diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index ad8e3476290e..eb5550bec476 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -865,6 +865,130 @@ Fields from the system log files. +[float] +== audit Fields + +Fields from the Linux audit logs. Not all fields are documented here because they are dynamic and vary by audit event type. + + + +[float] +=== system.audit.record_type + +The audit event type. + + +[float] +=== system.audit.old_auid + +For login events this is the old audit ID used for the user prior to this login. + + +[float] +=== system.audit.new_auid + +For login events this is the new audit ID. The audit ID can be used to trace future events to the user even if their identity changes (like becoming root). + + +[float] +=== system.audit.old_ses + +For login events this is the old session ID used for the user prior to this login. + + +[float] +=== system.audit.new_ses + +For login events this is the new session ID. It can be used to tie a user to future events by session ID. + + +[float] +=== system.audit.sequence + +type: long + +The audit event sequence number. + + +[float] +=== system.audit.pid + +type: long + +The ID of the process. + + +[float] +=== system.audit.ppid + +type: long + +The ID of the process. + + +[float] +=== system.audit.items + +type: long + +The number of items in an event. + + +[float] +=== system.audit.item + +type: long + +The item field indicates which item out of the total number of items. This number is zero-based; a value of 0 means it is the first item. + + +[float] +== geoip Fields + +Contains GeoIP information gathered based on the `system.audit.addr` field. Only present if the GeoIP Elasticsearch plugin is available and used. + + + +[float] +=== system.audit.geoip.continent_name + +type: keyword + +The name of the continent. + + +[float] +=== system.audit.geoip.city_name + +type: keyword + +The name of the city. + + +[float] +=== system.audit.geoip.region_name + +type: keyword + +The name of the region. + + +[float] +=== system.audit.geoip.country_iso_code + +type: keyword + +Country ISO code. + + +[float] +=== system.audit.geoip.location + +type: geo_point + +The longitude and latitude. + + [float] == auth Fields diff --git a/filebeat/docs/images/kibana-system-audit.png b/filebeat/docs/images/kibana-system-audit.png new file mode 100644 index 000000000000..6d9f4ba5a2e7 Binary files /dev/null and b/filebeat/docs/images/kibana-system-audit.png differ diff --git a/filebeat/docs/modules/system.asciidoc b/filebeat/docs/modules/system.asciidoc index 9ba33031a415..756989d1e121 100644 --- a/filebeat/docs/modules/system.asciidoc +++ b/filebeat/docs/modules/system.asciidoc @@ -5,21 +5,29 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-system]] == System module -This module collects and parses logs created by system logging server of common Unix/Linux based -distributions. +This module collects and parses logs created by system logging server of common +Unix/Linux based distributions. +[float] === Compatibility -This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, macOS Sierra, and others. +This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and +macOS Sierra. This module is not available for Windows. +[float] === Dashboard -This module comes with a sample dashboard. +This module comes with sample dashboards. The first is a more generic syslog +dashboard that shows syslog data. image::./images/kibana-system.png[] +And second is the audit dashboard that shows audit log data. + +image::./images/kibana-system-audit.png[] + [float] === Syslog fileset settings diff --git a/filebeat/fileset/modules.go b/filebeat/fileset/modules.go index e2bc4b5b7c0c..15c40a57c104 100644 --- a/filebeat/fileset/modules.go +++ b/filebeat/fileset/modules.go @@ -44,15 +44,15 @@ func newModuleRegistry(modulesPath string, fcfg = &defaultFilesetConfig } - if fcfg.Enabled != nil && (*fcfg.Enabled) == false { - continue - } - fcfg, err = applyOverrides(fcfg, mcfg.Module, filesetName, overrides) if err != nil { return nil, fmt.Errorf("Error applying overrides on fileset %s/%s: %v", mcfg.Module, filesetName, err) } + if fcfg.Enabled != nil && (*fcfg.Enabled) == false { + continue + } + fileset, err := New(modulesPath, filesetName, &mcfg, fcfg) if err != nil { return nil, err diff --git a/filebeat/fileset/modules_test.go b/filebeat/fileset/modules_test.go index 9350674926e1..60ac12d3031d 100644 --- a/filebeat/fileset/modules_test.go +++ b/filebeat/fileset/modules_test.go @@ -38,7 +38,7 @@ func TestNewModuleRegistry(t *testing.T) { expectedModules := map[string][]string{ "nginx": {"access", "error"}, "mysql": {"slowlog", "error"}, - "system": {"syslog", "auth"}, + "system": {"syslog", "audit", "auth"}, } assert.Equal(t, len(expectedModules), len(reg.registry)) @@ -98,7 +98,7 @@ func TestNewModuleRegistryConfig(t *testing.T) { assert.NotContains(t, reg.registry["nginx"], "error") } -func TestAppplyOverrides(t *testing.T) { +func TestApplyOverrides(t *testing.T) { falseVar := false trueVar := true diff --git a/filebeat/module/system/_meta/docs.asciidoc b/filebeat/module/system/_meta/docs.asciidoc index b4ac86b34d12..5c538fb3b16e 100644 --- a/filebeat/module/system/_meta/docs.asciidoc +++ b/filebeat/module/system/_meta/docs.asciidoc @@ -1,20 +1,28 @@ == System module -This module collects and parses logs created by system logging server of common Unix/Linux based -distributions. +This module collects and parses logs created by system logging server of common +Unix/Linux based distributions. +[float] === Compatibility -This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, macOS Sierra, and others. +This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and +macOS Sierra. This module is not available for Windows. +[float] === Dashboard -This module comes with a sample dashboard. +This module comes with sample dashboards. The first is a more generic syslog +dashboard that shows syslog data. image::./images/kibana-system.png[] +And second is the audit dashboard that shows audit log data. + +image::./images/kibana-system-audit.png[] + [float] === Syslog fileset settings diff --git a/filebeat/module/system/audit/_meta/fields.yml b/filebeat/module/system/audit/_meta/fields.yml new file mode 100644 index 000000000000..05b16091eed3 --- /dev/null +++ b/filebeat/module/system/audit/_meta/fields.yml @@ -0,0 +1,74 @@ +- name: audit + type: group + description: > + Fields from the Linux audit logs. Not all fields are documented here because + they are dynamic and vary by audit event type. + fields: + - name: record_type + description: > + The audit event type. + - name: old_auid + description: > + For login events this is the old audit ID used for the user prior to + this login. + - name: new_auid + description: > + For login events this is the new audit ID. The audit ID can be used to + trace future events to the user even if their identity changes (like + becoming root). + - name: old_ses + description: > + For login events this is the old session ID used for the user prior to + this login. + - name: new_ses + description: > + For login events this is the new session ID. It can be used to tie a + user to future events by session ID. + - name: sequence + type: long + description: > + The audit event sequence number. + - name: pid + type: long + description: > + The ID of the process. + - name: ppid + type: long + description: > + The ID of the process. + - name: items + type: long + description: > + The number of items in an event. + - name: item + type: long + description: > + The item field indicates which item out of the total number of items. + This number is zero-based; a value of 0 means it is the first item. + - name: geoip + type: group + description: > + Contains GeoIP information gathered based on the `system.audit.addr` + field. Only present if the GeoIP Elasticsearch plugin is available and + used. + fields: + - name: continent_name + type: keyword + description: > + The name of the continent. + - name: city_name + type: keyword + description: > + The name of the city. + - name: region_name + type: keyword + description: > + The name of the region. + - name: country_iso_code + type: keyword + description: > + Country ISO code. + - name: location + type: geo_point + description: > + The longitude and latitude. diff --git a/filebeat/module/system/audit/_meta/kibana/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json b/filebeat/module/system/audit/_meta/kibana/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json new file mode 100644 index 000000000000..04dc54b9251d --- /dev/null +++ b/filebeat/module/system/audit/_meta/kibana/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "Filebeat System Audit", + "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "panelsJSON": "[{\"col\":1,\"id\":\"6295bdd0-0a0e-11e7-825f-6748cda7d858\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"5ebdbe50-0a0f-11e7-825f-6748cda7d858\",\"panelIndex\":2,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2bb0fa70-0a11-11e7-9e84-43da493ad0c7\",\"panelIndex\":3,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d1726930-0a7f-11e7-8b04-eb22a5669f27\",\"panelIndex\":5,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"c5411910-0a87-11e7-8b04-eb22a5669f27\",\"panelIndex\":6,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":7,\"type\":\"search\",\"id\":\"4ac0a370-0a11-11e7-8b04-eb22a5669f27\",\"col\":1,\"row\":8,\"columns\":[\"system.audit.record_type\",\"system.audit.sequence\",\"system.audit.acct\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + } +} \ No newline at end of file diff --git a/filebeat/module/system/audit/_meta/kibana/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27.json b/filebeat/module/system/audit/_meta/kibana/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27.json new file mode 100644 index 000000000000..66e6e02edeff --- /dev/null +++ b/filebeat/module/system/audit/_meta/kibana/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27.json @@ -0,0 +1,18 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "Audit Events", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.audit\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "columns": [ + "system.audit.record_type", + "system.audit.sequence", + "system.audit.acct" + ] +} \ No newline at end of file diff --git a/filebeat/module/system/audit/_meta/kibana/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json b/filebeat/module/system/audit/_meta/kibana/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json new file mode 100644 index 000000000000..a99239f18737 --- /dev/null +++ b/filebeat/module/system/audit/_meta/kibana/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"type\":\"timelion\",\"title\":\"Audit Event Results\",\"params\":{\"expression\":\".es(q=\\\"_exists_:system.audit NOT system.audit.res:failure\\\").label(\\\"Success\\\") .es(q=\\\"system.audit.res:failed\\\").label(\\\"Failure\\\").title(\\\"Audit Event Results\\\")\",\"interval\":\"auto\"}}", + "description": "", + "title": "Audit Event Results", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + } +} \ No newline at end of file diff --git a/filebeat/module/system/audit/_meta/kibana/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858.json b/filebeat/module/system/audit/_meta/kibana/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858.json new file mode 100644 index 000000000000..57104c8c177d --- /dev/null +++ b/filebeat/module/system/audit/_meta/kibana/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Audit Top Exec Commands\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.audit.a0\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command (arg 0)\"}}],\"listeners\":{}}", + "description": "", + "title": "Audit Top Exec Commands", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"system.audit.record_type:EXECVE\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/system/audit/_meta/kibana/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858.json b/filebeat/module/system/audit/_meta/kibana/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858.json new file mode 100644 index 000000000000..a46013440c46 --- /dev/null +++ b/filebeat/module/system/audit/_meta/kibana/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858.json @@ -0,0 +1,10 @@ +{ + "visState": "{\n \"title\": \"Audit Event Types\",\n \"type\": \"pie\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.audit.record_type\",\n \"size\": 50,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}", + "description": "", + "title": "Audit Event Types", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" + } +} \ No newline at end of file diff --git a/filebeat/module/system/audit/_meta/kibana/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27.json b/filebeat/module/system/audit/_meta/kibana/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27.json new file mode 100644 index 000000000000..56acd439134c --- /dev/null +++ b/filebeat/module/system/audit/_meta/kibana/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Audit Event Account Tag Cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":15,\"maxFontSize\":42,\"hideLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.audit.acct\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Audit Event Account Tag Cloud", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/system/audit/_meta/kibana/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27.json b/filebeat/module/system/audit/_meta/kibana/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27.json new file mode 100644 index 000000000000..2b81cc06eb6a --- /dev/null +++ b/filebeat/module/system/audit/_meta/kibana/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Audit Event Address Geo Location\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"system.audit.geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}", + "description": "", + "title": "Audit Event Address Geo Location", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/filebeat/module/system/audit/config/audit.yml b/filebeat/module/system/audit/config/audit.yml new file mode 100644 index 000000000000..56e3dfd95b82 --- /dev/null +++ b/filebeat/module/system/audit/config/audit.yml @@ -0,0 +1,6 @@ +input_type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] diff --git a/filebeat/module/system/audit/ingest/pipeline.json b/filebeat/module/system/audit/ingest/pipeline.json new file mode 100644 index 000000000000..2b176e90fce7 --- /dev/null +++ b/filebeat/module/system/audit/ingest/pipeline.json @@ -0,0 +1,129 @@ +{ + "description": "Pipeline for parsing Linux audit logs", + "processors": [ + { + "grok": { + "field": "message", + "pattern_definitions": { + "AUDIT_TYPE": "^type=%{NOTSPACE:system.audit.record_type}", + "AUDIT_PREFIX": "%{AUDIT_TYPE} msg=audit\\(%{NUMBER:system.audit.epoch}:%{NUMBER:system.audit.sequence}\\):(%{DATA})?", + "AUDIT_KEY_VALUES": "%{WORD}=%{GREEDYDATA}" + }, + "patterns": [ + "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:system.audit.kv} old auid=%{NUMBER:system.audit.old_auid} new auid=%{NUMBER:system.audit.new_auid} old ses=%{NUMBER:system.audit.old_ses} new ses=%{NUMBER:system.audit.new_ses}", + "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:system.audit.kv} msg=['\"](%{DATA:system.audit.msg}\\s+)?%{AUDIT_KEY_VALUES:system.audit.sub_kv}['\"]", + "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:system.audit.kv}", + "%{AUDIT_PREFIX}", + "%{AUDIT_TYPE} %{AUDIT_KEY_VALUES:system.audit.kv}" + ] + } + }, + { + "kv": { + "field": "system.audit.kv", + "field_split": "\\s+", + "value_split": "=", + "target_field": "system.audit" + } + }, + { + "kv": { + "field": "system.audit.sub_kv", + "field_split": "\\s+", + "value_split": "=", + "target_field": "system.audit", + "ignore_missing": true + } + }, + { + "remove": { + "field": "system.audit.kv", + "ignore_failure": true + } + }, + { + "remove": { + "field": "system.audit.sub_kv", + "ignore_failure": true + } + }, + { + "remove": { + "field": "message", + "ignore_failure": true + } + }, + { + "date": { + "field": "system.audit.epoch", + "target_field": "@timestamp", + "formats": [ + "UNIX" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "system.audit.epoch", + "ignore_failure": true + } + }, + { + "convert": { + "field" : "system.audit.sequence", + "type": "integer", + "ignore_missing": true + } + }, + { + "convert": { + "field" : "system.audit.pid", + "type": "integer", + "ignore_missing": true + } + }, + { + "convert": { + "field" : "system.audit.ppid", + "type": "integer", + "ignore_missing": true + } + }, + { + "convert": { + "field" : "system.audit.item", + "type": "integer", + "ignore_missing": true + } + }, + { + "convert": { + "field" : "system.audit.items", + "type": "integer", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "inline": " String trimQuotes(def v) {\n if (v.startsWith(\"'\") || v.startsWith('\"')) {\n v = v.substring(1, v.length());\n }\n if (v.endsWith(\"'\") || v.endsWith('\"')) {\n v = v.substring(0, v.length()-1);\n } \n return v;\n }\n \n boolean isHexAscii(String v) {\n def len = v.length();\n if (len == 0 || len % 2 != 0) {\n return false; \n }\n \n for (int i = 0 ; i < len ; i++) {\n if (Character.digit(v.charAt(i), 16) == -1) {\n return false;\n }\n }\n\n return true;\n }\n \n String convertHexToString(String hex) {\n\t StringBuilder sb = new StringBuilder();\n\n for (int i=0; i < hex.length() - 1; i+=2) {\n String output = hex.substring(i, (i + 2));\n int decimal = Integer.parseInt(output, 16);\n sb.append((char)decimal);\n }\n\n return sb.toString();\n }\n \n def possibleHexKeys = ['exe', 'cmd'];\n \n def audit = ctx.system.get(\"audit\");\n Iterator entries = audit.entrySet().iterator();\n while (entries.hasNext()) {\n def e = entries.next();\n def k = e.getKey();\n def v = e.getValue(); \n\n // Remove entries whose value is ?\n if (v == \"?\" || v == \"(null)\" || v == \"\") {\n entries.remove();\n continue;\n }\n \n // Convert hex values to ASCII.\n if (possibleHexKeys.contains(k) && isHexAscii(v)) {\n v = convertHexToString(v);\n audit.put(k, v);\n }\n \n // Trim quotes.\n if (v instanceof String) {\n v = trimQuotes(v);\n audit.put(k, v);\n }\n \n // Convert arch.\n if (k == \"arch\" && v == \"c000003e\") {\n audit.put(k, \"x86_64\");\n }\n }" + } + }, + { + "geoip": { + "field": "system.audit.addr", + "target_field": "system.audit.geoip", + "ignore_failure": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/filebeat/module/system/audit/manifest.yml b/filebeat/module/system/audit/manifest.yml new file mode 100644 index 000000000000..5eb0b43f76c6 --- /dev/null +++ b/filebeat/module/system/audit/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/audit/audit.log* + os.darwin: [] + os.windows: [] + +ingest_pipeline: ingest/pipeline.json +prospector: config/audit.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/filebeat/module/system/audit/test/audit-rhel6.log b/filebeat/module/system/audit/test/audit-rhel6.log new file mode 100644 index 000000000000..dceee8427109 --- /dev/null +++ b/filebeat/module/system/audit/test/audit-rhel6.log @@ -0,0 +1,12 @@ +type=USER_END msg=audit(1489519230.178:19600327): user pid=4121 uid=0 auid=700 ses=11988 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' +type=CRED_DISP msg=audit(1489519230.178:19600328): user pid=4121 uid=0 auid=700 ses=11988 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' +type=USER_CMD msg=audit(1489519256.192:19600329): user pid=4151 uid=497 auid=700 ses=11988 msg='cwd="/" cmd=2F7573722F6C696236342F6E6167696F732F706C7567696E732F636865636B5F617374657269736B5F7369705F7065657273202D7020323032 terminal=? res=success' +type=CRED_ACQ msg=audit(1489519256.193:19600330): user pid=4151 uid=0 auid=700 ses=11988 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' +type=USER_START msg=audit(1489519256.193:19600331): user pid=4151 uid=0 auid=700 ses=11988 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' +type=MAC_IPSEC_EVENT msg=audit(1489519382.529:19600354): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=10.100.0.0 src_prefixlen=16 dst=10.100.4.0 dst_prefixlen=22 +type=SYSCALL msg=audit(1489519382.529:19600354): arch=c000003e syscall=44 success=yes exit=184 a0=9 a1=7f564ee6d2a0 a2=b8 a3=0 items=0 ppid=1240 pid=1275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="charon" exe=2F7573722F6C6962657865632F7374726F6E677377616E2F636861726F6E202864656C6574656429 key=(null) +type=LOGIN msg=audit(1489636960.072:19623791): pid=28281 uid=0 old auid=700 new auid=700 old ses=6793 new ses=12286 +type=CRYPTO_KEY_USER msg=audit(1489636960.070:19623788): user pid=28281 uid=0 auid=700 ses=6793 msg='op=destroy kind=session fp=? direction=both spid=28282 suid=74 rport=58994 laddr=107.170.139.210 lport=50022 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1489636960.072:19623789): user pid=28281 uid=0 auid=700 ses=6793 msg='op=success acct="admin" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=USER_AUTH msg=audit(1489636977.804:19623807): user pid=28395 uid=0 auid=700 ses=12286 msg='op=PAM:authentication acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' +type=USER_ACCT msg=audit(1489636977.805:19623808): user pid=28395 uid=0 auid=700 ses=12286 msg='op=PAM:accounting acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' diff --git a/filebeat/module/system/audit/test/audit-rhel7.log b/filebeat/module/system/audit/test/audit-rhel7.log new file mode 100644 index 000000000000..4b193c8d559f --- /dev/null +++ b/filebeat/module/system/audit/test/audit-rhel7.log @@ -0,0 +1,2447 @@ +type=DAEMON_START msg=audit(1481076983.819:7798): auditd start, ver=2.4.1 format=raw kernel=3.10.0-327.36.3.el7.x86_64 auid=4294967295 pid=251 subj=system_u:system_r:auditd_t:s0 res=success +type=SERVICE_START msg=audit(1481076983.864:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SYSTEM_BOOT msg=audit(1481076983.876:7): pid=273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076983.879:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.075:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.088:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.163:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-udev-trigger comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.212:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.521:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=avahi-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.521:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.526:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076984.534:16): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076984.827:17): table=filter family=2 entries=0 +type=SYSCALL msg=audit(1481076984.827:17): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=390 pid=391 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076984.858:18): table=raw family=2 entries=0 +type=SYSCALL msg=audit(1481076984.858:18): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=395 pid=396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076984.870:19): table=security family=2 entries=0 +type=SYSCALL msg=audit(1481076984.870:19): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=398 pid=399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076984.877:20): table=mangle family=2 entries=0 +type=SYSCALL msg=audit(1481076984.877:20): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=401 pid=402 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076984.931:21): table=nat family=2 entries=0 +type=SYSCALL msg=audit(1481076984.931:21): arch=c000003e syscall=313 success=yes exit=0 a0=3 a1=41a15c a2=0 a3=3 items=0 ppid=406 pid=407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076984.939:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=yum-cron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.945:23): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.953:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=acpid comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.954:25): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.960:26): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076984.982:27): table=filter family=10 entries=0 +type=SYSCALL msg=audit(1481076984.982:27): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=422 pid=423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.012:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.031:29): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.043:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=expand-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076985.044:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=expand-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.069:32): table=raw family=10 entries=0 +type=SYSCALL msg=audit(1481076985.069:32): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=439 pid=440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.104:33): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.099:34): table=security family=10 entries=0 +type=SYSCALL msg=audit(1481076985.099:34): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=445 pid=446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.128:35): table=mangle family=10 entries=0 +type=SYSCALL msg=audit(1481076985.128:35): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=449 pid=450 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.164:36): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076985.166:37): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.167:38): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076985.168:39): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.170:40): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076985.170:41): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.180:42): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.187:43): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.191:44): table=nat family=10 entries=0 +type=SYSCALL msg=audit(1481076985.191:44): arch=c000003e syscall=313 success=yes exit=0 a0=1 a1=41a15c a2=0 a3=1 items=0 ppid=452 pid=453 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.511:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=firewalld comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.528:46): table=nat family=2 entries=5 +type=SYSCALL msg=audit(1481076985.528:46): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=25be720 items=0 ppid=296 pid=476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.532:47): table=nat family=2 entries=5 +type=SYSCALL msg=audit(1481076985.532:47): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1819720 items=0 ppid=296 pid=478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.534:48): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.534:48): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13d0850 items=0 ppid=296 pid=479 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.537:49): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.537:49): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1125850 items=0 ppid=296 pid=481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.538:50): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.538:50): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=20a3600 items=0 ppid=296 pid=482 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.542:51): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.542:51): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9f0600 items=0 ppid=296 pid=484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.543:52): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.543:52): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=232e4d0 items=0 ppid=296 pid=485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.546:53): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.546:53): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14404d0 items=0 ppid=296 pid=487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.548:54): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.548:54): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=c31600 items=0 ppid=296 pid=488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.552:55): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.552:55): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=143a600 items=0 ppid=296 pid=490 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.553:56): table=nat family=10 entries=5 +type=SYSCALL msg=audit(1481076985.553:56): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=109b880 items=0 ppid=296 pid=491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.556:57): table=nat family=10 entries=5 +type=SYSCALL msg=audit(1481076985.556:57): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b53880 items=0 ppid=296 pid=493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.557:58): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.557:58): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=17b09e0 items=0 ppid=296 pid=494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.560:59): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.560:59): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25cc9e0 items=0 ppid=296 pid=496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.562:60): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.562:60): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14db720 items=0 ppid=296 pid=497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.566:61): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.566:61): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9d2720 items=0 ppid=296 pid=499 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.569:62): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.569:62): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=fae5c0 items=0 ppid=296 pid=500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.573:63): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.573:63): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=19545c0 items=0 ppid=296 pid=502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.575:64): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.575:64): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23a3720 items=0 ppid=296 pid=503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.578:65): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.578:65): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=162d720 items=0 ppid=296 pid=505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.580:66): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.580:66): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14b0850 items=0 ppid=296 pid=506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.582:67): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.582:67): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2398850 items=0 ppid=296 pid=507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.583:68): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.583:68): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2679850 items=0 ppid=296 pid=508 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.585:69): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.585:69): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1715850 items=0 ppid=296 pid=509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.587:70): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.587:70): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=196a850 items=0 ppid=296 pid=510 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.590:71): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.590:71): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1453600 items=0 ppid=296 pid=511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.591:72): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.591:72): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=fb2600 items=0 ppid=296 pid=512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.593:73): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.593:73): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=255d600 items=0 ppid=296 pid=513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.594:74): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.594:74): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=15be4d0 items=0 ppid=296 pid=514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.596:75): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.596:75): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13704d0 items=0 ppid=296 