Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- A first connection to "jenkins-worker-ltd" (with dedicated selinux context) and a build in it, with a few git checkouts using passphrases to ssh keys (and so helper scripts) and an mvn build. Seems there were also a few PRTG events in this timeframe.
- type=CRYPTO_KEY_USER msg=audit(1614104841.829:161796): pid=1693363 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1693363 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104841.830:161797): pid=1693363 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1693363 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104841.830:161798): pid=1693363 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693363 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
- type=CRYPTO_SESSION msg=audit(1614104841.832:161799): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha2-512 pfs=diffie-hellman-group-exchange-sha256 spid=1693363 suid=74 rport=54558 laddr=127.0.0.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
- type=CRYPTO_SESSION msg=audit(1614104841.833:161800): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha2-512 pfs=diffie-hellman-group-exchange-sha256 spid=1693363 suid=74 rport=54558 laddr=127.0.0.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
- type=USER_AUTH msg=audit(1614104841.989:161801): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset"
- type=CRYPTO_KEY_USER msg=audit(1614104841.989:161802): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:61:00:21:ba:b9:90:df:43:07:88:d9:f0:9b:3e:f3:b7:8c:7e:67:78:0f:98:a2:d2:86:9f:b3:ee:af:90:c0:10 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset"
- type=USER_ACCT msg=audit(1614104842.003:161803): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="unset"
- type=CRYPTO_KEY_USER msg=audit(1614104842.004:161804): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1693363 suid=74 rport=54558 laddr=127.0.0.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
- type=CRED_ACQ msg=audit(1614104842.006:161805): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="unset"
- type=LOGIN msg=audit(1614104842.007:161806): pid=1693362 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1003 tty=(none) old-ses=4294967295 ses=4586 res=1UID="root" OLD-AUID="unset" AUID="jenkins-worker-ltd"
- type=SYSCALL msg=audit(1614104842.007:161806): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe09480ab0 a2=4 a3=0 items=0 ppid=1010 pid=1693362 auid=1003 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4586 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="jenkins-worker-ltd" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
- type=PROCTITLE msg=audit(1614104842.007:161806): proctitle=737368643A206A656E6B696E732D776F726B65722D6C7464205B707269765D
- type=USER_ROLE_CHANGE msg=audit(1614104842.008:161807): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 selected-context=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd"
- type=USER_START msg=audit(1614104842.031:161808): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd"
- type=CRYPTO_KEY_USER msg=audit(1614104842.033:161809): pid=1693366 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1693366 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104842.034:161810): pid=1693366 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1693366 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104842.034:161811): pid=1693366 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693366 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="root"
- type=CRED_ACQ msg=audit(1614104842.038:161812): pid=1693366 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd"
- type=USER_LOGIN msg=audit(1614104842.081:161813): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_START msg=audit(1614104842.081:161814): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=CRYPTO_KEY_USER msg=audit(1614104842.085:161815): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693367 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
- type=USER_END msg=audit(1614104842.136:161816): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGOUT msg=audit(1614104842.136:161817): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGIN msg=audit(1614104842.136:161818): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_START msg=audit(1614104842.137:161819): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=CRYPTO_KEY_USER msg=audit(1614104842.139:161820): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693384 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
- type=USER_END msg=audit(1614104842.184:161821): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGOUT msg=audit(1614104842.184:161822): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGIN msg=audit(1614104842.185:161823): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_START msg=audit(1614104842.185:161824): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=CRYPTO_KEY_USER msg=audit(1614104842.188:161825): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693401 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
