diff --git a/plans/tests.fmf b/plans/tests.fmf index c31b697..68d698b 100644 --- a/plans/tests.fmf +++ b/plans/tests.fmf @@ -2,7 +2,7 @@ summary: Tier 1 setroubleshoot test plan discover: how: fmf url: https://gitlab.com/setroubleshoot/tests.git - filter: "component:setroubleshoot" + filter: "component:setroubleshoot & tier: 1" execute: how: tmt diff --git a/tests/Regression/Report-bugs-on-corresponding-components/Makefile b/tests/Regression/Report-bugs-on-corresponding-components/Makefile deleted file mode 100644 index 45a8915..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/Makefile +++ /dev/null @@ -1,68 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components -# Description: Can sealert identify source RPM of AVC domain type? -# Author: Vit Mojzis -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2020 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components -export TESTVERSION=1.0 - -# Policy packages to be used in testing -# The followng export does not work properly in Fedora CI - relying on fallback in runtest.sh -# export TEST_PACKAGES ?= flatpak-selinux tpm2-abrmd-selinux container-selinux usbguard-selinux mysql-selinux - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile avc_flatpak-selinux avc_tpm2-abrmd-selinux avc_container-selinux avc_usbguard-selinux avc_mysql-selinux avc_fapolicyd-selinux - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Vit Mojzis " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: Test for BZ#1811644 (Let setroubleshoot to report bugs on components)" >> $(METADATA) - @echo "Type: Regression" >> $(METADATA) - @echo "TestTime: 5m" >> $(METADATA) - @echo "RunFor: setroubleshoot" >> $(METADATA) - @echo "Requires: setroubleshoot-server flatpak-selinux tpm2-abrmd-selinux container-selinux usbguard-selinux mysql-selinux fapolicyd-selinux" >> $(METADATA) - @echo "Requires: $(TEST_PACKAGES)" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2+" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Bug: 1811644" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7 -RHEL7" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/Regression/Report-bugs-on-corresponding-components/avc_container-selinux b/tests/Regression/Report-bugs-on-corresponding-components/avc_container-selinux deleted file mode 100644 index af18014..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/avc_container-selinux +++ /dev/null @@ -1,2 +0,0 @@ -type=AVC msg=audit(1575985388.869:225): avc: denied { read } for pid=1365 comm="systemd-user-ru" name="secrets" dev="tmpfs" ino=32249 scontext=system_u:system_r:container_logreader_t:s0 tcontext=system_u:object_r:shadow_t:s0:c446,c857 tclass=dir permissive=0 - diff --git a/tests/Regression/Report-bugs-on-corresponding-components/avc_fapolicyd-selinux b/tests/Regression/Report-bugs-on-corresponding-components/avc_fapolicyd-selinux deleted file mode 100644 index 3ee2a4c..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/avc_fapolicyd-selinux +++ /dev/null @@ -1,2 +0,0 @@ -type=AVC msg=audit(1596470053.831:306): avc: denied { unlink } for pid=6304 comm="fapolicyd" name="fapolicyd.pid" dev="tmpfs" ino=37446 scontext=system_u:system_r:fapolicyd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0 - diff --git a/tests/Regression/Report-bugs-on-corresponding-components/avc_flatpak-selinux b/tests/Regression/Report-bugs-on-corresponding-components/avc_flatpak-selinux deleted file mode 100644 index a475cf1..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/avc_flatpak-selinux +++ /dev/null @@ -1,2 +0,0 @@ -type=AVC msg=audit(1575985388.869:225): avc: denied { connect } for pid=1365 comm="systemd-user-ru" name="secrets" dev="tmpfs" ino=32249 scontext=system_u:system_r:flatpak_helper_t:s0 tcontext=system_u:object_r:shadow_t:s0:c446,c857 tclass=socket permissive=0 - diff --git a/tests/Regression/Report-bugs-on-corresponding-components/avc_mysql-selinux b/tests/Regression/Report-bugs-on-corresponding-components/avc_mysql-selinux deleted file mode 100644 index a0fd742..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/avc_mysql-selinux +++ /dev/null @@ -1,2 +0,0 @@ -type=AVC msg=audit(1582621541.469:6896): avc: denied { write } for pid=1627505 comm="python3" name="plautrba" dev="dm-4" ino=19529729 scontext=system_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=1 - diff --git a/tests/Regression/Report-bugs-on-corresponding-components/avc_tpm2-abrmd-selinux b/tests/Regression/Report-bugs-on-corresponding-components/avc_tpm2-abrmd-selinux deleted file mode 100644 index 4f65a5b..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/avc_tpm2-abrmd-selinux +++ /dev/null @@ -1,2 +0,0 @@ -type=AVC msg=audit(1575985388.869:225): avc: denied { connect } for pid=1365 comm="systemd-user-ru" name="secrets" dev="tmpfs" ino=32249 scontext=system_u:system_r:tabrmd_t:s0 tcontext=system_u:object_r:shadow_t:s0:c446,c857 tclass=socket permissive=0 - diff --git a/tests/Regression/Report-bugs-on-corresponding-components/avc_usbguard-selinux b/tests/Regression/Report-bugs-on-corresponding-components/avc_usbguard-selinux deleted file mode 100644 index e2b767d..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/avc_usbguard-selinux +++ /dev/null @@ -1,2 +0,0 @@ -type=AVC msg=audit(1582801464.5:491): avc: denied { map } for pid=5100 comm="bash" path="/usr/bin/bash" dev="vda1" ino=1707663 scontext=system_u:system_r:usbguard_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1 - diff --git a/tests/Regression/Report-bugs-on-corresponding-components/main.fmf b/tests/Regression/Report-bugs-on-corresponding-components/main.fmf deleted file mode 100644 index d70bc2c..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/main.fmf +++ /dev/null @@ -1,19 +0,0 @@ -summary: Test for BZ#1811644 (Let setroubleshoot to report bugs on components) -contact: Vit Mojzis -component: - - setroubleshoot -test: ./runtest.sh -framework: beakerlib -recommend: - - setroubleshoot-server - - flatpak-selinux - - tpm2-abrmd-selinux - - container-selinux - - usbguard-selinux - - mysql-selinux - - fapolicyd-selinux -duration: 5m -link: - - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1811644 -extra-summary: /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components -extra-task: /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components diff --git a/tests/Regression/Report-bugs-on-corresponding-components/runtest.sh b/tests/Regression/Report-bugs-on-corresponding-components/runtest.sh deleted file mode 100755 index c3e04b9..0000000 --- a/tests/Regression/Report-bugs-on-corresponding-components/runtest.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components -# Description: Can sealert identify source RPM of AVC domain type? -# Author: Vit Mojzis -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2020 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="setroubleshoot" - -if [ -z "${TEST_PACKAGES+set}" ]; -then PACKAGES=(flatpak-selinux tpm2-abrmd-selinux container-selinux usbguard-selinux mysql-selinux fapolicyd-selinux) -else PACKAGES=(${TEST_PACKAGES[@]}) -fi - -#corresponding module names -#MODULES=(flatpak tabrmd container usbguard mysql) - -# - - -# flatpak-selinux - flatpak - flatpak_helper_t -# tpm2-abrmd-selinux - tabrmd - tabrmd_t -# container-selinux - container - docker_t -# usbguard-selinux - usbguard - usbguard_t -- fedora only -# mysql-selinux - mysql - mysql_t -- fedora only - - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm $PACKAGE - OUTPUT_FILE=`mktemp` - # Package installation is handled by Makefile for now - # install availlable policy packages - # for RPM in ${PACKAGES[@]}; - # do - # sudo dnf install -y ${RPM} || continue - # done - rlPhaseEnd - - rlPhaseStartTest - for RPM in ${PACKAGES[@]}; - do - # run only for policies that are installed - rpm -q ${RPM} >& /dev/null - if [ $? -ne 0 ]; then echo "${RPM} not installed! Skipping."; continue; fi - rlRun "sealert -a ./avc_${RPM} 2>&1 | tee ${OUTPUT_FILE} | grep \"Local Policy RPM\"" - if [ $? -ne 0 ]; then cat ${OUTPUT_FILE}; fi - # test if correct rpm was identified - rlRun "grep -i \"Local Policy RPM\" ${OUTPUT_FILE} | grep \"$RPM\S*$\" -o" - done - rlPhaseEnd - - rlPhaseStartCleanup - rm -f ${OUTPUT_FILE} - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Regression/embedded-null-byte-in-audit-records/audit.log b/tests/Regression/embedded-null-byte-in-audit-records/audit.log deleted file mode 100644 index e0c3077..0000000 --- a/tests/Regression/embedded-null-byte-in-audit-records/audit.log +++ /dev/null @@ -1,657 +0,0 @@ -type=USER_END msg=audit(1574410625.429:1286): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410625.430:1287): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410625.686:1288): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410625.687:1289): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410625.688:1290): pid=10314 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10314 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410625.688:1291): pid=10314 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10314 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410625.688:1292): pid=10314 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10314 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410625.689:1293): pid=10314 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_END msg=audit(1574410626.111:1294): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410626.112:1295): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410626.349:1296): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410626.351:1297): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410626.352:1298): pid=10327 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410626.352:1299): pid=10327 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410626.352:1300): pid=10327 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410626.353:1301): pid=10327 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_END msg=audit(1574410626.763:1302): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410626.764:1303): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410627.020:1304): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410627.021:1305): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410627.023:1306): pid=10334 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10334 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410627.023:1307): pid=10334 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10334 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410627.023:1308): pid=10334 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10334 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410627.024:1309): pid=10334 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=FS_RELABEL msg=audit(1574410638.448:1310): pid=10341 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=mass relabel exe="/usr/sbin/setfiles" hostname=? addr=? terminal=? res=success' -type=USER_END msg=audit(1574410638.793:1311): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410638.794:1312): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410639.119:1313): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410639.120:1314): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410639.121:1315): pid=10343 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10343 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410639.121:1316): pid=10343 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10343 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410639.121:1317): pid=10343 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10343 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410639.123:1318): pid=10343 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_END msg=audit(1574410639.854:1319): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410639.855:1320): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410640.278:1321): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410640.279:1322): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410640.280:1323): pid=10350 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10350 