pid=515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.597:76): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.597:76): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13ef600 items=0 ppid=296 pid=516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.599:77): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.599:77): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1f72600 items=0 ppid=296 pid=517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.601:78): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.601:78): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1299600 items=0 ppid=296 pid=518 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.602:79): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.602:79): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23e29e0 items=0 ppid=296 pid=519 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.604:80): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.604:80): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=8199e0 items=0 ppid=296 pid=520 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.605:81): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.605:81): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e879e0 items=0 ppid=296 pid=521 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.607:82): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.607:82): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1b699e0 items=0 ppid=296 pid=522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.610:83): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.610:83): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1d599e0 items=0 ppid=296 pid=523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.612:84): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.612:84): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=20be720 items=0 ppid=296 pid=525 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.613:85): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.613:85): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=f0a720 items=0 ppid=296 pid=526 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.615:86): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.615:86): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=239a720 items=0 ppid=296 pid=527 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.620:87): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.628:88): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.628:88): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1a535c0 items=0 ppid=296 pid=528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.632:89): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.632:89): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=11735c0 items=0 ppid=296 pid=532 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.634:90): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.634:90): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2553720 items=0 ppid=296 pid=533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.635:91): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.635:91): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2257720 items=0 ppid=296 pid=534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.641:92): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.641:92): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1815720 items=0 ppid=296 pid=535 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.657:93): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.657:93): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9bc600 items=0 ppid=296 pid=537 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.661:94): table=filter family=2 entries=6 +type=SYSCALL msg=audit(1481076985.661:94): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=20ba7d0 items=0 ppid=296 pid=538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.664:95): table=filter family=2 entries=8 +type=SYSCALL msg=audit(1481076985.664:95): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=c3d9b0 items=0 ppid=296 pid=539 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.687:96): table=filter family=2 entries=10 +type=SYSCALL msg=audit(1481076985.687:96): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cb7280 items=0 ppid=296 pid=540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.691:97): table=filter family=2 entries=11 +type=SYSCALL msg=audit(1481076985.691:97): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1b75610 items=0 ppid=296 pid=543 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.719:98): table=filter family=2 entries=12 +type=SYSCALL msg=audit(1481076985.719:98): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1c99770 items=0 ppid=296 pid=545 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.735:99): table=filter family=2 entries=13 +type=SYSCALL msg=audit(1481076985.735:99): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1b788e0 items=0 ppid=296 pid=548 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.760:100): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=wpa_supplicant comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.764:101): table=filter family=2 entries=14 +type=SYSCALL msg=audit(1481076985.764:101): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=97fa60 items=0 ppid=296 pid=550 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.770:102): table=filter family=2 entries=15 +type=SYSCALL msg=audit(1481076985.770:102): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=22e5f10 items=0 ppid=296 pid=551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.779:103): table=filter family=2 entries=16 +type=SYSCALL msg=audit(1481076985.779:103): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=7ec260 items=0 ppid=296 pid=552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.788:104): table=filter family=2 entries=17 +type=SYSCALL msg=audit(1481076985.788:104): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1104760 items=0 ppid=296 pid=558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.790:105): table=filter family=2 entries=19 +type=SYSCALL msg=audit(1481076985.790:105): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=827940 items=0 ppid=296 pid=559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.795:106): table=filter family=2 entries=21 +type=SYSCALL msg=audit(1481076985.795:106): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1725b10 items=0 ppid=296 pid=561 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.796:107): table=filter family=2 entries=23 +type=SYSCALL msg=audit(1481076985.796:107): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=22e3cf0 items=0 ppid=296 pid=562 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.798:108): table=filter family=2 entries=25 +type=SYSCALL msg=audit(1481076985.798:108): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2389ec0 items=0 ppid=296 pid=563 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.802:109): table=filter family=2 entries=27 +type=SYSCALL msg=audit(1481076985.802:109): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=22d47a0 items=0 ppid=296 pid=564 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.805:110): table=filter family=2 entries=28 +type=SYSCALL msg=audit(1481076985.805:110): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d10b30 items=0 ppid=296 pid=566 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.807:111): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.812:112): table=filter family=2 entries=29 +type=SYSCALL msg=audit(1481076985.812:112): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d3dc80 items=0 ppid=296 pid=568 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.813:113): table=filter family=2 entries=30 +type=SYSCALL msg=audit(1481076985.813:113): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=21eae00 items=0 ppid=296 pid=569 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.815:114): table=filter family=2 entries=31 +type=SYSCALL msg=audit(1481076985.815:114): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=b0ff70 items=0 ppid=296 pid=570 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.817:115): table=filter family=2 entries=32 +type=SYSCALL msg=audit(1481076985.817:115): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=19490f0 items=0 ppid=296 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.818:116): table=filter family=2 entries=33 +type=SYSCALL msg=audit(1481076985.818:116): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d32260 items=0 ppid=296 pid=572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.820:117): table=filter family=2 entries=34 +type=SYSCALL msg=audit(1481076985.820:117): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=aa5720 items=0 ppid=296 pid=573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.822:118): table=filter family=2 entries=35 +type=SYSCALL msg=audit(1481076985.822:118): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=acaa60 items=0 ppid=296 pid=574 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.823:119): table=filter family=2 entries=36 +type=SYSCALL msg=audit(1481076985.823:119): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d17f70 items=0 ppid=296 pid=575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.825:120): table=filter family=2 entries=38 +type=SYSCALL msg=audit(1481076985.825:120): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=18cd8a0 items=0 ppid=296 pid=576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.826:121): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.826:121): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=12a74d0 items=0 ppid=296 pid=577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.828:122): table=raw family=2 entries=5 +type=SYSCALL msg=audit(1481076985.828:122): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=da4e10 items=0 ppid=296 pid=578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.830:123): table=raw family=2 entries=6 +type=SYSCALL msg=audit(1481076985.830:123): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=6b4820 items=0 ppid=296 pid=579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.831:124): table=raw family=2 entries=8 +type=SYSCALL msg=audit(1481076985.831:124): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1f9b160 items=0 ppid=296 pid=580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.833:125): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.833:125): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=684600 items=0 ppid=296 pid=581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.834:126): table=security family=2 entries=6 +type=SYSCALL msg=audit(1481076985.834:126): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1a4cf30 items=0 ppid=296 pid=582 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.836:127): table=security family=2 entries=7 +type=SYSCALL msg=audit(1481076985.836:127): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=fae950 items=0 ppid=296 pid=583 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.838:128): table=security family=2 entries=9 +type=SYSCALL msg=audit(1481076985.838:128): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13e9280 items=0 ppid=296 pid=584 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.839:129): table=security family=2 entries=10 +type=SYSCALL msg=audit(1481076985.839:129): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1ae9ca0 items=0 ppid=296 pid=585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.841:130): table=security family=2 entries=12 +type=SYSCALL msg=audit(1481076985.841:130): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=e305d0 items=0 ppid=296 pid=586 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.843:131): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.843:131): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ba0850 items=0 ppid=296 pid=587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.844:132): table=mangle family=2 entries=8 +type=SYSCALL msg=audit(1481076985.844:132): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d4c180 items=0 ppid=296 pid=588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.846:133): table=mangle family=2 entries=9 +type=SYSCALL msg=audit(1481076985.846:133): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d99ba0 items=0 ppid=296 pid=589 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.847:134): table=mangle family=2 entries=11 +type=SYSCALL msg=audit(1481076985.847:134): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1f70d70 items=0 ppid=296 pid=590 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.849:135): table=mangle family=2 entries=13 +type=SYSCALL msg=audit(1481076985.849:135): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=24546b0 items=0 ppid=296 pid=591 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.850:136): table=mangle family=2 entries=14 +type=SYSCALL msg=audit(1481076985.850:136): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d30820 items=0 ppid=296 pid=592 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.852:137): table=mangle family=2 entries=15 +type=SYSCALL msg=audit(1481076985.852:137): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1711240 items=0 ppid=296 pid=593 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.853:138): table=mangle family=2 entries=17 +type=SYSCALL msg=audit(1481076985.853:138): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1fedb70 items=0 ppid=296 pid=594 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.855:139): table=mangle family=2 entries=18 +type=SYSCALL msg=audit(1481076985.855:139): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2152590 items=0 ppid=296 pid=595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.856:140): table=mangle family=2 entries=20 +type=SYSCALL msg=audit(1481076985.856:140): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cf8ec0 items=0 ppid=296 pid=596 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.858:141): table=mangle family=2 entries=21 +type=SYSCALL msg=audit(1481076985.858:141): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ce78e0 items=0 ppid=296 pid=597 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.860:142): table=mangle family=2 entries=23 +type=SYSCALL msg=audit(1481076985.860:142): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=838210 items=0 ppid=296 pid=598 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.861:143): table=mangle family=2 entries=24 +type=SYSCALL msg=audit(1481076985.861:143): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=759c30 items=0 ppid=296 pid=599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.863:144): table=mangle family=2 entries=26 +type=SYSCALL msg=audit(1481076985.863:144): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=e48560 items=0 ppid=296 pid=600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.864:145): table=nat family=2 entries=5 +type=SYSCALL msg=audit(1481076985.864:145): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1879720 items=0 ppid=296 pid=601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.866:146): table=nat family=2 entries=7 +type=SYSCALL msg=audit(1481076985.866:146): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=119c060 items=0 ppid=296 pid=602 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.867:147): table=nat family=2 entries=8 +type=SYSCALL msg=audit(1481076985.867:147): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=264fa70 items=0 ppid=296 pid=603 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.869:148): table=nat family=2 entries=10 +type=SYSCALL msg=audit(1481076985.869:148): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cc2c50 items=0 ppid=296 pid=604 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.870:149): table=nat family=2 entries=12 +type=SYSCALL msg=audit(1481076985.870:149): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=159d580 items=0 ppid=296 pid=605 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.872:150): table=nat family=2 entries=13 +type=SYSCALL msg=audit(1481076985.872:150): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=baa700 items=0 ppid=296 pid=606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.873:151): table=nat family=2 entries=14 +type=SYSCALL msg=audit(1481076985.873:151): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=127c110 items=0 ppid=296 pid=607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.875:152): table=nat family=2 entries=16 +type=SYSCALL msg=audit(1481076985.875:152): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=216aa50 items=0 ppid=296 pid=608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.877:153): table=nat family=2 entries=17 +type=SYSCALL msg=audit(1481076985.877:153): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=aae460 items=0 ppid=296 pid=609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.878:154): table=nat family=2 entries=19 +type=SYSCALL msg=audit(1481076985.878:154): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=16ad640 items=0 ppid=296 pid=610 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.880:155): table=nat family=2 entries=21 +type=SYSCALL msg=audit(1481076985.880:155): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=112af70 items=0 ppid=296 pid=611 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.881:156): table=nat family=2 entries=22 +type=SYSCALL msg=audit(1481076985.881:156): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9760f0 items=0 ppid=296 pid=612 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.883:157): table=nat family=2 entries=23 +type=SYSCALL msg=audit(1481076985.883:157): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=11acb00 items=0 ppid=296 pid=613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.884:158): table=nat family=2 entries=25 +type=SYSCALL msg=audit(1481076985.884:158): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2587440 items=0 ppid=296 pid=614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.886:159): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.886:159): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2236720 items=0 ppid=296 pid=615 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.887:160): table=filter family=10 entries=6 +type=SYSCALL msg=audit(1481076985.887:160): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2358960 items=0 ppid=296 pid=616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.889:161): table=filter family=10 entries=8 +type=SYSCALL msg=audit(1481076985.889:161): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2655bb0 items=0 ppid=296 pid=617 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.890:162): table=filter family=10 entries=10 +type=SYSCALL msg=audit(1481076985.890:162): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=20a6530 items=0 ppid=296 pid=618 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.892:163): table=filter family=10 entries=11 +type=SYSCALL msg=audit(1481076985.892:163): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1b09930 items=0 ppid=296 pid=619 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.893:164): table=filter family=10 entries=12 +type=SYSCALL msg=audit(1481076985.893:164): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=12a7af0 items=0 ppid=296 pid=620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.895:165): table=filter family=10 entries=13 +type=SYSCALL msg=audit(1481076985.895:165): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=21a4ce0 items=0 ppid=296 pid=621 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.897:166): table=filter family=10 entries=14 +type=SYSCALL msg=audit(1481076985.897:166): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=261ded0 items=0 ppid=296 pid=622 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.898:167): table=filter family=10 entries=15 +type=SYSCALL msg=audit(1481076985.898:167): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=19fc410 items=0 ppid=296 pid=623 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.902:168): table=filter family=10 entries=16 +type=SYSCALL msg=audit(1481076985.902:168): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23917b0 items=0 ppid=296 pid=624 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.906:169): table=filter family=10 entries=17 +type=SYSCALL msg=audit(1481076985.906:169): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1825d10 items=0 ppid=296 pid=627 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.907:170): table=filter family=10 entries=19 +type=SYSCALL msg=audit(1481076985.907:170): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=d3df50 items=0 ppid=296 pid=628 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.909:171): table=filter family=10 entries=21 +type=SYSCALL msg=audit(1481076985.909:171): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=c811a0 items=0 ppid=296 pid=629 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.911:172): table=filter family=10 entries=23 +type=SYSCALL msg=audit(1481076985.911:172): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23953e0 items=0 ppid=296 pid=630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.912:173): table=filter family=10 entries=25 +type=SYSCALL msg=audit(1481076985.912:173): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=213d630 items=0 ppid=296 pid=631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.914:174): table=filter family=10 entries=27 +type=SYSCALL msg=audit(1481076985.914:174): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2533fb0 items=0 ppid=296 pid=632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.915:175): table=filter family=10 entries=28 +type=SYSCALL msg=audit(1481076985.915:175): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b823b0 items=0 ppid=296 pid=633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.917:176): table=filter family=10 entries=29 +type=SYSCALL msg=audit(1481076985.917:176): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=756570 items=0 ppid=296 pid=634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.919:177): table=filter family=10 entries=30 +type=SYSCALL msg=audit(1481076985.919:177): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1462760 items=0 ppid=296 pid=635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.920:178): table=filter family=10 entries=31 +type=SYSCALL msg=audit(1481076985.920:178): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ac1950 items=0 ppid=296 pid=636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.922:179): table=filter family=10 entries=32 +type=SYSCALL msg=audit(1481076985.922:179): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25a8b40 items=0 ppid=296 pid=637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.923:180): table=filter family=10 entries=33 +type=SYSCALL msg=audit(1481076985.923:180): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=775d30 items=0 ppid=296 pid=638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.925:181): table=filter family=10 entries=34 +type=SYSCALL msg=audit(1481076985.925:181): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=8bf270 items=0 ppid=296 pid=639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.926:182): table=filter family=10 entries=35 +type=SYSCALL msg=audit(1481076985.926:182): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14f6610 items=0 ppid=296 pid=640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.928:183): table=filter family=10 entries=36 +type=SYSCALL msg=audit(1481076985.928:183): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=772b70 items=0 ppid=296 pid=641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.930:184): table=filter family=10 entries=38 +type=SYSCALL msg=audit(1481076985.930:184): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1a81540 items=0 ppid=296 pid=642 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.931:185): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.931:185): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=233a5c0 items=0 ppid=296 pid=643 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.933:186): table=raw family=10 entries=5 +type=SYSCALL msg=audit(1481076985.933:186): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1824f90 items=0 ppid=296 pid=644 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.934:187): table=raw family=10 entries=6 +type=SYSCALL msg=audit(1481076985.934:187): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=26329f0 items=0 ppid=296 pid=645 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.936:188): table=raw family=10 entries=8 +type=SYSCALL msg=audit(1481076985.936:188): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ab63d0 items=0 ppid=296 pid=646 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.937:189): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.937:189): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=8ca720 items=0 ppid=296 pid=647 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.938:190): table=security family=10 entries=6 +type=SYSCALL msg=audit(1481076985.938:190): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=216f0f0 items=0 ppid=296 pid=648 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.940:191): table=security family=10 entries=7 +type=SYSCALL msg=audit(1481076985.940:191): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1776b50 items=0 ppid=296 pid=649 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.942:192): table=security family=10 entries=9 +type=SYSCALL msg=audit(1481076985.942:192): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1898530 items=0 ppid=296 pid=650 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.943:193): table=security family=10 entries=10 +type=SYSCALL msg=audit(1481076985.943:193): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=234af90 items=0 ppid=296 pid=651 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.945:194): table=security family=10 entries=12 +type=SYSCALL msg=audit(1481076985.945:194): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22bf960 items=0 ppid=296 pid=652 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.946:195): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.946:195): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22cc9e0 items=0 ppid=296 pid=653 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.948:196): table=mangle family=10 entries=8 +type=SYSCALL msg=audit(1481076985.948:196): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=a873b0 items=0 ppid=296 pid=654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.949:197): table=mangle family=10 entries=9 +type=SYSCALL msg=audit(1481076985.949:197): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22a2e10 items=0 ppid=296 pid=655 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.951:198): table=mangle family=10 entries=11 +type=SYSCALL msg=audit(1481076985.951:198): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14c6060 items=0 ppid=296 pid=656 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.952:199): table=mangle family=10 entries=13 +type=SYSCALL msg=audit(1481076985.952:199): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2549a30 items=0 ppid=296 pid=657 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.954:200): table=mangle family=10 entries=14 +type=SYSCALL msg=audit(1481076985.954:200): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25b7c20 items=0 ppid=296 pid=658 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.955:201): table=mangle family=10 entries=15 +type=SYSCALL msg=audit(1481076985.955:201): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2434680 items=0 ppid=296 pid=659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.957:202): table=mangle family=10 entries=17 +type=SYSCALL msg=audit(1481076985.957:202): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22ff060 items=0 ppid=296 pid=660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.959:203): table=mangle family=10 entries=18 +type=SYSCALL msg=audit(1481076985.959:203): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f54ac0 items=0 ppid=296 pid=661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.960:204): table=mangle family=10 entries=20 +type=SYSCALL msg=audit(1481076985.960:204): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=12c7490 items=0 ppid=296 pid=662 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.962:205): table=mangle family=10 entries=21 +type=SYSCALL msg=audit(1481076985.962:205): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22e0ef0 items=0 ppid=296 pid=663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.963:206): table=mangle family=10 entries=23 +type=SYSCALL msg=audit(1481076985.963:206): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=113d8d0 items=0 ppid=296 pid=664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.965:207): table=mangle family=10 entries=24 +type=SYSCALL msg=audit(1481076985.965:207): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f65330 items=0 ppid=296 pid=665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.966:208): table=mangle family=10 entries=26 +type=SYSCALL msg=audit(1481076985.966:208): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=a85d00 items=0 ppid=296 pid=666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.968:209): table=nat family=10 entries=5 +type=SYSCALL msg=audit(1481076985.968:209): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2227880 items=0 ppid=296 pid=667 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.969:210): table=nat family=10 entries=7 +type=SYSCALL msg=audit(1481076985.969:210): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2646250 items=0 ppid=296 pid=668 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.971:211): table=nat family=10 entries=8 +type=SYSCALL msg=audit(1481076985.971:211): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=15a4cb0 items=0 ppid=296 pid=669 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.972:212): table=nat family=10 entries=10 +type=SYSCALL msg=audit(1481076985.972:212): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ea5f00 items=0 ppid=296 pid=670 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.974:213): table=nat family=10 entries=12 +type=SYSCALL msg=audit(1481076985.974:213): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e798d0 items=0 ppid=296 pid=671 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.975:214): table=nat family=10 entries=13 +type=SYSCALL msg=audit(1481076985.975:214): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25cdac0 items=0 ppid=296 pid=672 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.977:215): table=nat family=10 entries=14 +type=SYSCALL msg=audit(1481076985.977:215): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ff1520 items=0 ppid=296 pid=673 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.978:216): table=nat family=10 entries=16 +type=SYSCALL msg=audit(1481076985.978:216): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22bbf00 items=0 ppid=296 pid=674 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.980:217): table=nat family=10 entries=17 +type=SYSCALL msg=audit(1481076985.980:217): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f83960 items=0 ppid=296 pid=675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.981:218): table=nat family=10 entries=19 +type=SYSCALL msg=audit(1481076985.981:218): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23b2ba0 items=0 ppid=296 pid=676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.983:219): table=nat family=10 entries=21 +type=SYSCALL msg=audit(1481076985.983:219): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1530580 items=0 ppid=296 pid=677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.984:220): table=nat family=10 entries=22 +type=SYSCALL msg=audit(1481076985.984:220): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=cc6770 items=0 ppid=296 pid=678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.986:221): table=nat family=10 entries=23 +type=SYSCALL msg=audit(1481076985.986:221): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=8f01d0 items=0 ppid=296 pid=679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.988:222): table=nat family=10 entries=25 +type=SYSCALL msg=audit(1481076985.988:222): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=d86ba0 items=0 ppid=296 pid=680 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.991:223): table=raw family=10 entries=9 +type=SYSCALL