Compare commits

..

No commits in common. "c9s" and "c8" have entirely different histories.
c9s ... c8

47 changed files with 40624 additions and 1984 deletions

View File

@ -1 +0,0 @@
1

220
.gitignore vendored
View File

@ -1,219 +1 @@
setroubleshoot-2.0.6.tar.gz
setroubleshoot-2.0.8.tar.gz
setroubleshoot-2.0.9.tar.gz
setroubleshoot-2.0.10.tar.gz
setroubleshoot-2.0.11.tar.gz
setroubleshoot-2.0.12.tar.gz
setroubleshoot-2.1.1.tar.gz
setroubleshoot-2.1.2.tar.gz
setroubleshoot-2.1.3.tar.gz
setroubleshoot-2.1.4.tar.gz
setroubleshoot-2.1.5.tar.gz
setroubleshoot-2.1.6.tar.gz
setroubleshoot-2.1.7.tar.gz
setroubleshoot-2.1.8.tar.gz
setroubleshoot-2.1.9.tar.gz
setroubleshoot-2.1.10.tar.gz
setroubleshoot-2.1.11.tar.gz
setroubleshoot-2.1.12.tar.gz
setroubleshoot-2.1.13.tar.gz
setroubleshoot-2.1.14.tar.gz
setroubleshoot-2.2.1.tar.gz
setroubleshoot-2.2.2.tar.gz
setroubleshoot-2.2.7.tar.gz
setroubleshoot-2.2.8.tar.gz
setroubleshoot-2.2.9.tar.gz
setroubleshoot-2.2.10.tar.gz
setroubleshoot-2.2.11.tar.gz
setroubleshoot-2.2.12.tar.gz
setroubleshoot-2.2.13.tar.gz
setroubleshoot-2.2.14.tar.gz
setroubleshoot-2.2.15.tar.gz
setroubleshoot-2.2.16.tar.gz
setroubleshoot-2.2.17.tar.gz
setroubleshoot-2.2.18.tar.gz
setroubleshoot-2.2.19.tar.gz
setroubleshoot-2.2.20.tar.gz
setroubleshoot-2.2.21.tar.gz
setroubleshoot-2.2.22.tar.gz
setroubleshoot-2.2.23.tar.gz
setroubleshoot-2.2.24.tar.gz
setroubleshoot-2.2.26.tar.gz
setroubleshoot-2.2.27.tar.gz
setroubleshoot-2.2.28.tar.gz
setroubleshoot-2.2.30.tar.gz
setroubleshoot-2.2.31.tar.gz
setroubleshoot-2.2.32.tar.gz
setroubleshoot-2.2.33.tar.gz
setroubleshoot-2.2.34.tar.gz
setroubleshoot-2.2.35.tar.gz
setroubleshoot-2.2.36.tar.gz
setroubleshoot-2.2.37.tar.gz
setroubleshoot-2.2.38.tar.gz
setroubleshoot-2.2.39.tar.gz
setroubleshoot-2.2.40.tar.gz
setroubleshoot-2.2.41.tar.gz
setroubleshoot-2.2.42.tar.gz
setroubleshoot-2.2.43.tar.gz
setroubleshoot-2.2.44.tar.gz
setroubleshoot-2.2.45.tar.gz
setroubleshoot-2.2.46.tar.gz
setroubleshoot-2.2.47.tar.gz
setroubleshoot-2.2.48.tar.gz
setroubleshoot-2.2.50.tar.gz
setroubleshoot-2.2.52.tar.gz
setroubleshoot-2.2.55.tar.gz
setroubleshoot-2.2.56.tar.gz
setroubleshoot-2.2.57.tar.gz
setroubleshoot-2.2.58.tar.gz
setroubleshoot-2.2.59.tar.gz
setroubleshoot-2.2.60.tar.gz
setroubleshoot-2.2.61.tar.gz
setroubleshoot-2.2.62.tar.gz
setroubleshoot-2.2.63.tar.gz
setroubleshoot-2.2.64.tar.gz
setroubleshoot-2.2.65.tar.gz
setroubleshoot-2.2.66.tar.gz
setroubleshoot-2.2.67.tar.gz
setroubleshoot-2.2.69.tar.gz
setroubleshoot-2.2.70.tar.gz
setroubleshoot-2.2.71.tar.gz
setroubleshoot-2.2.72.tar.gz
setroubleshoot-2.2.73.tar.gz
setroubleshoot-2.2.74.tar.gz
setroubleshoot-2.2.75.tar.gz
setroubleshoot-2.2.76.tar.gz
setroubleshoot-2.2.77.tar.gz
setroubleshoot-2.2.79.tar.gz
setroubleshoot-2.2.80.tar.gz
setroubleshoot-2.2.81.tar.gz
setroubleshoot-2.2.82.tar.gz
setroubleshoot-2.2.83.tar.gz
setroubleshoot-2.2.84.tar.gz
setroubleshoot-2.2.85.tar.gz
setroubleshoot-2.2.86.tar.gz
setroubleshoot-2.2.87.tar.gz
setroubleshoot-2.2.88.tar.gz
setroubleshoot-2.2.89.tar.gz
setroubleshoot-2.2.91.tar.gz
setroubleshoot-2.2.93.tar.gz
/setroubleshoot-2.2.95.tar.gz
/setroubleshoot-2.2.96.tar.gz
/setroubleshoot-2.2.97.tar.gz
/setroubleshoot-2.2.98.tar.gz
/setroubleshoot-2.2.99.tar.gz
/setroubleshoot-2.2.100.tar.gz
/setroubleshoot-2.2.101.tar.gz
/setroubleshoot-2.2.102.tar.gz
/setroubleshoot-3.0.0.tar.gz
/setroubleshoot-3.0.1.tar.gz
/setroubleshoot-3.0.2.tar.gz
/setroubleshoot-3.0.3.tar.gz
/setroubleshoot-3.0.4.tar.gz
/setroubleshoot-3.0.5.tar.gz
/setroubleshoot-3.0.6.tar.gz
/setroubleshoot-3.0.7.tar.gz
/setroubleshoot-3.0.8.tar.gz
/setroubleshoot-3.0.9.tar.gz
/setroubleshoot-3.0.10.tar.gz
/setroubleshoot-3.0.11.tar.gz
/setroubleshoot-3.0.12.tar.gz
/setroubleshoot-3.0.13.tar.gz
/setroubleshoot-3.0.14.tar.gz
/setroubleshoot-3.0.15.tar.gz
/setroubleshoot-3.0.16.tar.gz
/setroubleshoot-3.0.17.tar.gz
/setroubleshoot-3.0.19.tar.gz
/setroubleshoot-3.0.20.tar.gz
/setroubleshoot-3.0.22.tar.gz
/setroubleshoot-3.0.23.tar.gz
/setroubleshoot-3.0.24.tar.gz
/setroubleshoot-3.0.25.tar.gz
/setroubleshoot-3.0.26.tar.gz
/setroubleshoot-3.0.27.tar.gz
/setroubleshoot-3.0.31.tar.gz
/setroubleshoot-3.0.32.tar.gz
/setroubleshoot-3.0.33.tar.gz
/setroubleshoot-3.0.37.tar.gz
/setroubleshoot-3.0.38.tar.gz
/setroubleshoot-3.0.40.tar.gz
/setroubleshoot-3.0.41.tar.gz
/setroubleshoot-3.0.42.tar.gz
/setroubleshoot-3.0.43.tar.gz
/setroubleshoot-3.0.44.tar.gz
/setroubleshoot-3.0.45.tar.gz
/setroubleshoot-3.0.46.tar.gz
/setroubleshoot-3.0.47.tar.gz
/setroubleshoot-3.1.1.tar.gz
/setroubleshoot-3.1.2.tar.gz
/setroubleshoot-3.1.3.tar.gz
/setroubleshoot-3.1.4.tar.gz
/setroubleshoot-3.1.5.tar.gz
/setroubleshoot-3.1.6.tar.gz
/setroubleshoot-3.1.7.tar.gz
/setroubleshoot-3.1.8.tar.gz
/setroubleshoot-3.1.9.tar.gz
/setroubleshoot-3.1.11.tar.gz
/setroubleshoot-3.1.12.tar.gz
/setroubleshoot-3.1.14.tar.gz
/setroubleshoot-3.1.15.tar.gz
/setroubleshoot-3.1.16.tar.gz
/setroubleshoot-3.1.17.tar.gz
/setroubleshoot-3.1.18.tar.gz
/setroubleshoot-3.1.20.tar.gz
/setroubleshoot-3.1.21.tar.gz
/setroubleshoot-3.2.1.tar.gz
/setroubleshoot-3.2.2.tar.gz
/setroubleshoot-3.2.3.tar.gz
/setroubleshoot-3.2.4.tar.gz
/setroubleshoot-3.2.5.tar.gz
/setroubleshoot-3.2.6.tar.gz
/setroubleshoot-3.2.7.tar.gz
/setroubleshoot-3.2.8.tar.gz
/setroubleshoot-3.2.9.tar.gz
/setroubleshoot-3.2.10.tar.gz
/setroubleshoot-3.2.11.tar.gz
/setroubleshoot-3.2.12.tar.gz
/setroubleshoot-3.2.13.tar.gz
/setroubleshoot-3.2.14.tar.gz
/setroubleshoot-3.2.15.tar.gz
/setroubleshoot-3.2.16.tar.gz
/setroubleshoot-3.2.17.tar.gz
/setroubleshoot-3.2.18.tar.gz
/setroubleshoot-3.2.20.tar.gz
/setroubleshoot-3.2.21.tar.gz
/setroubleshoot-3.2.22.tar.gz
/setroubleshoot-3.2.23.tar.gz
/setroubleshoot-3.2.24.tar.gz
/setroubleshoot-3.3.1.tar.gz
/setroubleshoot-3.3.3.tar.gz
/setroubleshoot-3.3.4.tar.gz
/setroubleshoot-3.3.5.tar.gz
/setroubleshoot-3.3.6.tar.gz
/setroubleshoot-3.3.7.tar.gz
/setroubleshoot-3.3.8.tar.gz
/setroubleshoot-3.3.8.1.tar.gz
/setroubleshoot-3.3.9.1.tar.gz
/setroubleshoot-3.3.10.tar.gz
/setroubleshoot-3.3.11.tar.gz
/setroubleshoot-3.3.12.tar.gz
/setroubleshoot-3.3.13.tar.gz
/setroubleshoot-3.3.14.tar.gz
/setroubleshoot-3.3.15.tar.gz
/setroubleshoot-3.3.16.tar.gz
/setroubleshoot-3.3.17.tar.gz
/setroubleshoot-3.3.18.tar.gz
/setroubleshoot-3.3.19.tar.gz
/setroubleshoot-3.3.20.tar.gz
/setroubleshoot-3.3.21.tar.gz
/setroubleshoot-3.3.22.tar.gz
/setroubleshoot-3.3.23.tar.gz
/setroubleshoot-3.3.24.tar.gz
/setroubleshoot-3.3.25.tar.gz
/setroubleshoot-3.3.26.tar.gz
/framework-3.3.27.tar.gz
/setroubleshoot-3.3.28.tar.gz
/setroubleshoot-3.3.29.tar.gz
/setroubleshoot-3.3.30.tar.gz
/setroubleshoot-3.3.31.tar.gz
/setroubleshoot-3.3.32.tar.gz
SOURCES/setroubleshoot-3.3.26.tar.gz

View File

@ -1,71 +0,0 @@
From 2f9e575333af7c7798956f211c29a46a338155e5 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Mon, 24 Jul 2023 17:33:17 +0200
Subject: [PATCH] 'imp' module is deprecated in favor of 'importlib'
Content-type: text/plain
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224393
---
src/setroubleshoot/util.py | 26 ++++++++------------------
1 file changed, 8 insertions(+), 18 deletions(-)
diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
index 0e02f12de682..828a598ef1c2 100755
--- a/src/setroubleshoot/util.py
+++ b/src/setroubleshoot/util.py
@@ -73,6 +73,7 @@ import datetime
from dasbus.connection import SystemMessageBus
import glob
from gi.repository import GObject
+import importlib
import os
import pwd
import re
@@ -771,37 +772,26 @@ def load_plugins(filter_glob=None):
# load the parent (e.g. the package containing the submodules), required for python 2.5 and above
module_name = plugin_base
- plugin_name = '__init__'
if module_name not in sys.modules:
try:
- import imp
- mod_fp, mod_path, mod_description = imp.find_module(plugin_name, [plugin_dir])
- mod = imp.load_module(module_name, mod_fp, mod_path, mod_description)
+ mod_spec = importlib.util.spec_from_file_location(plugin_base, plugin_dir + "/__init__.py")
+ mod = importlib.util.module_from_spec(mod_spec)
+ mod_spec.loader.exec_module(mod)
except Exception as e:
syslog.syslog(syslog.LOG_ERR, "failed to initialize plugins in %s: %s" % (plugin_dir, str(e)))
return []
- if mod_fp:
- mod_fp.close()
-
for plugin_name in plugin_names:
module_name = "%s.%s" % (plugin_base, plugin_name)
- mod = sys.modules.get(module_name)
- if mod is not None:
- log_debug("load_plugins() %s previously imported" % module_name)
- plugins.append(mod.plugin())
- continue
+
try:
- import imp
- mod_fp, mod_path, mod_description = imp.find_module(plugin_name, [plugin_dir])
- mod = imp.load_module(module_name, mod_fp, mod_path, mod_description)
+ mod_spec = importlib.util.spec_from_file_location(module_name, plugin_dir + "/" + plugin_name + ".py")
+ mod = importlib.util.module_from_spec(mod_spec)
+ mod_spec.loader.exec_module(mod)
plugins.append(mod.plugin())
except Exception as e:
syslog.syslog(syslog.LOG_ERR, "failed to load %s plugin: %s" % (plugin_name, str(e)))
- if mod_fp:
- mod_fp.close()
-
plugins.sort(key=cmp_to_key(sort_plugins))
return plugins
--
2.41.0