- type=USER_END msg=audit(1614104842.232:161826): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGOUT msg=audit(1614104842.232:161827): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGIN msg=audit(1614104842.234:161828): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_START msg=audit(1614104842.234:161829): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=CRYPTO_KEY_USER msg=audit(1614104842.236:161830): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693418 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
- type=USER_END msg=audit(1614104842.403:161831): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGOUT msg=audit(1614104842.404:161832): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGIN msg=audit(1614104842.407:161833): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_START msg=audit(1614104842.407:161834): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=CRYPTO_KEY_USER msg=audit(1614104842.410:161835): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693450 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
- type=USER_END msg=audit(1614104842.637:161836): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGOUT msg=audit(1614104842.637:161837): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_LOGIN msg=audit(1614104842.637:161838): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=USER_START msg=audit(1614104842.637:161839): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
- type=CRYPTO_KEY_USER msg=audit(1614104842.640:161840): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693465 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
- type=AVC msg=audit(1614104842.992:161841): avc: denied { read } for pid=1693465 comm="java" name="if_inet6" dev="proc" ino=4026532465 scontext=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file permissive=1
- type=AVC msg=audit(1614104842.992:161841): avc: denied { open } for pid=1693465 comm="java" path="/proc/1693465/net/if_inet6" dev="proc" ino=4026532465 scontext=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file permissive=1
- type=SYSCALL msg=audit(1614104842.992:161841): arch=c000003e syscall=257 success=yes exit=7 a0=ffffff9c a1=7fae3d067aba a2=0 a3=0 items=0 ppid=1693366 pid=1693465 auid=1003 uid=1003 gid=1003 euid=1003 suid=1003 fsuid=1003 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=4586 comm="java" exe="/usr/lib/jvm/java-11-openjdk-11.0.9.11-3.el8_3.x86_64/bin/java" subj=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 key=(null)ARCH=x86_64 SYSCALL=openat AUID="jenkins-worker-ltd" UID="jenkins-worker-ltd" GID="jenkins-worker-ltd" EUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd" FSUID="jenkins-worker-ltd" EGID="jenkins-worker-ltd" SGID="jenkins-worker-ltd" FSGID="jenkins-worker-ltd"
- type=PROCTITLE msg=audit(1614104842.992:161841): proctitle=6A617661002D6A61720072656D6F74696E672E6A6172002D776F726B446972002F686F6D652F6A656E6B696E732D776F726B65722D6C74642F6A656E6B696E73002D6A61722D6361636865002F686F6D652F6A656E6B696E732D776F726B65722D6C74642F6A656E6B696E732F72656D6F74696E672F6A61724361636865
- type=AVC msg=audit(1614104846.543:161842): avc: denied { read open } for pid=1693592 comm="pool-1-thread-2" path="/usr/bin/systemctl" dev="dm-0" ino=16802024 scontext=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file permissive=1
- type=AVC msg=audit(1614104846.543:161842): avc: denied { map } for pid=1693592 comm="systemctl" path="/usr/bin/systemctl" dev="dm-0" ino=16802024 scontext=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file permissive=1
- type=SYSCALL msg=audit(1614104846.543:161842): arch=c000003e syscall=59 success=yes exit=0 a0=7fadcede9da0 a1=7fae1c00c0d0 a2=7ffc005fb6a8 a3=7ffc005fdf40 items=1 ppid=1693465 pid=1693592 auid=1003 uid=1003 gid=1003 euid=1003 suid=1003 fsuid=1003 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=4586 comm="systemctl" exe="/usr/bin/systemctl" subj=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="jenkins-worker-ltd" UID="jenkins-worker-ltd" GID="jenkins-worker-ltd" EUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd" FSUID="jenkins-worker-ltd" EGID="jenkins-worker-ltd" SGID="jenkins-worker-ltd" FSGID="jenkins-worker-ltd"
- type=EXECVE msg=audit(1614104846.543:161842): argc=2 a0="systemctl" a1="list-units"
- type=CWD msg=audit(1614104846.543:161842): cwd="/home/jenkins-worker-ltd/jenkins"
- type=PATH msg=audit(1614104846.543:161842): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=25376420 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
- type=PROCTITLE msg=audit(1614104846.543:161842): proctitle=73797374656D63746C006C6973742D756E697473
- type=AVC msg=audit(1614104889.590:161843): avc: denied { execute } for pid=1693804 comm="ssh" name="jenkins-gitclient-pass4950759129398907707.sh" dev="dm-0" ino=151053346 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