msg=audit(1481076985.991:223): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1bcd460 items=0 ppid=296 pid=681 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.993:224): table=raw family=10 entries=10 +type=SYSCALL msg=audit(1481076985.993:224): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1c49390 items=0 ppid=296 pid=682 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.085:225): table=filter family=2 entries=39 +type=SYSCALL msg=audit(1481076986.085:225): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=24492c0 items=0 ppid=296 pid=685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.086:226): table=filter family=2 entries=41 +type=SYSCALL msg=audit(1481076986.086:226): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=19a6490 items=0 ppid=296 pid=686 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.088:227): table=filter family=2 entries=43 +type=SYSCALL msg=audit(1481076986.088:227): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=23ab670 items=0 ppid=296 pid=687 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.089:228): table=filter family=2 entries=45 +type=SYSCALL msg=audit(1481076986.089:228): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2614840 items=0 ppid=296 pid=688 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.091:229): table=filter family=10 entries=39 +type=SYSCALL msg=audit(1481076986.091:229): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=995fa0 items=0 ppid=296 pid=689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.092:230): table=filter family=10 entries=41 +type=SYSCALL msg=audit(1481076986.092:230): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1a801f0 items=0 ppid=296 pid=690 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.094:231): table=filter family=10 entries=43 +type=SYSCALL msg=audit(1481076986.094:231): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b38430 items=0 ppid=296 pid=691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.095:232): table=filter family=10 entries=45 +type=SYSCALL msg=audit(1481076986.095:232): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9c4680 items=0 ppid=296 pid=692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.097:233): table=filter family=2 entries=47 +type=SYSCALL msg=audit(1481076986.097:233): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1094180 items=0 ppid=296 pid=693 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.099:234): table=filter family=2 entries=48 +type=SYSCALL msg=audit(1481076986.099:234): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1ba92f0 items=0 ppid=296 pid=694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.101:235): table=filter family=2 entries=49 +type=SYSCALL msg=audit(1481076986.101:235): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1c63470 items=0 ppid=296 pid=695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.102:236): table=filter family=2 entries=50 +type=SYSCALL msg=audit(1481076986.102:236): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d97600 items=0 ppid=296 pid=696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.104:237): table=filter family=10 entries=47 +type=SYSCALL msg=audit(1481076986.104:237): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1b49050 items=0 ppid=296 pid=697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.105:238): table=filter family=10 entries=48 +type=SYSCALL msg=audit(1481076986.105:238): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=c5f240 items=0 ppid=296 pid=698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.107:239): table=filter family=10 entries=49 +type=SYSCALL msg=audit(1481076986.107:239): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b6b430 items=0 ppid=296 pid=699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.108:240): table=filter family=10 entries=50 +type=SYSCALL msg=audit(1481076986.108:240): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=a30650 items=0 ppid=296 pid=700 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.110:241): table=filter family=2 entries=51 +type=SYSCALL msg=audit(1481076986.110:241): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1217000 items=0 ppid=296 pid=701 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.112:242): table=filter family=2 entries=53 +type=SYSCALL msg=audit(1481076986.112:242): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=abd1d0 items=0 ppid=296 pid=702 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.113:243): table=filter family=2 entries=55 +type=SYSCALL msg=audit(1481076986.113:243): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=21ab3b0 items=0 ppid=296 pid=703 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.115:244): table=filter family=2 entries=57 +type=SYSCALL msg=audit(1481076986.115:244): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1afb580 items=0 ppid=296 pid=704 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.116:245): table=filter family=10 entries=51 +type=SYSCALL msg=audit(1481076986.116:245): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=17f0080 items=0 ppid=296 pid=705 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.118:246): table=filter family=10 entries=53 +type=SYSCALL msg=audit(1481076986.118:246): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=246d2d0 items=0 ppid=296 pid=706 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.120:247): table=filter family=10 entries=55 +type=SYSCALL msg=audit(1481076986.120:247): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=f29510 items=0 ppid=296 pid=707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.121:248): table=filter family=10 entries=57 +type=SYSCALL msg=audit(1481076986.121:248): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=266c760 items=0 ppid=296 pid=708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.123:249): table=filter family=2 entries=59 +type=SYSCALL msg=audit(1481076986.123:249): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=e2fec0 items=0 ppid=296 pid=709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.125:250): table=filter family=2 entries=60 +type=SYSCALL msg=audit(1481076986.125:250): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d73030 items=0 ppid=296 pid=710 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.126:251): table=filter family=2 entries=61 +type=SYSCALL msg=audit(1481076986.126:251): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cbc1b0 items=0 ppid=296 pid=711 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.128:252): table=filter family=2 entries=62 +type=SYSCALL msg=audit(1481076986.128:252): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ead340 items=0 ppid=296 pid=712 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.129:253): table=filter family=10 entries=59 +type=SYSCALL msg=audit(1481076986.129:253): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1467130 items=0 ppid=296 pid=713 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.131:254): table=filter family=10 entries=60 +type=SYSCALL msg=audit(1481076986.131:254): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1a2b320 items=0 ppid=296 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.133:255): table=filter family=10 entries=61 +type=SYSCALL msg=audit(1481076986.133:255): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1602510 items=0 ppid=296 pid=715 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.134:256): table=filter family=10 entries=62 +type=SYSCALL msg=audit(1481076986.134:256): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ced730 items=0 ppid=296 pid=716 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.136:257): table=filter family=2 entries=63 +type=SYSCALL msg=audit(1481076986.136:257): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=10d7d40 items=0 ppid=296 pid=717 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.138:258): table=filter family=2 entries=65 +type=SYSCALL msg=audit(1481076986.138:258): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=743f10 items=0 ppid=296 pid=718 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.139:259): table=filter family=2 entries=67 +type=SYSCALL msg=audit(1481076986.139:259): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=e910f0 items=0 ppid=296 pid=719 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.141:260): table=filter family=2 entries=69 +type=SYSCALL msg=audit(1481076986.141:260): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=112d2c0 items=0 ppid=296 pid=720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.142:261): table=filter family=10 entries=63 +type=SYSCALL msg=audit(1481076986.142:261): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f11160 items=0 ppid=296 pid=721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.144:262): table=filter family=10 entries=65 +type=SYSCALL msg=audit(1481076986.144:262): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14633b0 items=0 ppid=296 pid=722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.145:263): table=filter family=10 entries=67 +type=SYSCALL msg=audit(1481076986.145:263): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e9b5f0 items=0 ppid=296 pid=723 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.147:264): table=filter family=10 entries=69 +type=SYSCALL msg=audit(1481076986.147:264): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=164c840 items=0 ppid=296 pid=724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.149:265): table=filter family=2 entries=71 +type=SYSCALL msg=audit(1481076986.149:265): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1306c00 items=0 ppid=296 pid=725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.151:266): table=filter family=2 entries=72 +type=SYSCALL msg=audit(1481076986.151:266): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d35d70 items=0 ppid=296 pid=726 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.152:267): table=filter family=2 entries=73 +type=SYSCALL msg=audit(1481076986.152:267): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1bacef0 items=0 ppid=296 pid=727 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.154:268): table=filter family=2 entries=74 +type=SYSCALL msg=audit(1481076986.154:268): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=206f080 items=0 ppid=296 pid=728 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.156:269): table=filter family=10 entries=71 +type=SYSCALL msg=audit(1481076986.156:269): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1820210 items=0 ppid=296 pid=729 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.157:270): table=filter family=10 entries=72 +type=SYSCALL msg=audit(1481076986.157:270): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f21400 items=0 ppid=296 pid=730 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.159:271): table=filter family=10 entries=73 +type=SYSCALL msg=audit(1481076986.159:271): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=19f55f0 items=0 ppid=296 pid=731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.161:272): table=filter family=10 entries=74 +type=SYSCALL msg=audit(1481076986.161:272): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=c19810 items=0 ppid=296 pid=732 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.162:273): table=mangle family=2 entries=27 +type=SYSCALL msg=audit(1481076986.162:273): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13b5f80 items=0 ppid=296 pid=733 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.164:274): table=mangle family=2 entries=29 +type=SYSCALL msg=audit(1481076986.164:274): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cd1150 items=0 ppid=296 pid=734 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.166:275): table=mangle family=2 entries=31 +type=SYSCALL msg=audit(1481076986.166:275): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d07330 items=0 ppid=296 pid=735 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.167:276): table=mangle family=2 entries=33 +type=SYSCALL msg=audit(1481076986.167:276): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2113500 items=0 ppid=296 pid=736 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.169:277): table=mangle family=10 entries=27 +type=SYSCALL msg=audit(1481076986.169:277): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=132b760 items=0 ppid=296 pid=737 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.171:278): table=mangle family=10 entries=29 +type=SYSCALL msg=audit(1481076986.171:278): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14479b0 items=0 ppid=296 pid=738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.172:279): table=mangle family=10 entries=31 +type=SYSCALL msg=audit(1481076986.172:279): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=250dbf0 items=0 ppid=296 pid=739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.174:280): table=mangle family=10 entries=33 +type=SYSCALL msg=audit(1481076986.174:280): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=214fe40 items=0 ppid=296 pid=740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.175:281): table=mangle family=2 entries=35 +type=SYSCALL msg=audit(1481076986.175:281): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=100ce40 items=0 ppid=296 pid=741 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.177:282): table=mangle family=2 entries=36 +type=SYSCALL msg=audit(1481076986.177:282): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2627fb0 items=0 ppid=296 pid=742 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.178:283): table=mangle family=2 entries=37 +type=SYSCALL msg=audit(1481076986.178:283): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ed9130 items=0 ppid=296 pid=743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.180:284): table=mangle family=10 entries=35 +type=SYSCALL msg=audit(1481076986.180:284): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=deb810 items=0 ppid=296 pid=744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.182:285): table=mangle family=10 entries=36 +type=SYSCALL msg=audit(1481076986.182:285): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=10efa00 items=0 ppid=296 pid=745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.183:286): table=mangle family=10 entries=37 +type=SYSCALL msg=audit(1481076986.183:286): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=7b3bf0 items=0 ppid=296 pid=746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.185:287): table=nat family=2 entries=26 +type=SYSCALL msg=audit(1481076986.185:287): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1a05e50 items=0 ppid=296 pid=747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.186:288): table=nat family=2 entries=28 +type=SYSCALL msg=audit(1481076986.186:288): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14fe030 items=0 ppid=296 pid=748 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.188:289): table=nat family=2 entries=30 +type=SYSCALL msg=audit(1481076986.188:289): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=c35200 items=0 ppid=296 pid=749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.189:290): table=nat family=2 entries=32 +type=SYSCALL msg=audit(1481076986.189:290): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cb13e0 items=0 ppid=296 pid=750 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.191:291): table=nat family=10 entries=26 +type=SYSCALL msg=audit(1481076986.191:291): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2499600 items=0 ppid=296 pid=751 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.193:292): table=nat family=10 entries=28 +type=SYSCALL msg=audit(1481076986.193:292): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=243b850 items=0 ppid=296 pid=752 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.194:293): table=nat family=10 entries=30 +type=SYSCALL msg=audit(1481076986.194:293): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=13d5a90 items=0 ppid=296 pid=753 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.196:294): table=nat family=10 entries=32 +type=SYSCALL msg=audit(1481076986.196:294): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1dc2ce0 items=0 ppid=296 pid=754 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.197:295): table=nat family=2 entries=34 +type=SYSCALL msg=audit(1481076986.197:295): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1a7ad10 items=0 ppid=296 pid=755 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.199:296): table=nat family=2 entries=35 +type=SYSCALL msg=audit(1481076986.199:296): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ba0e90 items=0 ppid=296 pid=756 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.200:297): table=nat family=2 entries=36 +type=SYSCALL msg=audit(1481076986.200:297): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cd1000 items=0 ppid=296 pid=757 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.202:298): table=nat family=10 entries=34 +type=SYSCALL msg=audit(1481076986.202:298): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e5d6b0 items=0 ppid=296 pid=758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.204:299): table=nat family=10 entries=35 +type=SYSCALL msg=audit(1481076986.204:299): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=7a08a0 items=0 ppid=296 pid=759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.205:300): table=nat family=10 entries=36 +type=SYSCALL msg=audit(1481076986.205:300): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=dc7a90 items=0 ppid=296 pid=760 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.207:301): table=nat family=2 entries=37 +type=SYSCALL msg=audit(1481076986.207:301): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=eeea20 items=0 ppid=296 pid=761 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.208:302): table=nat family=2 entries=39 +type=SYSCALL msg=audit(1481076986.208:302): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d06bf0 items=0 ppid=296 pid=762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.210:303): table=nat family=2 entries=41 +type=SYSCALL msg=audit(1481076986.210:303): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=210cdd0 items=0 ppid=296 pid=763 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.211:304): table=nat family=2 entries=43 +type=SYSCALL msg=audit(1481076986.211:304): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=17c2fa0 items=0 ppid=296 pid=764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.213:305): table=nat family=10 entries=37 +type=SYSCALL msg=audit(1481076986.213:305): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1b954f0 items=0 ppid=296 pid=765 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.215:306): table=nat family=10 entries=39 +type=SYSCALL msg=audit(1481076986.215:306): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=15c1740 items=0 ppid=296 pid=766 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.216:307): table=nat family=10 entries=41 +type=SYSCALL msg=audit(1481076986.216:307): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1306980 items=0 ppid=296 pid=767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.218:308): table=nat family=10 entries=43 +type=SYSCALL msg=audit(1481076986.218:308): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=214ebd0 items=0 ppid=296 pid=768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.219:309): table=nat family=2 entries=45 +type=SYSCALL msg=audit(1481076986.219:309): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cc78e0 items=0 ppid=296 pid=769 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.221:310): table=nat family=2 entries=46 +type=SYSCALL msg=audit(1481076986.221:310): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1bf7a50 items=0 ppid=296 pid=770 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.222:311): table=nat family=2 entries=47 +type=SYSCALL msg=audit(1481076986.222:311): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=183bbd0 items=0 ppid=296 pid=771 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.224:312): table=nat family=10 entries=45 +type=SYSCALL msg=audit(1481076986.224:312): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=10d95a0 items=0 ppid=296 pid=772 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.226:313): table=nat family=10 entries=46 +type=SYSCALL msg=audit(1481076986.226:313): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=c8b790 items=0 ppid=296 pid=773 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.227:314): table=nat family=10 entries=47 +type=SYSCALL msg=audit(1481076986.227:314): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1c65980 items=0 ppid=296 pid=774 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.229:315): table=filter family=2 entries=75 +type=SYSCALL msg=audit(1481076986.229:315): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=25d21e0 items=0 ppid=296 pid=775 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.231:316): table=filter family=10 entries=75 +type=SYSCALL msg=audit(1481076986.231:316): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=24e79d0 items=0 ppid=296 pid=776 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.232:317): table=filter family=2 entries=76 +type=SYSCALL msg=audit(1481076986.232:317): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9f0350 items=0 ppid=296 pid=777 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.234:318): table=filter family=10 entries=76 +type=SYSCALL msg=audit(1481076986.234:318): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=12d2bc0 items=0 ppid=296 pid=778 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.236:319): table=filter family=2 entries=77 +type=SYSCALL msg=audit(1481076986.236:319): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ff24d0 items=0 ppid=296 pid=779 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.237:320): table=filter family=10 entries=77 +type=SYSCALL msg=audit(1481076986.237:320): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=d73db0 items=0 ppid=296 pid=780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.239:321): table=mangle family=2 entries=38 +type=SYSCALL msg=audit(1481076986.239:321): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1b2f2a0 items=0 ppid=296 pid=781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.241:322): table=mangle family=10 entries=38 +type=SYSCALL msg=audit(1481076986.241:322): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1bc1de0 items=0 ppid=296 pid=782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.242:323): table=nat family=2 entries=48 +type=SYSCALL msg=audit(1481076986.242:323): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2486d40 items=0 ppid=296 pid=783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.244:324): table=nat family=10 entries=48 +type=SYSCALL msg=audit(1481076986.244:324): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1744b70 items=0 ppid=296 pid=784 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.246:325): table=nat family=2 entries=49 +type=SYSCALL msg=audit(1481076986.246:325): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=933ec0 items=0 ppid=296 pid=785 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.247:326): table=nat family=10 entries=49 +type=SYSCALL msg=audit(1481076986.247:326): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=24aed60 items=0 ppid=296 pid=786 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.278:327): table=filter family=2 entries=78 +type=SYSCALL msg=audit(1481076986.278:327): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cc7640 items=0 ppid=296 pid=788 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.279:328): table=filter family=10 entries=78 +type=SYSCALL msg=audit(1481076986.279:328): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=777fa0 items=0 ppid=296 pid=789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.281:329): table=filter family=2 entries=79 +type=SYSCALL msg=audit(1481076986.281:329): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1e787c0 items=0 ppid=296 pid=790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.283:330): table=filter family=10 entries=79 +type=SYSCALL msg=audit(1481076986.283:330): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1bc4190 items=0 ppid=296 pid=791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.284:331): table=filter family=2 entries=80 +type=SYSCALL msg=audit(1481076986.284:331): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=195d930 items=0 ppid=296 pid=792 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.286:332): table=filter family=10 entries=80 +type=SYSCALL msg=audit(1481076986.286:332): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=252d380 items=0 ppid=296 pid=793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.288:333): table=mangle family=2 entries=39 +type=SYSCALL msg=audit(1481076986.288:333): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1645420 items=0 ppid=296 pid=794 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.289:334): table=mangle family=10 entries=39 +type=SYSCALL msg=audit(1481076986.289:334): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=123efd0 items=0 ppid=296 pid=795 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.291:335): table=nat family=2 entries=50 +type=SYSCALL msg=audit(1481076986.291:335): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2157030 items=0 ppid=296 pid=796 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.292:336): table=nat family=10 entries=50 +type=SYSCALL msg=audit(1481076986.292:336): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e74f50 items=0 ppid=296 pid=797 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.294:337): table=nat family=2 entries=51 +type=SYSCALL msg=audit(1481076986.294:337): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=f221b0 items=0 ppid=296 pid=798 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.296:338): table=nat family=10 entries=51 +type=SYSCALL msg=audit(1481076986.296:338): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=13a2140 items=0 ppid=296 pid=799 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076986.412:339): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076986.515:340): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076986.526:341): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076990.762:342): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076990.762:343): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076991.152:344): table=filter family=2 entries=81 +type=SYSCALL msg=audit(1481076991.152:344): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=25f0900 items=0 ppid=296 pid=1008 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.158:345): table=filter family=10 entries=81 +type=SYSCALL msg=audit(1481076991.158:345): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9a6340 items=0 ppid=296 pid=1010 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.160:346): table=filter family=2 entries=80 +type=SYSCALL msg=audit(1481076991.160:346): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=acf780 items=0 ppid=296 pid=1013 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.168:347): table=filter family=10 entries=80 +type=SYSCALL msg=audit(1481076991.168:347): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9e3150 items=0 ppid=296 pid=1015 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.170:348): table=filter family=2 entries=79 +type=SYSCALL msg=audit(1481076991.170:348): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=174b610 items=0 ppid=296 pid=1016 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.175:349): table=filter family=10 entries=79 +type=SYSCALL msg=audit(1481076991.175:349): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1ba8f60 items=0 ppid=296 pid=1019 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.177:350): table=mangle family=2 entries=40 +type=SYSCALL msg=audit(1481076991.177:350): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=121c3e0 items=0 ppid=296 pid=1021 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.182:351): table=mangle family=10 entries=40 +type=SYSCALL msg=audit(1481076991.182:351): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=17d9f90 items=0 ppid=296 pid=1025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.184:352): table=nat family=2 entries=52 +type=SYSCALL msg=audit(1481076991.184:352): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=16d7170 items=0 ppid=296 pid=1028 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.187:353): table=nat family=10 entries=52 +type=SYSCALL msg=audit(1481076991.187:353): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1028100 items=0 ppid=296 pid=1030 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.195:354): table=nat family=2 entries=51 +type=SYSCALL msg=audit(1481076991.195:354): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1954000 items=0 ppid=296 pid=1032 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.197:355): table=nat family=10 entries=51 +type=SYSCALL msg=audit(1481076991.197:355): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1fd2f10 items=0 ppid=296 pid=1034 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.202:356): table=filter family=2 entries=78 +type=SYSCALL msg=audit(1481076991.202:356): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d53640 items=0 ppid=296 pid=1036 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.204:357): table=filter family=10 entries=78 +type=SYSCALL msg=audit(1481076991.204:357): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2435fa0 items=0 ppid=296 pid=1038 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.209:358): table=filter family=2 entries=79 +type=SYSCALL msg=audit(1481076991.209:358): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=b1b7c0 items=0 ppid=296 pid=1043 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.212:359): table=filter family=10 entries=79 +type=SYSCALL msg=audit(1481076991.212:359): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=15aa190 items=0 ppid=296 pid=1045 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.217:360): table=filter family=2 entries=80 +type=SYSCALL msg=audit(1481076991.217:360): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1dda930 items=0 ppid=296 pid=1049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.220:361): table=filter family=10 entries=80 +type=SYSCALL msg=audit(1481076991.220:361): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=132c380 items=0 ppid=296 pid=1050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_STOP msg=audit(1481076991.233:362): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076991.233:363): table=mangle family=2 entries=39 +type=SYSCALL msg=audit(1481076991.233:363): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=68c420 items=0 ppid=296 pid=1052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.239:364): table=mangle family=10 entries=39 +type=SYSCALL msg=audit(1481076991.239:364): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22c9fd0 items=0 ppid=296 pid=1056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076991.243:365): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076991.245:366): table=nat family=2 entries=50 +type=SYSCALL msg=audit(1481076991.245:366): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1396030 items=0 ppid=296 pid=1058 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.250:367): table=nat family=10 entries=50 +type=SYSCALL msg=audit(1481076991.250:367): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=13b0f50 items=0 ppid=296 pid=1061 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.254:368): table=nat family=2 entries=51 +type=SYSCALL msg=audit(1481076991.254:368): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cb11b0 items=0 ppid=296 pid=1062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.256:369): table=nat family=10 entries=51 +type=SYSCALL msg=audit(1481076991.256:369): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1dc1140 items=0 ppid=296 pid=1063 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076991.354:370): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076991.483:371): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076991.501:372): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076991.789:373): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tuned comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076991.991:374): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-instance-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076991.991:375): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-instance-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.078:376): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-network-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076992.078:377): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-network-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.078:378): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-ip-forwarding-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.079:379): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-accounts-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.080:380): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.080:381): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-clock-skew-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.155:382): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-shutdown-scripts comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.398:383): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-startup-scripts comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076992.398:384): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-startup-scripts comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=ADD_GROUP msg=audit(1481076992.414:385): pid=1235 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-group id=1000 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' +type=GRP_MGMT msg=audit(1481076992.419:386): pid=1235 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-shadow-group id=1000 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' +type=ADD_GROUP msg=audit(1481076992.467:387): pid=1264 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-group acct="some_user" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.481:388): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=ADD_USER msg=audit(1481076992.488:389): pid=1264 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' +type=SYSTEM_RUNLEVEL msg=audit(1481076992.492:390): pid=1279 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.492:391): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076992.493:392): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.521:393): pid=1264 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:394): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-group grp="adm" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:395): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-group grp="video" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:396): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-group grp="dip" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:397): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-group grp="google-sudoers" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:398): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-shadow-group grp="adm" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:399): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-shadow-group grp="video" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:400): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-shadow-group grp="dip" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:401): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-shadow-group grp="google-sudoers" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USYS_CONFIG msg=audit(1481076993.000:402): pid=1232 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='changing system time exe="/usr/sbin/hwclock" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481077001.763:403): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077041.497:404): pid=1299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1299 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077041.497:405): pid=1299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1299 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077041.515:406): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1299 suid=74 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077041.515:407): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1299 suid=74 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077043.046:408): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=63927 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077043.046:409): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ea:4e:a7:19:2a:35:b9:0f:ee:6c:76:f3:3f:52:e4:73 rport=63927 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_ACCT msg=audit(1481077043.052:410): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077043.053:411): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1299 suid=74 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077043.054:412): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=CRED_ACQ msg=audit(1481077043.057:413): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=LOGIN msg=audit(1481077043.057:414): pid=1298 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=1 res=1 +type=USER_ROLE_CHANGE msg=audit(1481077043.140:415): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077043.170:416): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077043.170:417): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1298 suid=0 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077043.171:418): pid=1301 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1301 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077043.171:419): pid=1301 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1301 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRED_ACQ msg=audit(1481077043.172:420): pid=1301 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGIN msg=audit(1481077043.193:421): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481077043.194:422): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/0 res=success' +type=USER_END msg=audit(1481077049.033:423): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_LOGOUT msg=audit(1481077049.033:424): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRYPTO_KEY_USER msg=audit(1481077049.054:425): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1301 suid=1000 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_END msg=audit(1481077049.057:426): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRED_DISP msg=audit(1481077049.058:427): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077049.058:428): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1298 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077049.058:429): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1298 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.307:430): pid=1325 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1325 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.307:431): pid=1325 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1325 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077072.328:432): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1325 suid=74 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077072.328:433): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1325 suid=74 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077072.487:434): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=63929 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077072.487:435): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ea:4e:a7:19:2a:35:b9:0f:ee:6c:76:f3:3f:52:e4:73 rport=63929 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_ACCT msg=audit(1481077072.491:436): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.493:437): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1325 suid=74 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077072.493:438): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=CRED_ACQ msg=audit(1481077072.494:439): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=LOGIN msg=audit(1481077072.495:440): pid=1324 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=2 res=1 +type=USER_ROLE_CHANGE msg=audit(1481077072.564:441): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077072.589:442): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.590:443): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1324 suid=0 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.591:444): pid=1327 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.591:445): pid=1327 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRED_ACQ msg=audit(1481077072.592:446): pid=1327 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGIN msg=audit(1481077072.611:447): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077072.612:448): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077074.324:449): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1327 suid=1000 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_END msg=audit(1481077074.326:450): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRED_DISP msg=audit(1481077074.327:451): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_END msg=audit(1481077074.329:452): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGOUT msg=audit(1481077074.329:453): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077074.329:454): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1324 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077074.329:455): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1324 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.100:456): pid=1340 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1340 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.100:457): pid=1340 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1340 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077083.118:458): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1340 suid=74 rport=63931 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077083.118:459): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1340 suid=74 rport=63931 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077083.282:460): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=63931 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077083.282:461): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ea:4e:a7:19:2a:35:b9:0f:ee:6c:76:f3:3f:52:e4:73 rport=63931 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_ACCT msg=audit(1481077083.287:462): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.288:463): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1340 suid=74 rport=63931 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077083.289:464): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=CRED_ACQ msg=audit(1481077083.290:465): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=LOGIN msg=audit(1481077083.290:466): pid=1339 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=3 res=1 +type=USER_ROLE_CHANGE msg=audit(1481077083.358:467): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077083.388:468): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.389:469): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1339 suid=0 rport=63931 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.390:470): pid=1342 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1342 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.390:471): pid=1342 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1342 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRED_ACQ msg=audit(1481077083.391:472): pid=1342 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGIN msg=audit(1481077083.414:473): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481077083.414:474): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/0 res=success' +type=USER_CMD msg=audit(1481077231.363:475): pid=1382 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=2E2F676F2D6175646974202D636F6E6669672061756469742E79616D6C terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481077231.363:476): pid=1382 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481077231.364:477): pid=1382 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CONFIG_CHANGE msg=audit(1481077231.371:478): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481077231.371:479): arch=c000003e syscall=59 success=yes exit=0 a0=c4201249d0 a1=c42003cbc0 a2=c420064480 a3=0 items=2 ppid=1383 pid=1391 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077231.371:479): argc=7 a0="auditctl" a1="-a" a2="exit,always" a3="-F" a4="arch=b32" a5="-S" a6="execve" +type=CWD msg=audit(1481077231.371:479): cwd="/home/some_user" +type=PATH msg=audit(1481077231.371:479): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077231.371:479): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077231.372:480): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481077231.372:481): arch=c000003e syscall=59 success=yes exit=0 a0=c420124b50 a1=c42012a1e0 a2=c4200645a0 a3=0 items=2 ppid=1383 pid=1393 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077231.372:481): argc=3 a0="auditctl" a1="-e" a2="1" +type=CWD msg=audit(1481077231.372:481): cwd="/home/some_user" +type=PATH msg=audit(1481077231.372:481): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077231.372:481): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077231.373:482): audit_enabled=1 old=1 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=1 +type=UNKNOWN[1329] msg=g +type=SYSCALL msg=audit(1481077232.471:483): arch=c000003e syscall=59 success=no exit=-2 a0=1325fc0 a1=133b250 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077232.471:483): cwd="/" +type=PATH msg=audit(1481077232.471:483): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077232.471:484): arch=c000003e syscall=59 success=no exit=-2 a0=1325fc0 a1=133b250 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077232.471:484): cwd="/" +type=PATH msg=audit(1481077232.471:484): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077232.471:485): arch=c000003e syscall=59 success=yes exit=0 a0=1325fc0 a1=133b250 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077232.471:485): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077232.471:485): cwd="/" +type=PATH msg=audit(1481077232.471:485): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077232.471:485): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=SYSCALL msg=audit(1481077253.941:486): arch=c000003e syscall=59 success=yes exit=0 a0=7f4e7a34ba60 a1=7f4e7a34a280 a2=7f4e7a3497c0 a3=a items=2 ppid=1223 pid=1397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077253.941:486): argc=3 a0="/usr/sbin/sshd" a1="-D" a2="-R" +type=CWD msg=audit(1481077253.941:486): cwd="/" +type=PATH msg=audit(1481077253.941:486): item=0 name="/usr/sbin/sshd" inode=17367919 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sshd_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077253.941:486): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CRYPTO_KEY_USER msg=audit(1481077253.949:487): pid=1398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1398 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077253.949:488): pid=1398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1398 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077253.969:489): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1398 suid=74 rport=63973 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077253.969:490): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1398 suid=74 rport=63973 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077254.134:491): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=63973 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077254.134:492): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ea:4e:a7:19:2a:35:b9:0f:ee:6c:76:f3:3f:52:e4:73 rport=63973 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=SYSCALL msg=audit(1481077254.135:493): arch=c000003e syscall=59 success=yes exit=0 a0=7f01f14443ed a1=7ffc04ef9a80 a2=7f01f1647388 a3=2 items=2 ppid=1397 pid=1399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.135:493): argc=3 a0="/usr/sbin/unix_chkpwd" a1="some_user" a2="chkexpiry" +type=CWD msg=audit(1481077254.135:493): cwd="/" +type=PATH msg=audit(1481077254.135:493): item=0 name="/usr/sbin/unix_chkpwd" inode=16781526 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.135:493): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_ACCT msg=audit(1481077254.138:494): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077254.139:495): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1398 suid=74 rport=63973 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077254.139:496): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=CRED_ACQ msg=audit(1481077254.140:497): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=LOGIN msg=audit(1481077254.140:498): pid=1397 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=4 res=1 +type=USER_ROLE_CHANGE msg=audit(1481077254.211:499): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077254.230:500): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077254.230:501): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1397 suid=0 rport=63973 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077254.232:502): pid=1400 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1400 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077254.232:503): pid=1400 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1400 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRED_ACQ msg=audit(1481077254.233:504): pid=1400 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGIN msg=audit(1481077254.255:505): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1481077254.255:506): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/1 res=success' +type=SYSCALL msg=audit(1481077254.258:507): arch=c000003e syscall=59 success=yes exit=0 a0=7f01f7181960 a1=7ffc04ef9280 a2=7f01f717f0c0 a3=8 items=2 ppid=1400 pid=1401 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.258:507): argc=1 a0="-bash" +type=CWD msg=audit(1481077254.258:507): cwd="/home/some_user" +type=PATH msg=audit(1481077254.258:507): item=0 name="/bin/bash" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.258:507): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.261:508): arch=c000003e syscall=59 success=yes exit=0 a0=21fbee0 a1=21fc1e0 a2=21f8b30 a3=7ffd20e9bc00 items=2 ppid=1402 pid=1403 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.261:508): argc=2 a0="id" a1="-un" +type=CWD msg=audit(1481077254.261:508): cwd="/home/some_user" +type=PATH msg=audit(1481077254.261:508): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.261:508): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.264:509): arch=c000003e syscall=59 success=yes exit=0 a0=21fa270 a1=21f9f40 a2=21fc810 a3=7ffd20e9c140 items=2 ppid=1404 pid=1405 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="hostname" exe="/usr/bin/hostname" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.264:509): argc=1 a0="/usr/bin/hostname" +type=CWD msg=audit(1481077254.264:509): cwd="/home/some_user" +type=PATH msg=audit(1481077254.264:509): item=0 name="/usr/bin/hostname" inode=3832 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.264:509): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.265:510): arch=c000003e syscall=59 success=yes exit=0 a0=21fcec0 a1=21fd190 a2=21fcb40 a3=7ffd20e9bf10 items=2 ppid=1406 pid=1407 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.265:510): argc=2 a0="id" a1="-gn" +type=CWD msg=audit(1481077254.265:510): cwd="/home/some_user" +type=PATH msg=audit(1481077254.265:510): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.265:510): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.266:511): arch=c000003e syscall=59 success=yes exit=0 a0=21fcf00 a1=21fd1d0 a2=21fcb40 a3=7ffd20e9bf10 items=2 ppid=1408 pid=1409 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.266:511): argc=2 a0="id" a1="-un" +type=CWD msg=audit(1481077254.266:511): cwd="/home/some_user" +type=PATH msg=audit(1481077254.266:511): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.266:511): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.268:512): arch=c000003e syscall=59 success=yes exit=0 a0=21fdfe0 a1=21fe010 a2=21fcb40 a3=7ffd20e9be20 items=3 ppid=1401 pid=1410 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="grepconf.sh" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.268:512): argc=3 a0="/bin/sh" a1="/usr/libexec/grepconf.sh" a2="-c" +type=CWD msg=audit(1481077254.268:512): cwd="/home/some_user" +type=PATH msg=audit(1481077254.268:512): item=0 name="/usr/libexec/grepconf.sh" inode=16779035 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.268:512): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.268:512): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.269:513): arch=c000003e syscall=59 success=yes exit=0 a0=17616d0 a1=175fc30 a2=175f600 a3=7ffc3c283e00 items=2 ppid=1410 pid=1411 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.269:513): argc=4 a0="grep" a1="-qsi" a2="^COLOR.*none" a3="/etc/GREP_COLORS" +type=CWD msg=audit(1481077254.269:513): cwd="/home/some_user" +type=PATH msg=audit(1481077254.269:513): item=0 name="/usr/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.269:513): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.270:514): arch=c000003e syscall=59 success=yes exit=0 a0=2202d40 a1=2202f20 a2=21fcb40 a3=7ffd20e9aef0 items=2 ppid=1412 pid=1413 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="tty" exe="/usr/bin/tty" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.270:514): argc=2 a0="/usr/bin/tty" a1="-s" +type=CWD msg=audit(1481077254.270:514): cwd="/home/some_user" +type=PATH msg=audit(1481077254.270:514): item=0 name="/usr/bin/tty" inode=4775 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.270:514): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.271:515): arch=c000003e syscall=59 success=yes exit=0 a0=2202e40 a1=2202ee0 a2=21fcb40 a3=7ffd20e9aef0 items=2 ppid=1412 pid=1414 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="tput" exe="/usr/bin/tput" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.271:515): argc=2 a0="/usr/bin/tput" a1="colors" +type=CWD msg=audit(1481077254.271:515): cwd="/home/some_user" +type=PATH msg=audit(1481077254.271:515): item=0 name="/usr/bin/tput" inode=4609 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.271:515): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.273:516): arch=c000003e syscall=59 success=yes exit=0 a0=2202000 a1=21fde10 a2=21fcb40 a3=7ffd20e9b440 items=2 ppid=1415 pid=1416 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="dircolors" exe="/usr/bin/dircolors" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.273:516): argc=3 a0="/usr/bin/dircolors" a1="--sh" a2="/etc/DIR_COLORS.256color" +type=CWD msg=audit(1481077254.273:516): cwd="/home/some_user" +type=PATH msg=audit(1481077254.273:516): item=0 name="/usr/bin/dircolors" inode=4703 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.273:516): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.274:517): arch=c000003e syscall=59 success=yes exit=0 a0=2202360 a1=2201f90 a2=21fcb40 a3=7ffd20e9bc20 items=2 ppid=1401 pid=1417 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.274:517): argc=4 a0="/usr/bin/grep" a1="-qi" a2="^COLOR.*none" a3="/etc/DIR_COLORS.256color" +type=CWD msg=audit(1481077254.274:517): cwd="/home/some_user" +type=PATH msg=audit(1481077254.274:517): item=0 name="/usr/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.274:517): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.276:518): arch=c000003e syscall=59 success=yes exit=0 a0=21f90b0 a1=22094b0 a2=21fcb40 a3=7ffd20e9b560 items=2 ppid=1418 pid=1419 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.276:518): argc=2 a0="/usr/bin/id" a1="-u" +type=CWD msg=audit(1481077254.276:518): cwd="/home/some_user" +type=PATH msg=audit(1481077254.276:518): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.276:518): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=SYSCALL msg=audit(1481077267.546:519): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1420 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077267.546:519): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077267.546:519): cwd="/" +type=PATH msg=audit(1481077267.546:519): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077267.546:519): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077267.553:520): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077267.553:520): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077267.553:520): cwd="/" +type=PATH msg=audit(1481077267.553:520): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077267.553:520): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077267.557:521): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e7e880 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077267.557:521): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077267.557:521): cwd="/" +type=PATH msg=audit(1481077267.557:521): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077267.557:521): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077267.561:522): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077267.561:522): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077267.561:522): cwd="/" +type=PATH msg=audit(1481077267.561:522): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077267.561:522): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=g +type=USER_END msg=audit(1481077275.343:523): pid=1382 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481077275.343:524): pid=1382 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481077278.176:525): arch=c000003e syscall=59 success=yes exit=0 a0=a32d70 a1=a2db60 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1425 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077278.176:525): argc=2 a0="vim" a1="audit.yaml" +type=CWD msg=audit(1481077278.176:525): cwd="/home/some_user" +type=PATH msg=audit(1481077278.176:525): item=0 name="/usr/bin/vim" inode=196663 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077278.176:525): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077292.487:526): arch=c000003e syscall=59 success=no exit=-2 a0=134a2c0 a1=132e110 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077292.487:526): cwd="/" +type=PATH msg=audit(1481077292.487:526): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077292.487:527): arch=c000003e syscall=59 success=no exit=-2 a0=134a2c0 a1=126f4b0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077292.487:527): cwd="/" +type=PATH msg=audit(1481077292.487:527): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077292.487:528): arch=c000003e syscall=59 success=yes exit=0 a0=134a2c0 a1=10d45a0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077292.487:528): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077292.487:528): cwd="/" +type=PATH msg=audit(1481077292.487:528): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077292.487:528): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077308.360:529): arch=c000003e syscall=59 success=yes exit=0 a0=a30250 a1=a35ae0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1427 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481077308.360:529): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481077308.360:529): argc=4 a0="sudo" a1="./go-audit" a2="-config" a3="audit.yaml" +type=CWD msg=audit(1481077308.360:529): cwd="/home/some_user" +type=PATH msg=audit(1481077308.360:529): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077308.360:529): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481077308.366:530): pid=1427 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=2E2F676F2D6175646974202D636F6E6669672061756469742E79616D6C terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481077308.367:531): pid=1427 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481077308.368:532): pid=1427 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481077308.371:533): arch=c000003e syscall=59 success=yes exit=0 a0=7fb905da05d8 a1=7fb905da5d38 a2=7fb905da9ad0 a3=6 items=1 ppid=1427 pid=1428 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="go-audit" exe="/home/some_user/go-audit" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077308.371:533): argc=3 a0="./go-audit" a1="-config" a2="audit.yaml" +type=CWD msg=audit(1481077308.371:533): cwd="/home/some_user" +type=PATH msg=audit(1481077308.371:533): item=0 name="./go-audit" inode=33600792 dev=08:01 mode=0100755 ouid=1000 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077308.376:534): arch=c000003e syscall=59 success=yes exit=0 a0=c42011e580 a1=c4200a7a80 a2=c420064240 a3=0 items=2 ppid=1428 pid=1431 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077308.376:534): argc=2 a0="auditctl" a1="-D" +type=CWD msg=audit(1481077308.376:534): cwd="/home/some_user" +type=PATH msg=audit(1481077308.376:534): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077308.376:534): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077308.377:535): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="remove_rule" key=(null) list=4 res=1 +type=CONFIG_CHANGE msg=audit(1481077308.377:536): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="remove_rule" key=(null) list=4 res=1 +type=CONFIG_CHANGE msg=audit(1481077308.378:537): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481077308.378:538): arch=c000003e syscall=59 success=yes exit=0 a0=c42011e890 a1=c42003cb40 a2=c420064480 a3=0 items=2 ppid=1428 pid=1436 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077308.378:538): argc=7 a0="auditctl" a1="-a" a2="exit,always" a3="-F" a4="arch=b32" a5="-S" a6="execve" +type=CWD msg=audit(1481077308.378:538): cwd="/home/some_user" +type=PATH msg=audit(1481077308.378:538): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077308.378:538): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077308.379:539): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481077308.379:540): arch=c000003e syscall=59 success=yes exit=0 a0=c42011ea10 a1=c4200a7fe0 a2=c4200645a0 a3=0 items=2 ppid=1428 pid=1438 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077308.379:540): argc=3 a0="auditctl" a1="-e" a2="1" +type=CWD msg=audit(1481077308.379:540): cwd="/home/some_user" +type=PATH msg=audit(1481077308.379:540): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077308.379:540): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077308.379:541): audit_enabled=1 old=1 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=1 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077317.921:542): arch=c000003e syscall=59 success=yes exit=0 a0=21fb380 a1=21fd630 a2=21fffd0 a3=7ffd20e9c940 items=1 ppid=1401 pid=1441 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="go-audit" exe="/home/some_user/go-audit" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077317.921:542): argc=2 a0="./go-audit" a1="-h" +type=CWD msg=audit(1481077317.921:542): cwd="/home/some_user" +type=PATH msg=audit(1481077317.921:542): item=0 name="./go-audit" inode=33600792 dev=08:01 mode=0100755 ouid=1000 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077334.297:543): arch=c000003e syscall=59 success=yes exit=0 a0=21fd7f0 a1=21fba60 a2=21fffd0 a3=7ffd20e9c940 items=2 ppid=1401 pid=1444 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481077334.297:543): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481077334.297:543): argc=2 a0="sudo" a1="su" +type=CWD msg=audit(1481077334.297:543): cwd="/home/some_user" +type=PATH msg=audit(1481077334.297:543): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.297:543): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481077334.302:544): pid=1444 uid=1000 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd="su" terminal=pts/1 res=success' +type=CRED_ACQ msg=audit(1481077334.302:545): pid=1444 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1481077334.303:546): pid=1444 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success' +type=SYSCALL msg=audit(1481077334.304:547): arch=c000003e syscall=59 success=yes exit=0 a0=7f683953a5d8 a1=7f683953fd38 a2=7f6839543a90 a3=6 items=2 ppid=1444 pid=1445 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="su" exe="/usr/bin/su" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.304:547): argc=1 a0="su" +type=CWD msg=audit(1481077334.304:547): cwd="/home/some_user" +type=PATH msg=audit(1481077334.304:547): item=0 name="/bin/su" inode=5026 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:su_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.304:547): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_AUTH msg=audit(1481077334.322:548): pid=1445 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success' +type=USER_ACCT msg=audit(1481077334.323:549): pid=1445 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_succeed_if acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success' +type=CRED_ACQ msg=audit(1481077334.323:550): pid=1445 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success' +type=USER_START msg=audit(1481077334.329:551): pid=1445 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success' +type=SYSCALL msg=audit(1481077334.330:552): arch=c000003e syscall=59 success=yes exit=0 a0=7f6305e237d0 a1=7f6305e41300 a2=7f6305e41260 a3=2 items=2 ppid=1445 pid=1446 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.330:552): argc=1 a0="bash" +type=CWD msg=audit(1481077334.330:552): cwd="/home/some_user" +type=PATH msg=audit(1481077334.330:552): item=0 name="/bin/bash" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.330:552): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.334:553): arch=c000003e syscall=59 success=yes exit=0 a0=17189c0 a1=1718050 a2=1717320 a3=7ffcb116f5f0 items=3 ppid=1446 pid=1447 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="grepconf.sh" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.334:553): argc=3 a0="/bin/sh" a1="/usr/libexec/grepconf.sh" a2="-c" +type=CWD msg=audit(1481077334.334:553): cwd="/home/some_user" +type=PATH msg=audit(1481077334.334:553): item=0 name="/usr/libexec/grepconf.sh" inode=16779035 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.334:553): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.334:553): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.335:554): arch=c000003e syscall=59 success=yes exit=0 a0=1389770 a1=1387cc0 a2=13870b0 a3=7ffdff49a5c0 items=2 ppid=1447 pid=1448 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.335:554): argc=4 a0="grep" a1="-qsi" a2="^COLOR.