2c3b610 a3=80000 items=0 ppid=6499 pid=1250 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_accept"
  241. [404425.155305] type=1306 audit(1570434987.727:3590017): saddr=0A00DD6B0000000000000000000000000000FFFF0A02011900000000
  242. [404425.155308] type=1327 audit(1570434987.727:3590017): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  243. [404425.162708] type=1300 audit(1570434987.734:3590018): arch=c000003e syscall=59 success=yes exit=0 a0=7ff1ba3e1f89 a1=7ff1a9ff85e0 a2=7ffc7280d180 a3=7ff1b47407f8 items=2 ppid=12924 pid=31199 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" key="pt_siem_execve_root"
  244. [404425.162716] type=1309 audit(1570434987.734:3590018): argc=3 a0="sh" a1="-c" a2="users"
  245. [404425.162722] type=1302 audit(1570434987.734:3590018): item=0 name="/bin/sh" inode=2101960 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  246. [404425.162727] type=1302 audit(1570434987.734:3590018): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  247. [404429.224198] audit_printk_skb: 381 callbacks suppressed
  248. [404429.224220] type=1300 audit(1570434991.796:3590064): arch=c000003e syscall=43 success=yes exit=5 a0=11 a1=7fb11c006348 a2=7fb13d873c14 a3=1 items=0 ppid=1438 pid=23882 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_accept"
  249. [404429.224225] type=1306 audit(1570434991.796:3590064): saddr=0200F43F0A8F02410000000000000000
  250. [404429.224228] type=1327 audit(1570434991.796:3590064): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640064666134616265362D653862352D313165392D663038652D303035303536623631
  251. [404429.224256] type=1300 audit(1570434991.796:3590065): arch=c000003e syscall=43 success=no exit=-11 a0=11 a1=7fb124003748 a2=7fb13d873c14 a3=7fb13d873bb0 items=0 ppid=1438 pid=23882 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_accept"
  252. [404429.224259] type=1327 audit(1570434991.796:3590065): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640064666134616265362D653862352D313165392D663038652D303035303536623631
  253. [404429.447631] type=1300 audit(1570434992.020:3590066): arch=c000003e syscall=257 success=yes exit=78 a0=ffffffffffffff9c a1=7fb0e800a988 a2=90800 a3=0 items=1 ppid=1438 pid=23882 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_home_read"
  254. [404429.447642] type=1302 audit(1570434992.020:3590066): item=0 name="/home/usr1cv8/.1cv8/1C/1cv8/conf/" inode=524321 dev=08:21 mode=040755 ouid=997 ogid=1003 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  255. [404429.447646] type=1327 audit(1570434992.020:3590066): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640064666134616265362D653862352D313165392D663038652D303035303536623631
  256. [404429.447883] type=1300 audit(1570434992.020:3590067): arch=c000003e syscall=257 success=yes exit=78 a0=ffffffffffffff9c a1=7fb0e8016298 a2=90800 a3=0 items=1 ppid=1438 pid=23882 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_home_read"
  257. [404429.447889] type=1302 audit(1570434992.020:3590067): item=0 name="/home/usr1cv8/.1cv8/1C/1cv8/conf/" inode=524321 dev=08:21 mode=040755 ouid=997 ogid=1003 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  258. [404434.269646] audit_printk_skb: 825 callbacks suppressed
  259. [404434.269650] type=1300 audit(1570434996.840:3590148): arch=c000003e syscall=59 success=yes exit=0 a0=7ff1ba3e1f89 a1=7ff1a9ff85e0 a2=7ffc7280d180 a3=7ff1b47407f8 items=2 ppid=12924 pid=31262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/bash" key="pt_siem_execve_root"
  260. [404434.269656] type=1309 audit(1570434996.840:3590148): argc=3 a0="sh" a1="-c" a2="users"
  261. [404434.269662] type=1302 audit(1570434996.840:3590148): item=0 name="/bin/sh" inode=2101960 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  262. [404434.269667] type=1302 audit(1570434996.840:3590148): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  263. [404434.269671] type=1327 audit(1570434996.840:3590148): proctitle=7368002D63007573657273
  264. [404434.273829] type=1300 audit(1570434996.845:3590149): arch=c000003e syscall=59 success=yes exit=0 a0=166ea30 a1=166ed10 a2=166dc30 a3=7ffe6a199320 items=2 ppid=12924 pid=31262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="users" exe="/usr/bin/users" key="pt_siem_execve_root"
  265. [404434.273835] type=1309 audit(1570434996.845:3590149): argc=1 a0="users"