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410640.280:1324): pid=10350 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10350 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410640.280:1325): pid=10350 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10350 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410640.281:1326): pid=10350 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_END msg=audit(1574410640.699:1327): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410640.700:1328): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410640.964:1329): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410640.965:1330): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410640.967:1331): pid=10357 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10357 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410640.967:1332): pid=10357 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10357 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410640.967:1333): pid=10357 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10357 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410640.968:1334): pid=10357 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_END msg=audit(1574410641.402:1335): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410641.403:1336): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410641.668:1337): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410641.670:1338): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410641.671:1339): pid=10364 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10364 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410641.671:1340): pid=10364 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10364 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410641.671:1341): pid=10364 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10364 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410641.672:1342): pid=10364 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_END msg=audit(1574410642.088:1343): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410642.089:1344): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410642.378:1345): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410642.379:1346): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410642.380:1347): pid=10371 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10371 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410642.380:1348): pid=10371 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10371 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410642.380:1349): pid=10371 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10371 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410642.381:1350): pid=10371 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_END msg=audit(1574410642.798:1351): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410642.799:1352): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574410643.576:1353): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_START msg=audit(1574410643.577:1354): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574410643.578:1355): pid=10378 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410643.578:1356): pid=10378 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410643.578:1357): pid=10378 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574410643.580:1358): pid=10378 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=SERVICE_START msg=audit(1574410644.001:1359): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-shutdownd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=USER_END msg=audit(1574410644.178:1360): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574410644.178:1361): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success' -type=SERVICE_START msg=audit(1574410704.009:1362): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.009:1363): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410704.044:1364): pid=796 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=796 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410704.044:1365): pid=796 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=796 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574410704.044:1366): pid=796 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=796 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.081:1367): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.081:1368): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.082:1369): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.082:1370): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.083:1371): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.083:1372): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.085:1373): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.085:1374): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.088:1375): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.088:1376): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.089:1377): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.089:1378): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.090:1379): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.090:1380): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.097:1381): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhsmcertd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.097:1382): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhsmcertd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.110:1383): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.110:1384): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.116:1385): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.116:1386): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.128:1387): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.128:1388): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.187:1389): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-poweroff comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.213:1390): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.213:1391): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.356:1392): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhnsd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.356:1393): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhnsd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.360:1394): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tuned comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.360:1395): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tuned comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.702:1396): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.702:1397): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.703:1398): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.703:1399): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.714:1400): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.714:1401): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.718:1402): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.719:1403): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.724:1404): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-domainname comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.724:1405): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-domainname comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.725:1406): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=selinux-policy-migrate-local-changes@targeted comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.725:1407): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=selinux-policy-migrate-local-changes@targeted comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.726:1408): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.726:1409): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.727:1410): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.727:1411): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.727:1412): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.727:1413): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.729:1414): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.729:1415): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.732:1416): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.732:1417): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SYSTEM_SHUTDOWN msg=audit(1574410704.735:1418): pid=10553 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.739:1419): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.739:1420): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574410704.740:1421): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574410704.740:1422): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=DAEMON_END msg=audit(1574410704.743:1004): op=terminate auid=0 pid=1 subj=system_u:system_r:init_t:s0 res=success -type=DAEMON_START msg=audit(1574672213.672:5618): op=start ver=2.8.5 format=raw kernel=3.10.0-1111.el7.x86_64 auid=4294967295 pid=440 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=success -type=CONFIG_CHANGE msg=audit(1574672213.892:5): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1 -type=CONFIG_CHANGE msg=audit(1574672213.892:6): audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1 -type=SERVICE_START msg=audit(1574672213.898:7): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SYSTEM_BOOT msg=audit(1574672213.918:8): pid=503 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672213.923:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672213.943:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672214.034:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672214.045:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672214.072:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574672214.076:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672214.089:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672214.102:16): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672214.162:17): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672214.195:18): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672214.206:19): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672215.255:20): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672215.327:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672215.436:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672215.465:23): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672215.742:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672216.407:25): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672216.448:26): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhsmcertd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672216.471:27): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=restraintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672217.742:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tuned comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672217.985:29): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.213:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.263:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.274:32): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.355:33): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574672218.355:34): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.368:35): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574672218.368:36): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.369:37): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574672218.369:38): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.370:39): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574672218.370:40): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.372:41): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.373:42): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.412:43): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.445:44): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.654:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhnsd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SYSTEM_RUNLEVEL