*none" a3="/etc/GREP_COLORS" +type=CWD msg=audit(1481077334.335:554): cwd="/home/some_user" +type=PATH msg=audit(1481077334.335:554): item=0 name="/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.335:554): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.336:555): arch=c000003e syscall=59 success=yes exit=0 a0=172df20 a1=172e100 a2=1717320 a3=7ffcb116e6c0 items=2 ppid=1449 pid=1450 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="tty" exe="/usr/bin/tty" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.336:555): argc=2 a0="/usr/bin/tty" a1="-s" +type=CWD msg=audit(1481077334.336:555): cwd="/home/some_user" +type=PATH msg=audit(1481077334.336:555): item=0 name="/usr/bin/tty" inode=4775 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.336:555): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.337:556): arch=c000003e syscall=59 success=yes exit=0 a0=172e020 a1=172e0c0 a2=1717320 a3=7ffcb116e6c0 items=2 ppid=1449 pid=1451 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="tput" exe="/usr/bin/tput" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.337:556): argc=2 a0="/usr/bin/tput" a1="colors" +type=CWD msg=audit(1481077334.337:556): cwd="/home/some_user" +type=PATH msg=audit(1481077334.337:556): item=0 name="/usr/bin/tput" inode=4609 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.337:556): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.338:557): arch=c000003e syscall=59 success=yes exit=0 a0=172d260 a1=1718330 a2=1717320 a3=7ffcb116ec10 items=2 ppid=1452 pid=1453 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="dircolors" exe="/usr/bin/dircolors" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.338:557): argc=3 a0="/usr/bin/dircolors" a1="--sh" a2="/etc/DIR_COLORS.256color" +type=CWD msg=audit(1481077334.338:557): cwd="/home/some_user" +type=PATH msg=audit(1481077334.338:557): item=0 name="/usr/bin/dircolors" inode=4703 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.338:557): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.339:558): arch=c000003e syscall=59 success=yes exit=0 a0=1717c80 a1=172d200 a2=172ced0 a3=7ffcb116f3f0 items=2 ppid=1446 pid=1454 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.339:558): argc=4 a0="/usr/bin/grep" a1="-qi" a2="^COLOR.*none" a3="/etc/DIR_COLORS.256color" +type=CWD msg=audit(1481077334.339:558): cwd="/home/some_user" +type=PATH msg=audit(1481077334.339:558): item=0 name="/usr/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.339:558): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.341:559): arch=c000003e syscall=59 success=yes exit=0 a0=172f220 a1=172e1b0 a2=172ced0 a3=7ffcb116ed30 items=2 ppid=1455 pid=1456 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.341:559): argc=2 a0="/usr/bin/id" a1="-u" +type=CWD msg=audit(1481077334.341:559): cwd="/home/some_user" +type=PATH msg=audit(1481077334.341:559): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.341:559): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077336.705:560): arch=c000003e syscall=59 success=yes exit=0 a0=1715420 a1=17182e0 a2=172ced0 a3=7ffcb1170ad0 items=1 ppid=1446 pid=1457 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="go-audit" exe="/home/some_user/go-audit" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077336.705:560): argc=2 a0="./go-audit" a1="-h" +type=CWD msg=audit(1481077336.705:560): cwd="/home/some_user" +type=PATH msg=audit(1481077336.705:560): item=0 name="./go-audit" inode=33600792 dev=08:01 mode=0100755 ouid=1000 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077352.504:561): arch=c000003e syscall=59 success=no exit=-2 a0=11eb200 a1=11d6480 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077352.504:561): cwd="/" +type=PATH msg=audit(1481077352.504:561): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077352.504:562): arch=c000003e syscall=59 success=no exit=-2 a0=11eb200 a1=f76340 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077352.504:562): cwd="/" +type=PATH msg=audit(1481077352.504:562): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077352.504:563): arch=c000003e syscall=59 success=yes exit=0 a0=11eb200 a1=132e110 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077352.504:563): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077352.504:563): cwd="/" +type=PATH msg=audit(1481077352.504:563): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077352.504:563): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077356.580:564): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1e97ef0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077356.580:564): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077356.580:564): cwd="/" +type=PATH msg=audit(1481077356.580:564): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077356.580:564): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077356.585:565): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1e97ef0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077356.585:565): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077356.585:565): cwd="/" +type=PATH msg=audit(1481077356.585:565): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077356.585:565): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077356.590:566): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1e9c500 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077356.590:566): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077356.590:566): cwd="/" +type=PATH msg=audit(1481077356.590:566): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077356.590:566): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077356.593:567): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e9f8a0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1464 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077356.593:567): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077356.593:567): cwd="/" +type=PATH msg=audit(1481077356.593:567): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077356.593:567): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077412.521:568): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=13361a0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077412.521:568): cwd="/" +type=PATH msg=audit(1481077412.521:568): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077412.521:569): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=13361a0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077412.521:569): cwd="/" +type=PATH msg=audit(1481077412.521:569): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077412.521:570): arch=c000003e syscall=59 success=yes exit=0 a0=12c6d90 a1=13361a0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077412.521:570): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077412.521:570): cwd="/" +type=PATH msg=audit(1481077412.521:570): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077412.521:570): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077445.611:571): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e7e880 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1466 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077445.611:571): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077445.611:571): cwd="/" +type=PATH msg=audit(1481077445.611:571): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077445.611:571): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077445.615:572): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e7e880 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1467 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077445.615:572): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077445.615:572): cwd="/" +type=PATH msg=audit(1481077445.615:572): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077445.615:572): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077445.619:573): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e9b330 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1468 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077445.619:573): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077445.619:573): cwd="/" +type=PATH msg=audit(1481077445.619:573): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077445.619:573): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077445.622:574): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e7e880 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1469 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077445.622:574): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077445.622:574): cwd="/" +type=PATH msg=audit(1481077445.622:574): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077445.622:574): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077472.536:575): arch=c000003e syscall=59 success=no exit=-2 a0=1054ab0 a1=13bb240 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077472.536:575): cwd="/" +type=PATH msg=audit(1481077472.536:575): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077472.536:576): arch=c000003e syscall=59 success=no exit=-2 a0=1054ab0 a1=13bb240 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077472.536:576): cwd="/" +type=PATH msg=audit(1481077472.536:576): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077472.536:577): arch=c000003e syscall=59 success=yes exit=0 a0=1054ab0 a1=13bb240 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077472.536:577): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077472.536:577): cwd="/" +type=PATH msg=audit(1481077472.536:577): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077472.536:577): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077532.552:578): arch=c000003e syscall=59 success=no exit=-2 a0=1184a10 a1=13934c0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077532.552:578): cwd="/" +type=PATH msg=audit(1481077532.552:578): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077532.552:579): arch=c000003e syscall=59 success=no exit=-2 a0=1184a10 a1=13934c0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077532.552:579): cwd="/" +type=PATH msg=audit(1481077532.552:579): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077532.552:580): arch=c000003e syscall=59 success=yes exit=0 a0=1184a10 a1=13934c0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077532.552:580): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077532.552:580): cwd="/" +type=PATH msg=audit(1481077532.552:580): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077532.552:580): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077534.641:581): arch=c000003e syscall=59 success=yes exit=0 a0=1e9ed80 a1=1e9b330 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1472 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077534.641:581): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077534.641:581): cwd="/" +type=PATH msg=audit(1481077534.641:581): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077534.641:581): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077534.645:582): arch=c000003e syscall=59 success=yes exit=0 a0=1e9ed80 a1=1e9b330 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077534.645:582): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077534.645:582): cwd="/" +type=PATH msg=audit(1481077534.645:582): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077534.645:582): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077534.648:583): arch=c000003e syscall=59 success=yes exit=0 a0=1e9a3c0 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077534.648:583): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077534.648:583): cwd="/" +type=PATH msg=audit(1481077534.648:583): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077534.648:583): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077534.652:584): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e9ed80 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077534.652:584): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077534.652:584): cwd="/" +type=PATH msg=audit(1481077534.652:584): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077534.652:584): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077592.568:585): arch=c000003e syscall=59 success=no exit=-2 a0=1330170 a1=1259340 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077592.568:585): cwd="/" +type=PATH msg=audit(1481077592.568:585): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077592.568:586): arch=c000003e syscall=59 success=no exit=-2 a0=1330170 a1=1259340 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077592.568:586): cwd="/" +type=PATH msg=audit(1481077592.568:586): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077592.568:587): arch=c000003e syscall=59 success=yes exit=0 a0=1330170 a1=1259340 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077592.568:587): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077592.568:587): cwd="/" +type=PATH msg=audit(1481077592.568:587): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077592.568:587): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077623.670:588): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e9a3c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1477 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077623.670:588): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077623.670:588): cwd="/" +type=PATH msg=audit(1481077623.670:588): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077623.670:588): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077623.674:589): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e9a3c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077623.674:589): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077623.674:589): cwd="/" +type=PATH msg=audit(1481077623.674:589): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077623.674:589): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077623.678:590): arch=c000003e syscall=59 success=yes exit=0 a0=1ea1660 a1=1e9b1f0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1479 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077623.678:590): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077623.678:590): cwd="/" +type=PATH msg=audit(1481077623.678:590): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077623.678:590): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077623.681:591): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b1f0 a1=1d54cd0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077623.681:591): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077623.681:591): cwd="/" +type=PATH msg=audit(1481077623.681:591): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077623.681:591): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077652.584:592): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=12c9cb0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077652.584:592): cwd="/" +type=PATH msg=audit(1481077652.584:592): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077652.585:593): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=12c9cb0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077652.585:593): cwd="/" +type=PATH msg=audit(1481077652.585:593): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077652.585:594): arch=c000003e syscall=59 success=yes exit=0 a0=12c6d90 a1=12c9cb0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077652.585:594): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077652.585:594): cwd="/" +type=PATH msg=audit(1481077652.585:594): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077652.585:594): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=USER_END msg=audit(1481077706.089:595): pid=1427 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481077706.089:596): pid=1427 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481077708.279:597): arch=c000003e syscall=59 success=yes exit=0 a0=a35a40 a1=a35ad0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1482 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077708.279:597): argc=2 a0="vim" a1="audit.yaml" +type=CWD msg=audit(1481077708.279:597): cwd="/home/some_user" +type=PATH msg=audit(1481077708.279:597): item=0 name="/usr/bin/vim" inode=196663 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077708.279:597): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.602:598): arch=c000003e syscall=59 success=no exit=-2 a0=13a3350 a1=133b250 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077712.602:598): cwd="/" +type=PATH msg=audit(1481077712.602:598): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077712.602:599): arch=c000003e syscall=59 success=no exit=-2 a0=13a3350 a1=133b250 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077712.602:599): cwd="/" +type=PATH msg=audit(1481077712.602:599): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077712.602:600): arch=c000003e syscall=59 success=yes exit=0 a0=13a3350 a1=133b250 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.602:600): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077712.602:600): cwd="/" +type=PATH msg=audit(1481077712.602:600): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.602:600): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.699:601): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b1f0 a1=1ea39a0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.699:601): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077712.699:601): cwd="/" +type=PATH msg=audit(1481077712.699:601): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.699:601): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.703:602): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b1f0 a1=1ea39a0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.703:602): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077712.703:602): cwd="/" +type=PATH msg=audit(1481077712.703:602): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.703:602): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.707:603): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1e9b330 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1486 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.707:603): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077712.707:603): cwd="/" +type=PATH msg=audit(1481077712.707:603): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.707:603): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.710:604): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1ce24c0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.710:604): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077712.710:604): cwd="/" +type=PATH msg=audit(1481077712.710:604): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.710:604): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077772.619:605): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=11849b0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077772.619:605): cwd="/" +type=PATH msg=audit(1481077772.619:605): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077772.619:606): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=11849b0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077772.619:606): cwd="/" +type=PATH msg=audit(1481077772.619:606): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077772.619:607): arch=c000003e syscall=59 success=yes exit=0 a0=12c6d90 a1=11849b0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077772.619:607): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077772.619:607): cwd="/" +type=PATH msg=audit(1481077772.619:607): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077772.619:607): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077801.729:608): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1489 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077801.729:608): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077801.729:608): cwd="/" +type=PATH msg=audit(1481077801.729:608): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077801.729:608): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077801.733:609): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1490 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077801.733:609): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077801.733:609): cwd="/" +type=PATH msg=audit(1481077801.733:609): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077801.733:609): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077801.737:610): arch=c000003e syscall=59 success=yes exit=0 a0=1d65350 a1=1d50010 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077801.737:610): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077801.737:610): cwd="/" +type=PATH msg=audit(1481077801.737:610): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077801.737:610): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077801.740:611): arch=c000003e syscall=59 success=yes exit=0 a0=1d50010 a1=1d53010 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077801.740:611): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077801.740:611): cwd="/" +type=PATH msg=audit(1481077801.740:611): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077801.740:611): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077832.635:612): arch=c000003e syscall=59 success=no exit=-2 a0=10dae20 a1=1338d40 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077832.635:612): cwd="/" +type=PATH msg=audit(1481077832.635:612): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077832.635:613): arch=c000003e syscall=59 success=no exit=-2 a0=10dae20 a1=1338d40 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077832.635:613): cwd="/" +type=PATH msg=audit(1481077832.635:613): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077832.635:614): arch=c000003e syscall=59 success=yes exit=0 a0=10dae20 a1=1338d40 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077832.635:614): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077832.635:614): cwd="/" +type=PATH msg=audit(1481077832.635:614): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077832.635:614): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077889.545:615): arch=c000003e syscall=59 success=yes exit=0 a0=7f9dcde12c60 a1=7f9dcddc50e0 a2=7f9dcddc21c0 a3=2 items=2 ppid=1 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-tmpfile" exe="/usr/bin/systemd-tmpfiles" subj=system_u:system_r:systemd_tmpfiles_t:s0 key=(null) +type=EXECVE msg=audit(1481077889.545:615): argc=2 a0="/usr/bin/systemd-tmpfiles" a1="--clean" +type=CWD msg=audit(1481077889.545:615): cwd="/" +type=PATH msg=audit(1481077889.545:615): item=0 name="/usr/bin/systemd-tmpfiles" inode=11160 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_tmpfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077889.545:615): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SERVICE_START msg=audit(1481077889.581:616): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481077889.581:617): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SYSCALL msg=audit(1481077890.759:618): arch=c000003e syscall=59 success=yes exit=0 a0=1d074b0 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077890.759:618): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077890.759:618): cwd="/" +type=PATH msg=audit(1481077890.759:618): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077890.759:618): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077890.765:619): arch=c000003e syscall=59 success=yes exit=0 a0=1d074b0 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077890.765:619): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077890.765:619): cwd="/" +type=PATH msg=audit(1481077890.765:619): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077890.765:619): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077890.769:620): arch=c000003e syscall=59 success=yes exit=0 a0=1d65350 a1=1e79ef0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1498 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077890.769:620): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077890.769:620): cwd="/" +type=PATH msg=audit(1481077890.769:620): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077890.769:620): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077890.772:621): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1d50010 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1499 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077890.772:621): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077890.772:621): cwd="/" +type=PATH msg=audit(1481077890.772:621): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077890.772:621): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077892.652:622): arch=c000003e syscall=59 success=no exit=-2 a0=11eb1c0 a1=13bd560 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077892.652:622): cwd="/" +type=PATH msg=audit(1481077892.652:622): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077892.652:623): arch=c000003e syscall=59 success=no exit=-2 a0=11eb1c0 a1=13bd560 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077892.652:623): cwd="/" +type=PATH msg=audit(1481077892.652:623): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077892.652:624): arch=c000003e syscall=59 success=yes exit=0 a0=11eb1c0 a1=13bd560 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077892.652:624): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077892.652:624): cwd="/" +type=PATH msg=audit(1481077892.652:624): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077892.652:624): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077952.668:625): arch=c000003e syscall=59 success=no exit=-2 a0=10dae20 a1=125b320 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077952.668:625): cwd="/" +type=PATH msg=audit(1481077952.668:625): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077952.668:626): arch=c000003e syscall=59 success=no exit=-2 a0=10dae20 a1=125b320 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077952.668:626): cwd="/" +type=PATH msg=audit(1481077952.668:626): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077952.668:627): arch=c000003e syscall=59 success=yes exit=0 a0=10dae20 a1=125b320 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077952.668:627): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077952.668:627): cwd="/" +type=PATH msg=audit(1481077952.668:627): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077952.668:627): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077979.791:628): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1ea39a0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077979.791:628): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077979.791:628): cwd="/" +type=PATH msg=audit(1481077979.791:628): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077979.791:628): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077979.795:629): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1ea39a0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077979.795:629): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077979.795:629): cwd="/" +type=PATH msg=audit(1481077979.795:629): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077979.795:629): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077979.799:630): arch=c000003e syscall=59 success=yes exit=0 a0=1d65350 a1=1e79ef0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1504 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077979.799:630): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077979.799:630): cwd="/" +type=PATH msg=audit(1481077979.799:630): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077979.799:630): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077979.802:631): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1ea7f60 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077979.802:631): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077979.802:631): cwd="/" +type=PATH msg=audit(1481077979.802:631): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077979.802:631): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078012.684:632): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=134dc40 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078012.684:632): cwd="/" +type=PATH msg=audit(1481078012.684:632): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078012.684:633): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=134dc40 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078012.684:633): cwd="/" +type=PATH msg=audit(1481078012.684:633): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078012.684:634): arch=c000003e syscall=59 success=yes exit=0 a0=12c6d90 a1=134dc40 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078012.684:634): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078012.684:634): cwd="/" +type=PATH msg=audit(1481078012.684:634): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078012.684:634): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078068.821:635): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e938e0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078068.821:635): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078068.821:635): cwd="/" +type=PATH msg=audit(1481078068.821:635): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078068.821:635): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078068.825:636): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e938e0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1508 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078068.825:636): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078068.825:636): cwd="/" +type=PATH msg=audit(1481078068.825:636): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078068.825:636): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078068.829:637): arch=c000003e syscall=59 success=yes exit=0 a0=1ea39a0 a1=1ce5cc0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078068.829:637): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078068.829:637): cwd="/" +type=PATH msg=audit(1481078068.829:637): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078068.829:637): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078068.832:638): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1d65350 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1510 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078068.832:638): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078068.832:638): cwd="/" +type=PATH