  266. [404434.273840] type=1302 audit(1570434996.845:3590149): item=0 name="/usr/bin/users" inode=2099045 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  267. [404434.273845] type=1302 audit(1570434996.845:3590149): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  268. [404434.273848] type=1327 audit(1570434996.845:3590149): proctitle=7368002D63007573657273
  269. [404439.526638] audit_printk_skb: 576 callbacks suppressed
  270. [404439.526642] type=1131 audit(1570435002.099:3590213): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
  271. [404439.535830] type=1300 audit(1570435002.107:3590214): arch=c000003e syscall=59 success=yes exit=0 a0=560c98095560 a1=560c981307f0 a2=560c980b63c0 a3=2 items=2 ppid=1 pid=31302 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_execve_root"
  272. [404439.535838] type=1309 audit(1570435002.107:3590214): argc=2 a0="/usr/sbin/httpd" a1="-DFOREGROUND"
  273. [404439.535844] type=1302 audit(1570435002.107:3590214): item=0 name="/usr/sbin/httpd" inode=2103857 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  274. [404439.535849] type=1302 audit(1570435002.107:3590214): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  275. [404439.535854] type=1327 audit(1570435002.107:3590214): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  276. [404439.625196] type=1300 audit(1570435002.197:3590215): arch=c000003e syscall=41 success=yes exit=3 a0=a a1=80002 a2=0 a3=100007fffff0000 items=0 ppid=1 pid=31302 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_socket"
  277. [404439.625203] type=1327 audit(1570435002.197:3590215): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  278. [404439.625267] type=1300 audit(1570435002.197:3590216): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=563804e9e430 a2=1c a3=100007fffff0000 items=0 ppid=1 pid=31302 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_connect"
  279. [404439.625270] type=1306 audit(1570435002.197:3590216): saddr=0A000000000000000000000000000000000000000000000000000000
  280. [404439.841984] systemd-journald[2949]: Received SIGTERM from PID 1 (systemd).
  281. [404444.871413] audit_printk_skb: 2772 callbacks suppressed
  282. [404444.871418] type=1300 audit(1570435007.443:3590516): arch=c000003e syscall=2 success=yes exit=86 a0=7f18a2afd4d2 a1=80000 a2=1b6 a3=24 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_user_read_sysconf_/etc/passwd"
  283. [404444.871426] type=1302 audit(1570435007.443:3590516): item=0 name="/etc/passwd" inode=4457277 dev=08:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  284. [404444.871429] type=1327 audit(1570435007.443:3590516): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  285. [404444.973604] type=1300 audit(1570435007.545:3590517): arch=c000003e syscall=41 success=yes exit=16 a0=2 a1=1 a2=6 a3=0 items=0 ppid=31302 pid=31376 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_socket"
  286. [404444.973611] type=1327 audit(1570435007.545:3590517): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  287. [404444.973760] type=1300 audit(1570435007.545:3590518): arch=c000003e syscall=42 success=no exit=-115 a0=10 a1=5638052d83a0 a2=10 a3=0 items=0 ppid=31302 pid=31376 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" key="pt_siem_api_connect"
  288. [404444.973763] type=1306 audit(1570435007.545:3590518): saddr=020006050A02982B0000000000000000
  289. [404444.973766] type=1327 audit(1570435007.545:3590518): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
  290. [404444.977984] type=1300 audit(1570435007.550:3590519): arch=c000003e syscall=43 success=yes exit=20 a0=c a1=7fab280061d8 a2=7fab36419c14 a3=1 items=0 ppid=1438 pid=1446 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rmngr" exe="/opt/1C/v8.3/x86_64/rmngr" key="pt_siem_api_accept"
  291. [404444.977992] type=1306 audit(1570435007.550:3590519): saddr=0200DB7A0A02982B0000000000000000
  292. [404450.062793] audit_printk_skb: 972 callbacks suppressed
  293. [404450.062799] type=1300 audit(1570435012.634:3590624): arch=c000003e syscall=257 success=yes exit=91 a0=ffffffffffffff9c a1=7f17fff9b728 a2=90800 a3=0 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_home_read"
  294. [404450.062808] type=1302 audit(1570435012.634:3590624): item=0 name="/home/usr1cv8/.1cv8/1C/1cv8/conf/" inode=524321 dev=08:21 mode=040755 ouid=997 ogid=1003 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  295. [404450.062812] type=1327 audit(1570435012.634:3590624): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  296. [404450.063147] type=1300 audit(1570435012.635:3590625): arch=c000003e syscall=257 success=yes exit=91 a0=ffffffffffffff9c a1=7f17fc25da48 a2=90800 a3=0 items=1 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_home_read"