View File

@ -1,29 +0,0 @@
From 659f10a0ab422251f4d6857fb34ddf1c25b21b37 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Wed, 3 May 2023 09:35:28 +0200
Subject: [PATCH] Always reset pending alarms when alarm(0)
Content-type: text/plain
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2112573
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
src/setroubleshoot/server.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/setroubleshoot/server.py b/src/setroubleshoot/server.py
index fd89a5448912..2b1b0b1c30d0 100755
--- a/src/setroubleshoot/server.py
+++ b/src/setroubleshoot/server.py
@@ -703,7 +703,7 @@ Deletes an alert from the database.
return ""
def alarm(self, timeout=10):
- if self.conn_ctr == 0:
+ if self.conn_ctr == 0 or timeout == 0:
signal.alarm(timeout)
--
2.41.0

View File

@ -1,52 +0,0 @@
From 502d06c8fa86b53198a2f4aeb59efdf1203531d6 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Wed, 3 May 2023 10:17:06 +0200
Subject: [PATCH] gitlab-ci: use apt-get to install python3-dbus package
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-type: text/plain
Fixes:
$ pip3 install dasbus
error: externally-managed-environment
× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.
If you wish to install a non-Debian-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have python3-full installed.
If you wish to install a non-Debian packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.
See /usr/share/doc/python3.11/README.venv for more information.
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
.gitlab-ci.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e82e12f66737..bea5081bb0b9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -30,8 +30,7 @@ build:debian:
- >
apt-get -y install autoconf automake libglib2.0-dev libdbus-glib-1-dev libnotify-dev
libgtk-3-dev gcc python3-selinux python3-gi python3-dbus python3-six python3-sepolicy
- xdg-utils make intltool libaudit-dev libauparse-dev python3-pip
- - pip3 install dasbus
+ xdg-utils make intltool libaudit-dev libauparse-dev python3-pip python3-dasbus
- ./autogen.sh
- make
- make install
--
2.41.0

View File

@ -1,47 +0,0 @@
Setroubleshoot translations currently live in the following locations:
- https://translate.fedoraproject.org/projects/setroubleshoot/
- contains translations for both stable (rhel8) and main (Fedora) branches
- maintains large number of languages (several of which do not actually contain any translated strings)
- updated by community and partially by RH localization effort
- setroubleshoot source repositories
- https://gitlab.com/setroubleshoot
- used for development
- separate repos for plugins and framework
- https://pagure.io/setroubleshoot and https://github.com/fedora-selinux/setroubleshoot
- no longer updated
- plugins and framework in the same repo
How to update source files on weblate:
# install dependencies
$ sudo dnf install automake autoconf inittool gettext glib2-devel dbus-devel libnotify-devel gtk3-devel audit-libs-devel
$ git clone git@gitlab.com:setroubleshoot/framework.git
$ git clone git@gitlab.com:setroubleshoot/plugins.git
$ cd framework
# Update Makefile
$ ./autogen.sh
# generate new potfile
$ cd po
$ make setroubleshoot.pot
# https://translate.fedoraproject.org/projects/setroubleshoot/setroubleshoot/en/
# Files -> Upload translations
# Repeat the process for plugins
# https://translate.fedoraproject.org/projects/setroubleshoot/plugins/en/
# Files -> Upload translations
# or use weblate command line tool:
$ wlc --key <API key> --url https://translate.fedoraproject.org/api/ upload --input framework/po/setroubleshoot.pot setroubleshoot/setroubleshoot/en
$ wlc --key <API key> --url https://translate.fedoraproject.org/api/ upload --input plugins/po/setroubleshoot.pot setroubleshoot/plugins/en/
How to pull new translations from weblate
$ git clone git@gitlab.com:setroubleshoot/framework.git
$ git clone git@gitlab.com:setroubleshoot/plugins.git
# https://translate.fedoraproject.org/projects/setroubleshoot/setroubleshoot
# Files -> Download translation files as ZIP file
# https://translate.fedoraproject.org/projects/setroubleshoot/plugins/
# Files -> Download translation files as ZIP file
$ unzip setroubleshoot-setroubleshoot.zip
$ cp setroubleshoot/setroubleshoot/framework/po/*.po /framework/po
$ unzip setroubleshoot-plugins.zip
$ cp setroubleshoot/plugins/plugins/po/*.po /plugins/po
# wlc doesn't support batch download yet https://github.com/WeblateOrg/wlc/issues/17

View File

@ -0,0 +1,45 @@
From 78840f4e0bd41d3ba1b3c90b909e6c2cf7ef4ea7 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 14 Apr 2021 17:03:39 +0200
Subject: [PATCH] Stop SetroubleshootFixit after 10 seconds of inactivity
---
src/SetroubleshootFixit.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
index 15c6cab..f7cbf95 100644
--- a/framework/src/SetroubleshootFixit.py
+++ b/framework/src/SetroubleshootFixit.py
@@ -7,6 +7,7 @@ from gi.repository import GLib
import slip.dbus.service
from slip.dbus import polkit
import os
+import signal
class RunFix(slip.dbus.service.Object):
@@ -14,12 +15,20 @@ class RunFix(slip.dbus.service.Object):
def __init__(self, *p, **k):
super(RunFix, self).__init__(*p, **k)
+ self.timeout = 10
+ self.alarm(self.timeout)
+
+ def alarm(self, timeout=10):
+ signal.alarm(timeout)
+
@dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
def run_fix(self, local_id, analysis_id):
import subprocess
+ self.alarm(0)
command = ["sealert", "-f", local_id, "-P", analysis_id]
return subprocess.check_output(command, universal_newlines=True)
+ self.alarm(self.timeout)
if __name__ == "__main__":
mainloop = GLib.MainLoop()
--
2.30.2

View File

@ -0,0 +1,103 @@
From e9def2b8b0098842d0223d0951f41e2106821a88 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 14 Apr 2021 17:04:59 +0200
Subject: [PATCH] Do not use Python slip package
It's not maintained anymore and it allows us to drop dependency on
Python slip package
Use DBUS polkit interface instead -
https://www.freedesktop.org/software/polkit/docs/latest/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html
---
src/SetroubleshootFixit.py | 35 +++++++++++++++++++++++++----------
src/setroubleshoot/browser.py | 3 ---
2 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
index f7cbf95..ab0ad2b 100644
--- a/framework/src/SetroubleshootFixit.py
+++ b/framework/src/SetroubleshootFixit.py
@@ -4,13 +4,11 @@ import dbus
import dbus.service
import dbus.mainloop.glib
from gi.repository import GLib
-import slip.dbus.service
-from slip.dbus import polkit
import os
import signal
+import subprocess
-
-class RunFix(slip.dbus.service.Object):
+class RunFix(dbus.service.Object):
default_polkit_auth_required = "org.fedoraproject.setroubleshootfixit.write"
def __init__(self, *p, **k):
@@ -21,14 +19,32 @@ class RunFix(slip.dbus.service.Object):
def alarm(self, timeout=10):
signal.alarm(timeout)
-
- @dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
- def run_fix(self, local_id, analysis_id):
- import subprocess
+ def is_authorized(self, sender):
+ bus = dbus.SystemBus()
+
+ proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
+ authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority')
+ subject = ('system-bus-name', {'name' : sender})
+ action_id = 'org.fedoraproject.setroubleshootfixit.write'
+ details = {}
+ flags = 1 # AllowUserInteraction flag
+ cancellation_id = '' # No cancellation id
+ result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id)
+ return result[0]
+
+ @dbus.service.method("org.fedoraproject.SetroubleshootFixit", sender_keyword="sender", in_signature='ss', out_signature='s')
+ def run_fix(self, local_id, analysis_id, sender):
self.alarm(0)
command = ["sealert", "-f", local_id, "-P", analysis_id]
- return subprocess.check_output(command, universal_newlines=True)
+
+ if self.is_authorized(sender):
+ result = subprocess.check_output(command, universal_newlines=True)
+ else:
+ result = "Authorization failed"
+
self.alarm(self.timeout)
+ return result
+
if __name__ == "__main__":
mainloop = GLib.MainLoop()
@@ -36,5 +52,4 @@ if __name__ == "__main__":
system_bus = dbus.SystemBus()
name = dbus.service.BusName("org.fedoraproject.SetroubleshootFixit", system_bus)
object = RunFix(system_bus, "/org/fedoraproject/SetroubleshootFixit/object")
- slip.dbus.service.set_mainloop(mainloop)
mainloop.run()
diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py
index 2d37bb4..3203f75 100644
--- a/framework/src/setroubleshoot/browser.py
+++ b/framework/src/setroubleshoot/browser.py
@@ -65,8 +65,6 @@ from setroubleshoot.util import *
from setroubleshoot.html_util import html_to_text
import re
import dbus
-import slip.dbus.service
-from slip.dbus import polkit
import report
import report.io
import report.io.GTKIO
@@ -933,7 +931,6 @@ class DBusProxy (object):
self.bus = dbus.SystemBus()
self.dbus_object = self.bus.get_object("org.fedoraproject.SetroubleshootFixit", "/org/fedoraproject/SetroubleshootFixit/object")
- @polkit.enable_proxy
def run_fix(self, local_id, plugin_name):
return self.dbus_object.run_fix(local_id, plugin_name, dbus_interface="org.fedoraproject.SetroubleshootFixit")
--
2.30.2

View File

@ -0,0 +1,82 @@
From f6a21742b2531f5dfd0fa68400848ca4314f972f Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Mon, 6 Dec 2021 12:14:04 +0100
Subject: [PATCH] Fix typos in --help, man pages and developer's guide
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
TODO | 2 +-
doc/sealert.8 | 2 +-
src/config.py.in | 2 +-
src/sealert | 2 +-
src/setroubleshoot/server.py | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/framework/TODO b/framework/TODO
index 6c2f375..25072ea 100644
--- a/framework/TODO
+++ b/framework/TODO
@@ -22,7 +22,7 @@ return plain text (to be used for plaintext email and writing to
stdout).
(John) Add log file scanning support (I'm currently working on this).
-We could use a better parser for AVC's in log file or other "stream",
+We could use a better parser for AVCs in log file or other "stream",
should work by accepting data via a feed() method and invoke a
callback when it finds an AVC returning an AVC class and a range
(start,end) where it was located (question: should the range be line
diff --git a/framework/doc/sealert.8 b/framework/doc/sealert.8
index 89f4dff..d3e81e3 100644
--- a/framework/doc/sealert.8
+++ b/framework/doc/sealert.8
@@ -102,7 +102,7 @@ Start sealert without dbus service as stand alone app
Lookup alert by id, if id is wildcard * then return all alerts
.TP
.B \-a \-\-analyze file
-Scan a log file, analyze its AVC's
+Scan a log file, analyze its AVCs
.TP
.B \-u \-\-user
logon as user
diff --git a/framework/src/config.py.in b/framework/src/config.py.in
index cbb0542..daf9a68 100644
--- a/framework/src/config.py.in
+++ b/framework/src/config.py.in
@@ -184,7 +184,7 @@ the alert's last seen date will be purged first. Zero implies no limit''',
'max_alert_age': {
'value': '',
'description' : '''
-Purge any alerts whose age based on it's last seen date exceeds this threshold.
+Purge any alerts whose age based on its last seen date exceeds this threshold.
Age may be specified as a sequence of integer unit pairs. Units may be one of
year,month,week,day,hour,minute,second and may optionally be plural.
Example: '2 weeks 1 day' sets the threshold at 15 days.
diff --git a/framework/src/sealert b/framework/src/sealert
index bae0c81..2663a21 100755
--- a/framework/src/sealert
+++ b/framework/src/sealert
@@ -598,7 +598,7 @@ if __name__ == '__main__':
parser.add_option("-l", "--lookupid", dest="lookupid", default=False,
help="Lookup alert by id, id may be wildcard * to lookup all alerts")
parser.add_option("-a", "--analyze", dest="analyze", default=False,
- help="Scan a log file, analyze it's AVC's", metavar="FILE")
+ help="Scan a log file, analyze its AVCs", metavar="FILE")
parser.add_option("-u", "--user", dest="user", default=False,
help="logon user name")
parser.add_option("-p", "--password", dest="password", default=False,
diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
index aef0346..771ea15 100755
--- a/framework/src/setroubleshoot/server.py
+++ b/framework/src/setroubleshoot/server.py
@@ -764,7 +764,7 @@ def RunFaultServer(timeout=10):
try:
# FIXME: should this be using our logging objects in log.py?
# currently syslog is only used for putting an alert into
- # the syslog with it's id
+ # the syslog with its id
global pkg_name
syslog.openlog(pkg_name)
--
2.30.2

View File

@ -0,0 +1,174 @@
From e0cf9f2e50e8da856ffd511cbbab7ee36a31bb74 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 10 Dec 2021 15:04:21 +0100
Subject: [PATCH] Revert "Replace pydbus with dasbus"
dasbus is not available in rhel8.
This reverts commit 5290ca0ee06d69102bf2b756e2decc0f8c5b770f.
---
configure.ac | 6 +++---
src/SetroubleshootPrivileged.py | 32 ++++++++++++++------------------
src/seapplet | 21 +++++++++++++--------
src/setroubleshoot/util.py | 9 +++------
4 files changed, 33 insertions(+), 35 deletions(-)
diff --git a/framework/configure.ac b/framework/configure.ac
index d1d0176..e3b7b5a 100644
--- a/framework/configure.ac
+++ b/framework/configure.ac
@@ -65,13 +65,13 @@ else
$python_module_result])
fi
-AC_MSG_CHECKING([for the dasbus python3 module])
-python_module_result=`$PYTHON -c "import dasbus" 2>&1`
+AC_MSG_CHECKING([for the pydbus python3 module])
+python_module_result=`$PYTHON -c "import pydbus" 2>&1`
if test -z "$python_module_result"; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import Python3 module dasbus.
+ AC_MSG_ERROR([cannot import Python3 module pydbus.
Please check your Python3 installation. The error was:
$python_module_result])
fi
diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
index d2a9ea4..899e687 100644
--- a/framework/src/SetroubleshootPrivileged.py
+++ b/framework/src/SetroubleshootPrivileged.py
@@ -19,23 +19,23 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
from gi.repository import GLib
-from dasbus.connection import SystemMessageBus
+from pydbus import SystemBus
import setroubleshoot.util
import signal
loop = GLib.MainLoop()
class Privileged(object):
- __dbus_xml__ = """
- <node>
- <interface name='org.fedoraproject.SetroubleshootPrivileged'>
- <method name='get_rpm_nvr_by_scontext'>
- <arg type='s' name='scontext' direction='in'/>
- <arg type='s' name='rpmnvr' direction='out'/>
- </method>
- <method name='finish'/>
- </interface>
- </node>
+ """
+ <node>
+ <interface name='org.fedoraproject.SetroubleshootPrivileged'>
+ <method name='get_rpm_nvr_by_scontext'>
+ <arg type='s' name='scontext' direction='in'/>
+ <arg type='s' name='rpmnvr' direction='out'/>
+ </method>
+ <method name='finish'/>
+ </interface>
+ </node>
"""
def __init__(self, timeout=10):
@@ -58,10 +58,6 @@ class Privileged(object):
loop.quit()
if __name__ == "__main__":
- bus = SystemMessageBus()
- try:
- bus.publish_object("/org/fedoraproject/SetroubleshootPrivileged", Privileged())
- bus.register_service("org.fedoraproject.SetroubleshootPrivileged")
- loop.run()
- finally:
- bus.disconnect()
+ bus = SystemBus()
+ bus.publish("org.fedoraproject.SetroubleshootPrivileged", Privileged())
+ loop.run()
diff --git a/framework/src/seapplet b/framework/src/seapplet
index b5f65d1..79b5ef2 100644
--- a/framework/src/seapplet
+++ b/framework/src/seapplet
@@ -26,7 +26,7 @@ from gi.repository import Gtk
gi.require_version('Notify', '0.7')
from gi.repository import Notify
-from dasbus.connection import SystemMessageBus
+from pydbus import SystemBus
import selinux
import sys
@@ -52,14 +52,13 @@ class SEApplet(GObject.Object):
def __init__(self):
- bus = SystemMessageBus()
- Setroubleshootd = bus.get_proxy(
- 'org.fedoraproject.Setroubleshootd',
- '/org/fedoraproject/Setroubleshootd'
+ bus = SystemBus()
+ self.bus_signal = bus.subscribe(
+ iface='org.fedoraproject.SetroubleshootdIface',
+ signal='alert',
+ signal_fired=self.send_notification
)
- Setroubleshootd.alert.connect(self.send_notification)
-
super(SEApplet, self).__init__()
Notify.init("seapplet")
# lets initialise with the application name
@@ -81,6 +80,11 @@ class SEApplet(GObject.Object):
except:
pass
+ Setroubleshootd = bus.get(
+ 'org.fedoraproject.Setroubleshootd',
+ '/org/fedoraproject/Setroubleshootd'
+ )
+
(count, red) = Setroubleshootd.check_for_new(last_id)
if count > 0:
@@ -115,7 +119,8 @@ class SEApplet(GObject.Object):
launcher.launch(None, context)
self.status_icon.set_visible(False)
- def send_notification(self, *params):
+ def send_notification(self, sender, dobject, iface, signal, params):
+
status_icon = self.__init_status_icon()
status_icon.set_visible(True)
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
index 02c4f75..657c882 100755
--- a/framework/src/setroubleshoot/util.py
+++ b/framework/src/setroubleshoot/util.py
@@ -69,7 +69,7 @@ __all__ = [
import bz2
import six
import datetime
-from dasbus.connection import SystemMessageBus
+from pydbus import SystemBus
import glob
from gi.repository import GObject
import os
@@ -522,11 +522,8 @@ Finds an SELinux module which defines given SELinux context
"""
if use_dbus:
- bus = SystemMessageBus()
- remote_object = bus.get_proxy(
- "org.fedoraproject.SetroubleshootPrivileged",
- "/org/fedoraproject/SetroubleshootPrivileged"
- )
+ bus = SystemBus()
+ remote_object = bus.get("org.fedoraproject.SetroubleshootPrivileged")
return str(remote_object.get_rpm_nvr_by_scontext(str(scontext)))
else:
context = selinux.context_new(str(scontext))
--
2.30.2

View File

@ -0,0 +1,40 @@
From 73d60acf9d4d7ae740d450f9c9a9566dac1c3111 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 3 Feb 2022 18:14:05 +0100
Subject: [PATCH] Improve after_first email filter behavior
after_first used to send 2 emails before it started to filter. The
problem was in the email users were not saved into database when a new
signature was created.
Also we need to skip email users when we evaluated whether send a
desktop notification or not.
---
src/setroubleshoot/server.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
index 771ea15..10ef215 100755
--- a/framework/src/setroubleshoot/server.py
+++ b/framework/src/setroubleshoot/server.py
@@ -220,6 +220,7 @@ class AlertPluginReportReceiver(PluginReportReceiver):
if len(to_addrs):
from setroubleshoot.email_alert import email_alert
email_alert(siginfo, to_addrs)
+ self.database.mark_modified()
log_debug("sending alert to all clients")
@@ -234,6 +235,9 @@ class AlertPluginReportReceiver(PluginReportReceiver):
systemd.journal.send(siginfo.format_text(), OBJECT_PID=pid, SYSLOG_IDENTIFIER=pkg_name)
for u in siginfo.users:
+ if u.username[0:6] == "email:":
+ # skip email users - they were evaluated before
+ continue
action = siginfo.evaluate_filter_for_user(u.username)
if action == "ignore":
return siginfo
--
2.30.2

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,70 @@
From a2102cb35cd45852fc508b2f62400be098050d7a Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Mon, 4 Jul 2022 16:20:30 +0200
Subject: [PATCH] Decrease setroubleshootd priority and limit RAM utilization
to 1GB
This should help with system responsiveness in case of large amount of
AVCs. The memory limit ensures the process cannot indefinitely hog
memory in case it is running continuously. My testing showed normal
memory consumption not to exceed 350MB, so 1GB should not limit normal
operation.
Note: Limiting memory using systemd service file was chosen to make it easier
for users to adjust the limits.
Related:
https://bugzilla.redhat.com/show_bug.cgi?id=2064727
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
Makefile.am | 3 +++
org.fedoraproject.Setroubleshootd.service | 3 ++-
setroubleshootd.service | 10 ++++++++++
3 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 setroubleshootd.service
diff --git a/framework/Makefile.am b/framework/Makefile.am
index f330b7c..93c6a06 100644
--- a/framework/Makefile.am
+++ b/framework/Makefile.am
@@ -28,6 +28,9 @@ polkit_systemdir = $(datadir)/polkit-1/actions
polkit_system_DATA = \
org.fedoraproject.setroubleshootfixit.policy
+systemd_systemunitdir = $(prefix)/lib/systemd/system/
+systemd_systemunit_DATA = setroubleshootd.service
+
autostartdir = $(sysconfdir)/xdg/autostart
autostart_DATA = sealertauto.desktop
diff --git a/framework/org.fedoraproject.Setroubleshootd.service b/framework/org.fedoraproject.Setroubleshootd.service
index 05c2c39..2c52499 100644
--- a/framework/org.fedoraproject.Setroubleshootd.service
+++ b/framework/org.fedoraproject.Setroubleshootd.service
@@ -1,4 +1,5 @@
[D-BUS Service]
Name=org.fedoraproject.Setroubleshootd
-Exec=/usr/sbin/setroubleshootd -f
+SystemdService=setroubleshootd.service
+Exec=/bin/false
User=setroubleshoot
diff --git a/framework/setroubleshootd.service b/framework/setroubleshootd.service
new file mode 100644
index 0000000..81c75b1
--- /dev/null
+++ b/framework/setroubleshootd.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=SETroubleshoot daemon for processing new SELinux denial logs
+
+[Service]
+Type=dbus
+BusName=org.fedoraproject.Setroubleshootd
+ExecStart=/usr/sbin/setroubleshootd -f
+User=setroubleshoot
+LimitAS=1G
+Nice=5
--
2.35.3

View File

@ -0,0 +1,45 @@
From eed06d0f11867c1019fee4fb1a80be775a60d74e Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Mon, 11 Jul 2022 18:20:47 +0200
Subject: [PATCH] doc: Document performance related changes
- Setroubleshootd is now executed using setroubleshootd.service
- ^^ is limited to 1GB of RAM and has a lower than normal priority
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
doc/setroubleshootd.8 | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/framework/doc/setroubleshootd.8 b/framework/doc/setroubleshootd.8
index bed6713..f1f04d8 100644
--- a/framework/doc/setroubleshootd.8
+++ b/framework/doc/setroubleshootd.8
@@ -23,9 +23,14 @@ components, sealert and setroubleshootd.
setroubleshootd is a system daemon which runs under setroubleshoot user and
listens for audit events emitted from the kernel related to SELinux. When the
setroubleshootd daemon sees an SELinux AVC denial it runs a series of analysis
-plugins which examines the audit data related to the AVC. It records the
+plugins which examine the audit data related to the AVC. It records the
results of the analysis and signals any clients which have attached to the
setroubleshootd daemon that a new alert has been seen.
+.P
+setroubleshootd is not persistent and only runs when there are new AVCs to be
+analyzed. It is executed using setroubleshootd.service, which also limits its
+priority and maximum RAM utilization to 1GB, in order to help with system
+responsiveness in case of large amounts of AVCs.
.SH "OPTIONS"
.TP
@@ -33,7 +38,7 @@ setroubleshootd daemon that a new alert has been seen.
Do not fork the daemon
.TP
.B \-d \-\-debug
-Do not exit after 10 seconds
+Do not exit after 10 seconds of inactivity
.TP
.B \-h \-\-help
Show this message
--
2.35.3

View File

@ -0,0 +1,56 @@
From 2fbc58c26359989894dfb54daaca2ff4b537f4fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 22 Apr 2022 16:27:30 +0200
Subject: [PATCH] setroubleshoot/server: shutdown RunFaultServer nicely
systemd[1]: dbus-:1.2-org.fedoraproject.Setroubleshootd@2.service: Main process exited, code=killed, status=14/ALRM
systemd[1]: dbus-:1.2-org.fedoraproject.Setroubleshootd@2.service: Failed with result 'signal'.
audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:systemd_t:s0 msg='unit=dbus-:1.2-org.fedoraproject.Setroubleshootd@2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
---
src/setroubleshoot/server.py | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
index 10ef215..8f16993 100755
--- a/framework/src/setroubleshoot/server.py
+++ b/framework/src/setroubleshoot/server.py
@@ -733,9 +733,17 @@ def goodbye(database):
audit2why.finish()
+main_loop = GLib.MainLoop()
+
+
+def alarm_handler(signum, frame):
+ log_debug("SIGALRM raised in RunFaultServer")
+ main_loop.quit()
+
+
def RunFaultServer(timeout=10):
signal.alarm(timeout)
- sigalrm_handler = signal.signal(signal.SIGALRM, polling_failed_handler)
+ signal.signal(signal.SIGALRM, polling_failed_handler)
# polling for /sys/fs/selinux/policy file
while True:
try:
@@ -760,7 +768,7 @@ def RunFaultServer(timeout=10):
global host_database, analysis_queue, email_recipients
- signal.signal(signal.SIGALRM, sigalrm_handler)
+ signal.signal(signal.SIGALRM, alarm_handler)
signal.signal(signal.SIGHUP, sighandler)
#interface_registry.dump_interfaces()
@@ -856,7 +864,7 @@ def RunFaultServer(timeout=10):
dbus.glib.init_threads()
setroubleshootd_dbus = SetroubleshootdDBus(analysis_queue, alert_receiver, timeout)
- main_loop = GLib.MainLoop()
+
main_loop.run()
except KeyboardInterrupt as e:
--
2.35.3

View File

@ -0,0 +1,48 @@
From 9e2753d241bf0bccaf0b05984e7562a2ac2a70e6 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Thu, 24 Aug 2023 19:02:24 +0200
Subject: [PATCH] Check that SELinux is enabled before running
Setroubleshootd will fail to run when selinux is disabled. Check that
SELinux is enabled in setroubleshootd service file and in sealert (so
that it does not wait for setroubleshootd to start).
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2178950
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
setroubleshootd.service | 1 +
src/sealert | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/framework/setroubleshootd.service b/framework/setroubleshootd.service
index 81c75b1..7fc2ffb 100644
--- a/framework/setroubleshootd.service
+++ b/framework/setroubleshootd.service
@@ -1,5 +1,6 @@
[Unit]
Description=SETroubleshoot daemon for processing new SELinux denial logs
+ConditionSecurity=selinux
[Service]
Type=dbus
diff --git a/framework/src/sealert b/framework/src/sealert
index 2663a21..5ce6463 100755
--- a/framework/src/sealert
+++ b/framework/src/sealert
@@ -576,6 +576,12 @@ if __name__ == '__main__':
setup_sighandlers()
log_debug("main() args=%s" % sys.argv)
+ # Exit if selinux is disabled - setroubleshootd cannot start
+ if not selinux.is_selinux_enabled():
+ log_debug("SELinux not enabled, sealert will not run on non SELinux systems")
+ print("SELinux not enabled, sealert will not run on non SELinux systems", file=sys.stderr)
+ sys.exit(3)
+
def validate_invocation_style(opt, opts_instance, conflict_opts):
global invocation_style
conflict_opts.remove(opt)
--
2.41.0

View File

@ -0,0 +1 @@
d /run/setroubleshoot 711 setroubleshoot setroubleshoot -

View File

@ -1,33 +1,33 @@
# Disable automatic compilation of Python files in extra directories
%global _python_bytecompile_extra 0
Summary: Helps troubleshoot SELinux problems
Name: setroubleshoot
Version: 3.3.32
Release: 1%{?dist}
License: GPL-2.0-or-later
URL: https://gitlab.com/setroubleshoot/setroubleshoot
Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz
Version: 3.3.26
Release: 6%{?dist}
License: GPLv2+
URL: https://gitlab.com/setroubleshoot/framework
Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
Source1: %{name}.tmpfiles
Source2: %{name}.sysusers
# git format-patch -N 3.3.32
# git format-patch --src-prefix=a/framework/ --dst-prefix=b/framework/ -N setroubleshoot-3.3.26 -- . ':!doc/developers_guide.wiki' ':!test/README.testing' ':!.gitlab-ci.yml'
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
Patch0001: 0001-imp-module-is-deprecated-in-favor-of-importlib.patch
Patch0002: 0002-Always-reset-pending-alarms-when-alarm-0.patch
Patch0003: 0003-gitlab-ci-use-apt-get-to-install-python3-dbus-packag.patch
Patch0001: 0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch
Patch0002: 0002-Do-not-use-Python-slip-package.patch
Patch0003: 0003-Fix-typos-in-help-man-pages-and-developer-s-guide.patch
Patch0004: 0004-Revert-Replace-pydbus-with-dasbus.patch
Patch0005: 0005-Improve-after_first-email-filter-behavior.patch
Patch0006: 0006-Update-translations.patch
Patch0007: 0007-Decrease-setroubleshootd-priority-and-limit-RAM-util.patch
Patch0008: 0008-doc-Document-performance-related-changes.patch
Patch0009: 0009-setroubleshoot-server-shutdown-RunFaultServer-nicely.patch
Patch0010: 0010-Check-that-SELinux-is-enabled-before-running.patch
BuildRequires: gcc
BuildRequires: make
BuildRequires: libcap-ng-devel
BuildRequires: intltool gettext python3 python3-devel python3-setuptools python3-wheel python3-pip
BuildRequires: desktop-file-utils libnotify-devel libselinux-devel polkit-devel
BuildRequires: audit-libs-devel >= 3.0.1
BuildRequires: python3-libselinux python3-dasbus python3-gobject gtk3-devel
# for the _tmpfilesdir macro
BuildRequires: systemd-rpm-macros
BuildRequires: intltool gettext python3 python3-devel
BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel audit-libs-devel libselinux-devel polkit-devel
BuildRequires: python3-libselinux python3-pydbus python3-gobject gtk3-devel
Requires: %{name}-server = %{version}-%{release}
Requires: gtk3, libnotify
Requires: libreport-gtk >= 2.2.1-2, python3-libreport
Requires: python3-gobject, python3-dasbus
Requires: python3-gobject, python3-pydbus
Requires(post): desktop-file-utils
Requires(post): dbus
Requires(postun): desktop-file-utils
@ -43,6 +43,7 @@ Requires: xdg-utils
%global pkgvardatadir %{_localstatedir}/lib/%{name}
%global pkgconfigdir %{_sysconfdir}/%{name}
%global pkgdatabase %{pkgvardatadir}/setroubleshoot_database.xml
%global username setroubleshoot
%description
setroubleshoot GUI. Application that allows you to view setroubleshoot-server
@ -56,8 +57,8 @@ to user preference. The same tools can be run on existing log files.
%{pkgguidir}
%config(noreplace) %{_sysconfdir}/xdg/autostart/*
%{_datadir}/applications/*.desktop
%{_metainfodir}/*.appdata.xml
%{_datadir}/dbus-1/services/org.fedoraproject.sealert.service
%{_datadir}/appdata/*.appdata.xml
%{_datadir}/dbus-1/services/sealert.service
%{_datadir}/icons/hicolor/*/*/*
%dir %attr(0755,root,root) %{pkgpythondir}
%{pkgpythondir}/browser.py
@ -68,15 +69,16 @@ to user preference. The same tools can be run on existing log files.
%prep
%autosetup -p 1
%autosetup -p 2
%build
./autogen.sh
autoreconf -f
%configure PYTHON=%{__python3} --enable-seappletlegacy=no --with-auditpluginsdir=/etc/audit/plugins.d
make
%install
%make_install PREFIX=/usr
make DESTDIR=%{buildroot} PREFIX=/usr install
touch -r src/config.py.in %{buildroot}%{python3_sitelib}/setroubleshoot/config.py
desktop-file-install --vendor="" --dir=%{buildroot}%{_datadir}/applications %{buildroot}/%{_datadir}/applications/%{name}.desktop
mkdir -p %{buildroot}%{pkgvardatadir}
mkdir -p %{buildroot}%{_rundir}/setroubleshoot
@ -84,9 +86,19 @@ touch %{buildroot}%{pkgdatabase}
touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
rm -rf %{buildroot}/usr/share/doc/
# create /run/setroubleshoot on boot
install -p -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
install -p -m644 -D %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/%{name}.conf
install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
# Switch hardcoded python3 shebangs into the %%{__python3} macro
pathfix.py -i "%{__python3} -Es" -p \
%{buildroot}%{_sbindir}/setroubleshootd \
%{buildroot}%{_bindir}/{sealert,seapplet} \
%{buildroot}/usr/share/setroubleshoot/SetroubleshootFixit.py \
%{buildroot}/usr/share/setroubleshoot/SetroubleshootPrivileged.py
rm \
%{buildroot}%{_sbindir}/setroubleshootd~ \
%{buildroot}%{_bindir}/{sealert,seapplet}~ \
%{buildroot}/usr/share/setroubleshoot/SetroubleshootFixit.py~ \
%{buildroot}/usr/share/setroubleshoot/SetroubleshootPrivileged.py~
%find_lang %{name}
@ -94,7 +106,7 @@ install -p -m644 -D %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/%{name}.conf
Summary: SELinux troubleshoot server
Requires: %{name}-plugins >= 3.3.10
Requires: audit >= 3.0.1
Requires: audit >= 3
Requires: audit-libs-python3
Requires: libxml2-python3
Requires: rpm-python3
@ -102,12 +114,14 @@ Requires: libselinux-python3 >= 2.1.5-1
Requires: policycoreutils-python-utils
BuildRequires: intltool gettext python3
BuildRequires: python3-devel
BuildRequires: systemd
Requires: systemd-python3 >= 206-1
Requires: python3-gobject-base >= 3.11
Requires: python3-gobject >= 3.11
Requires: dbus
Requires: python3-dbus python3-dasbus python3-six
Requires: python3-dbus python3-pydbus
Requires: polkit
Requires: initscripts-service
Requires: initscripts
Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
%description server
Provides tools to help diagnose SELinux problems. When AVC messages
@ -116,7 +130,7 @@ about the problem and help track its resolution. Alerts can be configured
to user preference. The same tools can be run on existing log files.
%pre server
%sysusers_create_compat %{SOURCE2}
getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgvardatadir} %{username}
%post server
/sbin/service auditd reload >/dev/null 2>&1 || :
@ -124,14 +138,16 @@ to user preference. The same tools can be run on existing log files.
%postun server
/sbin/service auditd reload >/dev/null 2>&1 || :
%triggerun server -- %{name}-server < 3.2.24-4
chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
%files server -f %{name}.lang
%{_bindir}/sealert
%{_sbindir}/sedispatch
%{_sbindir}/setroubleshootd
%{python3_sitelib}/setroubleshoot*.dist-info
%{python3_sitelib}/setroubleshoot*.egg-info
%dir %attr(0755,root,root) %{pkgconfigdir}
%dir %{pkgpythondir}
%dir %{pkgpythondir}/__pycache__
%dir %attr(0755,root,root) %{pkgpythondir}
%{pkgpythondir}/Plugin.py
%{pkgpythondir}/__init__.py
%{pkgpythondir}/access_control.py
@ -150,6 +166,8 @@ to user preference. The same tools can be run on existing log files.
%{pkgpythondir}/util.py
%{pkgpythondir}/uuid.py
%{pkgpythondir}/xml_serialize.py
%dir %{pkgpythondir}
%dir %{pkgpythondir}/__pycache__
%{pkgpythondir}/__pycache__/Plugin.cpython*
%{pkgpythondir}/__pycache__/__init__.cpython*
%{pkgpythondir}/__pycache__/access_control.cpython*
@ -182,149 +200,80 @@ to user preference. The same tools can be run on existing log files.
%{_mandir}/man8/sedispatch.8.gz
%{_mandir}/man8/setroubleshootd.8.gz
%config /etc/audit/plugins.d/sedispatch.conf
%{_unitdir}/setroubleshootd.service
%{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service
%{_datadir}/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
%{_unitdir}/setroubleshootd.service
%attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
%attr(0644,root,root) %{_sysusersdir}/%{name}.conf
%attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
%doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
%changelog
* Thu Jul 27 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.3.32-1
- Always reset pending alarms when alarm(0) (rhbz#2112573)
- 'imp' module is deprecated in favor of 'importlib' (rhbz#2224393)
- Fix build with pip 23.1.2+
- Remove dbus-glib-devel BR as it's only needed when compiled with seappletlegacy
- Rename session bus name to org.fedoraproject.sealert
- seapplet: wrap SEApplet() to try except
- util.py: Add doctext test for build_module_type_cache()
- Update translations
* Thu Aug 24 2023 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-6
- Fix shebang of SetroubleshootPrivileged.py (#2231023)
- Check that SELinux is enabled before running (#2178950)
* Thu Mar 09 2023 Vit Mojzis <vmojzis@redhat.com> - 3.3.31-2
- Update translations (#2139682)
* Mon Aug 22 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-5
- Shutdown RunFaultServer nicely (#2119001)
* Wed Nov 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.3.31-1
- Add a screen reader label to the icon
- seapplet: avoid ValueError when parsing sealert.conf
* Wed Jul 13 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-4
- Decrease setroubleshootd priority and limit RAM utilization to 1GB (#2064727)
- doc: Document performance related changes
- Decrease setroubleshootd priority and limit RAM utilization to 1GB
- Use setup from setuptools
- Use `pip install` instead of `setup.py install`
* Tue Jun 28 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.30-1
- Miscellaneous python and build system changes
- Fix couple of typos
- Drop Python2 support
- Use inspect.signature() instead of instead.getargspec()
- Update translations
* Fri Feb 25 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-3
- Update translations (#2017299)
* Wed Mar 30 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.29-1
- Introduce email.use_sendmail option
- Update translations
* Fri Feb 11 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-2
- Improve after_first email filter behavior (#2050734)
* Wed Mar 09 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.28-3
- Update translations (#2017386)
* Tue Feb 8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-2
- Use %sysusers_create_compat instead of useradd
- Set right ownership on /var/lib/setroubleshoot
* Tue Feb 8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-1
- Look for modules in /usr/share/selinux/packages
- Always use rpm source package for reporting
- Improve after_first email filter behavior
* Wed Jan 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-2
- Improve DSP module reporting
- Require initscripts-service - /sbin/service
* Thu Jan 13 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-1
- sedispatch: check read_size
- SafeConfigParser is deprecated and will be dropped
- Fix typos in --help, man pages and developer's guide
- Improve Python 3.10 compatibility
https://pagure.io/setroubleshoot/issue/58
- Update translations
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.3.26-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Jul 16 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-4
- Improve sedispatch performance
* Fri Jul 2 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-3
- Fix file mode of email_alert_recipients
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.3.26-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Apr 15 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-1
- Fix plugin exception reporting
- Update translations
- Stop SetroubleshootFixit after 10 seconds of inactivity
* Fri Dec 10 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-1
- Revert "Replace pydbus with dasbus"
- Fix typos in --help, man pages and developer's guide (#2028226)
- Do not use Python slip package
- Stop SetroubleshootFixit after 10 seconds of inactivity
- Fix plugin exception reporting
- export alert dbus signal
- Make sure local_policy_package is not None
- sealert: add "Last Seen" column to alert list
* Wed Mar 10 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.25-1
- Use Python dasbus instead of pydbus
- Optimize get_rpm_nvr_by_type by adding a cache
* Mon Sep 27 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-4
- Update translations (#1962030)
* Tue Feb 02 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-3
- sealert: exit on any connection close (#1875290)
* Wed Jan 13 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-2
- Optimize get_rpm_nvr_by_type by adding a cache (#1794807)
- Stop building seappletlegacy (#1878792)
- Update translations
* Tue Feb 02 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-4
- sealert: exit on any connection close
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.24-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Jan 16 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-2
- framework/util: optimize get_rpm_nvr_by_type by adding a cache
- Stop building seappletlegacy
* Tue Oct 13 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.24-1
* Wed Aug 12 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-1
- Add 'fur' into shipped locales
- Update translations
- Update translations (#1820570)
- Log full reports with correct syslog identifier
- Cancel pending alarm during AVC analyses
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.23-5
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.23-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.3.23-3
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.3.23-2
- Rebuilt for Python 3.9
* Tue Apr 21 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.23-1
- browser: Check return value of Gdk.Screen().get_default()
- Improve and unify error messages
* Mon Apr 27 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.23-1
- browser: Check return value of Gdk.Screen().get_default() (#1574434)
- Improve and unify error messages (#1763982)
- setroubleshoot.util: Catch exceptions from sepolicy import
- Add dpkg support
- Do not refer to hardcoded selinux-policy rpm in signature
- Make date/time format locale specific
- Improve speed of plugin evaluation
* Wed Mar 4 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-6
- Do not try to report a bug on None package (#1809801)
* Fri Feb 28 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-5
- Make date/time format locale specific (#1812674)
- Improve speed of plugin evaluation (#1794807)
- Do not try to report a bug on None package
- sealert: Drop unused import slib.dbus.service
- Drop updater.py - it's not used and doesn't work
- root user doesn't need to use SetroubleshootPrivileged API
* Thu Feb 27 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-4
- sealert to report a bug on a package which owns the related SELinux domain
- Use pydbus, a modern Python dbus API, for SetroubleshootPrivileged
- Report bug on a package which owns the related SELinux domain (#1811644)
https://pagure.io/setroubleshoot/issue/18
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
- Add Local SELinux policy package version to analyses reports
- setroubleshoot.utils.get_rpm_nvr_by_scontext add option to use DBUS method
- Export setroubleshoot.utils.get_rpm_nvr_by_scontext via DBUS
- setroubleshoot.util: get_rpm_nvr_by_type() and get_rpm_nvr_by_scontext()
* Sat Jan 11 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-2
- Log plugin exception traceback when log level is DEBUG
@ -334,33 +283,30 @@ to user preference. The same tools can be run on existing log files.
- sepolicy.info() returns a generator, not a list (#1784564)
* Wed Dec 11 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.21-1
- Use dbus.mainloop.glib.DBusGMainLoop() instead of dbus.glib
- Fix AVC.__typeMatch to handle aliases properly
- Handle sockets with abstract path properly (#1775135)
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 3.3.20-4
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Tue Aug 27 2019 Petr Lautrbach <plautrba@redhat.com> - 3.3.20-3
- Use dbus.mainloop.glib.DBusGMainLoop() instead of dbus.glib
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 3.3.20-2
- Rebuilt for Python 3.8
* Fri Aug 16 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.20-2
- Fix file mode of email_alert_recipients (#1741960)
* Wed Jul 17 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.20-1
- Add man page for seapplet (#1612529)
* Tue May 14 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.19-2
- Update "missing" scripts to automake-1.15
- Add active polling for acquiring policy file
- Fix translation of hex values in AVCs
- Fix translation of hex values in AVCs (#1477236, #1709742)
- require initscripts to ensure that "service" call works properly
- Add man page for seapplet
- setroubleshoot-server: only require gobject-base
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Dec 8 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.19-1
- Require plugins >= 3.3.10
* Thu Nov 29 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-3
* Wed Dec 5 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-4
- Update translations
- Catch exceptions caused by lookup_signature
* Sat Dec 1 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-3.1
- Update scriptlets to reload auditd after install or uninstall
* Thu Sep 20 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-2
@ -371,11 +317,8 @@ to user preference. The same tools can be run on existing log files.
- Move sedispatch.conf to /etc/audit/plugins.d/
- Fix summary and "if" text for AVCs with unknown target path
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.17-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 3.3.17-2
- Rebuilt for Python 3.7
* Tue Jul 03 2018 Tomas Orsava <torsava@redhat.com> - 3.3.17-2
- Switch hardcoded python3 shebangs into the %%{__python3} macro
* Mon Feb 26 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.17-1
- Set auto_save_interval to 5 (#1548913,#1523406,#1539180)
@ -2048,4 +1991,3 @@ it has already been seen
* Fri May 19 2006 John Dennis <jdennis@redhat.com> - 0.1-1
- Initial build.

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

View File

@ -1,6 +0,0 @@
summary: Tier 1 setroubleshoot test plan
discover:
how: fmf
execute:
how: tmt

View File

@ -1,8 +0,0 @@
/var/log/setroubleshoot/*.log {
weekly
rotate 2
missingok
sharedscripts
# postrotate
# endscript
}

View File

@ -1 +0,0 @@
u setroubleshoot - "SELinux troubleshoot server" /var/lib/setroubleshoot

View File

@ -1,2 +0,0 @@
d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
Z /var/lib/setroubleshoot - setroubleshoot setroubleshoot -

View File

@ -1 +0,0 @@
SHA512 (setroubleshoot-3.3.32.tar.gz) = 49199181d56e8e24b80a5931eb2e9484a045740eccbc0b3dae1cecc1041126e5f71e670367bf5ed6baf197181d217b5435f9cb04aae5ad6e6b1298ac143007f4

View File

@ -1,68 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components
# Description: Can sealert identify source RPM of AVC domain type?
# Author: Vit Mojzis <vmojzis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components
export TESTVERSION=1.0
# Policy packages to be used in testing
# The followng export does not work properly in Fedora CI - relying on fallback in runtest.sh
# export TEST_PACKAGES ?= flatpak-selinux tpm2-abrmd-selinux container-selinux usbguard-selinux mysql-selinux
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile avc_flatpak-selinux avc_tpm2-abrmd-selinux avc_container-selinux avc_usbguard-selinux avc_mysql-selinux avc_fapolicyd-selinux
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Vit Mojzis <vmojzis@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test for BZ#1811644 (Let setroubleshoot to report bugs on components)" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: setroubleshoot" >> $(METADATA)
@echo "Requires: setroubleshoot-server flatpak-selinux tpm2-abrmd-selinux container-selinux usbguard-selinux mysql-selinux fapolicyd-selinux" >> $(METADATA)
@echo "Requires: $(TEST_PACKAGES)" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1811644" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7 -RHEL7" >> $(METADATA)
rhts-lint $(METADATA)

View File

@ -1,2 +0,0 @@
type=AVC msg=audit(1575985388.869:225): avc: denied { read } for pid=1365 comm="systemd-user-ru" name="secrets" dev="tmpfs" ino=32249 scontext=system_u:system_r:container_logreader_t:s0 tcontext=system_u:object_r:shadow_t:s0:c446,c857 tclass=dir permissive=0

View File

@ -1,2 +0,0 @@
type=AVC msg=audit(1596470053.831:306): avc: denied { unlink } for pid=6304 comm="fapolicyd" name="fapolicyd.pid" dev="tmpfs" ino=37446 scontext=system_u:system_r:fapolicyd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

View File

@ -1,2 +0,0 @@
type=AVC msg=audit(1575985388.869:225): avc: denied { connect } for pid=1365 comm="systemd-user-ru" name="secrets" dev="tmpfs" ino=32249 scontext=system_u:system_r:flatpak_helper_t:s0 tcontext=system_u:object_r:shadow_t:s0:c446,c857 tclass=socket permissive=0

View File

@ -1,2 +0,0 @@
type=AVC msg=audit(1582621541.469:6896): avc: denied { write } for pid=1627505 comm="python3" name="plautrba" dev="dm-4" ino=19529729 scontext=system_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=1

View File

@ -1,2 +0,0 @@
type=AVC msg=audit(1575985388.869:225): avc: denied { connect } for pid=1365 comm="systemd-user-ru" name="secrets" dev="tmpfs" ino=32249 scontext=system_u:system_r:tabrmd_t:s0 tcontext=system_u:object_r:shadow_t:s0:c446,c857 tclass=socket permissive=0

View File

@ -1,2 +0,0 @@
type=AVC msg=audit(1582801464.5:491): avc: denied { map } for pid=5100 comm="bash" path="/usr/bin/bash" dev="vda1" ino=1707663 scontext=system_u:system_r:usbguard_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1

View File

@ -1,19 +0,0 @@
summary: Test for BZ#1811644 (Let setroubleshoot to report bugs on components)
contact: Vit Mojzis <vmojzis@redhat.com>
component:
- setroubleshoot
test: ./runtest.sh
framework: beakerlib
recommend:
- setroubleshoot-server
- flatpak-selinux
- tpm2-abrmd-selinux
- container-selinux
- usbguard-selinux
- mysql-selinux
- fapolicyd-selinux
duration: 5m
link:
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1811644
extra-summary: /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components
extra-task: /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components

View File

@ -1,78 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components
# Description: Can sealert identify source RPM of AVC domain type?
# Author: Vit Mojzis <vmojzis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setroubleshoot"
if [ -z "${TEST_PACKAGES+set}" ];
then PACKAGES=(flatpak-selinux tpm2-abrmd-selinux container-selinux usbguard-selinux mysql-selinux fapolicyd-selinux)
else PACKAGES=(${TEST_PACKAGES[@]})
fi
#corresponding module names
#MODULES=(flatpak tabrmd container usbguard mysql)
# <rpm package> - <selinux module> - <domain type>
# flatpak-selinux - flatpak - flatpak_helper_t
# tpm2-abrmd-selinux - tabrmd - tabrmd_t
# container-selinux - container - docker_t
# usbguard-selinux - usbguard - usbguard_t -- fedora only
# mysql-selinux - mysql - mysql_t -- fedora only
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
OUTPUT_FILE=`mktemp`
# Package installation is handled by Makefile for now
# install availlable policy packages
# for RPM in ${PACKAGES[@]};
# do
# sudo dnf install -y ${RPM} || continue
# done
rlPhaseEnd
rlPhaseStartTest
for RPM in ${PACKAGES[@]};
do
# run only for policies that are installed
rpm -q ${RPM} >& /dev/null
if [ $? -ne 0 ]; then echo "${RPM} not installed! Skipping."; continue; fi
rlRun "sealert -a ./avc_${RPM} 2>&1 | tee ${OUTPUT_FILE} | grep \"Local Policy RPM\""
if [ $? -ne 0 ]; then cat ${OUTPUT_FILE}; fi
# test if correct rpm was identified
rlRun "grep -i \"Local Policy RPM\" ${OUTPUT_FILE} | grep \"$RPM\S*$\" -o"
done
rlPhaseEnd
rlPhaseStartCleanup
rm -f ${OUTPUT_FILE}
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

View File

@ -1,657 +0,0 @@
type=USER_END msg=audit(1574410625.429:1286): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410625.430:1287): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410625.686:1288): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410625.687:1289): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410625.688:1290): pid=10314 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10314 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410625.688:1291): pid=10314 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10314 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410625.688:1292): pid=10314 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10314 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410625.689:1293): pid=10314 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_END msg=audit(1574410626.111:1294): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410626.112:1295): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410626.349:1296): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410626.351:1297): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410626.352:1298): pid=10327 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410626.352:1299): pid=10327 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410626.352:1300): pid=10327 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410626.353:1301): pid=10327 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_END msg=audit(1574410626.763:1302): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410626.764:1303): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410627.020:1304): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410627.021:1305): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410627.023:1306): pid=10334 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10334 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410627.023:1307): pid=10334 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10334 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410627.023:1308): pid=10334 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10334 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410627.024:1309): pid=10334 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=FS_RELABEL msg=audit(1574410638.448:1310): pid=10341 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=mass relabel exe="/usr/sbin/setfiles" hostname=? addr=? terminal=? res=success'
type=USER_END msg=audit(1574410638.793:1311): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410638.794:1312): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410639.119:1313): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410639.120:1314): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410639.121:1315): pid=10343 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10343 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410639.121:1316): pid=10343 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10343 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410639.121:1317): pid=10343 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10343 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410639.123:1318): pid=10343 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_END msg=audit(1574410639.854:1319): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410639.855:1320): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410640.278:1321): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410640.279:1322): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410640.280:1323): pid=10350 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10350 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410640.280:1324): pid=10350 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10350 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410640.280:1325): pid=10350 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10350 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410640.281:1326): pid=10350 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_END msg=audit(1574410640.699:1327): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410640.700:1328): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410640.964:1329): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410640.965:1330): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410640.967:1331): pid=10357 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10357 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410640.967:1332): pid=10357 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10357 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410640.967:1333): pid=10357 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10357 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410640.968:1334): pid=10357 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_END msg=audit(1574410641.402:1335): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410641.403:1336): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410641.668:1337): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410641.670:1338): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410641.671:1339): pid=10364 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10364 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410641.671:1340): pid=10364 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10364 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410641.671:1341): pid=10364 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10364 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410641.672:1342): pid=10364 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_END msg=audit(1574410642.088:1343): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410642.089:1344): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410642.378:1345): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410642.379:1346): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410642.380:1347): pid=10371 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10371 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410642.380:1348): pid=10371 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10371 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410642.380:1349): pid=10371 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10371 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410642.381:1350): pid=10371 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_END msg=audit(1574410642.798:1351): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410642.799:1352): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574410643.576:1353): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_START msg=audit(1574410643.577:1354): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574410643.578:1355): pid=10378 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=10378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410643.578:1356): pid=10378 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=10378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410643.578:1357): pid=10378 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=10378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574410643.580:1358): pid=10378 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=SERVICE_START msg=audit(1574410644.001:1359): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-shutdownd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_END msg=audit(1574410644.178:1360): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574410644.178:1361): pid=8559 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-204-48.brq.redhat.com addr=10.40.204.48 terminal=ssh res=success'
type=SERVICE_START msg=audit(1574410704.009:1362): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.009:1363): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410704.044:1364): pid=796 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=796 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410704.044:1365): pid=796 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=796 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574410704.044:1366): pid=796 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=796 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.081:1367): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.081:1368): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.082:1369): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.082:1370): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.083:1371): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.083:1372): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.085:1373): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.085:1374): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.088:1375): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.088:1376): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.089:1377): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.089:1378): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.090:1379): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.090:1380): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.097:1381): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhsmcertd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.097:1382): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhsmcertd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.110:1383): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.110:1384): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.116:1385): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.116:1386): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.128:1387): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.128:1388): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.187:1389): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-poweroff comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.213:1390): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.213:1391): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.356:1392): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhnsd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.356:1393): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhnsd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.360:1394): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tuned comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.360:1395): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tuned comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.702:1396): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.702:1397): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.703:1398): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.703:1399): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.714:1400): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.714:1401): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.718:1402): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.719:1403): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.724:1404): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-domainname comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.724:1405): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-domainname comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.725:1406): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=selinux-policy-migrate-local-changes@targeted comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.725:1407): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=selinux-policy-migrate-local-changes@targeted comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.726:1408): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.726:1409): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.727:1410): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.727:1411): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.727:1412): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.727:1413): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.729:1414): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.729:1415): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.732:1416): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.732:1417): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SYSTEM_SHUTDOWN msg=audit(1574410704.735:1418): pid=10553 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.739:1419): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.739:1420): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574410704.740:1421): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574410704.740:1422): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=DAEMON_END msg=audit(1574410704.743:1004): op=terminate auid=0 pid=1 subj=system_u:system_r:init_t:s0 res=success
type=DAEMON_START msg=audit(1574672213.672:5618): op=start ver=2.8.5 format=raw kernel=3.10.0-1111.el7.x86_64 auid=4294967295 pid=440 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=success
type=CONFIG_CHANGE msg=audit(1574672213.892:5): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1
type=CONFIG_CHANGE msg=audit(1574672213.892:6): audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1
type=SERVICE_START msg=audit(1574672213.898:7): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SYSTEM_BOOT msg=audit(1574672213.918:8): pid=503 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672213.923:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672213.943:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672214.034:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672214.045:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672214.072:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574672214.076:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672214.089:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672214.102:16): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672214.162:17): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672214.195:18): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672214.206:19): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672215.255:20): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672215.327:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672215.436:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672215.465:23): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672215.742:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672216.407:25): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672216.448:26): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhsmcertd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672216.471:27): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=restraintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672217.742:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tuned comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672217.985:29): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.213:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.263:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.274:32): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.355:33): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574672218.355:34): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.368:35): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574672218.368:36): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.369:37): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574672218.369:38): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.370:39): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574672218.370:40): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.372:41): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.373:42): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.412:43): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.445:44): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.654:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhnsd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SYSTEM_RUNLEVEL msg=audit(1574672218.706:46): pid=1158 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672218.709:47): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574672218.709:48): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672219.065:49): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672219.376:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672219.496:51): pid=1310 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=1310 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672219.496:52): pid=1310 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=1310 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672219.496:53): pid=1310 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=1310 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672219.603:54): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=1310 suid=74 rport=57270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672219.603:55): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=1310 suid=74 rport=57270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=USER_AUTH msg=audit(1574672220.227:56): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=57270 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=USER_AUTH msg=audit(1574672220.227:57): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=SHA256:f6:3d:5b:97:0b:77:c1:ca:d1:88:66:19:43:b6:46:bb:d6:b1:9b:77:03:92:51:fa:ff:3e:1c:f8:47:bc:0b:31 rport=57270 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=USER_ACCT msg=audit(1574672220.242:58): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672220.246:59): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1310 suid=74 rport=57270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=USER_AUTH msg=audit(1574672220.248:60): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=success'
type=CRED_ACQ msg=audit(1574672220.252:61): pid=1305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=LOGIN msg=audit(1574672220.253:62): pid=1305 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=1 res=1
type=USER_ROLE_CHANGE msg=audit(1574672220.426:63): pid=1305 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672220.470:64): pid=1305 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574672220.739:65): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672220.741:66): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672220.743:67): pid=1895 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=1895 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672220.744:68): pid=1895 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=1895 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672220.744:69): pid=1895 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=1895 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574672220.746:70): pid=1895 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672220.910:71): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRED_DISP msg=audit(1574672220.911:72): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672220.913:73): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574672220.915:74): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672220.915:75): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=1305 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672220.915:76): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=1305 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672220.915:77): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=1305 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672220.915:78): pid=1305 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1305 suid=0 rport=57270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.181:79): pid=2142 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2142 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.181:80): pid=2142 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2142 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.181:81): pid=2142 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2142 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672221.282:82): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=2142 suid=74 rport=57302 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672221.282:83): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=2142 suid=74 rport=57302 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.557:84): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2142 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.557:85): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2142 suid=74 rport=57302 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.560:86): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2097 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.560:87): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2097 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.560:88): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2097 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=USER_LOGIN msg=audit(1574672221.560:89): pid=2097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1574672221.579:90): pid=2156 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2156 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.579:91): pid=2156 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2156 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.579:92): pid=2156 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2156 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672221.675:93): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=2156 suid=74 rport=57300 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672221.675:94): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=2156 suid=74 rport=57300 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.943:95): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2156 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.943:96): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2156 suid=74 rport=57300 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.944:97): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2098 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.944:98): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2098 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.944:99): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2098 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=USER_LOGIN msg=audit(1574672221.945:100): pid=2098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1574672221.960:101): pid=2165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2165 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.960:102): pid=2165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2165 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672221.960:103): pid=2165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2165 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672222.056:104): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=2165 suid=74 rport=57304 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672222.056:105): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=2165 suid=74 rport=57304 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672222.337:106): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2165 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672222.337:107): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2165 suid=74 rport=57304 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672222.339:108): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2099 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672222.339:109): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2099 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672222.339:110): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2099 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=USER_LOGIN msg=audit(1574672222.339:111): pid=2099 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1574672222.480:112): pid=2266 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2266 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672222.480:113): pid=2266 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2266 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672222.480:114): pid=2266 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2266 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672222.594:115): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=2266 suid=74 rport=57312 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574672222.594:116): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=2266 suid=74 rport=57312 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=USER_AUTH msg=audit(1574672223.224:117): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=57312 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=USER_AUTH msg=audit(1574672223.224:118): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=SHA256:f6:3d:5b:97:0b:77:c1:ca:d1:88:66:19:43:b6:46:bb:d6:b1:9b:77:03:92:51:fa:ff:3e:1c:f8:47:bc:0b:31 rport=57312 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=USER_ACCT msg=audit(1574672223.234:119): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672223.235:120): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2266 suid=74 rport=57312 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=USER_AUTH msg=audit(1574672223.237:121): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=ssh res=success'
type=CRED_ACQ msg=audit(1574672223.240:122): pid=2262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=LOGIN msg=audit(1574672223.240:123): pid=2262 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=2 res=1
type=USER_ROLE_CHANGE msg=audit(1574672223.405:124): pid=2262 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672223.453:125): pid=2262 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574672223.683:126): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672223.685:127): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672223.704:128): pid=2558 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2558 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672223.704:129): pid=2558 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2558 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672223.704:130): pid=2558 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2558 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574672223.711:131): pid=2558 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672223.892:132): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574672223.893:133): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574672224.017:134): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672224.018:135): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672224.023:136): pid=2586 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2586 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672224.023:137): pid=2586 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2586 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672224.023:138): pid=2586 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2586 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574672224.024:139): pid=2586 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672224.589:140): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574672224.589:141): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574672224.713:142): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672224.714:143): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672224.715:144): pid=2785 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2785 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672224.715:145): pid=2785 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2785 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672224.715:146): pid=2785 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2785 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574672224.721:147): pid=2785 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672224.881:148): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574672224.882:149): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574672225.004:150): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672225.006:151): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.013:152): pid=2897 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2897 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.013:153): pid=2897 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2897 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.013:154): pid=2897 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2897 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574672225.015:155): pid=2897 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672225.346:156): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574672225.347:157): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574672225.473:158): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672225.475:159): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.479:160): pid=3006 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=3006 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.479:161): pid=3006 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=3006 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.479:162): pid=3006 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=3006 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574672225.480:163): pid=3006 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672225.628:164): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574672225.629:165): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574672225.755:166): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_START msg=audit(1574672225.756:167): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.768:168): pid=3070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=3070 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.768:169): pid=3070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=3070 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672225.768:170): pid=3070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=3070 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574672225.770:171): pid=3070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672226.329:172): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574672226.331:173): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=USER_END msg=audit(1574672226.353:174): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRED_DISP msg=audit(1574672226.357:175): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=liver3.lab.eng.brq.redhat.com addr=2620:52:0:2580:1602:ecff:fe3f:e710 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574672226.357:176): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2262 suid=0 rport=57312 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.37.128.108 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672226.357:177): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=2262 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672226.357:178): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=2262 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574672226.357:179): pid=2262 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=2262 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574672236.042:180): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574672240.878:181): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574672255.229:182): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_ACCT msg=audit(1574672462.013:183): pid=8783 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_ACQ msg=audit(1574672462.013:184): pid=8783 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1574672462.014:185): pid=8783 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=3 res=1
type=USER_START msg=audit(1574672462.041:186): pid=8783 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_REFR msg=audit(1574672462.042:187): pid=8783 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1574672462.080:188): pid=8783 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1574672462.082:189): pid=8783 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=SERVICE_START msg=audit(1574673147.110:190): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1574673147.110:191): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.305:192): pid=21112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21112 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.305:193): pid=21112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21112 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.305:194): pid=21112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21112 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574674924.416:195): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=21112 suid=74 rport=43828 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574674924.417:196): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=21112 suid=74 rport=43828 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.931:197): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21112 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.931:198): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21112 suid=74 rport=43828 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.934:199): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21111 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.935:200): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21111 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.935:201): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21111 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=USER_LOGIN msg=audit(1574674924.935:202): pid=21111 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1574674924.941:203): pid=21113 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21113 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.941:204): pid=21113 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21113 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674924.941:205): pid=21113 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21113 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574674925.044:206): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=21113 suid=74 rport=43832 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574674925.044:207): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=21113 suid=74 rport=43832 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.452:208): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21113 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.452:209): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21113 suid=74 rport=43832 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.453:210): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21110 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.453:211): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21110 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.453:212): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21110 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=USER_LOGIN msg=audit(1574674925.454:213): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1574674925.456:214): pid=21114 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21114 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.456:215): pid=21114 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21114 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.456:216): pid=21114 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21114 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574674925.660:217): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=21114 suid=74 rport=43830 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574674925.660:218): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=21114 suid=74 rport=43830 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.987:219): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21114 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.987:220): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21114 suid=74 rport=43830 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.988:221): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21109 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.988:222): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21109 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674925.988:223): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21109 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=USER_LOGIN msg=audit(1574674925.988:224): pid=21109 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1574674926.175:225): pid=21116 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21116 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674926.175:226): pid=21116 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21116 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674926.175:227): pid=21116 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21116 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574674926.291:228): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21116 suid=74 rport=43838 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574674926.291:229): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21116 suid=74 rport=43838 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574674926.933:230): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=43838 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574674926.933:231): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=SHA256:f6:3d:5b:97:0b:77:c1:ca:d1:88:66:19:43:b6:46:bb:d6:b1:9b:77:03:92:51:fa:ff:3e:1c:f8:47:bc:0b:31 rport=43838 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_ACCT msg=audit(1574674926.940:232): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674926.941:233): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21116 suid=74 rport=43838 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574674926.942:234): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success'
type=CRED_ACQ msg=audit(1574674926.943:235): pid=21115 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=LOGIN msg=audit(1574674926.943:236): pid=21115 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=4 res=1
type=USER_ROLE_CHANGE msg=audit(1574674927.057:237): pid=21115 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674927.082:238): pid=21115 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674927.439:239): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674927.440:240): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674927.443:241): pid=21118 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21118 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674927.443:242): pid=21118 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21118 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674927.443:243): pid=21118 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21118 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674927.445:244): pid=21118 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674927.645:245): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674927.646:246): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674927.775:247): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674927.776:248): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674927.777:249): pid=21123 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21123 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674927.777:250): pid=21123 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21123 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674927.777:251): pid=21123 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21123 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674927.778:252): pid=21123 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674928.585:253): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674928.586:254): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674928.794:255): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674928.795:256): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674928.796:257): pid=21129 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21129 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674928.796:258): pid=21129 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21129 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674928.796:259): pid=21129 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21129 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674928.797:260): pid=21129 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674928.920:261): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674928.921:262): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674929.108:263): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674929.109:264): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.110:265): pid=21134 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21134 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.110:266): pid=21134 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21134 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.110:267): pid=21134 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21134 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674929.111:268): pid=21134 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=SERVICE_START msg=audit(1574674929.221:269): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_END msg=audit(1574674929.343:270): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674929.344:271): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674929.463:272): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674929.464:273): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.465:274): pid=21144 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.465:275): pid=21144 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.465:276): pid=21144 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674929.467:277): pid=21144 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674929.590:278): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674929.591:279): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674929.711:280): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674929.712:281): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.713:282): pid=21149 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21149 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.713:283): pid=21149 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21149 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674929.713:284): pid=21149 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21149 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674929.714:285): pid=21149 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674932.341:286): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674932.342:287): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674932.471:288): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674932.472:289): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674932.473:290): pid=21192 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21192 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674932.473:291): pid=21192 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21192 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674932.473:292): pid=21192 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21192 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674932.474:293): pid=21192 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674932.659:294): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674932.660:295): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674932.867:296): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674932.868:297): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674932.869:298): pid=21197 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21197 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674932.869:299): pid=21197 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21197 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674932.869:300): pid=21197 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21197 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674932.870:301): pid=21197 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674933.076:302): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674933.077:303): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674933.285:304): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674933.286:305): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674933.287:306): pid=21206 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21206 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674933.287:307): pid=21206 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21206 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674933.287:308): pid=21206 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21206 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674933.288:309): pid=21206 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674933.494:310): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674933.495:311): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574674933.703:312): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674933.704:313): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674933.705:314): pid=21211 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21211 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674933.705:315): pid=21211 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21211 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674933.705:316): pid=21211 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21211 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674933.707:317): pid=21211 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674933.912:318): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674933.913:319): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=SERVICE_STOP msg=audit(1574674959.253:320): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_LOGIN msg=audit(1574674986.024:321): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574674986.025:322): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674986.026:323): pid=21220 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21220 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674986.026:324): pid=21220 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21220 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574674986.026:325): pid=21220 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21220 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574674986.028:326): pid=21220 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574674986.165:327): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574674986.166:328): pid=21115 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574674986.328:329): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21225 suid=0 exe="/usr/sbin/sshd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=CRYPTO_KEY_USER msg=audit(1574674986.328:330): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21225 suid=0 exe="/usr/sbin/sshd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=CRYPTO_KEY_USER msg=audit(1574674986.328:331): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21225 suid=0 exe="/usr/sbin/sshd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=USER_LOGIN msg=audit(1574674986.330:332): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/0 res=success'
type=USER_START msg=audit(1574674986.330:333): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/0 res=success'
type=CRED_REFR msg=audit(1574674986.331:334): pid=21225 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=SOFTWARE_UPDATE msg=audit(1574675011.281:335): pid=21251 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="libconfig-1.4.9-5.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=SOFTWARE_UPDATE msg=audit(1574675012.831:336): pid=21251 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="lldpad-1.0.1-5.git036e314.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=SOFTWARE_UPDATE msg=audit(1574675030.837:337): pid=21304 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="systemd-python-219-73.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=SOFTWARE_UPDATE msg=audit(1574675031.450:338): pid=21304 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="setroubleshoot-plugins-3.0.67-4.el7.noarch" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=ADD_GROUP msg=audit(1574675031.488:339): pid=21321 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=994 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'
type=GRP_MGMT msg=audit(1574675031.498:340): pid=21321 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=994 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'
type=ADD_USER msg=audit(1574675031.528:341): pid=21326 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user id=997 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'
type=USER_MGMT msg=audit(1574675031.554:342): pid=21331 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=pam_tally2 reset=0 id=997 exe="/usr/sbin/pam_tally2" hostname=? addr=? terminal=? res=success'
type=DAEMON_CONFIG msg=audit(1574675032.060:1548) op=reconfigure state=changed auid=0 pid=21340 subj=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 res=success
type=SOFTWARE_UPDATE msg=audit(1574675032.075:343): pid=21304 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="setroubleshoot-server-3.2.30-8.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=ADD_GROUP msg=audit(1574675044.229:344): pid=21352 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-group acct="sysadm-user" exe="/usr/sbin/useradd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=ADD_USER msg=audit(1574675044.235:345): pid=21352 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-user id=1000 exe="/usr/sbin/useradd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=USER_MGMT msg=audit(1574675044.278:346): pid=21357 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=pam_tally2 reset=0 id=1000 exe="/usr/sbin/pam_tally2" hostname=? addr=? terminal=/dev/pts/0 res=success'
type=ROLE_ASSIGN msg=audit(1574675045.373:347): pid=21352 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login-sename,role,range acct="sysadm-user" old-seuser=? old-role=? old-range=? new-seuser=sysadm_u new-role=sysadm_r new-range=s0-s0:c0.c1023 exe="/usr/sbin/useradd" hostname=? addr=? terminal=pts/0 res=success'
type=USER_AVC msg=audit(1574675047.413:348): pid=510 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=2) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=MAC_POLICY_LOAD msg=audit(1574675045.619:349): policy loaded auid=0 ses=4
type=SYSCALL msg=audit(1574675045.619:349): arch=c000003e syscall=1 success=yes exit=3882864 a0=4 a1=7f7518eaf000 a2=3b3f70 a3=7ffe563fd8e0 items=0 ppid=21352 pid=21361 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1574675045.619:349): proctitle="/sbin/load_policy"
type=USER_MGMT msg=audit(1574675047.475:350): pid=21352 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=USER_CHAUTHTOK msg=audit(1574675063.946:351): pid=21362 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=PAM:chauthtok grantors=pam_pwquality,pam_unix acct="sysadm-user" exe="/usr/bin/passwd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=CRYPTO_KEY_USER msg=audit(1574675095.611:352): pid=21370 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21370 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675095.611:353): pid=21370 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21370 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675095.611:354): pid=21370 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21370 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574675095.732:355): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21370 suid=74 rport=43938 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574675095.732:356): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21370 suid=74 rport=43938 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574675096.637:357): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1574675100.275:358): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_ACCT msg=audit(1574675100.279:359): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.285:360): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21370 suid=74 rport=43938 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574675100.287:361): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success'
type=CRED_ACQ msg=audit(1574675100.288:362): pid=21369 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=LOGIN msg=audit(1574675100.288:363): pid=21369 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=5 res=1
type=USER_START msg=audit(1574675100.350:364): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=? acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1574675100.352:365): pid=21373 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21373 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.352:366): pid=21373 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21373 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.352:367): pid=21373 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21373 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_ACQ msg=audit(1574675100.354:368): pid=21373 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574675100.700:369): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success'
type=USER_START msg=audit(1574675100.701:370): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.705:371): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21374 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=USER_END msg=audit(1574675100.705:372): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=USER_LOGOUT msg=audit(1574675100.705:373): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.931:374): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21373 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.931:375): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21373 suid=1000 rport=43938 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRED_DISP msg=audit(1574675100.933:376): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.933:377): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21369 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.933:378): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21369 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675100.933:379): pid=21369 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21369 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=MAC_CONFIG_CHANGE msg=audit(1574675113.286:380): bool=ssh_sysadm_login val=1 old_val=0 auid=0 ses=4
type=SYSCALL msg=audit(1574675113.286:380): arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=7ffd8dfb32e0 a2=2 a3=7ffd8dfb26e0 items=0 ppid=21236 pid=21376 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm="setsebool" exe="/usr/sbin/setsebool" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1574675113.286:380): proctitle=7365747365626F6F6C007373685F73797361646D5F6C6F67696E006F6E
type=USER_AVC msg=audit(1574675113.294:381): pid=510 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=3) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=CRYPTO_KEY_USER msg=audit(1574675115.046:382): pid=21378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675115.046:383): pid=21378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675115.046:384): pid=21378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21378 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574675115.255:385): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21378 suid=74 rport=43948 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574675115.256:386): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21378 suid=74 rport=43948 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574675116.381:387): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1574675119.281:388): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_ACCT msg=audit(1574675119.285:389): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574675119.289:390): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21378 suid=74 rport=43948 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574675119.291:391): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success'
type=CRED_ACQ msg=audit(1574675119.292:392): pid=21377 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=LOGIN msg=audit(1574675119.292:393): pid=21377 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=6 res=1
type=USER_ROLE_CHANGE msg=audit(1574675119.318:394): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 selected-context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574675119.348:395): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574675119.349:396): pid=21381 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21381 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675119.349:397): pid=21381 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21381 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675119.350:398): pid=21381 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21381 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_ACQ msg=audit(1574675119.351:399): pid=21381 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574675119.842:400): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success'
type=USER_START msg=audit(1574675119.843:401): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success'
type=CRYPTO_KEY_USER msg=audit(1574675119.856:402): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21382 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1574675129.532:403): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lldpad comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1574675142.213:404): avc: denied { sendto } for pid=21445 comm="lldptool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0
type=SYSCALL msg=audit(1574675142.213:404): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=556166aa2082 a2=14 a3=f items=0 ppid=21382 pid=21445 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=6 comm="lldptool" exe="/usr/sbin/lldptool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1574675142.213:404): proctitle=6C6C6470746F6F6C002D2D68656C70
type=AVC msg=audit(1574675155.993:405): avc: denied { sendto } for pid=21453 comm="vdptool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0
type=SYSCALL msg=audit(1574675155.993:405): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=55ed05d7f082 a2=14 a3=f items=0 ppid=21382 pid=21453 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=6 comm="vdptool" exe="/usr/sbin/vdptool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1574675155.993:405): proctitle="vdptool"
type=AVC msg=audit(1574675156.994:406): avc: denied { sendto } for pid=21453 comm="vdptool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0
type=SYSCALL msg=audit(1574675156.994:406): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=55ed05d7f082 a2=14 a3=f items=0 ppid=21382 pid=21453 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=6 comm="vdptool" exe="/usr/sbin/vdptool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1574675156.994:406): proctitle="vdptool"
type=USER_END msg=audit(1574675346.431:407): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=USER_LOGOUT msg=audit(1574675346.431:408): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=CRYPTO_KEY_USER msg=audit(1574675346.577:409): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21381 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675346.578:410): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21381 suid=1000 rport=43948 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_END msg=audit(1574675346.588:411): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRED_DISP msg=audit(1574675346.589:412): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574675346.590:413): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21377 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675346.590:414): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21377 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574675346.590:415): pid=21377 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21377 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676014.438:416): pid=21483 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21483 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676014.438:417): pid=21483 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21483 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676014.438:418): pid=21483 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21483 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574676014.561:419): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21483 suid=74 rport=44920 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574676014.561:420): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21483 suid=74 rport=44920 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574676015.558:421): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=USER_ACCT msg=audit(1574676061.116:422): pid=21485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_ACQ msg=audit(1574676061.116:423): pid=21485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1574676061.117:424): pid=21485 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=7 res=1
type=USER_START msg=audit(1574676061.134:425): pid=21485 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_REFR msg=audit(1574676061.134:426): pid=21485 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1574676061.155:427): pid=21485 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1574676061.156:428): pid=21485 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_AUTH msg=audit(1574676091.306:429): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1574676093.653:430): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1574676097.622:431): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1574676099.791:432): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=USER_CHAUTHTOK msg=audit(1574676108.719:433): pid=21500 uid=0 auid=0 ses=4 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=PAM:chauthtok grantors=pam_pwquality,pam_unix acct="root" exe="/usr/bin/passwd" hostname=ci-vm-10-0-137-208.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/0 res=success'
type=USER_AUTH msg=audit(1574676112.952:434): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_ACCT msg=audit(1574676112.957:435): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574676112.959:436): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21483 suid=74 rport=44920 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574676112.961:437): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success'
type=CRED_ACQ msg=audit(1574676112.962:438): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=LOGIN msg=audit(1574676112.962:439): pid=21482 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=8 res=1
type=USER_ROLE_CHANGE msg=audit(1574676113.090:440): pid=21482 uid=0 auid=0 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574676113.117:441): pid=21482 uid=0 auid=0 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574676113.509:442): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574676113.510:443): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574676113.514:444): pid=21506 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21506 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676113.514:445): pid=21506 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21506 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676113.514:446): pid=21506 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21506 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574676113.516:447): pid=21506 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574676114.450:448): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRED_DISP msg=audit(1574676114.451:449): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_END msg=audit(1574676114.453:450): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1574676114.454:451): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574676114.454:452): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21482 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676114.454:453): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21482 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676114.454:454): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21482 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676114.454:455): pid=21482 uid=0 auid=0 ses=8 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21482 suid=0 rport=44920 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676260.369:456): pid=21516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21516 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676260.369:457): pid=21516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21516 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676260.369:458): pid=21516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21516 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574676260.572:459): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21516 suid=74 rport=45194 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574676260.573:460): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21516 suid=74 rport=45194 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574676261.389:461): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1574676264.491:462): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_ACCT msg=audit(1574676264.495:463): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574676264.498:464): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21516 suid=74 rport=45194 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574676264.500:465): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="sysadm-user" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success'
type=CRED_ACQ msg=audit(1574676264.500:466): pid=21515 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=LOGIN msg=audit(1574676264.501:467): pid=21515 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=9 res=1
type=USER_ROLE_CHANGE msg=audit(1574676264.528:468): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 selected-context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574676264.553:469): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574676264.554:470): pid=21519 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21519 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676264.555:471): pid=21519 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21519 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676264.555:472): pid=21519 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21519 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_ACQ msg=audit(1574676264.556:473): pid=21519 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574676264.954:474): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success'
type=USER_START msg=audit(1574676264.955:475): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=/dev/pts/1 res=success'
type=CRYPTO_KEY_USER msg=audit(1574676264.968:476): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21520 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1574676269.109:477): avc: denied { sendto } for pid=21539 comm="dcbtool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0
type=SYSCALL msg=audit(1574676269.109:477): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=558107411082 a2=14 a3=21000 items=0 ppid=21520 pid=21539 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=9 comm="dcbtool" exe="/usr/sbin/dcbtool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1574676269.109:477): proctitle="dcbtool"
type=AVC msg=audit(1574676270.109:478): avc: denied { sendto } for pid=21539 comm="dcbtool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0
type=SYSCALL msg=audit(1574676270.109:478): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=558107411082 a2=14 a3=f items=0 ppid=21520 pid=21539 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=9 comm="dcbtool" exe="/usr/sbin/dcbtool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1574676270.109:478): proctitle="dcbtool"
type=USER_END msg=audit(1574676314.202:479): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=USER_LOGOUT msg=audit(1574676314.202:480): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success'
type=CRYPTO_KEY_USER msg=audit(1574676314.359:481): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21519 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676314.359:482): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21519 suid=1000 rport=45194 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_END msg=audit(1574676314.365:483): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRED_DISP msg=audit(1574676314.366:484): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="sysadm-user" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574676314.366:485): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21515 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676314.367:486): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21515 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676314.367:487): pid=21515 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21515 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676320.600:488): pid=21551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21551 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676320.600:489): pid=21551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21551 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676320.600:490): pid=21551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21551 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574676320.714:491): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21551 suid=74 rport=45270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1574676320.714:492): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=21551 suid=74 rport=45270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574676321.562:493): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1574676324.674:494): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_ACCT msg=audit(1574676324.678:495): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574676324.679:496): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=21551 suid=74 rport=45270 laddr=10.0.137.208 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=? res=success'
type=USER_AUTH msg=audit(1574676324.681:497): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.40.205.43 terminal=ssh res=success'
type=CRED_ACQ msg=audit(1574676324.682:498): pid=21550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=LOGIN msg=audit(1574676324.682:499): pid=21550 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=10 res=1
type=USER_ROLE_CHANGE msg=audit(1574676324.801:500): pid=21550 uid=0 auid=0 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574676324.826:501): pid=21550 uid=0 auid=0 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_LOGIN msg=audit(1574676325.219:502): pid=21550 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=USER_START msg=audit(1574676325.220:503): pid=21550 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'
type=CRYPTO_KEY_USER msg=audit(1574676325.223:504): pid=21554 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:63:6c:4a:92:cd:40:49:fb:29:48:6a:71:8a:6d:8b:9f:b2:70:e1:68:da:94:80:00:fd:3c:43:db:25:f3:2b:bd direction=? spid=21554 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676325.223:505): pid=21554 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:05:5f:b6:6f:3b:f4:b1:b4:3a:06:e0:c2:ca:3f:ec:2c:0b:96:aa:4e:35:2a:e6:4b:af:07:d2:ae:26:66:20 direction=? spid=21554 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1574676325.223:506): pid=21554 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:a2:d0:1a:4c:56:85:f6:71:e2:84:7b:a4:60:03:8e:5c:1a:47:b4:47:e3:7b:ac:e1:24:70:4e:d1:6b:df:d2:84 direction=? spid=21554 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRED_REFR msg=audit(1574676325.225:507): pid=21554 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/sbin/sshd" hostname=ovpn-205-43.brq.redhat.com addr=10.40.205.43 terminal=ssh res=success'

View File

@ -1,65 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setroubleshoot/Regression/embedded-null-byte-in-audit-records
# Description: Is sealert able to processes audit messages which contain embedded null bytes?
# Author: Milos Malik <mmalik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setroubleshoot"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm ${PACKAGE}
rlRun "rpm -qf /usr/sbin/ausearch"
rlRun "rpm -qf /usr/bin/audit2allow"
rlRun "rpm -qf /usr/bin/sealert"
OUTPUT_FILE=`mktemp`
rlPhaseEnd
rlPhaseStartTest "bz#1775135 + bz#1776199"
if rlIsRHEL 7 ; then
rlRun "ausearch -i -m avc -if ./audit.log"
rlRun "audit2allow -i ./audit.log"
# if sealert got stuck, kill it after 15 seconds
rlWatchdog "sealert -a ./audit.log 2>&1 | tee ${OUTPUT_FILE}" 15
else # Fedora, RHEL-8 and above
rlRun "ausearch -i -m avc -if ./short.log"
rlRun "audit2allow -i ./short.log"
# if sealert got stuck, kill it after 15 seconds
rlWatchdog "sealert -a ./short.log 2>&1 | tee ${OUTPUT_FILE}" 15
fi
rlRun "grep -i -e Traceback -e TypeError -e embedded -e \"null byte\" ${OUTPUT_FILE}" 1
rlRun "grep -i \"Plugin catchall\" ${OUTPUT_FILE}" 0
if [ $? -ne 0 ]; then cat ${OUTPUT_FILE}; fi
rlPhaseEnd
rlPhaseStartCleanup
rm -f ${OUTPUT_FILE}
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

View File

@ -1,4 +0,0 @@
type=AVC msg=audit(1574094303.139:1096): avc: denied { sendto } for pid=18278 comm="dcbtool" path=002F636F6D2F696E74656C2F6C6C64706164 scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:lldpad_t:s0 tclass=unix_dgram_socket permissive=0
type=SYSCALL msg=audit(1574094303.139:1096): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=55c52f80bf02 a2=14 a3=0 items=0 ppid=12504 pid=18278 auid=1005 uid=1005 gid=1005 euid=1005 suid=1005 fsuid=1005 egid=1005 sgid=1005 fsgid=1005 tty=pts1 ses=33 comm="dcbtool" exe="/usr/sbin/dcbtool" subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=connect AUID="sysadm-user" UID="sysadm-user" GID="sysadm-user" EUID="sysadm-user" SUID="sysadm-user" FSUID="sysadm-user" EGID="sysadm-user" SGID="sysadm-user" FSGID="sysadm-user"
type=SOCKADDR msg=audit(1574094303.139:1096): saddr=0100002F636F6D2F696E74656C2F6C6C64706164SADDR={ saddr_fam=local path=/com/intel/lldpad }
type=PROCTITLE msg=audit(1574094303.139:1096): proctitle="dcbtool"

View File

@ -1,65 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses
# Description: Does setroubleshoot report any 'Plugin Exception' during analyses?
# Author: Petr Lautrbach <plautrba@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile short.log
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Petr Lautrbach <plautrba@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Does setroubleshoot report any 'Plugin Exception' during analyses?" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: setroubleshoot" >> $(METADATA)
@echo "Requires: setroubleshoot-server" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Environment: AVC_ERROR=+no_avc_check" >> $(METADATA)
@echo "Bug: 1784564" >> $(METADATA) # RHEL-7
rhts-lint $(METADATA)

View File

@ -1,15 +0,0 @@
summary: Does setroubleshoot report any 'Plugin Exception' during analyses?
contact: Petr Lautrbach <plautrba@redhat.com>
component:
- setroubleshoot
test: ./runtest.sh
framework: beakerlib
recommend:
- setroubleshoot-server
environment:
AVC_ERROR: +no_avc_check
duration: 5m
link:
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1784564
extra-summary: /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses
extra-task: /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses

View File

@ -1,72 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses
# Description: Does setroubleshoot report any 'Plugin Exception' during analyses?
# Author: Petr Lautrbach <plautrba@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setroubleshoot"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm ${PACKAGE}-server
rlAssertRpm ${PACKAGE}-plugins
rlPhaseEnd
rlPhaseStartTest "no 'Plugin Exception'"
SINCE=$(date '+%Y-%m-%d %H:%M:%S')
RANDOM_NUMBER=${RANDOM}
rlRun "passwd --help >& /root/output-${RANDOM_NUMBER}.txt"
rlRun "rm -f /root/output-${RANDOM_NUMBER}.txt"
sleep 10
rlRun "journalctl --since=\"$SINCE\" > journal-after.txt"
STATUS=0
rlAssertGrep "setroubleshoot.*: SELinux is preventing (/usr/bin/)?passwd" journal-after.txt -E
[[ $? -eq 0 ]] || STATUS=$?
rlAssertNotGrep "setroubleshoot.*: Plugin Exception " journal-after.txt
[[ $? -eq 0 ]] || STATUS=$?
rlRun "[[ $STATUS -eq 0 ]] || cat journal-after.txt"
rlRun "rm -f journal-after.txt"
rlPhaseEnd
rlPhaseStartTest "no 'Plugin Exception' in short.log"
OUTPUT_FILE=`mktemp`
rlRun "sealert -a ./short.log >& $OUTPUT_FILE"
STATUS=0
rlAssertNotGrep "'generator' object is not subscriptable" $OUTPUT_FILE
[[ $? -eq 0 ]] || STATUS=$?
rlAssertGrep "Plugin catchall_labels" $OUTPUT_FILE
[[ $? -eq 0 ]] || STATUS=$?
rlRun "[[ $STATUS -eq 0 ]] || cat $OUTPUT_FILE"
rlRun "rm -f $OUTPUT_FILE"
rlPhaseEnd
rlPhaseStartCleanup
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

View File

@ -1,10 +0,0 @@
type=PROCTITLE msg=audit(1574867531.103:1226): proctitle=2F7573722F7362696E2F6368726F6E7964002D6E002D66002F7661722F72756E2F74696D656D61737465722F6368726F6E792E636F6E66
type=AVC msg=audit(1574867531.516:1227): avc: denied { read } for pid=936 comm="auditd" name="passwd" dev="sda2" ino=25468387 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1574867531.516:1228): avc: denied { read } for pid=936 comm="auditd" name="passwd" dev="sda2" ino=25468387 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1574867531.516:1229): avc: denied { write } for pid=936 comm="auditd" name="nss" dev="sda2" ino=209156 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sock_file permissive=0
type=AVC msg=audit(1574867531.516:1230): avc: denied { read } for pid=936 comm="auditd" name="group" dev="sda2" ino=25468401 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1574867531.516:1231): avc: denied { read } for pid=936 comm="auditd" name="group" dev="sda2" ino=25468401 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
type=AVC msg=audit(1574867531.516:1232): avc: denied { write } for pid=936 comm="auditd" name="nss" dev="sda2" ino=209156 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sock_file permissive=0
type=SYSCALL msg=audit(1574867527.549:1163): arch=c000003e syscall=21 success=no exit=-13 a0=7f61e4002460 a1=4 a2=0 a3=0 items=1 ppid=1 pid=1871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="in:imjournal" exe="/usr/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)ARCH=x86_64 SYSCALL=access AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=CWD msg=audit(1574867527.549:1163): cwd="/"
type=PATH msg=audit(1574867527.549:1163): item=0 name="/var/lib/rsyslog/imjournal.state" inode=25845859 dev=08:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0OUID="root" OGID="root"

View File

@ -1,63 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display
# Description: Test for traceback when using sealert -s with DISPLAY set to invalid value
# Author: Vit Mojzis <vmojzis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Vit Mojzis <vmojzis@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test for traceback when using sealert -s with display set to invalid value" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: setroubleshoot" >> $(METADATA)
@echo "Requires: setroubleshoot" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1574434" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA)
rhts-lint $(METADATA)

View File

@ -1,13 +0,0 @@
summary: Test for traceback when using sealert -s with display set to invalid value
contact: Vit Mojzis <vmojzis@redhat.com>
component:
- setroubleshoot
test: ./runtest.sh
framework: beakerlib
recommend:
- setroubleshoot
duration: 5m
link:
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1574434
extra-summary: /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display
extra-task: /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display

View File

@ -1,44 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display
# Description: Test for traceback when using sealert -s with DISPLAY set to invalid value
# Author: Vit Mojzis <vmojzis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setroubleshoot-server"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
OUTPUT_FILE=`mktemp`
rlPhaseEnd
rlPhaseStartTest
rlRun "DISPLAY=yolo sealert -s 2>&1 | tee ${OUTPUT_FILE}"
rlRun "grep Traceback ${OUTPUT_FILE}" 1
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

View File

@ -1,65 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/setroubleshoot-plugins/Sanity/public_content
# Description: Does the plugin work as expected?
# Author: Milos Malik <mmalik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/setroubleshoot-plugins/Sanity/public_content
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Does the plugin work as expected?" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 10m" >> $(METADATA)
@echo "RunFor: setroubleshoot-plugins" >> $(METADATA)
@echo "Requires: setroubleshoot-plugins setroubleshoot-server audit setools-console psmisc libselinux-utils rsyslog" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
@echo "Environment: AVC_ERROR=+no_avc_check" >> $(METADATA)
rhts-lint $(METADATA)

View File

@ -1,7 +0,0 @@
PURPOSE of /CoreOS/setroubleshoot-plugins/Sanity/public_content
Author: Milos Malik <mmalik@redhat.com>
Does the plugin work as expected?
Default value of ANALYSIS_DELAY can be overriden.

View File

@ -1,24 +0,0 @@
summary: Does the plugin work as expected?
description: |+
Does the plugin work as expected?
Default value of ANALYSIS_DELAY can be overriden.
contact: Milos Malik <mmalik@redhat.com>
component:
- setroubleshoot-plugins
test: ./runtest.sh
framework: beakerlib
recommend:
- setroubleshoot-plugins
- setroubleshoot-server
- audit
- setools-console
- psmisc
- libselinux-utils
- rsyslog
environment:
AVC_ERROR: +no_avc_check
duration: 10m
extra-summary: /CoreOS/setroubleshoot-plugins/Sanity/public_content
extra-task: /CoreOS/setroubleshoot-plugins/Sanity/public_content

View File

@ -1,86 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setroubleshoot-plugins/Sanity/public_content
# Description: Does the plugin work as expected?
# Author: Milos Malik <mmalik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setroubleshoot-plugins"
PLUGIN_NAME="public_content"
ANALYSIS_DELAY=${ANALYSIS_DELAY:-"16"}
rlJournalStart
rlPhaseStartSetup
rlAssertRpm ${PACKAGE}
rlAssertRpm setroubleshoot-server
rlServiceStart auditd
rlFileBackup /var/lib/setroubleshoot/setroubleshoot_database.xml
rlRun "rm -f /var/lib/setroubleshoot/setroubleshoot_database.xml"
BEFORE=`mktemp`
AFTER=`mktemp`
rlRun "killall setroubleshootd" 0,1
rlRun "mkdir -p /var/test-dir"
rlRun "chcon -t samba_share_t /var/test-dir"
rlRun "touch /var/test-file"
rlRun "chcon -t samba_share_t /var/test-file"
rlPhaseEnd
rlPhaseStartTest
if rlIsRHEL 6 7 ; then
ADD_OPT="-C"
fi
rlRun "sesearch -s rsync_t -t samba_share_t -c dir -p read -A --dontaudit ${ADD_OPT} | grep -v '\]' | grep -e allow -e dontaudit" 1
rlRun "sesearch -s rsync_t -t samba_share_t -c file -p read -A --dontaudit ${ADD_OPT} | grep -v '\]' | grep -e allow -e dontaudit" 1
rlRun "setsebool rsync_export_all_ro off"
if ! rlIsRHEL 6 ; then
rlRun "setsebool rsync_full_access off"
fi
rlRun "sealert -l '*' > ${BEFORE}"
rlRun "cat /var/log/messages > ./messages"
rlRun "setenforce 0"
rlRun "runcon system_u:system_r:rsync_t:s0 bash -c 'ls /var/test-dir'" 0,1
rlRun "runcon system_u:system_r:rsync_t:s0 bash -c 'cat /var/test-file'" 0,1
rlRun "setenforce 1"
rlRun "sleep ${ANALYSIS_DELAY}"
rlRun "ps -efZ | grep setroubleshootd" 0,1
rlRun "sealert -l '*' > ${AFTER}" 0-3
rlRun "ausearch -m avc -m selinux_err -i -ts recent --input-logs | grep 'read.*ls.*test-dir.*:rsync_t:.*:samba_share_t:.*tclass=dir'"
rlRun "ausearch -m avc -m selinux_err -i -ts recent --input-logs | grep 'read.*cat.*test-file.*:rsync_t:.*:samba_share_t:.*tclass=file'"
rlRun "diff ${BEFORE} ${AFTER} | grep \"Plugin.*suggests\""
rlRun "diff ${BEFORE} ${AFTER} | grep \"Plugin ${PLUGIN_NAME} .*suggests\""
rlRun "diff /var/log/messages ./messages | grep -i -e 'setroubleshoot.*exception' -e 'no such file or directory'" 1
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rm -rf /var/test-dir /var/test-file"
rm -f ${BEFORE}
rm -f ${AFTER}
rlFileRestore
rlPhaseEnd
rlJournalPrintText
rlJournalEnd