- type=AVC msg=audit(1614104889.590:161843): avc: denied { execute_no_trans } for pid=1693804 comm="ssh" path="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip@tmp/jenkins-gitclient-pass4950759129398907707.sh" dev="dm-0" ino=151053346 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
- type=SYSCALL msg=audit(1614104889.590:161843): arch=c000003e syscall=59 success=yes exit=0 a0=55e53425ccfc a1=7ffd753629e0 a2=55e53425c4e0 a3=1 items=2 ppid=1693803 pid=1693804 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4389 comm="jenkins-gitclie" exe="/usr/bin/bash" subj=user_u:user_r:ssh_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="jenkins-worker" UID="jenkins-worker" GID="jenkins-worker" EUID="jenkins-worker" SUID="jenkins-worker" FSUID="jenkins-worker" EGID="jenkins-worker" SGID="jenkins-worker" FSGID="jenkins-worker"
- type=EXECVE msg=audit(1614104889.590:161843): argc=3 a0="/bin/sh" a1="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip@tmp/jenkins-gitclient-pass4950759129398907707.sh" a2=456E746572207061737370687261736520666F72206B657920272F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F77697040746D702F6A656E6B696E732D676974636C69656E742D7373683930303031303636393130383336363432273A20
- type=CWD msg=audit(1614104889.590:161843): cwd="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip"
- type=PATH msg=audit(1614104889.590:161843): item=0 name="/bin/sh" inode=16806667 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
- type=PATH msg=audit(1614104889.590:161843): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25376420 dev=fd:00 mode=0100755 ouid=0
- ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
- type=PROCTITLE msg=audit(1614104889.590:161843): proctitle=2F62696E2F7368002F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F77697040746D702F6A656E6B696E732D676974636C69656E742D70617373343935303735393132393339383930373730372E736800456E7465722070617373706872
- type=AVC msg=audit(1614104941.896:161844): avc: denied { execute } for pid=1694109 comm="ssh" name="jenkins-gitclient-pass7756555299168341096.sh" dev="dm-0" ino=109157844 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
- type=AVC msg=audit(1614104941.896:161844): avc: denied { execute_no_trans } for pid=1694109 comm="ssh" path="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server@tmp/jenkins-gitclient-pass7756555299168341096.sh" dev="dm-0" ino=109157844 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
- type=SYSCALL msg=audit(1614104941.896:161844): arch=c000003e syscall=59 success=yes exit=0 a0=556a5a86ad1c a1=7fffa310df90 a2=556a5a86a4f0 a3=1 items=2 ppid=1694108 pid=1694109 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4389 comm="jenkins-gitclie" exe="/usr/bin/bash" subj=user_u:user_r:ssh_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="jenkins-worker" UID="jenkins-worker" GID="jenkins-worker" EUID="jenkins-worker" SUID="jenkins-worker" FSUID="jenkins-worker" EGID="jenkins-worker" SGID="jenkins-worker" FSGID="jenkins-worker"
- type=EXECVE msg=audit(1614104941.896:161844): argc=3 a0="/bin/sh" a1="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server@tmp/jenkins-gitclient-pass7756555299168341096.sh" a2=456E746572207061737370687261736520666F72206B657920272F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F7769702F50726F6A656374732F70726F7679732F73657276657240746D702F6A656E6B696E732D676974636C6965273A20
- type=CWD msg=audit(1614104941.896:161844): cwd="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server"
- type=PATH msg=audit(1614104941.896:161844): item=0 name="/bin/sh" inode=16806667 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
- type=PATH msg=audit(1614104941.896:161844): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25376420 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
- type=PROCTITLE msg=audit(1614104941.896:161844): proctitle=2F62696E2F7368002F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F7769702F50726F6A656374732F70726F7679732F73657276657240746D702F6A656E6B696E732D676974636C69656E742D7061737337373536353535323939313638
- type=CRYPTO_KEY_USER msg=audit(1614104993.063:161845): pid=1694243 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1694243 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104993.064:161846): pid=1694243 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1694243 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104993.066:161847): pid=1694243 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694243 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
- type=CRYPTO_SESSION msg=audit(1614104993.072:161848): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha2-512 pfs=curve25519-sha256@libssh.org spid=1694243 suid=74 rport=55429 laddr=10.29.147.44 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