  297. [404450.063154] type=1302 audit(1570435012.635:3590625): item=0 name="/home/usr1cv8/.1cv8/1C/1cv8/conf/" inode=524321 dev=08:21 mode=040755 ouid=997 ogid=1003 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  298. [404450.063157] type=1327 audit(1570435012.635:3590625): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  299. [404450.064611] type=1300 audit(1570435012.636:3590626): arch=c000003e syscall=41 success=yes exit=91 a0=2 a1=1 a2=6 a3=2 items=0 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_socket"
  300. [404450.064619] type=1327 audit(1570435012.636:3590626): proctitle=2F6F70742F31432F76382E332F7838365F36342F7270686F7374002D72616E676500313536303A31353931002D726567686F73740031632D70726F642D61707031332E6D6961632E6C616E002D726567706F72740031353431002D7069640036323636343132362D653636372D313165392D653539362D303035303536623631
  301. [404450.064724] type=1300 audit(1570435012.636:3590627): arch=c000003e syscall=42 success=no exit=-115 a0=5b a1=7f174298aed0 a2=10 a3=5d9aefc4 items=0 ppid=1438 pid=6314 auid=1008 uid=997 gid=1003 euid=997 suid=997 fsuid=997 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=143 comm="rphost" exe="/opt/1C/v8.3/x86_64/rphost" key="pt_siem_api_connect"
  302. [404450.064729] type=1306 audit(1570435012.636:3590627): saddr=02001FA50A0201190000000000000000
  303. [404455.580366] audit_printk_skb: 795 callbacks suppressed
  304. [404455.580370] type=1300 audit(1570435018.152:3590706): arch=c000003e syscall=59 success=yes exit=0 a0=8b0370 a1=8b0bc0 a2=890040 a3=7ffc92dd9be0 items=2 ppid=12548 pid=31534 auid=1006 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=21 comm="auditctl" exe="/usr/sbin/auditctl" key="pt_siem_execve_root"
  305. [404455.580376] type=1309 audit(1570435018.152:3590706): argc=3 a0="auditctl" a1="-e" a2="0"
  306. [404455.580382] type=1302 audit(1570435018.152:3590706): item=0 name="/sbin/auditctl" inode=2101551 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  307. [404455.580387] type=1302 audit(1570435018.152:3590706): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2097803 dev=08:21 mode=0100755 ouid=0 ogid=0 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
  308. [404455.580391] type=1327 audit(1570435018.152:3590706): proctitle=617564697463746C002D650030
  309. [404455.582144] type=1305 audit(1570435018.154:3590707): audit_enabled=0 old=1 auid=1006 ses=21 res=1
  310. [404455.649065] systemd-sysv-generator[31571]: [/etc/rc.d/init.d/cprocsp:4] PID file not absolute. Ignoring.
  311. [404455.852121] systemd-sysv-generator[31600]: [/etc/rc.d/init.d/cprocsp:4] PID file not absolute. Ignoring.
  312. [404456.093233] systemd-sysv-generator[31640]: [/etc/rc.d/init.d/cprocsp:4] PID file not absolute. Ignoring.
  313. [1280503.925658] type=1305 audit(1571311068.673:3590708): audit_pid=970 old=0 auid=4294967295 ses=4294967295 res=1
  314. [1360739.621703] type=1305 audit(1571391304.533:4590147): audit_pid=0 old=970 auid=4294967295 ses=4294967295 res=1
  315. [1360739.626419] type=1300 audit(1571391304.541:4590148): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  316. [1360739.626426] type=1322 audit(1571391304.541:4590148): pid=6121 cap_pi=0000000400000002 cap_pp=0000000400002c0f cap_pe=0000000400000002 cap_pa=0000000000000000
  317. [1360739.626429] type=1327 audit(1571391304.541:4590148): proctitle="/opt/secretnet/sbin/snsyslog-ng"
  318. [1360739.631759] type=1300 audit(1571391304.547:4590149): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  319. [1360739.631772] type=1322 audit(1571391304.547:4590149): pid=6121 cap_pi=0000000400000003 cap_pp=0000000400002c0f cap_pe=0000000400000003 cap_pa=0000000000000000
  320. [1360739.631774] type=1327 audit(1571391304.547:4590149): proctitle="/opt/secretnet/sbin/snsyslog-ng"
  321. [1360739.631800] type=1300 audit(1571391304.547:4590150): arch=c000003e syscall=126 success=yes exit=0 a0=23c16a4 a1=23c16ac a2=1 a3=7fffb0d2746c items=0 ppid=6120 pid=6121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snsyslog-ng" exe="/opt/secretnet/sbin/snsyslog-ng" key="pt_siem_api_caps"
  322. [1360739.631804] type=1322 audit(1571391304.547:4590150): pid=6121 cap_pi=000000040000000b cap_pp=0000000400002c0f cap_pe=000000040000000b cap_pa=0000000000000000
  323. [1360739.631806] type=1327 audit(1571391304.547:4590150): proctitle="/opt/secretnet/sbin/snsyslog-ng"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!