msg=audit(1574672218.706:46): pid=1158 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672218.709:47): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574672218.709:48): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672219.065:49): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672219.376:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672219.496:51): pid=1310 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=1310 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672219.496:52): pid=1310 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=1310 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672219.496:53): pid=1310 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=1310 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672219.603:54): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=1310 suid=74 rport=57270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672219.603:55): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=1310 suid=74 rport=57270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=USER_AUTH msg=audit(1574672220.227:56): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=57270 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=USER_AUTH msg=audit(1574672220.227:57): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=SHA256:f6:3d:5b:97:0b:77:c1:ca:d1:88:66:19:43:b6:46:bb:d6:b1:9b:77:03:92:51:fa:ff:3e:1c:f8:47:bc:0b:31 rport=57270 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=USER_ACCT msg=audit(1574672220.242:58): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672220.246:59): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1310 suid=74 rport=57270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=USER_AUTH msg=audit(1574672220.248:60): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=success' -type=CRED_ACQ msg=audit(1574672220.252:61): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=LOGIN msg=audit(1574672220.253:62): pid=1305 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=1 res=1 -type=USER_ROLE_CHANGE msg=audit(1574672220.426:63): pid=1305 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672220.470:64): pid=1305 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574672220.739:65): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672220.741:66): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672220.743:67): pid=1895 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=1895 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672220.744:68): pid=1895 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=1895 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672220.744:69): pid=1895 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=1895 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574672220.746:70): pid=1895 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672220.910:71): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRED_DISP msg=audit(1574672220.911:72): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672220.913:73): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574672220.915:74): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672220.915:75): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=1305 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672220.915:76): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=1305 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672220.915:77): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=1305 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672220.915:78): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1305 suid=0 rport=57270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.181:79): pid=2142 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2142 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.181:80): pid=2142 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2142 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.181:81): pid=2142 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2142 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672221.282:82): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=2142 suid=74 rport=57302 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672221.282:83): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=2142 suid=74 rport=57302 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.557:84): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2142 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.557:85): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2142 suid=74 rport=57302 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.560:86): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2097 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.560:87): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2097 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.560:88): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2097 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=USER_LOGIN msg=audit(1574672221.560:89): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=failed' -type=CRYPTO_KEY_USER msg=audit(1574672221.579:90): pid=2156 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2156 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.579:91): pid=2156 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2156 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.579:92): pid=2156 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2156 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672221.675:93): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=2156 suid=74 rport=57300 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672221.675:94): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=2156 suid=74 rport=57300 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.943:95): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2156 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.943:96): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2156 suid=74 rport=57300 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.944:97): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2098 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.944:98): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2098 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.944:99): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2098 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=USER_LOGIN msg=audit(1574672221.945:100): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=failed' -type=CRYPTO_KEY_USER msg=audit(1574672221.960:101): pid=2165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2165 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.960:102): pid=2165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2165 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672221.960:103): pid=2165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2165 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672222.056:104): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=2165 suid=74 rport=57304 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672222.056:105): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=2165 suid=74 rport=57304 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672222.337:106): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2165 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672222.337:107): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2165 suid=74 rport=57304 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672222.339:108): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2099 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672222.339:109): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2099 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672222.339:110): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2099 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=USER_LOGIN msg=audit(1574672222.339:111): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=failed' -type=CRYPTO_KEY_USER msg=audit(1574672222.480:112): pid=2266 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2266 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672222.480:113): pid=2266 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2266 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672222.480:114): pid=2266 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2266 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672222.594:115): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=2266 suid=74 rport=57312 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574672222.594:116): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=2266 suid=74 rport=57312 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=USER_AUTH msg=audit(1574672223.224:117): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=57312 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=USER_AUTH msg=audit(1574672223.224:118): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=SHA256:f6:3d:5b:97:0b:77:c1:ca:d1:88:66:19:43:b6:46:bb:d6:b1:9b:77:03:92:51:fa:ff:3e:1c:f8:47:bc:0b:31 rport=57312 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=USER_ACCT msg=audit(1574672223.234:119): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672223.235:120): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2266 suid=74 rport=57312 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=USER_AUTH msg=audit(1574672223.237:121): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=success' -type=CRED_ACQ msg=audit(1574672223.240:122): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=LOGIN msg=audit(1574672223.240:123): pid=2262 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=2 res=1 -type=USER_ROLE_CHANGE msg=audit(1574672223.405:124): pid=2262 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672223.453:125): pid=2262 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574672223.683:126): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672223.685:127): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672223.704:128): pid=2558 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2558 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672223.704:129): pid=2558 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2558 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672223.704:130): pid=2558 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2558 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574672223.711:131): pid=2558 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672223.892:132): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574672223.893:133): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574672224.017:134): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672224.018:135): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672224.023:136): pid=2586 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2586 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672224.023:137): pid=2586 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2586 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672224.023:138): pid=2586 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2586 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574672224.024:139): pid=2586 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672224.589:140): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574672224.589:141): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574672224.713:142): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672224.714:143): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672224.715:144): pid=2785 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2785 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672224.715:145): pid=2785 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2785 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672224.715:146): pid=2785 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2785 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574672224.721:147): pid=2785 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672224.881:148): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574672224.882:149): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574672225.004:150): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672225.006:151): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.013:152): pid=2897 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2897 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.013:153): pid=2897 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2897 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.013:154): pid=2897 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2897 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574672225.015:155): pid=2897 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672225.346:156): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574672225.347:157): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574672225.473:158): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672225.475:159): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.479:160): pid=3006 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=3006 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.479:161): pid=3006 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=3006 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.479:162): pid=3006 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=3006 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574672225.480:163): pid=3006 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672225.628:164): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574672225.629:165): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574672225.755:166): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_START msg=audit(1574672225.756:167): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.768:168): pid=3070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=3070 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.768:169): pid=3070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=3070 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672225.768:170): pid=3070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=3070 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574672225.770:171): pid=3070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672226.329:172): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574672226.331:173): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=USER_END msg=audit(1574672226.353:174): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRED_DISP msg=audit(1574672226.357:175): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574672226.357:176): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2262 suid=0 rport=57312 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672226.357:177): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2262 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672226.357:178): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2262 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574672226.357:179): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2262 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574672236.042:180): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574672240.878:181): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574672255.229:182): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=USER_ACCT msg=audit(1574672462.013:183): pid=8783 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=CRED_ACQ msg=audit(1574672462.013:184): pid=8783 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=LOGIN msg=audit(1574672462.014:185): pid=8783 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=3 res=1 -type=USER_START msg=audit(1574672462.041:186): pid=8783 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=CRED_REFR msg=audit(1574672462.042:187): pid=8783 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=CRED_DISP msg=audit(1574672462.080:188): pid=8783 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=USER_END msg=audit(1574672462.082:189): pid=8783 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=SERVICE_START msg=audit(1574673147.110:190): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=SERVICE_STOP msg=audit(1574673147.110:191): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.305:192): pid=21112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21112 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.305:193): pid=21112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21112 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.305:194): pid=21112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21112 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574674924.416:195): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=21112 suid=74 rport=43828 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574674924.417:196): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=21112 suid=74 rport=43828 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.931:197): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21112 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.931:198): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21112 suid=74 rport=43828 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.934:199): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21111 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.935:200): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21111 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.935:201): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21111 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=USER_LOGIN msg=audit(1574674924.935:202): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=CRYPTO_KEY_USER msg=audit(1574674924.941:203): pid=21113 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21113 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.941:204): pid=21113 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21113 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674924.941:205): pid=21113 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21113 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574674925.044:206): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=21113 suid=74 rport=43832 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574674925.044:207): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=21113 suid=74 rport=43832 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.452:208): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21113 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.452:209): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21113 suid=74 rport=43832 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.453:210): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21110 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.453:211): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21110 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.453:212): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21110 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=USER_LOGIN msg=audit(1574674925.454:213): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=CRYPTO_KEY_USER msg=audit(1574674925.456:214): pid=21114 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21114 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.456:215): pid=21114 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21114 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.456:216): pid=21114 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21114 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574674925.660:217): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=21114 suid=74 rport=43830 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574674925.660:218): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=21114 suid=74 rport=43830 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.987:219): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21114 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.987:220): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21114 suid=74 rport=43830 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.988:221): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21109 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.988:222): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21109 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674925.988:223): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21109 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=USER_LOGIN msg=audit(1574674925.988:224): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=CRYPTO_KEY_USER msg=audit(1574674926.175:225): pid=21116 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21116 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674926.175:226): pid=21116 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21116 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674926.175:227): pid=21116 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21116 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574674926.291:228): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21116 suid=74 rport=43838 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574674926.291:229): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21116 suid=74 rport=43838 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574674926.933:230): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=43838 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574674926.933:231): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=SHA256:f6:3d:5b:97:0b:77:c1:ca:d1:88:66:19:43:b6:46:bb:d6:b1:9b:77:03:92:51:fa:ff:3e:1c:f8:47:bc:0b:31 rport=43838 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_ACCT msg=audit(1574674926.940:232): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674926.941:233): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21116 suid=74 rport=43838 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574674926.942:234): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success' -type=CRED_ACQ msg=audit(1574674926.943:235): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=LOGIN msg=audit(1574674926.943:236): pid=21115 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=4 res=1 -type=USER_ROLE_CHANGE msg=audit(1574674927.057:237): pid=21115 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674927.082:238): pid=21115 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674927.439:239): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674927.440:240): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674927.443:241): pid=21118 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21118 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674927.443:242): pid=21118 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21118 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674927.443:243): pid=21118 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21118 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674927.445:244): pid=21118 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674927.645:245): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674927.646:246): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674927.775:247): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674927.776:248): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674927.777:249): pid=21123 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21123 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674927.777:250): pid=21123 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21123 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674927.777:251): pid=21123 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21123 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674927.778:252): pid=21123 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674928.585:253): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674928.586:254): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674928.794:255): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674928.795:256): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674928.796:257): pid=21129 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21129 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674928.796:258): pid=21129 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21129 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674928.796:259): pid=21129 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21129 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674928.797:260): pid=21129 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674928.920:261): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674928.921:262): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674929.108:263): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674929.109:264): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.110:265): pid=21134 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21134 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.110:266): pid=21134 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21134 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.110:267): pid=21134 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21134 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674929.111:268): pid=21134 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=SERVICE_START msg=audit(1574674929.221:269): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=USER_END msg=audit(1574674929.343:270): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674929.344:271): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674929.463:272): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674929.464:273): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.465:274): pid=21144 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.465:275): pid=21144 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.465:276): pid=21144 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674929.467:277): pid=21144 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674929.590:278): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674929.591:279): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674929.711:280): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674929.712:281): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.713:282): pid=21149 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21149 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.713:283): pid=21149 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21149 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674929.713:284): pid=21149 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21149 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674929.714:285): pid=21149 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674932.341:286): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674932.342:287): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674932.471:288): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674932.472:289): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674932.473:290): pid=21192 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21192 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674932.473:291): pid=21192 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21192 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674932.473:292): pid=21192 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21192 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674932.474:293): pid=21192 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674932.659:294): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674932.660:295): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674932.867:296): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674932.868:297): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674932.869:298): pid=21197 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21197 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674932.869:299): pid=21197 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21197 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674932.869:300): pid=21197 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21197 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674932.870:301): pid=21197 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674933.076:302): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674933.077:303): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674933.285:304): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674933.286:305): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674933.287:306): pid=21206 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21206 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674933.287:307): pid=21206 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21206 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674933.287:308): pid=21206 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21206 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674933.288:309): pid=21206 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674933.494:310): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674933.495:311): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574674933.703:312): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674933.704:313): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674933.705:314): pid=21211 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21211 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674933.705:315): pid=21211 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21211 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674933.705:316): pid=21211 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21211 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674933.707:317): pid=21211 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674933.912:318): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674933.913:319): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=SERVICE_STOP msg=audit(1574674959.253:320): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=USER_LOGIN msg=audit(1574674986.024:321): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574674986.025:322): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674986.026:323): pid=21220 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21220 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674986.026:324): pid=21220 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21220 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574674986.026:325): pid=21220 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21220 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574674986.028:326): pid=21220 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574674986.165:327): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574674986.166:328): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574674986.328:329): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21225 suid=0 exe="/usr/sbin/sshd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=CRYPTO_KEY_USER msg=audit(1574674986.328:330): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21225 suid=0 exe="/usr/sbin/sshd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=CRYPTO_KEY_USER msg=audit(1574674986.328:331): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21225 suid=0 exe="/usr/sbin/sshd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=USER_LOGIN msg=audit(1574674986.330:332): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/0 res=success' -type=USER_START msg=audit(1574674986.330:333): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/0 res=success' -type=CRED_REFR msg=audit(1574674986.331:334): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=SOFTWARE_UPDATE msg=audit(1574675011.281:335): pid=21251 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="libconfig-1.4.9-5.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=SOFTWARE_UPDATE msg=audit(1574675012.831:336): pid=21251 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="lldpad-1.0.1-5.git036e314.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=SOFTWARE_UPDATE msg=audit(1574675030.837:337): pid=21304 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="systemd-python-219-73.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=SOFTWARE_UPDATE msg=audit(1574675031.450:338): pid=21304 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="setroubleshoot-plugins-3.0.67-4.el7.noarch" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=ADD_GROUP msg=audit(1574675031.488:339): pid=21321 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=994 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' -type=GRP_MGMT msg=audit(1574675031.498:340): pid=21321 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=994 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' -type=ADD_USER msg=audit(1574675031.528:341): pid=21326 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user id=997 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' -type=USER_MGMT msg=audit(1574675031.554:342): pid=21331 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=pam_tally2 reset=0 id=997 exe="/usr/sbin/pam_tally2" hostname=? addr=? terminal=? res=success' -type=DAEMON_CONFIG msg=audit(1574675032.060:1548) op=reconfigure state=changed auid=0 pid=21340 subj=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 res=success -type=SOFTWARE_UPDATE msg=audit(1574675032.075:343): pid=21304 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="setroubleshoot-server-3.2.30-8.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=ADD_GROUP msg=audit(1574675044.229:344): pid=21352 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-group acct="sysadm-user" exe="/usr/sbin/useradd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=ADD_USER msg=audit(1574675044.235:345): pid=21352 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-user id=1000 exe="/usr/sbin/useradd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=USER_MGMT msg=audit(1574675044.278:346): pid=21357 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=pam_tally2 reset=0 id=1000 exe="/usr/sbin/pam_tally2" hostname=? addr=? terminal=/dev/pts/0 res=success' -type=ROLE_ASSIGN msg=audit(1574675045.373:347): pid=21352 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login-sename,role,range acct="sysadm-user" old-seuser=? old-role=? old-range=? new-seuser=sysadm_u new-role=sysadm_r new-range=s0-s0:c0.c1023 exe="/usr/sbin/useradd" hostname=? addr=? terminal=pts/0 res=success' -type=USER_AVC msg=audit(1574675047.413:348): pid=510 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=2) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' -type=MAC_POLICY_LOAD msg=audit(1574675045.619:349): policy loaded auid=0 ses=4 -type=SYSCALL msg=audit(1574675045.619:349): arch=c000003e syscall=1 success=yes exit=3882864 a0=4 a1=7f7518eaf000 a2=3b3f70 a3=7ffe563fd8e0 items=0 ppid=21352 pid=21361 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) -type=PROCTITLE msg=audit(1574675045.619:349): proctitle="/sbin/load_policy" -type=USER_MGMT msg=audit(1574675047.475:350): pid=21352 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=USER_CHAUTHTOK msg=audit(1574675063.946:351): pid=21362 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=PAM:chauthtok grantors=pam_pwquality,pam_unix acct="sysadm-user" exe="/usr/bin/passwd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=CRYPTO_KEY_USER msg=audit(1574675095.611:352): pid=21370 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21370 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675095.611:353): pid=21370 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21370 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675095.611:354): pid=21370 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21370 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574675095.732:355): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21370 suid=74 rport=43938 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574675095.732:356): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21370 suid=74 rport=43938 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574675096.637:357): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=USER_AUTH msg=audit(1574675100.275:358): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_ACCT msg=audit(1574675100.279:359): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.285:360): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21370 suid=74 rport=43938 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574675100.287:361): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success' -type=CRED_ACQ msg=audit(1574675100.288:362): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=LOGIN msg=audit(1574675100.288:363): pid=21369 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=5 res=1 -type=USER_START msg=audit(1574675100.350:364): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=? acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=failed' -type=CRYPTO_KEY_USER msg=audit(1574675100.352:365): pid=21373 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21373 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.352:366): pid=21373 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21373 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.352:367): pid=21373 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21373 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_ACQ msg=audit(1574675100.354:368): pid=21373 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574675100.700:369): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success' -type=USER_START msg=audit(1574675100.701:370): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.705:371): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21374 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=USER_END msg=audit(1574675100.705:372): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success' -type=USER_LOGOUT msg=audit(1574675100.705:373): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.931:374): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21373 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.931:375): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21373 suid=1000 rport=43938 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRED_DISP msg=audit(1574675100.933:376): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.933:377): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21369 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.933:378): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21369 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675100.933:379): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21369 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=MAC_CONFIG_CHANGE msg=audit(1574675113.286:380): bool=ssh_sysadm_login val=1 old_val=0 auid=0 ses=4 -type=SYSCALL msg=audit(1574675113.286:380): arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=7ffd8dfb32e0 a2=2 a3=7ffd8dfb26e0 items=0 ppid=21236 pid=21376 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm="setsebool" exe="/usr/sbin/setsebool" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) -type=PROCTITLE msg=audit(1574675113.286:380): proctitle=7365747365626F6F6C007373685F73797361646D5F6C6F67696E006F6E -type=USER_AVC msg=audit(1574675113.294:381): pid=510 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=3) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' -type=CRYPTO_KEY_USER msg=audit(1574675115.046:382): pid=21378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675115.046:383): pid=21378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675115.046:384): pid=21378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574675115.255:385): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21378 suid=74 rport=43948 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574675115.256:386): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21378 suid=74 rport=43948 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574675116.381:387): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=USER_AUTH msg=audit(1574675119.281:388): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_ACCT msg=audit(1574675119.285:389): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574675119.289:390): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21378 suid=74 rport=43948 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574675119.291:391): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success' -type=CRED_ACQ msg=audit(1574675119.292:392): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=LOGIN msg=audit(1574675119.292:393): pid=21377 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=6 res=1 -type=USER_ROLE_CHANGE msg=audit(1574675119.318:394): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 selected-context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574675119.348:395): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574675119.349:396): pid=21381 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21381 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675119.349:397): pid=21381 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21381 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675119.350:398): pid=21381 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21381 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_ACQ msg=audit(1574675119.351:399): pid=21381 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574675119.842:400): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success' -type=USER_START msg=audit(1574675119.843:401): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success' -type=CRYPTO_KEY_USER msg=audit(1574675119.856:402): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21382 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=SERVICE_START msg=audit(1574675129.532:403): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lldpad comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' -type=AVC msg=audit(1574675142.213:404): avc: denied { sendto } for pid=21445 comm="lldptool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0 -type=SYSCALL msg=audit(1574675142.213:404): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=556166aa2082 a2=14 a3=f items=0 ppid=21382 pid=21445 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=6 comm="lldptool" exe="/usr/sbin/lldptool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null) -type=PROCTITLE msg=audit(1574675142.213:404): proctitle=6C6C6470746F6F6C002D2D68656C70 -type=AVC msg=audit(1574675155.993:405): avc: denied { sendto } for pid=21453 comm="vdptool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0 -type=SYSCALL msg=audit(1574675155.993:405): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=55ed05d7f082 a2=14 a3=f items=0 ppid=21382 pid=21453 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=6 comm="vdptool" exe="/usr/sbin/vdptool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null) -type=PROCTITLE msg=audit(1574675155.993:405): proctitle="vdptool" -type=AVC msg=audit(1574675156.994:406): avc: denied { sendto } for pid=21453 comm="vdptool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0 -type=SYSCALL msg=audit(1574675156.994:406): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=55ed05d7f082 a2=14 a3=f items=0 ppid=21382 pid=21453 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=6 comm="vdptool" exe="/usr/sbin/vdptool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null) -type=PROCTITLE msg=audit(1574675156.994:406): proctitle="vdptool" -type=USER_END msg=audit(1574675346.431:407): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success' -type=USER_LOGOUT msg=audit(1574675346.431:408): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success' -type=CRYPTO_KEY_USER msg=audit(1574675346.577:409): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21381 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675346.578:410): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21381 suid=1000 rport=43948 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_END msg=audit(1574675346.588:411): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRED_DISP msg=audit(1574675346.589:412): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574675346.590:413): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21377 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675346.590:414): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21377 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574675346.590:415): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21377 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676014.438:416): pid=21483 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21483 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676014.438:417): pid=21483 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21483 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676014.438:418): pid=21483 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21483 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574676014.561:419): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21483 suid=74 rport=44920 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574676014.561:420): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21483 suid=74 rport=44920 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574676015.558:421): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=USER_ACCT msg=audit(1574676061.116:422): pid=21485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=CRED_ACQ msg=audit(1574676061.116:423): pid=21485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=LOGIN msg=audit(1574676061.117:424): pid=21485 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=7 res=1 -type=USER_START msg=audit(1574676061.134:425): pid=21485 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=CRED_REFR msg=audit(1574676061.134:426): pid=21485 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=CRED_DISP msg=audit(1574676061.155:427): pid=21485 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=USER_END msg=audit(1574676061.156:428): pid=21485 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' -type=USER_AUTH msg=audit(1574676091.306:429): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=failed' -type=USER_AUTH msg=audit(1574676093.653:430): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=USER_AUTH msg=audit(1574676097.622:431): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=failed' -type=USER_AUTH msg=audit(1574676099.791:432): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=USER_CHAUTHTOK msg=audit(1574676108.719:433): pid=21500 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=PAM:chauthtok grantors=pam_pwquality,pam_unix acct="root" exe="/usr/bin/passwd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success' -type=USER_AUTH msg=audit(1574676112.952:434): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_ACCT msg=audit(1574676112.957:435): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574676112.959:436): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21483 suid=74 rport=44920 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574676112.961:437): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success' -type=CRED_ACQ msg=audit(1574676112.962:438): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=LOGIN msg=audit(1574676112.962:439): pid=21482 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=8 res=1 -type=USER_ROLE_CHANGE msg=audit(1574676113.090:440): pid=21482 uid=0 auid=0 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574676113.117:441): pid=21482 uid=0 auid=0 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574676113.509:442): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574676113.510:443): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574676113.514:444): pid=21506 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21506 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676113.514:445): pid=21506 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21506 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676113.514:446): pid=21506 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21506 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574676113.516:447): pid=21506 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574676114.450:448): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRED_DISP msg=audit(1574676114.451:449): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_END msg=audit(1574676114.453:450): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGOUT msg=audit(1574676114.454:451): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574676114.454:452): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21482 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676114.454:453): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21482 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676114.454:454): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21482 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676114.454:455): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21482 suid=0 rport=44920 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676260.369:456): pid=21516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21516 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676260.369:457): pid=21516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21516 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676260.369:458): pid=21516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21516 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574676260.572:459): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21516 suid=74 rport=45194 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574676260.573:460): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21516 suid=74 rport=45194 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574676261.389:461): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=USER_AUTH msg=audit(1574676264.491:462): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_ACCT msg=audit(1574676264.495:463): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574676264.498:464): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21516 suid=74 rport=45194 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574676264.500:465): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success' -type=CRED_ACQ msg=audit(1574676264.500:466): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=LOGIN msg=audit(1574676264.501:467): pid=21515 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=9 res=1 -type=USER_ROLE_CHANGE msg=audit(1574676264.528:468): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 selected-context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574676264.553:469): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574676264.554:470): pid=21519 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21519 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676264.555:471): pid=21519 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21519 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676264.555:472): pid=21519 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21519 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_ACQ msg=audit(1574676264.556:473): pid=21519 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574676264.954:474): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success' -type=USER_START msg=audit(1574676264.955:475): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success' -type=CRYPTO_KEY_USER msg=audit(1574676264.968:476): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21520 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=AVC msg=audit(1574676269.109:477): avc: denied { sendto } for pid=21539 comm="dcbtool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0 -type=SYSCALL msg=audit(1574676269.109:477): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=558107411082 a2=14 a3=21000 items=0 ppid=21520 pid=21539 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=9 comm="dcbtool" exe="/usr/sbin/dcbtool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null) -type=PROCTITLE msg=audit(1574676269.109:477): proctitle="dcbtool" -type=AVC msg=audit(1574676270.109:478): avc: denied { sendto } for pid=21539 comm="dcbtool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0 -type=SYSCALL msg=audit(1574676270.109:478): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=558107411082 a2=14 a3=f items=0 ppid=21520 pid=21539 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=9 comm="dcbtool" exe="/usr/sbin/dcbtool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null) -type=PROCTITLE msg=audit(1574676270.109:478): proctitle="dcbtool" -type=USER_END msg=audit(1574676314.202:479): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success' -type=USER_LOGOUT msg=audit(1574676314.202:480): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success' -type=CRYPTO_KEY_USER msg=audit(1574676314.359:481): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21519 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676314.359:482): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21519 suid=1000 rport=45194 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_END msg=audit(1574676314.365:483): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRED_DISP msg=audit(1574676314.366:484): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574676314.366:485): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21515 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676314.367:486): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21515 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676314.367:487): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21515 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676320.600:488): pid=21551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21551 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676320.600:489): pid=21551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21551 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676320.600:490): pid=21551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21551 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574676320.714:491): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21551 suid=74 rport=45270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=CRYPTO_SESSION msg=audit(1574676320.714:492): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256@libssh.org spid=21551 suid=74 rport=45270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574676321.562:493): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed' -type=USER_AUTH msg=audit(1574676324.674:494): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_ACCT msg=audit(1574676324.678:495): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574676324.679:496): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21551 suid=74 rport=45270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success' -type=USER_AUTH msg=audit(1574676324.681:497): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success' -type=CRED_ACQ msg=audit(1574676324.682:498): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=LOGIN msg=audit(1574676324.682:499): pid=21550 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=10 res=1 -type=USER_ROLE_CHANGE msg=audit(1574676324.801:500): pid=21550 uid=0 auid=0 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574676324.826:501): pid=21550 uid=0 auid=0 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_LOGIN msg=audit(1574676325.219:502): pid=21550 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=USER_START msg=audit(1574676325.220:503): pid=21550 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' -type=CRYPTO_KEY_USER msg=audit(1574676325.223:504): pid=21554 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21554 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676325.223:505): pid=21554 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21554 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRYPTO_KEY_USER msg=audit(1574676325.223:506): pid=21554 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21554 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' -type=CRED_REFR msg=audit(1574676325.225:507): pid=21554 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success' diff --git a/tests/Regression/embedded-null-byte-in-audit-records/runtest.sh b/tests/Regression/embedded-null-byte-in-audit-records/runtest.sh deleted file mode 100755 index eec62c1..0000000 --- a/tests/Regression/embedded-null-byte-in-audit-records/runtest.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/setroubleshoot/Regression/embedded-null-byte-in-audit-records -# Description: Is sealert able to processes audit messages which contain embedded null bytes? -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2019 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="setroubleshoot" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm ${PACKAGE} - rlRun "rpm -qf /usr/sbin/ausearch" - rlRun "rpm -qf /usr/bin/audit2allow" - rlRun "rpm -qf /usr/bin/sealert" - OUTPUT_FILE=`mktemp` - rlPhaseEnd - - rlPhaseStartTest "bz#1775135 + bz#1776199" - if rlIsRHEL 7 ; then - rlRun "ausearch -i -m avc -if ./audit.log" - rlRun "audit2allow -i ./audit.log" - # if sealert got stuck, kill it after 15 seconds - rlWatchdog "sealert -a ./audit.log 2>&1 | tee ${OUTPUT_FILE}" 15 - else # Fedora, RHEL-8 and above - rlRun "ausearch -i -m avc -if ./short.log" - rlRun "audit2allow -i ./short.log" - # if sealert got stuck, kill it after 15 seconds - rlWatchdog "sealert -a ./short.log 2>&1 | tee ${OUTPUT_FILE}" 15 - fi - rlRun "grep -i -e Traceback -e TypeError -e embedded -e \"null byte\" ${OUTPUT_FILE}" 1 - rlRun "grep -i \"Plugin catchall\" ${OUTPUT_FILE}" 0 - if [ $? -ne 0 ]; then cat ${OUTPUT_FILE}; fi - rlPhaseEnd - - rlPhaseStartCleanup - rm -f ${OUTPUT_FILE} - rlPhaseEnd -rlJournalPrintText -rlJournalEnd - diff --git a/tests/Regression/embedded-null-byte-in-audit-records/short.log b/tests/Regression/embedded-null-byte-in-audit-records/short.log deleted file mode 100644 index 15c34ae..0000000 --- a/tests/Regression/embedded-null-byte-in-audit-records/short.log +++ /dev/null @@ -1,4 +0,0 @@ -type=AVC msg=audit(1574094303.139:1096): avc: denied { sendto } for pid=18278 comm="dcbtool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0 -type=SYSCALL msg=audit(1574094303.139:1096): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=55c52f80bf02 a2=14 a3=0 items=0 ppid=12504 pid=18278 auid=1005 uid=1005 gid=1005 euid=1005 suid=1005 fsuid=1005 egid=1005 sgid=1005 fsgid=1005 tty=pts1 ses=33 comm="dcbtool" exe="/usr/sbin/dcbtool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=connect AUID="sysadm-user" UID="sysadm-user" GID="sysadm-user" EUID="sysadm-user" SUID="sysadm-user" FSUID="sysadm-user" EGID="sysadm-user" SGID="sysadm-user" FSGID="sysadm-user" -type=SOCKADDR msg=audit(1574094303.139:1096): saddr=0100002F636F6D2F696E74656C2F6C6C64706164SADDR={ saddr_fam=local path=/com/intel/lldpad } -type=PROCTITLE msg=audit(1574094303.139:1096): proctitle="dcbtool" diff --git a/tests/Regression/no-plugin-exception-during-analyses/Makefile b/tests/Regression/no-plugin-exception-during-analyses/Makefile deleted file mode 100644 index ff78118..0000000 --- a/tests/Regression/no-plugin-exception-during-analyses/Makefile +++ /dev/null @@ -1,65 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses -# Description: Does setroubleshoot report any 'Plugin Exception' during analyses? -# Author: Petr Lautrbach -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2020 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile short.log - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Petr Lautrbach " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: Does setroubleshoot report any 'Plugin Exception' during analyses?" >> $(METADATA) - @echo "Type: Regression" >> $(METADATA) - @echo "TestTime: 5m" >> $(METADATA) - @echo "RunFor: setroubleshoot" >> $(METADATA) - @echo "Requires: setroubleshoot-server" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Environment: AVC_ERROR=+no_avc_check" >> $(METADATA) - @echo "Bug: 1784564" >> $(METADATA) # RHEL-7 - - rhts-lint $(METADATA) - diff --git a/tests/Regression/no-plugin-exception-during-analyses/main.fmf b/tests/Regression/no-plugin-exception-during-analyses/main.fmf deleted file mode 100644 index 923b8d6..0000000 --- a/tests/Regression/no-plugin-exception-during-analyses/main.fmf +++ /dev/null @@ -1,15 +0,0 @@ -summary: Does setroubleshoot report any 'Plugin Exception' during analyses? -contact: Petr Lautrbach -component: - - setroubleshoot -test: ./runtest.sh -framework: beakerlib -recommend: - - setroubleshoot-server -environment: - AVC_ERROR: +no_avc_check -duration: 5m -link: - - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1784564 -extra-summary: /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses -extra-task: /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses diff --git a/tests/Regression/no-plugin-exception-during-analyses/runtest.sh b/tests/Regression/no-plugin-exception-during-analyses/runtest.sh deleted file mode 100755 index 74ea50a..0000000 --- a/tests/Regression/no-plugin-exception-during-analyses/runtest.