- type=CRYPTO_SESSION msg=audit(1614104993.072:161849): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=1694243 suid=74 rport=55429 laddr=10.29.147.44 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
- type=USER_AUTH msg=audit(1614104993.253:161850): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="prtgmon" exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset"
- type=CRYPTO_KEY_USER msg=audit(1614104993.253:161851): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:6f:d4:e6:3f:16:2d:1d:cd:40:65:50:bf:05:2d:1a:4f:03:e4:6e:71:c2:2c:84:db:0d:7e:49:42:37:10:a0:5c exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset"
- type=USER_ACCT msg=audit(1614104993.277:161852): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="unset"
- type=CRYPTO_KEY_USER msg=audit(1614104993.281:161853): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1694243 suid=74 rport=55429 laddr=10.29.147.44 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
- type=CRED_ACQ msg=audit(1614104993.285:161854): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="unset"
- type=LOGIN msg=audit(1614104993.285:161855): pid=1694242 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=993 tty=(none) old-ses=4294967295 ses=4587 res=1UID="root" OLD-AUID="unset" AUID="prtgmon"
- type=SYSCALL msg=audit(1614104993.285:161855): arch=c000003e syscall=1 success=yes exit=3 a0=3 a1=7ffdc55e7e20 a2=3 a3=0 items=0 ppid=1010 pid=1694242 auid=993 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4587 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="prtgmon" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
- type=PROCTITLE msg=audit(1614104993.285:161855): proctitle=737368643A20707274676D6F6E205B707269765D
- type=USER_ROLE_CHANGE msg=audit(1614104993.288:161856): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=user_u:user_r:user_t:s0 selected-context=user_u:user_r:user_t:s0 exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
- type=USER_START msg=audit(1614104993.323:161857): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
- type=CRYPTO_KEY_USER msg=audit(1614104993.326:161858): pid=1694247 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1694247 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104993.327:161859): pid=1694247 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1694247 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104993.327:161860): pid=1694247 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694247 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
- type=CRED_ACQ msg=audit(1614104993.337:161861): pid=1694247 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
- type=USER_LOGIN msg=audit(1614104993.342:161862): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
- type=USER_START msg=audit(1614104993.342:161863): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
- type=CRYPTO_KEY_USER msg=audit(1614104993.346:161864): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694248 suid=993 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="prtgmon"
- type=USER_END msg=audit(1614104997.766:161865): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
- type=USER_LOGOUT msg=audit(1614104997.766:161866): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
- type=USER_LOGIN msg=audit(1614104997.808:161867): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
- type=USER_START msg=audit(1614104997.808:161868): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
- type=CRYPTO_KEY_USER msg=audit(1614104997.809:161869): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694291 suid=993 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="prtgmon"
- type=USER_END msg=audit(1614104997.810:161870): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
- type=USER_LOGOUT msg=audit(1614104997.810:161871): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
- type=CRYPTO_KEY_USER msg=audit(1614104997.810:161872): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1694247 suid=993 rport=55429 laddr=10.29.147.44 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="prtgmon" SUID="prtgmon"
- type=CRYPTO_KEY_USER msg=audit(1614104997.810:161873): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694247 suid=993 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="prtgmon"
- type=USER_END msg=audit(1614104997.814:161874): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
- type=CRED_DISP msg=audit(1614104997.814:161875): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
- type=CRYPTO_KEY_USER msg=audit(1614104997.815:161876): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1694242 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104997.815:161877): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1694242 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
- type=CRYPTO_KEY_USER msg=audit(1614104997.815:161878): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694242 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement