API tools faq
paste
Advertisement
jimklimov

jenkins-worker-lts in selinux

jimklimov
Feb 23rd, 2021
154
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 36.69 KB | None | 0 0
raw download clone embed print report
  1. A first connection to "jenkins-worker-ltd" (with dedicated selinux context) and a build in it, with a few git checkouts using passphrases to ssh keys (and so helper scripts) and an mvn build. Seems there were also a few PRTG events in this timeframe.
  2.  
  3. type=CRYPTO_KEY_USER msg=audit(1614104841.829:161796): pid=1693363 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1693363 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
  4.  
  5. type=CRYPTO_KEY_USER msg=audit(1614104841.830:161797): pid=1693363 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1693363 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
  6.  
  7. type=CRYPTO_KEY_USER msg=audit(1614104841.830:161798): pid=1693363 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693363 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
  8.  
  9. type=CRYPTO_SESSION msg=audit(1614104841.832:161799): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha2-512 pfs=diffie-hellman-group-exchange-sha256 spid=1693363 suid=74 rport=54558 laddr=127.0.0.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
  10.  
  11. type=CRYPTO_SESSION msg=audit(1614104841.833:161800): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha2-512 pfs=diffie-hellman-group-exchange-sha256 spid=1693363 suid=74 rport=54558 laddr=127.0.0.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
  12.  
  13. type=USER_AUTH msg=audit(1614104841.989:161801): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset"
  14.  
  15. type=CRYPTO_KEY_USER msg=audit(1614104841.989:161802): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:61:00:21:ba:b9:90:df:43:07:88:d9:f0:9b:3e:f3:b7:8c:7e:67:78:0f:98:a2:d2:86:9f:b3:ee:af:90:c0:10 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset"
  16.  
  17. type=USER_ACCT msg=audit(1614104842.003:161803): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="unset"
  18.  
  19. type=CRYPTO_KEY_USER msg=audit(1614104842.004:161804): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1693363 suid=74 rport=54558 laddr=127.0.0.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
  20.  
  21. type=CRED_ACQ msg=audit(1614104842.006:161805): pid=1693362 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="unset"
  22.  
  23. type=LOGIN msg=audit(1614104842.007:161806): pid=1693362 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1003 tty=(none) old-ses=4294967295 ses=4586 res=1UID="root" OLD-AUID="unset" AUID="jenkins-worker-ltd"
  24.  
  25. type=SYSCALL msg=audit(1614104842.007:161806): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe09480ab0 a2=4 a3=0 items=0 ppid=1010 pid=1693362 auid=1003 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4586 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="jenkins-worker-ltd" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
  26.  
  27. type=PROCTITLE msg=audit(1614104842.007:161806): proctitle=737368643A206A656E6B696E732D776F726B65722D6C7464205B707269765D
  28.  
  29. type=USER_ROLE_CHANGE msg=audit(1614104842.008:161807): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 selected-context=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd"
  30.  
  31. type=USER_START msg=audit(1614104842.031:161808): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd"
  32.  
  33. type=CRYPTO_KEY_USER msg=audit(1614104842.033:161809): pid=1693366 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1693366 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="root"
  34.  
  35. type=CRYPTO_KEY_USER msg=audit(1614104842.034:161810): pid=1693366 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1693366 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="root"
  36.  
  37. type=CRYPTO_KEY_USER msg=audit(1614104842.034:161811): pid=1693366 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693366 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="root"
  38.  
  39. type=CRED_ACQ msg=audit(1614104842.038:161812): pid=1693366 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="jenkins-worker-ltd" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd"
  40.  
  41. type=USER_LOGIN msg=audit(1614104842.081:161813): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  42.  
  43. type=USER_START msg=audit(1614104842.081:161814): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  44.  
  45. type=CRYPTO_KEY_USER msg=audit(1614104842.085:161815): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693367 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
  46.  
  47. type=USER_END msg=audit(1614104842.136:161816): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  48.  
  49. type=USER_LOGOUT msg=audit(1614104842.136:161817): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  50.  
  51. type=USER_LOGIN msg=audit(1614104842.136:161818): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  52.  
  53. type=USER_START msg=audit(1614104842.137:161819): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  54.  
  55. type=CRYPTO_KEY_USER msg=audit(1614104842.139:161820): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693384 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
  56.  
  57. type=USER_END msg=audit(1614104842.184:161821): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  58.  
  59. type=USER_LOGOUT msg=audit(1614104842.184:161822): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  60.  
  61. type=USER_LOGIN msg=audit(1614104842.185:161823): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  62.  
  63. type=USER_START msg=audit(1614104842.185:161824): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  64.  
  65. type=CRYPTO_KEY_USER msg=audit(1614104842.188:161825): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693401 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
  66.  
  67. type=USER_END msg=audit(1614104842.232:161826): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  68.  
  69. type=USER_LOGOUT msg=audit(1614104842.232:161827): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  70.  
  71. type=USER_LOGIN msg=audit(1614104842.234:161828): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  72.  
  73. type=USER_START msg=audit(1614104842.234:161829): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  74.  
  75. type=CRYPTO_KEY_USER msg=audit(1614104842.236:161830): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693418 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
  76.  
  77. type=USER_END msg=audit(1614104842.403:161831): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  78.  
  79. type=USER_LOGOUT msg=audit(1614104842.404:161832): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  80.  
  81. type=USER_LOGIN msg=audit(1614104842.407:161833): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  82.  
  83. type=USER_START msg=audit(1614104842.407:161834): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  84.  
  85. type=CRYPTO_KEY_USER msg=audit(1614104842.410:161835): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693450 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
  86.  
  87. type=USER_END msg=audit(1614104842.637:161836): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  88.  
  89. type=USER_LOGOUT msg=audit(1614104842.637:161837): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  90.  
  91. type=USER_LOGIN msg=audit(1614104842.637:161838): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  92.  
  93. type=USER_START msg=audit(1614104842.637:161839): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1003 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="jenkins-worker-ltd" ID="jenkins-worker-ltd"
  94.  
  95. type=CRYPTO_KEY_USER msg=audit(1614104842.640:161840): pid=1693362 uid=0 auid=1003 ses=4586 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1693465 suid=1003 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd"
  96.  
  97. type=AVC msg=audit(1614104842.992:161841): avc: denied { read } for pid=1693465 comm="java" name="if_inet6" dev="proc" ino=4026532465 scontext=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file permissive=1
  98.  
  99. type=AVC msg=audit(1614104842.992:161841): avc: denied { open } for pid=1693465 comm="java" path="/proc/1693465/net/if_inet6" dev="proc" ino=4026532465 scontext=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file permissive=1
  100.  
  101. type=SYSCALL msg=audit(1614104842.992:161841): arch=c000003e syscall=257 success=yes exit=7 a0=ffffff9c a1=7fae3d067aba a2=0 a3=0 items=0 ppid=1693366 pid=1693465 auid=1003 uid=1003 gid=1003 euid=1003 suid=1003 fsuid=1003 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=4586 comm="java" exe="/usr/lib/jvm/java-11-openjdk-11.0.9.11-3.el8_3.x86_64/bin/java" subj=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 key=(null)ARCH=x86_64 SYSCALL=openat AUID="jenkins-worker-ltd" UID="jenkins-worker-ltd" GID="jenkins-worker-ltd" EUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd" FSUID="jenkins-worker-ltd" EGID="jenkins-worker-ltd" SGID="jenkins-worker-ltd" FSGID="jenkins-worker-ltd"
  102.  
  103. type=PROCTITLE msg=audit(1614104842.992:161841): proctitle=6A617661002D6A61720072656D6F74696E672E6A6172002D776F726B446972002F686F6D652F6A656E6B696E732D776F726B65722D6C74642F6A656E6B696E73002D6A61722D6361636865002F686F6D652F6A656E6B696E732D776F726B65722D6C74642F6A656E6B696E732F72656D6F74696E672F6A61724361636865
  104.  
  105. type=AVC msg=audit(1614104846.543:161842): avc: denied { read open } for pid=1693592 comm="pool-1-thread-2" path="/usr/bin/systemctl" dev="dm-0" ino=16802024 scontext=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file permissive=1
  106.  
  107. type=AVC msg=audit(1614104846.543:161842): avc: denied { map } for pid=1693592 comm="systemctl" path="/usr/bin/systemctl" dev="dm-0" ino=16802024 scontext=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file permissive=1
  108.  
  109. type=SYSCALL msg=audit(1614104846.543:161842): arch=c000003e syscall=59 success=yes exit=0 a0=7fadcede9da0 a1=7fae1c00c0d0 a2=7ffc005fb6a8 a3=7ffc005fdf40 items=1 ppid=1693465 pid=1693592 auid=1003 uid=1003 gid=1003 euid=1003 suid=1003 fsuid=1003 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=4586 comm="systemctl" exe="/usr/bin/systemctl" subj=jenkinsworker_u:jenkinsworker_r:jenkinsworker_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="jenkins-worker-ltd" UID="jenkins-worker-ltd" GID="jenkins-worker-ltd" EUID="jenkins-worker-ltd" SUID="jenkins-worker-ltd" FSUID="jenkins-worker-ltd" EGID="jenkins-worker-ltd" SGID="jenkins-worker-ltd" FSGID="jenkins-worker-ltd"
  110.  
  111. type=EXECVE msg=audit(1614104846.543:161842): argc=2 a0="systemctl" a1="list-units"
  112.  
  113. type=CWD msg=audit(1614104846.543:161842): cwd="/home/jenkins-worker-ltd/jenkins"
  114.  
  115. type=PATH msg=audit(1614104846.543:161842): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=25376420 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  116.  
  117. type=PROCTITLE msg=audit(1614104846.543:161842): proctitle=73797374656D63746C006C6973742D756E697473
  118.  
  119. type=AVC msg=audit(1614104889.590:161843): avc: denied { execute } for pid=1693804 comm="ssh" name="jenkins-gitclient-pass4950759129398907707.sh" dev="dm-0" ino=151053346 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
  120.  
  121. type=AVC msg=audit(1614104889.590:161843): avc: denied { execute_no_trans } for pid=1693804 comm="ssh" path="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip@tmp/jenkins-gitclient-pass4950759129398907707.sh" dev="dm-0" ino=151053346 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
  122.  
  123. type=SYSCALL msg=audit(1614104889.590:161843): arch=c000003e syscall=59 success=yes exit=0 a0=55e53425ccfc a1=7ffd753629e0 a2=55e53425c4e0 a3=1 items=2 ppid=1693803 pid=1693804 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4389 comm="jenkins-gitclie" exe="/usr/bin/bash" subj=user_u:user_r:ssh_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="jenkins-worker" UID="jenkins-worker" GID="jenkins-worker" EUID="jenkins-worker" SUID="jenkins-worker" FSUID="jenkins-worker" EGID="jenkins-worker" SGID="jenkins-worker" FSGID="jenkins-worker"
  124.  
  125. type=EXECVE msg=audit(1614104889.590:161843): argc=3 a0="/bin/sh" a1="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip@tmp/jenkins-gitclient-pass4950759129398907707.sh" a2=456E746572207061737370687261736520666F72206B657920272F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F77697040746D702F6A656E6B696E732D676974636C69656E742D7373683930303031303636393130383336363432273A20
  126.  
  127. type=CWD msg=audit(1614104889.590:161843): cwd="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip"
  128.  
  129. type=PATH msg=audit(1614104889.590:161843): item=0 name="/bin/sh" inode=16806667 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  130.  
  131. type=PATH msg=audit(1614104889.590:161843): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25376420 dev=fd:00 mode=0100755 ouid=0
  132. ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  133.  
  134. type=PROCTITLE msg=audit(1614104889.590:161843): proctitle=2F62696E2F7368002F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F77697040746D702F6A656E6B696E732D676974636C69656E742D70617373343935303735393132393339383930373730372E736800456E7465722070617373706872
  135.  
  136. type=AVC msg=audit(1614104941.896:161844): avc: denied { execute } for pid=1694109 comm="ssh" name="jenkins-gitclient-pass7756555299168341096.sh" dev="dm-0" ino=109157844 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
  137.  
  138. type=AVC msg=audit(1614104941.896:161844): avc: denied { execute_no_trans } for pid=1694109 comm="ssh" path="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server@tmp/jenkins-gitclient-pass7756555299168341096.sh" dev="dm-0" ino=109157844 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
  139.  
  140. type=SYSCALL msg=audit(1614104941.896:161844): arch=c000003e syscall=59 success=yes exit=0 a0=556a5a86ad1c a1=7fffa310df90 a2=556a5a86a4f0 a3=1 items=2 ppid=1694108 pid=1694109 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4389 comm="jenkins-gitclie" exe="/usr/bin/bash" subj=user_u:user_r:ssh_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="jenkins-worker" UID="jenkins-worker" GID="jenkins-worker" EUID="jenkins-worker" SUID="jenkins-worker" FSUID="jenkins-worker" EGID="jenkins-worker" SGID="jenkins-worker" FSGID="jenkins-worker"
  141.  
  142. type=EXECVE msg=audit(1614104941.896:161844): argc=3 a0="/bin/sh" a1="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server@tmp/jenkins-gitclient-pass7756555299168341096.sh" a2=456E746572207061737370687261736520666F72206B657920272F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F7769702F50726F6A656374732F70726F7679732F73657276657240746D702F6A656E6B696E732D676974636C6965273A20
  143.  
  144. type=CWD msg=audit(1614104941.896:161844): cwd="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server"
  145.  
  146. type=PATH msg=audit(1614104941.896:161844): item=0 name="/bin/sh" inode=16806667 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  147.  
  148. type=PATH msg=audit(1614104941.896:161844): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25376420 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  149.  
  150. type=PROCTITLE msg=audit(1614104941.896:161844): proctitle=2F62696E2F7368002F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F7769702F50726F6A656374732F70726F7679732F73657276657240746D702F6A656E6B696E732D676974636C69656E742D7061737337373536353535323939313638
  151.  
  152. type=CRYPTO_KEY_USER msg=audit(1614104993.063:161845): pid=1694243 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1694243 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
  153.  
  154. type=CRYPTO_KEY_USER msg=audit(1614104993.064:161846): pid=1694243 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1694243 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
  155.  
  156. type=CRYPTO_KEY_USER msg=audit(1614104993.066:161847): pid=1694243 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694243 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
  157.  
  158. type=CRYPTO_SESSION msg=audit(1614104993.072:161848): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha2-512 pfs=curve25519-sha256@libssh.org spid=1694243 suid=74 rport=55429 laddr=10.29.147.44 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
  159.  
  160. type=CRYPTO_SESSION msg=audit(1614104993.072:161849): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=1694243 suid=74 rport=55429 laddr=10.29.147.44 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
  161.  
  162. type=USER_AUTH msg=audit(1614104993.253:161850): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="prtgmon" exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset"
  163.  
  164. type=CRYPTO_KEY_USER msg=audit(1614104993.253:161851): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:6f:d4:e6:3f:16:2d:1d:cd:40:65:50:bf:05:2d:1a:4f:03:e4:6e:71:c2:2c:84:db:0d:7e:49:42:37:10:a0:5c exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset"
  165.  
  166. type=USER_ACCT msg=audit(1614104993.277:161852): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="unset"
  167.  
  168. type=CRYPTO_KEY_USER msg=audit(1614104993.281:161853): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1694243 suid=74 rport=55429 laddr=10.29.147.44 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
  169.  
  170. type=CRED_ACQ msg=audit(1614104993.285:161854): pid=1694242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="unset"
  171.  
  172. type=LOGIN msg=audit(1614104993.285:161855): pid=1694242 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=993 tty=(none) old-ses=4294967295 ses=4587 res=1UID="root" OLD-AUID="unset" AUID="prtgmon"
  173.  
  174. type=SYSCALL msg=audit(1614104993.285:161855): arch=c000003e syscall=1 success=yes exit=3 a0=3 a1=7ffdc55e7e20 a2=3 a3=0 items=0 ppid=1010 pid=1694242 auid=993 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4587 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="prtgmon" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
  175.  
  176. type=PROCTITLE msg=audit(1614104993.285:161855): proctitle=737368643A20707274676D6F6E205B707269765D
  177.  
  178. type=USER_ROLE_CHANGE msg=audit(1614104993.288:161856): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=user_u:user_r:user_t:s0 selected-context=user_u:user_r:user_t:s0 exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
  179.  
  180. type=USER_START msg=audit(1614104993.323:161857): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
  181.  
  182. type=CRYPTO_KEY_USER msg=audit(1614104993.326:161858): pid=1694247 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1694247 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
  183.  
  184. type=CRYPTO_KEY_USER msg=audit(1614104993.327:161859): pid=1694247 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1694247 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
  185.  
  186. type=CRYPTO_KEY_USER msg=audit(1614104993.327:161860): pid=1694247 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694247 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
  187.  
  188. type=CRED_ACQ msg=audit(1614104993.337:161861): pid=1694247 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
  189.  
  190. type=USER_LOGIN msg=audit(1614104993.342:161862): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
  191.  
  192. type=USER_START msg=audit(1614104993.342:161863): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
  193.  
  194. type=CRYPTO_KEY_USER msg=audit(1614104993.346:161864): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694248 suid=993 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="prtgmon"
  195.  
  196. type=USER_END msg=audit(1614104997.766:161865): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
  197.  
  198. type=USER_LOGOUT msg=audit(1614104997.766:161866): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
  199.  
  200. type=USER_LOGIN msg=audit(1614104997.808:161867): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
  201.  
  202. type=USER_START msg=audit(1614104997.808:161868): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
  203.  
  204. type=CRYPTO_KEY_USER msg=audit(1614104997.809:161869): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694291 suid=993 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="prtgmon"
  205.  
  206. type=USER_END msg=audit(1614104997.810:161870): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
  207.  
  208. type=USER_LOGOUT msg=audit(1614104997.810:161871): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=993 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon" ID="prtgmon"
  209.  
  210. type=CRYPTO_KEY_USER msg=audit(1614104997.810:161872): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1694247 suid=993 rport=55429 laddr=10.29.147.44 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.29.147.47 terminal=? res=success'UID="root" AUID="prtgmon" SUID="prtgmon"
  211.  
  212. type=CRYPTO_KEY_USER msg=audit(1614104997.810:161873): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694247 suid=993 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="prtgmon"
  213.  
  214. type=USER_END msg=audit(1614104997.814:161874): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
  215.  
  216. type=CRED_DISP msg=audit(1614104997.814:161875): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="prtgmon" exe="/usr/sbin/sshd" hostname=10.29.147.47 addr=10.29.147.47 terminal=ssh res=success'UID="root" AUID="prtgmon"
  217.  
  218. type=CRYPTO_KEY_USER msg=audit(1614104997.815:161876): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ca:bd:72:6d:87:ed:04:7c:39:9f:07:7f:ae:32:a3:cd:5c:c8:23:39:7c:47:90:f3:26:ae:a4:ae:7b:30:ab:93 direction=? spid=1694242 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
  219.  
  220. type=CRYPTO_KEY_USER msg=audit(1614104997.815:161877): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:63:9d:6e:bb:db:71:8a:73:11:ec:ea:c4:a8:a1:5a:88:ce:ea:ad:d9:4e:2e:92:4b:89:66:c6:06:0e:fa:9f direction=? spid=1694242 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
  221.  
  222. type=CRYPTO_KEY_USER msg=audit(1614104997.815:161878): pid=1694242 uid=0 auid=993 ses=4587 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b0:09:55:47:1e:8e:0d:c3:70:60:6e:91:c7:97:cd:0d:2d:c3:25:4c:2f:44:ba:cd:a9:07:fe:a7:02:db:49:4c direction=? spid=1694242 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="prtgmon" SUID="root"
  223.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!