msg=audit(1481078068.832:638): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078068.832:638): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078072.700:639): arch=c000003e syscall=59 success=no exit=-2 a0=13a3350 a1=13bd560 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078072.700:639): cwd="/" +type=PATH msg=audit(1481078072.700:639): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078072.700:640): arch=c000003e syscall=59 success=no exit=-2 a0=13a3350 a1=13bd560 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078072.700:640): cwd="/" +type=PATH msg=audit(1481078072.700:640): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078072.700:641): arch=c000003e syscall=59 success=yes exit=0 a0=13a3350 a1=13bd560 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078072.700:641): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078072.700:641): cwd="/" +type=PATH msg=audit(1481078072.700:641): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078072.700:641): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078132.715:642): arch=c000003e syscall=59 success=no exit=-2 a0=134a2c0 a1=125b320 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078132.715:642): cwd="/" +type=PATH msg=audit(1481078132.715:642): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078132.715:643): arch=c000003e syscall=59 success=no exit=-2 a0=134a2c0 a1=125b320 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078132.715:643): cwd="/" +type=PATH msg=audit(1481078132.715:643): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078132.715:644): arch=c000003e syscall=59 success=yes exit=0 a0=134a2c0 a1=125b320 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078132.715:644): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078132.715:644): cwd="/" +type=PATH msg=audit(1481078132.715:644): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078132.715:644): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078157.850:645): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078157.850:645): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078157.850:645): cwd="/" +type=PATH msg=audit(1481078157.850:645): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078157.850:645): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078157.854:646): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078157.854:646): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078157.854:646): cwd="/" +type=PATH msg=audit(1481078157.854:646): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078157.854:646): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078157.858:647): arch=c000003e syscall=59 success=yes exit=0 a0=1e9a580 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078157.858:647): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078157.858:647): cwd="/" +type=PATH msg=audit(1481078157.858:647): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078157.858:647): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078157.862:648): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e938e0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078157.862:648): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078157.862:648): cwd="/" +type=PATH msg=audit(1481078157.862:648): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078157.862:648): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078192.730:649): arch=c000003e syscall=59 success=no exit=-2 a0=134a930 a1=13c8730 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078192.730:649): cwd="/" +type=PATH msg=audit(1481078192.730:649): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078192.730:650): arch=c000003e syscall=59 success=no exit=-2 a0=134a930 a1=13c8730 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078192.730:650): cwd="/" +type=PATH msg=audit(1481078192.730:650): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078192.730:651): arch=c000003e syscall=59 success=yes exit=0 a0=134a930 a1=13c8730 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078192.730:651): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078192.730:651): cwd="/" +type=PATH msg=audit(1481078192.730:651): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078192.730:651): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078246.880:652): arch=c000003e syscall=59 success=yes exit=0 a0=1ea39a0 a1=1e95970 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1518 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078246.880:652): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078246.880:652): cwd="/" +type=PATH msg=audit(1481078246.880:652): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078246.880:652): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078246.884:653): arch=c000003e syscall=59 success=yes exit=0 a0=1ea39a0 a1=1e95970 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1519 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078246.884:653): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078246.884:653): cwd="/" +type=PATH msg=audit(1481078246.884:653): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078246.884:653): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078246.888:654): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e22b30 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1520 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078246.888:654): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078246.888:654): cwd="/" +type=PATH msg=audit(1481078246.888:654): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078246.888:654): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078246.891:655): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1521 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078246.891:655): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078246.891:655): cwd="/" +type=PATH msg=audit(1481078246.891:655): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078246.891:655): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078252.745:656): arch=c000003e syscall=59 success=no exit=-2 a0=126cbc0 a1=13c8730 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078252.745:656): cwd="/" +type=PATH msg=audit(1481078252.745:656): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078252.745:657): arch=c000003e syscall=59 success=no exit=-2 a0=126cbc0 a1=13c8730 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078252.745:657): cwd="/" +type=PATH msg=audit(1481078252.745:657): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078252.745:658): arch=c000003e syscall=59 success=yes exit=0 a0=126cbc0 a1=13c8730 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078252.745:658): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078252.745:658): cwd="/" +type=PATH msg=audit(1481078252.745:658): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078252.745:658): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078312.761:659): arch=c000003e syscall=59 success=no exit=-2 a0=134dca0 a1=12cddf0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078312.761:659): cwd="/" +type=PATH msg=audit(1481078312.761:659): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078312.761:660): arch=c000003e syscall=59 success=no exit=-2 a0=134dca0 a1=12cddf0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078312.761:660): cwd="/" +type=PATH msg=audit(1481078312.761:660): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078312.761:661): arch=c000003e syscall=59 success=yes exit=0 a0=134dca0 a1=12cddf0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078312.761:661): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078312.761:661): cwd="/" +type=PATH msg=audit(1481078312.761:661): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078312.761:661): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078335.910:662): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1e96d00 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1524 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078335.910:662): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078335.910:662): cwd="/" +type=PATH msg=audit(1481078335.910:662): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078335.910:662): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078335.914:663): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1e96d00 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1525 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078335.914:663): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078335.914:663): cwd="/" +type=PATH msg=audit(1481078335.914:663): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078335.914:663): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078335.917:664): arch=c000003e syscall=59 success=yes exit=0 a0=1ea39a0 a1=1e95970 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1526 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078335.917:664): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078335.917:664): cwd="/" +type=PATH msg=audit(1481078335.917:664): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078335.917:664): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078335.921:665): arch=c000003e syscall=59 success=yes exit=0 a0=1e95970 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1527 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078335.921:665): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078335.921:665): cwd="/" +type=PATH msg=audit(1481078335.921:665): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078335.921:665): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078372.776:666): arch=c000003e syscall=59 success=no exit=-2 a0=1394bf0 a1=13977b0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078372.776:666): cwd="/" +type=PATH msg=audit(1481078372.776:666): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078372.776:667): arch=c000003e syscall=59 success=no exit=-2 a0=1394bf0 a1=13977b0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078372.776:667): cwd="/" +type=PATH msg=audit(1481078372.776:667): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078372.776:668): arch=c000003e syscall=59 success=yes exit=0 a0=1394bf0 a1=13977b0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078372.776:668): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078372.776:668): cwd="/" +type=PATH msg=audit(1481078372.776:668): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078372.776:668): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078413.210:669): arch=c000003e syscall=59 success=yes exit=0 a0=a2ee20 a1=a340b0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1529 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078413.210:669): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078413.210:669): argc=4 a0="sudo" a1="./go-audit" a2="-config" a3="audit.yaml" +type=CWD msg=audit(1481078413.210:669): cwd="/home/some_user" +type=PATH msg=audit(1481078413.210:669): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.210:669): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078413.216:670): pid=1529 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=2E2F676F2D6175646974202D636F6E6669672061756469742E79616D6C terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078413.216:671): pid=1529 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078413.217:672): pid=1529 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078413.219:673): arch=c000003e syscall=59 success=yes exit=0 a0=7f80c28925d8 a1=7f80c2897d38 a2=7f80c289bad0 a3=6 items=1 ppid=1529 pid=1530 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="go-audit" exe="/home/some_user/go-audit" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.219:673): argc=3 a0="./go-audit" a1="-config" a2="audit.yaml" +type=CWD msg=audit(1481078413.219:673): cwd="/home/some_user" +type=PATH msg=audit(1481078413.219:673): item=0 name="./go-audit" inode=33600792 dev=08:01 mode=0100755 ouid=1000 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078413.223:674): arch=c000003e syscall=59 success=yes exit=0 a0=c42011e5c0 a1=c4200a7ae0 a2=c420064240 a3=0 items=2 ppid=1530 pid=1533 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.223:674): argc=2 a0="auditctl" a1="-D" +type=CWD msg=audit(1481078413.223:674): cwd="/home/some_user" +type=PATH msg=audit(1481078413.223:674): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.223:674): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481078413.223:675): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="remove_rule" key=(null) list=4 res=1 +type=CONFIG_CHANGE msg=audit(1481078413.223:676): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="remove_rule" key=(null) list=4 res=1 +type=CONFIG_CHANGE msg=audit(1481078413.224:677): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481078413.224:678): arch=c000003e syscall=59 success=yes exit=0 a0=c42011e8d0 a1=c42003cb80 a2=c420064480 a3=0 items=2 ppid=1530 pid=1538 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.224:678): argc=7 a0="auditctl" a1="-a" a2="exit,always" a3="-F" a4="arch=b32" a5="-S" a6="execve" +type=CWD msg=audit(1481078413.224:678): cwd="/home/some_user" +type=PATH msg=audit(1481078413.224:678): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.224:678): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481078413.225:679): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481078413.225:680): arch=c000003e syscall=59 success=yes exit=0 a0=c42011ea50 a1=c420120930 a2=c4200645a0 a3=0 items=2 ppid=1530 pid=1540 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.225:680): argc=5 a0="auditctl" a1="-a" a2="exit,always" a3="-S" a4="connect" +type=CWD msg=audit(1481078413.225:680): cwd="/home/some_user" +type=PATH msg=audit(1481078413.225:680): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.225:680): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481078413.226:681): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481078413.226:682): arch=c000003e syscall=59 success=yes exit=0 a0=c42011ebc0 a1=c4201261e0 a2=c4200646c0 a3=0 items=2 ppid=1530 pid=1542 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.226:682): argc=3 a0="auditctl" a1="-e" a2="1" +type=CWD msg=audit(1481078413.226:682): cwd="/home/some_user" +type=PATH msg=audit(1481078413.226:682): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.226:682): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481078413.227:683): audit_enabled=1 old=1 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=1 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078424.939:684): arch=c000003e syscall=59 success=yes exit=0 a0=1e98040 a1=1e215c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1546 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078424.939:684): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078424.939:684): cwd="/" +type=PATH msg=audit(1481078424.939:684): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078424.939:684): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078424.943:685): arch=c000003e syscall=59 success=yes exit=0 a0=1e98040 a1=1e215c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078424.943:685): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078424.943:685): cwd="/" +type=PATH msg=audit(1481078424.943:685): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078424.943:685): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078424.947:686): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1e96d00 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1548 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078424.947:686): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078424.947:686): cwd="/" +type=PATH msg=audit(1481078424.947:686): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078424.947:686): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078424.950:687): arch=c000003e syscall=59 success=yes exit=0 a0=1e96d00 a1=1e9a580 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1549 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078424.950:687): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078424.950:687): cwd="/" +type=PATH msg=audit(1481078424.950:687): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078424.950:687): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078424.953:688): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffeb9b2b770 a2=10 a3=fe items=0 ppid=1 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_accounts" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078424.953:688): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078430.028:689): arch=c000003e syscall=59 success=yes exit=0 a0=1718db0 a1=1714870 a2=172ced0 a3=7ffcb1170ad0 items=2 ppid=1446 pid=1550 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078430.028:689): argc=2 a0="curl" a1="elastic.co" +type=CWD msg=audit(1481078430.028:689): cwd="/home/some_user" +type=PATH msg=audit(1481078430.028:689): item=0 name="/bin/curl" inode=3961 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078430.028:689): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078430.068:690): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7efe1aab7610 a2=6e a3=7efe1aab7b20 items=1 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.068:690): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078430.068:690): cwd="/home/some_user" +type=PATH msg=audit(1481078430.068:690): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078430.068:691): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7efe1aab77a0 a2=6e a3=7efe1aab7b20 items=1 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.068:691): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078430.068:691): cwd="/home/some_user" +type=PATH msg=audit(1481078430.068:691): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078430.068:692): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe14000ac0 a2=10 a3=7efe1aab5ae0 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.068:692): saddr=02000035A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078430.127:693): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14001ec0 a2=1c a3=7efe1aab680c items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:693): saddr=0A000050000000002406DA00FF00000000000000171569CC00000000 +type=SYSCALL msg=audit(1481078430.127:694): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:694): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:695): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14001f20 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:695): saddr=0A000050000000002406DA00FF00000000000000B849AB0E00000000 +type=SYSCALL msg=audit(1481078430.127:696): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:696): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:697): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14001f80 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:697): saddr=0A000050000000002406DA00FF000000000000006B16F08600000000 +type=SYSCALL msg=audit(1481078430.127:698): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:698): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:699): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14001fe0 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:699): saddr=0A000050000000002406DA00FF00000000000000CCECD96C00000000 +type=SYSCALL msg=audit(1481078430.127:700): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:700): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:701): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14002040 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:701): saddr=0A000050000000002406DA00FF00000000000000171569C100000000 +type=SYSCALL msg=audit(1481078430.127:702): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:702): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:703): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe140020a0 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:703): saddr=0A000050000000002406DA00FF00000000000000B848DAB200000000 +type=SYSCALL msg=audit(1481078430.127:704): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:704): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:705): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe14002100 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:705): saddr=020000503418E8030000000000000000 +type=SYSCALL msg=audit(1481078430.127:706): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:706): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:707): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe14002150 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:707): saddr=0200005023A0FE0E0000000000000000 +type=SYSCALL msg=audit(1481078430.127:708): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:708): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:709): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe140021a0 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:709): saddr=02000050342844160000000000000000 +type=SYSCALL msg=audit(1481078430.127:710): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:710): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:711): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe140021f0 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:711): saddr=020000503646B34B0000000000000000 +type=SYSCALL msg=audit(1481078430.128:712): arch=c000003e syscall=42 success=no exit=-115 a0=3 a1=7ffc2ebe3e70 a2=10 a3=7ffc2ebe3a90 items=0 ppid=1446 pid=1550 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.128:712): saddr=020000503418E8030000000000000000 +type=SYSCALL msg=audit(1481078432.792:713): arch=c000003e syscall=59 success=no exit=-2 a0=12593a0 a1=13ca3c0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078432.792:713): cwd="/" +type=PATH msg=audit(1481078432.792:713): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078432.792:714): arch=c000003e syscall=59 success=no exit=-2 a0=12593a0 a1=13ca3c0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078432.792:714): cwd="/" +type=PATH msg=audit(1481078432.792:714): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078432.792:715): arch=c000003e syscall=59 success=yes exit=0 a0=12593a0 a1=13ca3c0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078432.792:715): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078432.792:715): cwd="/" +type=PATH msg=audit(1481078432.792:715): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078432.792:715): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078432.794:716): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078432.794:716): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078432.896:717): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078432.896:717): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078432.896:717): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078432.896:717): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078433.320:718): arch=c000003e syscall=42 success=no exit=-115 a0=5 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078433.320:718): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078492.523:719): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7ff9fe0b9408 a2=10 a3=0 items=0 ppid=1 pid=1135 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078492.523:719): saddr=0200007BA9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078492.807:720): arch=c000003e syscall=59 success=no exit=-2 a0=134dca0 a1=13cb9a0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1553 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078492.807:720): cwd="/" +type=PATH msg=audit(1481078492.807:720): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078492.807:721): arch=c000003e syscall=59 success=no exit=-2 a0=134dca0 a1=13cb9a0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1553 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078492.807:721): cwd="/" +type=PATH msg=audit(1481078492.807:721): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078492.807:722): arch=c000003e syscall=59 success=yes exit=0 a0=134dca0 a1=13cb9a0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1553 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078492.807:722): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078492.807:722): cwd="/" +type=PATH msg=audit(1481078492.807:722): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078492.807:722): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078492.809:723): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078492.809:723): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078492.956:724): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078492.956:724): saddr=01007075626C69632F716D677200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078492.956:724): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078492.956:724): item=0 name="public/qmgr" inode=34151432 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078492.956:725): arch=c000003e syscall=42 success=yes exit=0 a0=1c a1=7ffc4d9dc980 a2=6e a3=7ffc4d9dc9f0 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078492.956:725): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078492.956:725): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078492.956:725): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078493.333:726): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078493.333:726): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078513.968:727): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e98040 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078513.968:727): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078513.968:727): cwd="/" +type=PATH msg=audit(1481078513.968:727): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078513.968:727): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078513.972:728): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e98040 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078513.972:728): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078513.972:728): cwd="/" +type=PATH msg=audit(1481078513.972:728): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078513.972:728): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078513.976:729): arch=c000003e syscall=59 success=yes exit=0 a0=1e215c0 a1=1e9ffb0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078513.976:729): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078513.976:729): cwd="/" +type=PATH msg=audit(1481078513.976:729): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078513.976:729): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078513.980:730): arch=c000003e syscall=59 success=yes exit=0 a0=1e9ffb0 a1=1e96d00 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078513.980:730): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078513.980:730): cwd="/" +type=PATH msg=audit(1481078513.980:730): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078513.980:730): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078513.983:731): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffeb9b2b770 a2=10 a3=fe items=0 ppid=1 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_accounts" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078513.983:731): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078552.823:732): arch=c000003e syscall=59 success=no exit=-2 a0=13c5290 a1=12d12f0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078552.823:732): cwd="/" +type=PATH msg=audit(1481078552.823:732): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078552.823:733): arch=c000003e syscall=59 success=no exit=-2 a0=13c5290 a1=12d12f0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078552.823:733): cwd="/" +type=PATH msg=audit(1481078552.823:733): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078552.823:734): arch=c000003e syscall=59 success=yes exit=0 a0=13c5290 a1=12d12f0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078552.823:734): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078552.823:734): cwd="/" +type=PATH msg=audit(1481078552.823:734): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078552.823:734): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078552.825:735): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078552.825:735): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078552.966:736): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078552.966:736): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078552.966:736): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078552.966:736): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078553.346:737): arch=c000003e syscall=42 success=no exit=-115 a0=5 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078553.346:737): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=USER_END msg=audit(1481078562.609:738): pid=1529 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078562.609:739): pid=1529 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078565.928:740): arch=c000003e syscall=59 success=yes exit=0 a0=a33280 a1=a30250 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078565.928:740): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078565.928:740): argc=4 a0="sudo" a1="systemctl" a2="stop" a3="auditd.service" +type=CWD msg=audit(1481078565.928:740): cwd="/home/some_user" +type=PATH msg=audit(1481078565.928:740): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078565.928:740): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.929:741): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffcda014d50 a2=6e a3=40 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.929:741): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078565.929:741): cwd="/home/some_user" +type=PATH msg=audit(1481078565.929:741): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078565.929:742): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffcda014ee0 a2=6e a3=40 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.929:742): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078565.929:742): cwd="/home/some_user" +type=PATH msg=audit(1481078565.929:742): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078565.931:743): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffcda015870 a2=6e a3=22 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.931:743): saddr=01002F7661722F72756E2F6E7363642F736F636B657400001000000000000000605A01DAFC7F0000205C01DAFC7F0000E09F240A8D7F00002F00000000000000D05E01DAFC7F00001000000000000000805C01DAFC7F0000F05801DAFC7F00000003000000000000E09F240A8D7F +type=CWD msg=audit(1481078565.931:743): cwd="/home/some_user" +type=PATH msg=audit(1481078565.931:743): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078565.931:744): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffcda015a00 a2=6e a3=22 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.931:744): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000EDA7240A8D7F0000FEA7240A8D7F000007A8240A8D7F000018A8240A8D7F000022A8240A8D7F000033A8240A8D7F00003DA8240A8D7F00004EA8240A8D7F000056A8240A8D7F00001800000030000000106101DAFC7F +type=CWD msg=audit(1481078565.931:744): cwd="/home/some_user" +type=PATH msg=audit(1481078565.931:744): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078565.932:745): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f8d08cf7740 a2=6e a3=68 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.932:745): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078565.932:745): cwd="/home/some_user" +type=PATH msg=audit(1481078565.932:745): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078565.932:746): pid=1559 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078565.932:747): pid=1559 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078565.933:748): pid=1559 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078565.934:749): arch=c000003e syscall=59 success=yes exit=0 a0=7f8d0a2505d8 a1=7f8d0a255d38 a2=7f8d0a259ad0 a3=6 items=2 ppid=1559 pid=1560 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078565.934:749): argc=3 a0="systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078565.934:749): cwd="/home/some_user" +type=PATH msg=audit(1481078565.934:749): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078565.934:749): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.937:750): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f0fe5855118 a2=16 a3=7fffb6ad3580 items=1 ppid=1559 pid=1560 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.937:750): saddr=01002F72756E2F73797374656D642F70726976617465 +type=CWD msg=audit(1481078565.937:750): cwd="/home/some_user" +type=PATH