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses -# Description: Does setroubleshoot report any 'Plugin Exception' during analyses? -# Author: Petr Lautrbach -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2020 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="setroubleshoot" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm ${PACKAGE}-server - rlAssertRpm ${PACKAGE}-plugins - rlPhaseEnd - - rlPhaseStartTest "no 'Plugin Exception'" - SINCE=$(date '+%Y-%m-%d %H:%M:%S') - RANDOM_NUMBER=${RANDOM} - rlRun "passwd --help >& /root/output-${RANDOM_NUMBER}.txt" - rlRun "rm -f /root/output-${RANDOM_NUMBER}.txt" - sleep 10 - rlRun "journalctl --since=\"$SINCE\" > journal-after.txt" - STATUS=0 - rlAssertGrep "setroubleshoot.*: SELinux is preventing (/usr/bin/)?passwd" journal-after.txt -E - [[ $? -eq 0 ]] || STATUS=$? - rlAssertNotGrep "setroubleshoot.*: Plugin Exception " journal-after.txt - [[ $? -eq 0 ]] || STATUS=$? - rlRun "[[ $STATUS -eq 0 ]] || cat journal-after.txt" - rlRun "rm -f journal-after.txt" - rlPhaseEnd - - rlPhaseStartTest "no 'Plugin Exception' in short.log" - OUTPUT_FILE=`mktemp` - rlRun "sealert -a ./short.log >& $OUTPUT_FILE" - STATUS=0 - rlAssertNotGrep "'generator' object is not subscriptable" $OUTPUT_FILE - [[ $? -eq 0 ]] || STATUS=$? - rlAssertGrep "Plugin catchall_labels" $OUTPUT_FILE - [[ $? -eq 0 ]] || STATUS=$? - rlRun "[[ $STATUS -eq 0 ]] || cat $OUTPUT_FILE" - rlRun "rm -f $OUTPUT_FILE" - rlPhaseEnd - - rlPhaseStartCleanup - rlPhaseEnd -rlJournalPrintText -rlJournalEnd - diff --git a/tests/Regression/no-plugin-exception-during-analyses/short.log b/tests/Regression/no-plugin-exception-during-analyses/short.log deleted file mode 100644 index ba154b2..0000000 --- a/tests/Regression/no-plugin-exception-during-analyses/short.log +++ /dev/null @@ -1,10 +0,0 @@ -type=PROCTITLE msg=audit(1574867531.103:1226): proctitle=2F7573722F7362696E2F6368726F6E7964002D6E002D66002F7661722F72756E2F74696D656D61737465722F6368726F6E792E636F6E66 -type=AVC msg=audit(1574867531.516:1227): avc: denied { read } for pid=936 comm="auditd" name="passwd" dev="sda2" ino=25468387 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 -type=AVC msg=audit(1574867531.516:1228): avc: denied { read } for pid=936 comm="auditd" name="passwd" dev="sda2" ino=25468387 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 -type=AVC msg=audit(1574867531.516:1229): avc: denied { write } for pid=936 comm="auditd" name="nss" dev="sda2" ino=209156 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sock_file permissive=0 -type=AVC msg=audit(1574867531.516:1230): avc: denied { read } for pid=936 comm="auditd" name="group" dev="sda2" ino=25468401 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 -type=AVC msg=audit(1574867531.516:1231): avc: denied { read } for pid=936 comm="auditd" name="group" dev="sda2" ino=25468401 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 -type=AVC msg=audit(1574867531.516:1232): avc: denied { write } for pid=936 comm="auditd" name="nss" dev="sda2" ino=209156 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sock_file permissive=0 -type=SYSCALL msg=audit(1574867527.549:1163): arch=c000003e syscall=21 success=no exit=-13 a0=7f61e4002460 a1=4 a2=0 a3=0 items=1 ppid=1 pid=1871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="in:imjournal" exe="/usr/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)ARCH=x86_64 SYSCALL=access AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" -type=CWD msg=audit(1574867527.549:1163): cwd="/" -type=PATH msg=audit(1574867527.549:1163): item=0 name="/var/lib/rsyslog/imjournal.state" inode=25845859 dev=08:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0OUID="root" OGID="root" diff --git a/tests/Regression/sealert-s-traceback-invalid-display/Makefile b/tests/Regression/sealert-s-traceback-invalid-display/Makefile deleted file mode 100644 index 6e3ad3d..0000000 --- a/tests/Regression/sealert-s-traceback-invalid-display/Makefile +++ /dev/null @@ -1,63 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display -# Description: Test for traceback when using sealert -s with DISPLAY set to invalid value -# Author: Vit Mojzis -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2020 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Vit Mojzis " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: Test for traceback when using sealert -s with display set to invalid value" >> $(METADATA) - @echo "Type: Regression" >> $(METADATA) - @echo "TestTime: 5m" >> $(METADATA) - @echo "RunFor: setroubleshoot" >> $(METADATA) - @echo "Requires: setroubleshoot" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Bug: 1574434" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/Regression/sealert-s-traceback-invalid-display/main.fmf b/tests/Regression/sealert-s-traceback-invalid-display/main.fmf deleted file mode 100644 index e6c6f7f..0000000 --- a/tests/Regression/sealert-s-traceback-invalid-display/main.fmf +++ /dev/null @@ -1,13 +0,0 @@ -summary: Test for traceback when using sealert -s with display set to invalid value -contact: Vit Mojzis -component: - - setroubleshoot -test: ./runtest.sh -framework: beakerlib -recommend: - - setroubleshoot -duration: 5m -link: - - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1574434 -extra-summary: /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display -extra-task: /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display diff --git a/tests/Regression/sealert-s-traceback-invalid-display/runtest.sh b/tests/Regression/sealert-s-traceback-invalid-display/runtest.sh deleted file mode 100755 index 55b0fdd..0000000 --- a/tests/Regression/sealert-s-traceback-invalid-display/runtest.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display -# Description: Test for traceback when using sealert -s with DISPLAY set to invalid value -# Author: Vit Mojzis -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2020 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation, either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="setroubleshoot-server" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm $PACKAGE - OUTPUT_FILE=`mktemp` - rlPhaseEnd - - rlPhaseStartTest - rlRun "DISPLAY=yolo sealert -s 2>&1 | tee ${OUTPUT_FILE}" - rlRun "grep Traceback ${OUTPUT_FILE}" 1 - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/Sanity/public_content/Makefile b/tests/Sanity/public_content/Makefile deleted file mode 100644 index c02d937..0000000 --- a/tests/Sanity/public_content/Makefile +++ /dev/null @@ -1,65 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/setroubleshoot-plugins/Sanity/public_content -# Description: Does the plugin work as expected? -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2017 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/setroubleshoot-plugins/Sanity/public_content -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Milos Malik " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: Does the plugin work as expected?" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 10m" >> $(METADATA) - @echo "RunFor: setroubleshoot-plugins" >> $(METADATA) - @echo "Requires: setroubleshoot-plugins setroubleshoot-server audit setools-console psmisc libselinux-utils rsyslog" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) - @echo "Environment: AVC_ERROR=+no_avc_check" >> $(METADATA) - - rhts-lint $(METADATA) - diff --git a/tests/Sanity/public_content/PURPOSE b/tests/Sanity/public_content/PURPOSE deleted file mode 100644 index 199aa65..0000000 --- a/tests/Sanity/public_content/PURPOSE +++ /dev/null @@ -1,7 +0,0 @@ -PURPOSE of /CoreOS/setroubleshoot-plugins/Sanity/public_content -Author: Milos Malik - -Does the plugin work as expected? - -Default value of ANALYSIS_DELAY can be overriden. - diff --git a/tests/Sanity/public_content/main.fmf b/tests/Sanity/public_content/main.fmf deleted file mode 100644 index f62fd6d..0000000 --- a/tests/Sanity/public_content/main.fmf +++ /dev/null @@ -1,24 +0,0 @@ -summary: Does the plugin work as expected? -description: |+ - Does the plugin work as expected? - - Default value of ANALYSIS_DELAY can be overriden. - -contact: Milos Malik -component: - - setroubleshoot-plugins -test: ./runtest.sh -framework: beakerlib -recommend: - - setroubleshoot-plugins - - setroubleshoot-server - - audit - - setools-console - - psmisc - - libselinux-utils - - rsyslog -environment: - AVC_ERROR: +no_avc_check -duration: 10m -extra-summary: /CoreOS/setroubleshoot-plugins/Sanity/public_content -extra-task: /CoreOS/setroubleshoot-plugins/Sanity/public_content diff --git a/tests/Sanity/public_content/runtest.sh b/tests/Sanity/public_content/runtest.sh deleted file mode 100755 index 60fe547..0000000 --- a/tests/Sanity/public_content/runtest.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/setroubleshoot-plugins/Sanity/public_content -# Description: Does the plugin work as expected? -# Author: Milos Malik -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2017 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="setroubleshoot-plugins" -PLUGIN_NAME="public_content" -ANALYSIS_DELAY=${ANALYSIS_DELAY:-"16"} - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm ${PACKAGE} - rlAssertRpm setroubleshoot-server - rlServiceStart auditd - rlFileBackup /var/lib/setroubleshoot/setroubleshoot_database.xml - rlRun "rm -f /var/lib/setroubleshoot/setroubleshoot_database.xml" - BEFORE=`mktemp` - AFTER=`mktemp` - rlRun "killall setroubleshootd" 0,1 - rlRun "mkdir -p /var/test-dir" - rlRun "chcon -t samba_share_t /var/test-dir" - rlRun "touch /var/test-file" - rlRun "chcon -t samba_share_t /var/test-file" - rlPhaseEnd - - rlPhaseStartTest - if rlIsRHEL 6 7 ; then - ADD_OPT="-C" - fi - rlRun "sesearch -s rsync_t -t samba_share_t -c dir -p read -A --dontaudit ${ADD_OPT} | grep -v '\]' | grep -e allow -e dontaudit" 1 - rlRun "sesearch -s rsync_t -t samba_share_t -c file -p read -A --dontaudit ${ADD_OPT} | grep -v '\]' | grep -e allow -e dontaudit" 1 - rlRun "setsebool rsync_export_all_ro off" - if ! rlIsRHEL 6 ; then - rlRun "setsebool rsync_full_access off" - fi - rlRun "sealert -l '*' > ${BEFORE}" - rlRun "cat /var/log/messages > ./messages" - rlRun "setenforce 0" - rlRun "runcon system_u:system_r:rsync_t:s0 bash -c 'ls /var/test-dir'" 0,1 - rlRun "runcon system_u:system_r:rsync_t:s0 bash -c 'cat /var/test-file'" 0,1 - rlRun "setenforce 1" - rlRun "sleep ${ANALYSIS_DELAY}" - rlRun "ps -efZ | grep setroubleshootd" 0,1 - rlRun "sealert -l '*' > ${AFTER}" 0-3 - rlRun "ausearch -m avc -m selinux_err -i -ts recent --input-logs | grep 'read.*ls.*test-dir.*:rsync_t:.*:samba_share_t:.*tclass=dir'" - rlRun "ausearch -m avc -m selinux_err -i -ts recent --input-logs | grep 'read.*cat.*test-file.*:rsync_t:.*:samba_share_t:.*tclass=file'" - rlRun "diff ${BEFORE} ${AFTER} | grep \"Plugin.*suggests\"" - rlRun "diff ${BEFORE} ${AFTER} | grep \"Plugin ${PLUGIN_NAME} .*suggests\"" - rlRun "diff /var/log/messages ./messages | grep -i -e 'setroubleshoot.*exception' -e 'no such file or directory'" 1 - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "rm -rf /var/test-dir /var/test-file" - rm -f ${BEFORE} - rm -f ${AFTER} - rlFileRestore - rlPhaseEnd -rlJournalPrintText -rlJournalEnd -