msg=audit(1481078565.937:750): item=0 name="/run/systemd/private" inode=10228 dev=00:13 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.940:751): arch=c000003e syscall=59 success=yes exit=0 a0=7f0fe447cbd8 a1=7fffb6ad34e0 a2=7fffb6ad3b68 a3=7fffb6ad36b0 items=2 ppid=1560 pid=1561 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078565.940:751): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078565.940:751): cwd="/home/some_user" +type=PATH msg=audit(1481078565.940:751): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078565.940:751): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.940:752): arch=c000003e syscall=59 success=yes exit=0 a0=7f0fe4472bee a1=7fffb6ad3460 a2=7fffb6ad3b68 a3=7fffb6ad3640 items=2 ppid=1560 pid=1562 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078565.940:752): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078565.940:752): cwd="/home/some_user" +type=PATH msg=audit(1481078565.940:752): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078565.940:752): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.948:753): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7ffe4bae1fa0 a2=6e a3=7ffe4bae1d20 items=1 ppid=1560 pid=1562 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.948:753): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078565.948:753): cwd="/home/some_user" +type=PATH msg=audit(1481078565.948:753): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=USER_END msg=audit(1481078565.960:754): pid=1559 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078565.960:755): pid=1559 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078569.392:756): arch=c000003e syscall=59 success=yes exit=0 a0=a302b0 a1=a37210 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078569.392:756): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078569.392:756): argc=5 a0="sudo" a1="sudo" a2="systemctl" a3="stop" a4="auditd.service" +type=CWD msg=audit(1481078569.392:756): cwd="/home/some_user" +type=PATH msg=audit(1481078569.392:756): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.392:756): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.392:757): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdf3190210 a2=6e a3=40 items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.392:757): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.392:757): cwd="/home/some_user" +type=PATH msg=audit(1481078569.392:757): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.392:758): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdf31903a0 a2=6e a3=40 items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.392:758): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.392:758): cwd="/home/some_user" +type=PATH msg=audit(1481078569.392:758): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.394:759): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffdf3190d30 a2=6e a3=22 items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.394:759): saddr=01002F7661722F72756E2F6E7363642F736F636B657400001000000000000000200F19F3FD7F0000E01019F3FD7F0000E0CFAD7E3A7F00002F00000000000000901319F3FD7F00001000000000000000401119F3FD7F0000B00D19F3FD7F00000003000000000000E0CFAD7E3A7F +type=CWD msg=audit(1481078569.394:759): cwd="/home/some_user" +type=PATH msg=audit(1481078569.394:759): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.394:760): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffdf3190ec0 a2=6e a3=22 items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.394:760): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000EDD7AD7E3A7F0000FED7AD7E3A7F000007D8AD7E3A7F000018D8AD7E3A7F000022D8AD7E3A7F000033D8AD7E3A7F00003DD8AD7E3A7F00004ED8AD7E3A7F000056D8AD7E3A7F00001800000030000000D01519F3FD7F +type=CWD msg=audit(1481078569.394:760): cwd="/home/some_user" +type=PATH msg=audit(1481078569.394:760): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.395:761): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f3a7c1d5740 a2=6e a3=6d items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.395:761): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.395:761): cwd="/home/some_user" +type=PATH msg=audit(1481078569.395:761): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078569.395:762): pid=1565 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=7375646F2073797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078569.396:763): pid=1565 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078569.396:764): pid=1565 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078569.397:765): arch=c000003e syscall=59 success=yes exit=0 a0=7f3a7eae35d8 a1=7f3a7eae8d38 a2=7f3a7eaecb40 a3=6 items=2 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078569.397:765): argc=4 a0="sudo" a1="systemctl" a2="stop" a3="auditd.service" +type=CWD msg=audit(1481078569.397:765): cwd="/home/some_user" +type=PATH msg=audit(1481078569.397:765): item=0 name="/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.397:765): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.398:766): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffed9c9eb10 a2=6e a3=40 items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.398:766): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.398:766): cwd="/home/some_user" +type=PATH msg=audit(1481078569.398:766): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.398:767): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffed9c9eca0 a2=6e a3=40 items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.398:767): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.398:767): cwd="/home/some_user" +type=PATH msg=audit(1481078569.398:767): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.400:768): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffed9c9f920 a2=6e a3=40 items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.400:768): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000D064DA2C297F000000FAC9D9FE7F0000F42C6836297F0000A000CAD9FE7F00001067DA2C297F0000F43DDB2C297F000000E8E265D57DBF3B482B6836297F0000050000000000000080F9FB2C297F0000F42C6836297F +type=CWD msg=audit(1481078569.400:768): cwd="/home/some_user" +type=PATH msg=audit(1481078569.400:768): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.400:769): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffed9c9fab0 a2=6e a3=ffffffffffffffff items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.400:769): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000000000000297F0000000000000000000000000000297F0000000000000000000000000000000000005E96931C000000008BAB9B34297F0000FFFFFFFF0000000040FBC9D9FE7F0000E8FAD933297F0000E8BFDA33297F +type=CWD msg=audit(1481078569.400:769): cwd="/home/some_user" +type=PATH msg=audit(1481078569.400:769): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.401:770): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f293415a740 a2=6e a3=65 items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.401:770): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.401:770): cwd="/home/some_user" +type=PATH msg=audit(1481078569.401:770): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078569.401:771): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078569.401:772): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078569.401:773): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078569.402:774): arch=c000003e syscall=59 success=yes exit=0 a0=7f293667d488 a1=7f2936682be8 a2=7f2936686880 a3=6 items=2 ppid=1566 pid=1567 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078569.402:774): argc=3 a0="systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078569.402:774): cwd="/home/some_user" +type=PATH msg=audit(1481078569.402:774): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.402:774): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.403:775): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7feab5a24118 a2=16 a3=7ffd87294b00 items=1 ppid=1566 pid=1567 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.403:775): saddr=01002F72756E2F73797374656D642F70726976617465 +type=CWD msg=audit(1481078569.403:775): cwd="/home/some_user" +type=PATH msg=audit(1481078569.403:775): item=0 name="/run/systemd/private" inode=10228 dev=00:13 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.404:776): arch=c000003e syscall=59 success=yes exit=0 a0=7feab407dbd8 a1=7ffd87294a60 a2=7ffd872950e8 a3=7ffd87294c30 items=2 ppid=1567 pid=1568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078569.404:776): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078569.404:776): cwd="/home/some_user" +type=PATH msg=audit(1481078569.404:776): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.404:776): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.405:777): arch=c000003e syscall=59 success=yes exit=0 a0=7feab4073bee a1=7ffd872949e0 a2=7ffd872950e8 a3=7ffd87294bc0 items=2 ppid=1567 pid=1569 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078569.405:777): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078569.405:777): cwd="/home/some_user" +type=PATH msg=audit(1481078569.405:777): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.405:777): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.407:778): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7ffc2bf2d1c0 a2=6e a3=7ffc2bf2cf40 items=1 ppid=1567 pid=1569 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.407:778): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.407:778): cwd="/home/some_user" +type=PATH msg=audit(1481078569.407:778): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=USER_END msg=audit(1481078569.413:779): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078569.413:780): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_END msg=audit(1481078569.414:781): pid=1565 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078569.414:782): pid=1565 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078575.368:783): arch=c000003e syscall=59 success=yes exit=0 a0=a302b0 a1=a35de0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078575.368:783): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078575.368:783): argc=4 a0="sudo" a1="systemctl" a2="stop" a3="auditd.service" +type=CWD msg=audit(1481078575.368:783): cwd="/home/some_user" +type=PATH msg=audit(1481078575.368:783): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078575.368:783): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.368:784): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdc4c2a690 a2=6e a3=40 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.368:784): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078575.368:784): cwd="/home/some_user" +type=PATH msg=audit(1481078575.368:784): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078575.368:785): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdc4c2a820 a2=6e a3=40 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.368:785): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078575.368:785): cwd="/home/some_user" +type=PATH msg=audit(1481078575.368:785): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078575.370:786): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffdc4c2b1b0 a2=6e a3=22 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.370:786): saddr=01002F7661722F72756E2F6E7363642F736F636B657400001000000000000000A0B3C2C4FD7F000060B5C2C4FD7F0000E09FFE27197F00002F0000000000000010B8C2C4FD7F00001000000000000000C0B5C2C4FD7F000030B2C2C4FD7F00000003000000000000E09FFE27197F +type=CWD msg=audit(1481078575.370:786): cwd="/home/some_user" +type=PATH msg=audit(1481078575.370:786): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078575.370:787): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffdc4c2b340 a2=6e a3=22 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.370:787): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000EDA7FE27197F0000FEA7FE27197F000007A8FE27197F000018A8FE27197F000022A8FE27197F000033A8FE27197F00003DA8FE27197F00004EA8FE27197F000056A8FE27197F0000180000003000000050BAC2C4FD7F +type=CWD msg=audit(1481078575.370:787): cwd="/home/some_user" +type=PATH msg=audit(1481078575.370:787): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078575.371:788): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f19257c9740 a2=6e a3=68 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.371:788): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078575.371:788): cwd="/home/some_user" +type=PATH msg=audit(1481078575.371:788): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078575.372:789): pid=1572 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078575.372:790): pid=1572 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078575.372:791): pid=1572 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078575.373:792): arch=c000003e syscall=59 success=yes exit=0 a0=7f1927ff05d8 a1=7f1927ff5d38 a2=7f1927ff9ad0 a3=6 items=2 ppid=1572 pid=1573 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078575.373:792): argc=3 a0="systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078575.373:792): cwd="/home/some_user" +type=PATH msg=audit(1481078575.373:792): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078575.373:792): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.374:793): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f8e5463b118 a2=16 a3=7ffe8d0b1a90 items=1 ppid=1572 pid=1573 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.374:793): saddr=01002F72756E2F73797374656D642F70726976617465 +type=CWD msg=audit(1481078575.374:793): cwd="/home/some_user" +type=PATH msg=audit(1481078575.374:793): item=0 name="/run/systemd/private" inode=10228 dev=00:13 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.375:794): arch=c000003e syscall=59 success=yes exit=0 a0=7f8e52829bd8 a1=7ffe8d0b19f0 a2=7ffe8d0b2078 a3=7ffe8d0b1bc0 items=2 ppid=1573 pid=1574 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078575.375:794): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078575.375:794): cwd="/home/some_user" +type=PATH msg=audit(1481078575.375:794): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078575.375:794): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.376:795): arch=c000003e syscall=59 success=yes exit=0 a0=7f8e5281fbee a1=7ffe8d0b1970 a2=7ffe8d0b2078 a3=7ffe8d0b1b50 items=2 ppid=1573 pid=1575 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078575.376:795): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078575.376:795): cwd="/home/some_user" +type=PATH msg=audit(1481078575.376:795): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078575.376:795): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.378:796): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7fff31c7c520 a2=6e a3=7fff31c7c2a0 items=1 ppid=1573 pid=1575 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.378:796): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078575.378:796): cwd="/home/some_user" +type=PATH msg=audit(1481078575.378:796): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=USER_END msg=audit(1481078575.384:797): pid=1572 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078575.384:798): pid=1572 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078582.640:799): arch=c000003e syscall=59 success=yes exit=0 a0=a30aa0 a1=a377f0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1578 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078582.640:799): argc=2 a0="systemctl" a1="list" +type=CWD msg=audit(1481078582.640:799): cwd="/home/some_user" +type=PATH msg=audit(1481078582.640:799): item=0 name="/usr/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078582.640:799): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078582.640:800): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f73106aa118 a2=21 a3=7fffb6b46b20 items=1 ppid=1343 pid=1578 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078582.640:800): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078582.640:800): cwd="/home/some_user" +type=PATH msg=audit(1481078582.640:800): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078588.360:801): arch=c000003e syscall=59 success=yes exit=0 a0=a2db40 a1=a341f0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1579 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078588.360:801): argc=2 a0="systemctl" a1="-l" +type=CWD msg=audit(1481078588.360:801): cwd="/home/some_user" +type=PATH msg=audit(1481078588.360:801): item=0 name="/usr/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078588.360:801): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078588.360:802): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f40d16ea118 a2=21 a3=7ffc6fa17270 items=1 ppid=1343 pid=1579 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078588.360:802): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078588.360:802): cwd="/home/some_user" +type=PATH msg=audit(1481078588.360:802): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078588.365:803): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa15296 a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:803): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:803): item=0 name="/usr/local/bin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:804): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa1529c a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:804): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:804): item=0 name="/usr/bin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:805): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa15295 a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:805): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:805): item=0 name="/usr/local/sbin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:806): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa1529b a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:806): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:806): item=0 name="/usr/sbin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:807): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa15288 a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:807): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:807): item=0 name="/home/some_user/.local/bin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:808): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa1528f a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:808): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:808): item=0 name="/home/some_user/bin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:809): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa15296 a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:809): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:809): item=0 name="/usr/local/bin/less" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.366:810): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc6fa1529c a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=2 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="less" exe="/usr/bin/less" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078588.366:810): argc=1 a0="less" +type=CWD msg=audit(1481078588.366:810): cwd="/home/some_user" +type=PATH msg=audit(1481078588.366:810): item=0 name="/usr/bin/less" inode=345679 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078588.366:810): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078597.785:811): arch=c000003e syscall=59 success=yes exit=0 a0=a2eea0 a1=a30040 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1581 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078597.785:811): argc=3 a0="systemctl" a1="-l" a2="audit" +type=CWD msg=audit(1481078597.785:811): cwd="/home/some_user" +type=PATH msg=audit(1481078597.785:811): item=0 name="/usr/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078597.785:811): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078597.786:812): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f1ddecf2118 a2=21 a3=7ffc3f53d430 items=1 ppid=1343 pid=1581 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078597.786:812): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078597.786:812): cwd="/home/some_user" +type=PATH msg=audit(1481078597.786:812): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078602.208:813): arch=c000003e syscall=59 success=yes exit=0 a0=a377f0 a1=a30110 a2=a34fd0 a3=7ffdde1f23c0 items=2 ppid=1343 pid=1583 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078602.208:813): argc=3 a0="grep" a1="--color=auto" a2="audit" +type=CWD msg=audit(1481078602.208:813): cwd="/home/some_user" +type=PATH msg=audit(1481078602.208:813): item=0 name="/usr/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078602.208:813): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078602.209:814): arch=c000003e syscall=59 success=yes exit=0 a0=a2ee00 a1=a377d0 a2=a34fd0 a3=7ffdde1f23c0 items=2 ppid=1343 pid=1582 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078602.209:814): argc=2 a0="systemctl" a1="-l" +type=CWD msg=audit(1481078602.209:814): cwd="/home/some_user" +type=PATH msg=audit(1481078602.209:814): item=0 name="/usr/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078602.209:814): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078602.210:815): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f35a8e1d118 a2=21 a3=7ffeecb75320 items=1 ppid=1343 pid=1582 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078602.210:815): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078602.210:815): cwd="/home/some_user" +type=PATH msg=audit(1481078602.210:815): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078602.998:816): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e98040 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1584 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078602.998:816): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078602.998:816): cwd="/" +type=PATH msg=audit(1481078602.998:816): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078602.998:816): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078603.002:817): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e98040 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078603.002:817): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078603.002:817): cwd="/" +type=PATH msg=audit(1481078603.002:817): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078603.002:817): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078603.006:818): arch=c000003e syscall=59 success=yes exit=0 a0=1e95970 a1=1e215c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1586 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078603.006:818): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078603.006:818): cwd="/" +type=PATH msg=audit(1481078603.006:818): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078603.006:818): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078603.009:819): arch=c000003e syscall=59 success=yes exit=0 a0=1e215c0 a1=1ea90d0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078603.009:819): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078603.009:819): cwd="/" +type=PATH msg=audit(1481078603.009:819): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078603.009:819): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078603.012:820): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffeb9b2b770 a2=10 a3=fe items=0 ppid=1 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_accounts" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078603.012:820): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078612.837:821): arch=c000003e syscall=59 success=no exit=-2 a0=13934c0 a1=12e0e10 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078612.837:821): cwd="/" +type=PATH msg=audit(1481078612.837:821): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078612.837:822): arch=c000003e syscall=59 success=no exit=-2 a0=13934c0 a1=12e0e10 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078612.837:822): cwd="/" +type=PATH msg=audit(1481078612.837:822): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078612.837:823): arch=c000003e syscall=59 success=yes exit=0 a0=13934c0 a1=12e0e10 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078612.837:823): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078612.837:823): cwd="/" +type=PATH msg=audit(1481078612.837:823): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078612.837:823): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078612.839:824): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078612.839:824): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078612.976:825): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078612.976:825): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078612.976:825): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078612.976:825): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078613.359:826): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078613.359:826): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078619.593:827): arch=c000003e syscall=59 success=yes exit=0 a0=a3e1a0 a1=a35ce0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078619.593:827): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078619.593:827): argc=4 a0="sudo" a1="systemctl" a2="stop" a3="auditd.service" +type=CWD msg=audit(1481078619.593:827): cwd="/home/some_user" +type=PATH msg=audit(1481078619.593:827): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078619.593:827): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.594:828): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fffbda957a0 a2=6e a3=40 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.594:828): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078619.594:828): cwd="/home/some_user" +type=PATH msg=audit(1481078619.594:828): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078619.594:829): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fffbda95930 a2=6e a3=40 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.594:829): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078619.594:829): cwd="/home/some_user" +type=PATH msg=audit(1481078619.594:829): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078619.596:830): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7fffbda962c0 a2=6e a3=22 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.596:830): saddr=01002F7661722F72756E2F6E7363642F736F636B657400001000000000000000B064A9BDFF7F00007066A9BDFF7F0000E05FB2C6507F00002F000000000000002069A9BDFF7F00001000000000000000D066A9BDFF7F00004063A9BDFF7F00000003000000000000E05FB2C6507F +type=CWD msg=audit(1481078619.596:830): cwd="/home/some_user" +type=PATH msg=audit(1481078619.596:830): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078619.596:831): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7fffbda96450 a2=6e a3=22 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.596:831): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000ED67B2C6507F0000FE67B2C6507F00000768B2C6507F00001868B2C6507F00002268B2C6507F00003368B2C6507F00003D68B2C6507F00004E68B2C6507F00005668B2C6507F00001800000030000000606BA9BDFF7F +type=CWD msg=audit(1481078619.596:831): cwd="/home/some_user" +type=PATH msg=audit(1481078619.596:831): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078619.597:832): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f50c4ffc740 a2=6e a3=68 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.597:832): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078619.597:832): cwd="/home/some_user" +type=PATH msg=audit(1481078619.597:832): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078619.597:833): pid=1589 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078619.597:834): pid=1589 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078619.597:835): pid=1589 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078619.598:836): arch=c000003e syscall=59 success=yes exit=0 a0=7f50c6b2c5d8 a1=7f50c6b31d38 a2=7f50c6b35ad0 a3=6 items=2 ppid=1589 pid=1590 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078619.598:836): argc=3 a0="systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078619.598:836): cwd="/home/some_user" +type=PATH msg=audit(1481078619.598:836): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078619.598:836): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.599:837): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7fac5f739118 a2=16 a3=7ffde628df80 items=1 ppid=1589 pid=1590 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.599:837): saddr=01002F72756E2F73797374656D642F70726976617465 +type=CWD msg=audit(1481078619.599:837): cwd="/home/some_user" +type=PATH msg=audit(1481078619.599:837): item=0 name="/run/systemd/private" inode=10228 dev=00:13 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.600:838): arch=c000003e syscall=59 success=yes exit=0 a0=7fac5f30dbd8 a1=7ffde628dee0 a2=7ffde628e568 a3=7ffde628e0b0 items=2 ppid=1590 pid=1591 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078619.600:838): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078619.600:838): cwd="/home/some_user" +type=PATH msg=audit(1481078619.600:838): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078619.600:838): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.601:839): arch=c000003e syscall=59 success=yes exit=0 a0=7fac5f303bee a1=7ffde628de60 a2=7ffde628e568 a3=7ffde628e040 items=2 ppid=1590 pid=1592 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078619.601:839): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078619.601:839): cwd="/home/some_user" +type=PATH msg=audit(1481078619.601:839): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078619.601:839): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.603:840): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7fff1b79e450 a2=6e a3=7fff1b79e1d0 items=1 ppid=1590 pid=1592 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.603:840): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078619.603:840): cwd="/home/some_user" +type=PATH msg=audit(1481078619.603:840): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=USER_END msg=audit(1481078619.609:841): pid=1589 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078619.610:842): pid=1589 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078672.853:843): arch=c000003e syscall=59 success=no exit=-2 a0=1255f40 a1=13cd530 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078672.853:843): cwd="/" +type=PATH msg=audit(1481078672.853:843): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078672.853:844): arch=c000003e syscall=59 success=no exit=-2 a0=1255f40 a1=13cd530 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078672.853:844): cwd="/" +type=PATH msg=audit(1481078672.853:844): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078672.853:845): arch=c000003e syscall=59 success=yes exit=0 a0=1255f40 a1=13cd530 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078672.853:845): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078672.853:845): cwd="/" +type=PATH msg=audit(1481078672.853:845): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078672.853:845): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078672.855:846): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078672.855:846): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078672.986:847): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078672.986:847): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078672.986:847): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078672.986:847): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078673.373:848): arch=c000003e syscall=42 success=no exit=-115 a0=5 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078673.373:848): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078692.027:849): arch=c000003e syscall=59 success=yes exit=0 a0=1e98040 a1=1ce5cc0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1596 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078692.027:849): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078692.027:849): cwd="/" +type=PATH msg=audit(1481078692.027:849): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078692.027:849): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078692.031:850): arch=c000003e syscall=59 success=yes exit=0 a0=1e98040 a1=1ce5cc0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1597 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078692.031:850): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078692.031:850): cwd="/" +type=PATH msg=audit(1481078692.031:850): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078692.031:850): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078692.035:851): arch=c000003e syscall=59 success=yes exit=0 a0=1e95970 a1=1e9ffb0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1598 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078692.035:851): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078692.035:851): cwd="/" +type=PATH msg=audit(1481078692.035:851): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078692.035:851): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078692.038:852): arch=c000003e syscall=59 success=yes exit=0 a0=1e9ffb0 a1=1e215c0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078692.038:852): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078692.038:852): cwd="/" +type=PATH msg=audit(1481078692.038:852): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078692.038:852): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078692.042:853): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffeb9b2b770 a2=10 a3=fe items=0 ppid=1 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_accounts" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078692.042:853): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078693.422:854): arch=c000003e syscall=59 success=yes exit=0 a0=a30aa0 a1=a340e0 a2=a34fd0 a3=7ffdde1f2620 items=3 ppid=1343 pid=1600 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="service" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.422:854): argc=4 a0="/bin/sh" a1="/usr/sbin/service" a2="auditd" a3="stop" +type=CWD msg=audit(1481078693.422:854): cwd="/home/some_user" +type=PATH msg=audit(1481078693.422:854): item=0 name="/usr/sbin/service" inode=16784574 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.422:854): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.422:854): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.430:855): arch=c000003e syscall=59 success=yes exit=0 a0=26f61a0 a1=26f5450 a2=26eeb80 a3=7ffe13340100 items=2 ppid=1601 pid=1602 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.430:855): argc=3 a0="/bin/mountpoint" a1="-q" a2="/cgroup/systemd" +type=CWD msg=audit(1481078693.430:855): cwd="/home/some_user" +type=PATH msg=audit(1481078693.430:855): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.430:855): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.431:856): arch=c000003e syscall=59 success=yes exit=0 a0=26f57c0 a1=26f5420 a2=26eeb80 a3=7ffe13340100 items=2 ppid=1601 pid=1603 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.431:856): argc=3 a0="/bin/mountpoint" a1="-q" a2="/sys/fs/cgroup/systemd" +type=CWD msg=audit(1481078693.431:856): cwd="/home/some_user" +type=PATH msg=audit(1481078693.431:856): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.431:856): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.433:857): arch=c000003e syscall=59 success=yes exit=0 a0=26f5e30 a1=26ee660 a2=26fa130 a3=7ffe1333fb80 items=2 ppid=1604 pid=1605 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="consoletype" exe="/usr/sbin/consoletype" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.433:857): argc=1 a0="/sbin/consoletype" +type=CWD msg=audit(1481078693.433:857): cwd="/home/some_user" +type=PATH msg=audit(1481078693.433:857): item=0 name="/sbin/consoletype" inode=16784566 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.433:857): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.437:858): arch=c000003e syscall=59 success=yes exit=0 a0=271c010 a1=271c750 a2=26fa130 a3=7ffe13340230 items=2 ppid=1600 pid=1606 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="basename" exe="/usr/bin/basename" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.437:858): argc=2 a0="basename" a1="/usr/sbin/service" +type=CWD msg=audit(1481078693.437:858): cwd="/home/some_user" +type=PATH msg=audit(1481078693.437:858): item=0 name="/bin/basename" inode=3839 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.437:858): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.438:859): arch=c000003e syscall=59 success=yes exit=0 a0=271c410 a1=271cc00 a2=26fa130 a3=7ffe13340230 items=2 ppid=1600 pid=1607 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="basename" exe="/usr/bin/basename" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.438:859): argc=2 a0="basename" a1="/usr/sbin/service" +type=CWD msg=audit(1481078693.438:859): cwd="/home/some_user" +type=PATH msg=audit(1481078693.438:859): item=0 name="/bin/basename" inode=3839 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.438:859): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.440:860): arch=c000003e syscall=59 success=yes exit=0 a0=271d2a0 a1=271bca0 a2=26fa130 a3=7ffe1333fff0 items=3 ppid=1608 pid=1610 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="egrep" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.440:860): argc=4 a0="/bin/sh" a1="/bin/egrep" a2="-qw" a3="start|stop|restart|try-restart|reload|force-reload|status|condrestart" +type=CWD msg=audit(1481078693.440:860): cwd="/" +type=PATH msg=audit(1481078693.440:860): item=0 name="/bin/egrep" inode=8006 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.440:860): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.440:860): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.441:861): arch=c000003e syscall=59 success=yes exit=0 a0=1490100 a1=148a460 a2=148db00 a3=7ffe92eb47e0 items=2 ppid=1608 pid=1610 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.441:861): argc=4 a0="grep" a1="-E" a2="-qw" a3="start|stop|restart|try-restart|reload|force-reload|status|condrestart" +type=CWD msg=audit(1481078693.441:861): cwd="/" +type=PATH msg=audit(1481078693.441:861): item=0 name="/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.441:861): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.442:862): arch=c000003e syscall=59 success=yes exit=0 a0=26f4e30 a1=271cb50 a2=26f12f0 a3=7ffe13340570 items=2 ppid=1343 pid=1600 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.442:862): argc=3 a0="/bin/systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078693.442:862): cwd="/" +type=PATH msg=audit(1481078693.442:862): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.442:862): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.443:863): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7ff47b483118 a2=21 a3=7ffc86257c80 items=1 ppid=1343 pid=1600 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.443:863): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078693.443:863): cwd="/" +type=PATH msg=audit(1481078693.443:863): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.443:864): arch=c000003e syscall=59 success=yes exit=0 a0=7ff479545bd8 a1=7ffc86257c20 a2=7ffc862582a8 a3=7ffc86257df0 items=2 ppid=1600 pid=1611 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.443:864): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078693.443:864): cwd="/" +type=PATH msg=audit(1481078693.443:864): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.443:864): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.444:865): arch=c000003e syscall=59 success=yes exit=0 a0=7ff47953bbee a1=7ffc86257ba0 a2=7ffc862582a8 a3=7ffc86257d80 items=2 ppid=1600 pid=1612 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.444:865): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078693.444:865): cwd="/" +type=PATH msg=audit(1481078693.444:865): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.444:865): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.447:866): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7ffd6d46d650 a2=6e a3=7ffd6d46d3d0 items=1 ppid=1600 pid=1612 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.447:866): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078693.447:866): cwd="/" +type=PATH msg=audit(1481078693.447:866): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.459:867): arch=c000003e syscall=59 success=yes exit=0 a0=7f618eb3edd0 a1=7f618eb85cd0 a2=7ffe19235950 a3=7ffe19234560 items=2 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=EXECVE msg=audit(1481078693.459:867): argc=5 a0="/usr/bin/pkla-check-authorization" a1="some_user" a2="false" a3="true" a4="org.freedesktop.systemd1.manage-units" +type=CWD msg=audit(1481078693.459:867): cwd="/" +type=PATH msg=audit(1481078693.459:867): item=0 name="/usr/bin/pkla-check-authorization" inode=11484 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:policykit_auth_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.459:867): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.472:868): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffd2df48a60 a2=6e a3=7ffd2df48c30 items=1 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.472:868): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000054A47F31747F0000000000000000000018CD6F30747F000006000000000000001B00000000000000BB95931C0000000089A37F31747F0000000000000000000070A3CD30747F000004000000000000001B0000000000 +type=CWD msg=audit(1481078693.472:868): cwd="/" +type=PATH msg=audit(1481078693.472:868): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.472:869): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffd2df48bf0 a2=6e a3=7ffd2df48c30 items=1 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.472:869): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000F82B7030747F0000408DF42DFD7F0000308DF42DFD7F00003F000000747F00002C000000747F0000000000000000000050BB9D31747F000000A0A031747F000034BFCE30747F0000089D7030747F000038A8CD30747F +type=CWD msg=audit(1481078693.472:869): cwd="/" +type=PATH msg=audit(1481078693.472:869): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.472:870): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffd2df48820 a2=6e a3=50 items=1 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.472:870): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000D35C2731747F0000704ECE30747F0000F8532631747F0000000000000500000089A37F31747F00000000000000000000E0EE0031747F000003000000000000001B00000000000000338D2C9E000000008BAB7F31747F +type=CWD msg=audit(1481078693.472:870): cwd="/" +type=PATH msg=audit(1481078693.472:870): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.473:871): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffd2df489b0 a2=6e a3=50 items=1 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.473:871): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000000000000000000000000000000000000000000000000000003DB632747F00000A000000000000000000000000000000C5187730747F0000003DB632747F000077F97630747F00008036AB30747F0000C0097730747F +type=CWD msg=audit(1481078693.473:871): cwd="/" +type=PATH msg=audit(1481078693.473:871): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.488:872): arch=c000003e syscall=59 success=yes exit=0 a0=7f618eaf1f90 a1=7f618eb2cdd0 a2=7ffe19235950 a3=7ffe19234660 items=2 ppid=547 pid=1617 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-admin-iden" exe="/usr/bin/pkla-admin-identities" subj=system_u:system_r:policykit_t:s0 key=(null) +type=EXECVE msg=audit(1481078693.488:872): argc=1 a0="/usr/bin/pkla-admin-identities" +type=CWD msg=audit(1481078693.488:872): cwd="/" +type=PATH msg=audit(1481078693.488:872): item=0 name="/usr/bin/pkla-admin-identities" inode=11483 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.488:872): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.491:873): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdf74b3db0 a2=6e a3=7ffdf74b3f80 items=1 ppid=547 pid=1617 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-admin-iden" exe="/usr/bin/pkla-admin-identities" subj=system_u:system_r:policykit_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.491:873): saddr=01002F7661722F72756E2F6E7363642F736F636B657400008983B330BE7F0000000000000000000070830130BE7F000004000000000000001B00000000000000D128B7ED000000008B8BB330BE7F00003B00000000000000403E4BF7FD7F0000447F0130BE7F000080150230BE7F +type=CWD msg=audit(1481078693.491:873): cwd="/" +type=PATH msg=audit(1481078693.491:873): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.491:874): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdf74b3f40 a2=6e a3=7ffdf74b3f80 items=1 ppid=547 pid=1617 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-admin-iden" exe="/usr/bin/pkla-admin-identities" subj=system_u:system_r:policykit_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.491:874): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000F80BA42FBE7F000090404BF7FD7F000080404BF7FD7F00003F000000000000001B000000000000000000000000000000389BD130BE7F00000080D430BE7F0000349F0230BE7F0000087DA42FBE7F000038880130BE7F +type=CWD msg=audit(1481078693.491:874): cwd="/" +type=PATH msg=audit(1481078693.491:874): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.504:875): arch=c000003e syscall=42 success=no exit=-2 a0=5 a1=7f4dc96cdde0 a2=6e a3=7f4dbc002cf0 items=1 ppid=1600 pid=1614 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.504:875): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078693.504:875): cwd="/" +type=PATH msg=audit(1481078693.504:875): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.504:876): arch=c000003e syscall=42 success=no exit=-2 a0=5 a1=7f4dc96cdf70 a2=6e a3=7f4dbc002cf0 items=1 ppid=1600 pid=1614 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.504:876): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078693.504:876): cwd="/" +type=PATH msg=audit(1481078693.504:876): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.504:877): arch=c000003e syscall=59 success=yes exit=0 a0=7f4dcd6e5270 a1=7f4dc96cea50 a2=7ffd6d46dea0 a3=7f4dc96ce520 items=2 ppid=1612 pid=1619 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="polkit-agent-he" exe="/usr/lib/polkit-1/polkit-agent-helper-1" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078693.504:877): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078693.504:877): argc=3 a0="/usr/lib/polkit-1/polkit-agent-helper-1" a1="root" a2="cookie0" +type=CWD msg=audit(1481078693.504:877): cwd="/" +type=PATH msg=audit(1481078693.504:877): item=0 name="/usr/lib/polkit-1/polkit-agent-helper-1" inode=33602468 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:policykit_auth_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.504:877): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.511:878): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffc4c3bafd0 a2=6e a3=7ffc4c3bb190 items=1 ppid=1612 pid=1619 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="polkit-agent-he" exe="/usr/lib/polkit-1/polkit-agent-helper-1" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.511:878): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000010EE687BD77F000050B03B4CFC7F000000000000FC7F000000000000D77F000040B03B4CFC7F0000000000000000000001000000000000004F191179D77F00003CB03B4CFC7F00000000000000000000000000000000 +type=CWD msg=audit(1481078693.511:878): cwd="/" +type=PATH msg=audit(1481078693.511:878): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.511:879): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffc4c3bb160 a2=6e a3=7ffc4c3bb190 items=1 ppid=1612 pid=1619 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="polkit-agent-he" exe="/usr/lib/polkit-1/polkit-agent-helper-1" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.511:879): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000090B23B4CFC7F0000390000000000000000000000000000000000000000000000700E5079D77F000000F05279D77F0000AF811079D77F0000085D3978D77F000048781079D77F00000000000001000000B50500000100 +type=CWD msg=audit(1481078693.511:879): cwd="/" +type=PATH msg=audit(1481078693.511:879): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.512:880): arch=c000003e syscall=59 success=yes exit=0 a0=7fd7752cc3ed a1=7ffc4c3bb340 a2=7fd7754d33c0 a3=2 items=2 ppid=1619 pid=1620 auid=1000 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.512:880): argc=3 a0="/usr/sbin/unix_chkpwd" a1="root" a2="nullok" +type=CWD msg=audit(1481078693.512:880): cwd="/" +type=PATH msg=audit(1481078693.512:880): item=0 name="/usr/sbin/unix_chkpwd" inode=16781526 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.512:880): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.512:881): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffcccb57610 a2=6e a3=40 items=1 ppid=1619 pid=1620 auid=1000 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.512:881): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000000000000000000002000000060000000000000000000000E50100005600000060AD02A15A7F0000000020F96A99F9FF01000000000000002077B5CCFC7F000000A051A25A7F00002381E1A05A7F00000000E0EB6A99 +type=CWD msg=audit(1481078693.512:881): cwd="/" +type=PATH msg=audit(1481078693.512:881): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.512:882): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffcccb577a0 a2=6e a3=40 items=1 ppid=1619 pid=1620 auid=1000 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.512:882): saddr=01002F7661722F72756E2F6E7363642F736F636B657400FE00000000000000007079B5CCFC7F000000B051A25A7F00003C9C45A15A7F00000000A0EE6A99F9FF000030236244B5FE04000000000000007079B5CCFC7F0000202B52A25A7F000069A2EAA15A7F0000000000EF6A99 +type=CWD msg=audit(1481078693.512:882): cwd="/" +type=PATH msg=audit(1481078693.512:882): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.852:883): arch=c000003e syscall=59 success=yes exit=0 a0=a3e2b0 a1=a35a20 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078697.852:883): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078697.852:883): argc=4 a0="sudo" a1="service" a2="auditd" a3="stop" +type=CWD msg=audit(1481078697.852:883): cwd="/home/some_user" +type=PATH msg=audit(1481078697.852:883): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.852:883): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.853:884): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fff4080ee70 a2=6e a3=40 items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.853:884): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078697.853:884): cwd="/home/some_user" +type=PATH msg=audit(1481078697.853:884): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.853:885): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fff4080f000 a2=6e a3=40 items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.853:885): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078697.853:885): cwd="/home/some_user" +type=PATH msg=audit(1481078697.853:885): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.855:886): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7fff4080f990 a2=6e a3=22 items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.855:886): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000100000000000000080FB8040FF7F000040FD8040FF7F0000E05FFA9D917F00002F00000000000000F0FF8040FF7F00001000000000000000A0FD8040FF7F000010FA8040FF7F00000003000000000000E05FFA9D917F +type=CWD msg=audit(1481078697.855:886): cwd="/home/some_user" +type=PATH msg=audit(1481078697.855:886): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.856:887): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7fff4080fb20 a2=6e a3=22 items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.856:887): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000ED67FA9D917F0000FE67FA9D917F00000768FA9D917F00001868FA9D917F00002268FA9D917F00003368FA9D917F00003D68FA9D917F00004E68FA9D917F00005668FA9D917F0000180000003000000030028140FF7F +type=CWD msg=audit(1481078697.856:887): cwd="/home/some_user" +type=PATH msg=audit(1481078697.856:887): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.857:888): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f919ca33740 a2=6e a3=5f items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.857:888): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078697.857:888): cwd="/home/some_user" +type=PATH msg=audit(1481078697.857:888): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078697.857:889): pid=1621 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73657276696365206175646974642073746F70 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078697.857:890): pid=1621 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078697.857:891): pid=1621 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078697.858:892): arch=c000003e syscall=59 success=yes exit=0 a0=7f919dfac5d8 a1=7f919dfb1d38 a2=7f919dfb5ad0 a3=6 items=3 ppid=1621 pid=1622 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="service" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.858:892): argc=4 a0="/bin/sh" a1="/sbin/service" a2="auditd" a3="stop" +type=CWD msg=audit(1481078697.858:892): cwd="/home/some_user" +type=PATH msg=audit(1481078697.858:892): item=0 name="/sbin/service" inode=16784574 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.858:892): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.858:892): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.860:893): arch=c000003e syscall=59 success=yes exit=0 a0=18e7a40 a1=18dfe10 a2=18e0420 a3=7ffcf56f3000 items=2 ppid=1623 pid=1624 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.860:893): argc=3 a0="/bin/mountpoint" a1="-q" a2="/cgroup/systemd" +type=CWD msg=audit(1481078697.860:893): cwd="/home/some_user" +type=PATH msg=audit(1481078697.860:893): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.860:893): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.861:894): arch=c000003e syscall=59 success=yes exit=0 a0=18e6cb0 a1=18e7020 a2=18e0420 a3=7ffcf56f3000 items=2 ppid=1623 pid=1625 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.861:894): argc=3 a0="/bin/mountpoint" a1="-q" a2="/sys/fs/cgroup/systemd" +type=CWD msg=audit(1481078697.861:894): cwd="/home/some_user" +type=PATH msg=audit(1481078697.861:894): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.861:894): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.863:895): arch=c000003e syscall=59 success=yes exit=0 a0=18e0000 a1=18eb7e0 a2=18eba50 a3=7ffcf56f2a80 items=2 ppid=1626 pid=1627 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="consoletype" exe="/usr/sbin/consoletype" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.863:895): argc=1 a0="/sbin/consoletype" +type=CWD msg=audit(1481078697.863:895): cwd="/home/some_user" +type=PATH msg=audit(1481078697.863:895): item=0 name="/sbin/consoletype" inode=16784566 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.863:895): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.866:896): arch=c000003e syscall=59 success=yes exit=0 a0=190d9c0 a1=190e100 a2=18eba50 a3=7ffcf56f3130 items=2 ppid=1622 pid=1628 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="basename" exe="/usr/bin/basename" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.866:896): argc=2 a0="basename" a1="/sbin/service" +type=CWD msg=audit(1481078697.866:896): cwd="/home/some_user" +type=PATH msg=audit(1481078697.866:896): item=0 name="/bin/basename" inode=3839 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.866:896): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.867:897): arch=c000003e syscall=59 success=yes exit=0 a0=190ddc0 a1=190e5b0 a2=18eba50 a3=7ffcf56f3130 items=2 ppid=1622 pid=1629 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="basename" exe="/usr/bin/basename" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.867:897): argc=2 a0="basename" a1="/sbin/service" +type=CWD msg=audit(1481078697.867:897): cwd="/home/some_user" +type=PATH msg=audit(1481078697.867:897): item=0 name="/bin/basename" inode=3839 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.867:897): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.868:898): arch=c000003e syscall=59 success=yes exit=0 a0=18e66f0 a1=18e52f0 a2=18eba50 a3=7ffcf56f3700 items=2 ppid=1622 pid=1630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="env" exe="/usr/bin/env" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.868:898): argc=7 a0="env" a1="-i" a2="PATH=/sbin:/usr/sbin:/bin:/usr/bin" a3="TERM=xterm-256color" a4="SYSTEMCTL_IGNORE_DEPENDENCIES=" a5="SYSTEMCTL_SKIP_REDIRECT=" a6="/usr/libexec/initscripts/legacy-actions/auditd/stop" +type=CWD msg=audit(1481078697.868:898): cwd="/" +type=PATH msg=audit(1481078697.868:898): item=0 name="/bin/env" inode=4707 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.868:898): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.875:899): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc89bc37ab a1=7ffc89bc1858 a2=c11030 a3=7ffc89bc1480 items=3 ppid=1622 pid=1630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="stop" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.875:899): argc=2 a0="/bin/sh" a1="/usr/libexec/initscripts/legacy-actions/auditd/stop" +type=CWD msg=audit(1481078697.875:899): cwd="/" +type=PATH msg=audit(1481078697.875:899): item=0 name="/usr/libexec/initscripts/legacy-actions/auditd/stop" inode=33670350 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.875:899): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.875:899): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.881:900): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fff8361b770 a2=6e a3=40 items=1 ppid=1622 pid=1630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="stop" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.881:900): saddr=01002F7661722F72756E2F6E7363642F736F636B657400006FBE14B03B7F00000000000000000000C0C535B03B7F00000100000000000000000000000000000001000000FF7F0000085236B03B7F000020C06183FF7F000040030000000000007F454C4602010103000000000000 +type=CWD msg=audit(1481078697.881:900): cwd="/" +type=PATH msg=audit(1481078697.881:900): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.881:901): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fff8361b900 a2=6e a3=40 items=1 ppid=1622 pid=1630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="stop" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.881:901): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000185D95AF3B7F000003000000000000000500000000000000CE4AAEFF000000008BBB14B03B7F00003C4695AF3B7F000080B96183FF7F0000543F95AF3B7F0000707A95AF3B7F000090BA6183FF7F000080BA6183FF7F +type=CWD msg=audit(1481078697.881:901): cwd="/" +type=PATH msg=audit(1481078697.881:901): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.881:902): arch=c000003e syscall=59 success=yes exit=0 a0=1c7b2f0 a1=1c7a320 a2=1c7b7c0 a3=7fff8361afa0 items=2 ppid=1631 pid=1632 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.881:902): argc=3 a0="/bin/mountpoint" a1="-q" a2="/cgroup/systemd" +type=CWD msg=audit(1481078697.881:902): cwd="/" +type=PATH msg=audit(1481078697.881:902): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.881:902): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.882:903): arch=c000003e syscall=59 success=yes exit=0 a0=1c7b220 a1=1c75a80 a2=1c7b7c0 a3=7fff8361afa0 items=2 ppid=1631 pid=1633 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.882:903): argc=3 a0="/bin/mountpoint" a1="-q" a2="/sys/fs/cgroup/systemd" +type=CWD msg=audit(1481078697.882:903): cwd="/" +type=PATH msg=audit(1481078697.882:903): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.882:903): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.884:904): arch=c000003e syscall=59 success=yes exit=0 a0=1c7b080 a1=1c7aee0 a2=1c7df40 a3=7fff8361aa20 items=2 ppid=1634 pid=1635 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="consoletype" exe="/usr/sbin/consoletype" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.884:904): argc=1 a0="/sbin/consoletype" +type=DAEMON_END msg=audit(1481078697.892:7799): auditd normal halt, sending auid=? pid=? subj=? res=success +type=CWD msg=audit(1489639811.480:451): cwd="/home/some_user" +type=PATH msg=audit(1489639811.480:451): item=0 name="/etc/ssh/sshd_config" inode=34485109 dev=08:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1489639825.595:452): pid=1325 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=7461696C202D3230202F7661722F6C6F672F61756469742F61756469742E6C6F67 terminal=pts/0 res=success' diff --git a/filebeat/module/system/audit/test/test.log b/filebeat/module/system/audit/test/test.log new file mode 100644 index 000000000000..6ee88f1a1a41 --- /dev/null +++ b/filebeat/module/system/audit/test/test.log @@ -0,0 +1,2 @@ +type=MAC_IPSEC_EVENT msg=audit(1485893834.891:18877201): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.2.0 src_prefixlen=24 dst=192.168.0.0 dst_prefixlen=16 +type=SYSCALL msg=audit(1485893834.891:18877199): arch=c000003e syscall=44 success=yes exit=184 a0=9 a1=7f564b2672a0 a2=b8 a3=0 items=0 ppid=1240 pid=1281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="charon" exe=2F7573722F6C6962657865632F7374726F6E677377616E2F636861726F6E202864656C6574656429 key=(null) diff --git a/filebeat/module/system/audit/test/test.log-expected.json b/filebeat/module/system/audit/test/test.log-expected.json new file mode 100644 index 000000000000..0223a88afdb5 --- /dev/null +++ b/filebeat/module/system/audit/test/test.log-expected.json @@ -0,0 +1,94 @@ +[ + { + "_index": "test-filebeat-modules", + "_type": "log", + "_id": "AVrNfcrUJruQA3hgXR1I", + "_version": 1, + "_score": null, + "_source": { + "offset": 172, + "input_type": "log", + "source": "/Users/me/go/src/github.com/elastic/beats/filebeat/module/system/audit/test/test.log", + "fileset": { + "module": "system", + "name": "audit" + }, + "type": "log", + "error": "", + "@timestamp": "2017-01-31T20:18:46.912Z", + "system": { + "audit": { + "ses": "4294967295", + "op": "SPD-delete", + "res": "1", + "auid": "4294967295", + "dst": "192.168.0.0", + "src": "192.168.2.0", + "sequence": 18877201, + "src_prefixlen": "24", + "record_type": "MAC_IPSEC_EVENT", + "dst_prefixlen": "16" + } + }, + "beat": { + "hostname": "macbook.local", + "name": "macbook.local", + "version": "6.0.0-alpha1" + } + } + }, + { + "_index": "test-filebeat-modules", + "_type": "log", + "_id": "AVrNfcrUJruQA3hgXR1J", + "_version": 1, + "_score": null, + "_source": { + "offset": 534, + "input_type": "log", + "source": "/Users/me/go/src/github.com/elastic/beats/filebeat/module/system/audit/test/test.log", + "fileset": { + "module": "system", + "name": "audit" + }, + "type": "log", + "error": "", + "@timestamp": "2017-01-31T20:18:46.912Z", + "system": { + "audit": { + "syscall": "44", + "gid": "0", + "fsgid": "0", + "pid": 1281, + "suid": "0", + "record_type": "SYSCALL", + "uid": "0", + "egid": "0", + "exe": "/usr/libexec/strongswan/charon (deleted)", + "sgid": "0", + "ses": "4294967295", + "auid": "4294967295", + "comm": "charon", + "euid": "0", + "sequence": 18877199, + "a0": "9", + "ppid": 1240, + "a1": "7f564b2672a0", + "fsuid": "0", + "exit": "184", + "a2": "b8", + "a3": "0", + "success": "yes", + "tty": "(none)", + "arch": "x86_64", + "items": 0 + } + }, + "beat": { + "hostname": "macbook.local", + "name": "macbook.local", + "version": "6.0.0-alpha1" + } + } + } +] diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index 53314bb9d652..3dd4b35bb0a5 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -74,6 +74,8 @@ def run_on_file(self, module, fileset, test_file, cfgfile): "-e", "-d", "*", "-once", "-c", cfgfile, "-modules={}".format(module), + "-M", "{module}.*.enabled=false".format(module=module), + "-M", "{module}.{fileset}.enabled=true".format(module=module, fileset=fileset), "-M", "{module}.{fileset}.var.paths=[{test_file}]".format( module=module, fileset=fileset, test_file=test_file), "-M", "*.*.prospector.close_eof=true", @@ -95,14 +97,21 @@ def run_on_file(self, module, fileset, test_file, cfgfile): objects = [o["_source"] for o in res["hits"]["hits"]] assert len(objects) > 0 for obj in objects: - self.assert_fields_are_documented(obj) - # assert "error" not in obj # no parsing errors - assert obj["fileset"]["module"] == module + assert obj["fileset"]["module"] == module, "expected fileset.module={} but got {}".format( + module, obj["fileset"]["module"]) + + if not (module == "mysql" and fileset == "slowlog") and not (module == "system" and fileset == "auth"): + # TODO: There are errors parsing the test logs from these modules. + assert "error" not in obj + + if module != "system" and fileset != "audit": + # There are dynamic fields in audit logs that are not documented. + self.assert_fields_are_documented(obj) if os.path.exists(test_file + "-expected.json"): with open(test_file + "-expected.json", "r") as f: expected = json.load(f) - assert len(expected) == len(objects) + assert len(expected) == len(objects), "expected {} but got {}".format(len(expected), len(objects)) for ev in expected: found = False for obj in objects: