Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 1843970 Details for
Bug 2027263
insights-client-results.service keeps active after SM auto registered in aws
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
os_tests.tests.test_lifecycle.TestLifeCycle.test_boot_debugkernel.debug
os_tests.tests.test_general_check.TestGeneralCheck.test_check_journalctl_not_found.debug (text/plain), 607.27 KB, created by
Frank Liang
on 2021-11-29 09:10:21 UTC
(
hide
)
Description:
os_tests.tests.test_lifecycle.TestLifeCycle.test_boot_debugkernel.debug
Filename:
MIME Type:
Creator:
Frank Liang
Created:
2021-11-29 09:10:21 UTC
Size:
607.27 KB
patch
obsolete
>INFO:-------------------------------------------------------------------------------- >INFO:Code Repo: https://github.com/liangxiao1/os-tests >INFO:Case ID: os_tests.tests.test_general_check.TestGeneralCheck.test_check_journalctl_not_found >INFO:Case Doc: > case_name: > test_check_journalctl_not_found > case_priority: > 2 > component: > journal > bugzilla_id: > 1855252 > customer_case_id: > > polarion_id: > n/a > maintainer: > xiliang@redhat.com > description: > check "journalctl |grep -i 'no such file'" reported and make sure there is file not found in log. > key_steps: > 1.#journalctl |grep -i 'not found' > 2.#journalctl |grep -i 'no such file' > expected_result: > No new unknown not file found log found. > >INFO:Case Params: >INFO:key:code_repo, val:https://github.com/liangxiao1/os-tests >INFO:key:results_dir, val:/tmp/os_tests_result_20211129_rhel9_t4g.large >INFO:key:max_boot_time, val:40 >INFO:key:pkg_reinstall, val:False >INFO:key:blk_devs, val:/dev/nvme1n1 >INFO:key:ping_server, val:8.8.8.8 >INFO:key:disk_utils, val:30 >INFO:key:remote_node, val:ec2-34-222-242-44.us-west-2.compute.amazonaws.com >INFO:key:remote_user, val:ec2-user >INFO:key:remote_keyfile, val:/home/virtqe_s1.pem >INFO:key:remote_password, val:******* >INFO:-------------------------------------------------------------------------------- >INFO:remote_node specified, all tests will be run in ec2-34-222-242-44.us-west-2.compute.amazonaws.com >INFO:connection is live >INFO:Loading baseline data file from /root/.local/lib/python3.6/site-packages/os_tests/data/baseline_log.json >INFO:CMD: > >INFO:Run on remote: > >INFO:CMD ret: 0 out: >INFO:Get log...... >INFO:CMD: journalctl -b 0 >INFO:Run on remote: journalctl -b 0 1>/tmp/cmd.out 2>/tmp/cmd.err >INFO:CMD ret: 0 out:-- Journal begins at Mon 2021-11-29 05:52:18 UTC, ends at Mon 2021-11-29 05:56:07 UTC. -- >Nov 29 05:52:18 localhost kernel: Booting Linux on physical CPU 0x0000000000 [0x413fd0c1] >Nov 29 05:52:18 localhost kernel: Linux version 5.14.0-1.7.1.el9.aarch64 (mockbuild@arm64-025.build.eng.bos.redhat.com) (gcc (GCC) 11.2.1 20210728 (Red Hat 11.2.1-2), GNU ld version 2.35.2-9.el9) #1 SMP Mon Oct 25 15:12:30 EDT 2021 >Nov 29 05:52:18 localhost kernel: efi: EFI v2.70 by EDK II >Nov 29 05:52:18 localhost kernel: efi: SMBIOS=0x7bee0000 ACPI=0x786e0000 ACPI 2.0=0x786e0014 MEMATTR=0x7a696b18 RNG=0x7bfded98 MEMRESERVE=0x7857cf18 >Nov 29 05:52:18 localhost kernel: efi: seeding entropy pool >Nov 29 05:52:18 localhost kernel: ACPI: Early table checksum verification disabled >Nov 29 05:52:18 localhost kernel: ACPI: RSDP 0x00000000786E0014 000024 (v02 AMAZON) >Nov 29 05:52:18 localhost kernel: ACPI: XSDT 0x00000000786D00E8 000064 (v01 AMAZON AMZNFACP 00000001 01000013) >Nov 29 05:52:18 localhost kernel: ACPI: FACP 0x00000000786B0000 000114 (v06 AMAZON AMZNFACP 00000001 AMZN 00000001) >Nov 29 05:52:18 localhost kernel: ACPI: DSDT 0x0000000078640000 00154F (v03 AMAZON AMZNDSDT 00000001 INTL 20160527) >Nov 29 05:52:18 localhost kernel: ACPI: APIC 0x00000000786C0000 000108 (v03 AMAZON AMZNAPIC 00000001 AMZN 00000001) >Nov 29 05:52:18 localhost kernel: ACPI: SPCR 0x00000000786A0000 000050 (v02 AMAZON AMZNSPCR 00000001 AMZN 00000001) >Nov 29 05:52:18 localhost kernel: ACPI: GTDT 0x0000000078690000 000060 (v02 AMAZON AMZNGTDT 00000001 AMZN 00000001) >Nov 29 05:52:18 localhost kernel: ACPI: MCFG 0x0000000078680000 00003C (v02 AMAZON AMZNMCFG 00000001 AMZN 00000001) >Nov 29 05:52:18 localhost kernel: ACPI: SLIT 0x0000000078670000 00002D (v01 AMAZON AMZNSLIT 00000001 AMZN 00000001) >Nov 29 05:52:18 localhost kernel: ACPI: IORT 0x0000000078660000 000078 (v01 AMAZON AMZNIORT 00000001 AMZN 00000001) >Nov 29 05:52:18 localhost kernel: ACPI: PPTT 0x0000000078650000 0000D4 (v02 AMAZON AMZNPPTT 00000001 AMZN 00000001) >Nov 29 05:52:18 localhost kernel: ACPI: SPCR: console: uart,mmio,0x90a0000,115200 >Nov 29 05:52:18 localhost kernel: NUMA: Failed to initialise from firmware >Nov 29 05:52:18 localhost kernel: NUMA: Faking a node at [mem 0x0000000040000000-0x00000005b9ffffff] >Nov 29 05:52:18 localhost kernel: NUMA: NODE_DATA [mem 0x5b9024300-0x5b9027fff] >Nov 29 05:52:18 localhost kernel: Zone ranges: >Nov 29 05:52:18 localhost kernel: DMA [mem 0x0000000040000000-0x00000000ffffffff] >Nov 29 05:52:18 localhost kernel: DMA32 empty >Nov 29 05:52:18 localhost kernel: Normal [mem 0x0000000100000000-0x00000005b9ffffff] >Nov 29 05:52:18 localhost kernel: Movable zone start for each node >Nov 29 05:52:18 localhost kernel: Early memory node ranges >Nov 29 05:52:18 localhost kernel: node 0: [mem 0x0000000040000000-0x00000000786effff] >Nov 29 05:52:18 localhost kernel: node 0: [mem 0x00000000786f0000-0x000000007872ffff] >Nov 29 05:52:18 localhost kernel: node 0: [mem 0x0000000078730000-0x000000007bbfffff] >Nov 29 05:52:18 localhost kernel: node 0: [mem 0x000000007bc00000-0x000000007bfdffff] >Nov 29 05:52:18 localhost kernel: node 0: [mem 0x000000007bfe0000-0x000000007fffffff] >Nov 29 05:52:18 localhost kernel: node 0: [mem 0x0000000400000000-0x00000005b9ffffff] >Nov 29 05:52:18 localhost kernel: Initmem setup node 0 [mem 0x0000000040000000-0x00000005b9ffffff] >Nov 29 05:52:18 localhost kernel: crashkernel reserved: 0x0000000056600000 - 0x0000000072600000 (448 MB) >Nov 29 05:52:18 localhost kernel: psci: probing for conduit method from ACPI. >Nov 29 05:52:18 localhost kernel: psci: PSCIv1.0 detected in firmware. >Nov 29 05:52:18 localhost kernel: psci: Using standard PSCI v0.2 function IDs >Nov 29 05:52:18 localhost kernel: psci: Trusted OS migration not required >Nov 29 05:52:18 localhost kernel: psci: SMC Calling Convention v1.1 >Nov 29 05:52:18 localhost kernel: ACPI: SRAT not present >Nov 29 05:52:18 localhost kernel: percpu: Embedded 34 pages/cpu s101016 r8192 d30056 u139264 >Nov 29 05:52:18 localhost kernel: pcpu-alloc: s101016 r8192 d30056 u139264 alloc=34*4096 >Nov 29 05:52:18 localhost kernel: pcpu-alloc: [0] 0 [0] 1 >Nov 29 05:52:18 localhost kernel: Detected PIPT I-cache on CPU0 >Nov 29 05:52:18 localhost kernel: CPU features: detected: GIC system register CPU interface >Nov 29 05:52:18 localhost kernel: CPU features: detected: Hardware dirty bit management >Nov 29 05:52:18 localhost kernel: CPU features: detected: Spectre-v4 >Nov 29 05:52:18 localhost kernel: CPU features: kernel page table isolation forced ON by KASLR >Nov 29 05:52:18 localhost kernel: CPU features: detected: Kernel page table isolation (KPTI) >Nov 29 05:52:18 localhost kernel: CPU features: detected: ARM erratum 1542419 (kernel portion) >Nov 29 05:52:18 localhost kernel: Built 1 zonelists, mobility grouping on. Total pages: 2040192 >Nov 29 05:52:18 localhost kernel: Policy zone: Normal >Nov 29 05:52:18 localhost kernel: Kernel command line: BOOT_IMAGE=(hd0,gpt2)/vmlinuz-5.14.0-1.7.1.el9.aarch64 root=UUID=80bc63d9-e4f4-4924-a5e1-b4247518c994 console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0 crashkernel=2G-:448M >Nov 29 05:52:18 localhost kernel: Unknown command line parameters: BOOT_IMAGE=(hd0,gpt2)/vmlinuz-5.14.0-1.7.1.el9.aarch64 >Nov 29 05:52:18 localhost kernel: Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes, linear) >Nov 29 05:52:18 localhost kernel: Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes, linear) >Nov 29 05:52:18 localhost kernel: mem auto-init: stack:off, heap alloc:off, heap free:off >Nov 29 05:52:18 localhost kernel: software IO TLB: mapped [mem 0x000000007c000000-0x0000000080000000] (64MB) >Nov 29 05:52:18 localhost kernel: Memory: 7504144K/8290304K available (12288K kernel code, 5510K rwdata, 9048K rodata, 4480K init, 8982K bss, 786160K reserved, 0K cma-reserved) >Nov 29 05:52:18 localhost kernel: random: get_random_u64 called from kmem_cache_open+0x30/0x320 with crng_init=0 >Nov 29 05:52:18 localhost kernel: SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 >Nov 29 05:52:18 localhost kernel: ftrace: allocating 41000 entries in 161 pages >Nov 29 05:52:18 localhost kernel: ftrace: allocated 161 pages with 3 groups >Nov 29 05:52:18 localhost kernel: trace event string verifier disabled >Nov 29 05:52:18 localhost kernel: rcu: Hierarchical RCU implementation. >Nov 29 05:52:18 localhost kernel: rcu: RCU restricting CPUs from NR_CPUS=4096 to nr_cpu_ids=2. >Nov 29 05:52:18 localhost kernel: Trampoline variant of Tasks RCU enabled. >Nov 29 05:52:18 localhost kernel: Rude variant of Tasks RCU enabled. >Nov 29 05:52:18 localhost kernel: Tracing variant of Tasks RCU enabled. >Nov 29 05:52:18 localhost kernel: rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. >Nov 29 05:52:18 localhost kernel: rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2 >Nov 29 05:52:18 localhost kernel: NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 >Nov 29 05:52:18 localhost kernel: GICv3: 96 SPIs implemented >Nov 29 05:52:18 localhost kernel: GICv3: 0 Extended SPIs implemented >Nov 29 05:52:18 localhost kernel: GICv3: Distributor has no Range Selector support >Nov 29 05:52:18 localhost kernel: Root IRQ handler: gic_handle_irq >Nov 29 05:52:18 localhost kernel: GICv3: 16 PPIs implemented >Nov 29 05:52:18 localhost kernel: GICv3: CPU0: found redistributor 0 region 0:0x0000000010200000 >Nov 29 05:52:18 localhost kernel: ACPI: SRAT not present >Nov 29 05:52:18 localhost kernel: ITS [mem 0x10080000-0x1009ffff] >Nov 29 05:52:18 localhost kernel: ITS@0x0000000010080000: allocated 8192 Devices @400180000 (indirect, esz 8, psz 64K, shr 1) >Nov 29 05:52:18 localhost kernel: ITS@0x0000000010080000: allocated 8192 Interrupt Collections @400190000 (flat, esz 8, psz 64K, shr 1) >Nov 29 05:52:18 localhost kernel: GICv3: using LPI property table @0x00000004001a0000 >Nov 29 05:52:18 localhost kernel: ITS: Using hypervisor restricted LPI range [128] >Nov 29 05:52:18 localhost kernel: GICv3: CPU0: using allocated LPI pending table @0x00000004001b0000 >Nov 29 05:52:18 localhost kernel: rcu: Offload RCU callbacks from CPUs: (none). >Nov 29 05:52:18 localhost kernel: arch_timer: cp15 timer(s) running at 121.87MHz (virt). >Nov 29 05:52:18 localhost kernel: clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x383759f8ff, max_idle_ns: 881590415659 ns >Nov 29 05:52:18 localhost kernel: sched_clock: 56 bits at 121MHz, resolution 8ns, wraps every 4398046511103ns >Nov 29 05:52:18 localhost kernel: arm-pv: using stolen time PV >Nov 29 05:52:18 localhost kernel: Console: colour dummy device 80x25 >Nov 29 05:52:18 localhost kernel: printk: console [tty0] enabled >Nov 29 05:52:18 localhost kernel: ACPI: Core revision 20210604 >Nov 29 05:52:18 localhost kernel: Calibrating delay loop (skipped), value calculated using timer frequency.. 243.75 BogoMIPS (lpj=1218750) >Nov 29 05:52:18 localhost kernel: pid_max: default: 32768 minimum: 301 >Nov 29 05:52:18 localhost kernel: LSM: Security Framework initializing >Nov 29 05:52:18 localhost kernel: Yama: becoming mindful. >Nov 29 05:52:18 localhost kernel: SELinux: Initializing. >Nov 29 05:52:18 localhost kernel: LSM support for eBPF active >Nov 29 05:52:18 localhost kernel: Mount-cache hash table entries: 16384 (order: 5, 131072 bytes, linear) >Nov 29 05:52:18 localhost kernel: Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes, linear) >Nov 29 05:52:18 localhost kernel: rcu: Hierarchical SRCU implementation. >Nov 29 05:52:18 localhost kernel: Platform MSI: ITS@0x10080000 domain created >Nov 29 05:52:18 localhost kernel: PCI/MSI: ITS@0x10080000 domain created >Nov 29 05:52:18 localhost kernel: Remapping and enabling EFI services. >Nov 29 05:52:18 localhost kernel: smp: Bringing up secondary CPUs ... >Nov 29 05:52:18 localhost kernel: Detected PIPT I-cache on CPU1 >Nov 29 05:52:18 localhost kernel: GICv3: CPU1: found redistributor 100 region 0:0x0000000010220000 >Nov 29 05:52:18 localhost kernel: GICv3: CPU1: using allocated LPI pending table @0x00000004001c0000 >Nov 29 05:52:18 localhost kernel: CPU1: Booted secondary processor 0x0000000100 [0x413fd0c1] >Nov 29 05:52:18 localhost kernel: smp: Brought up 1 node, 2 CPUs >Nov 29 05:52:18 localhost kernel: SMP: Total of 2 processors activated. >Nov 29 05:52:18 localhost kernel: CPU features: detected: 32-bit EL0 Support >Nov 29 05:52:18 localhost kernel: CPU features: detected: Instruction cache invalidation not required for I/D coherence >Nov 29 05:52:18 localhost kernel: CPU features: detected: Data cache clean to the PoU not required for I/D coherence >Nov 29 05:52:18 localhost kernel: CPU features: detected: Common not Private translations >Nov 29 05:52:18 localhost kernel: CPU features: detected: CRC32 instructions >Nov 29 05:52:18 localhost kernel: CPU features: detected: Data cache clean to Point of Persistence >Nov 29 05:52:18 localhost kernel: CPU features: detected: RCpc load-acquire (LDAPR) >Nov 29 05:52:18 localhost kernel: CPU features: detected: LSE atomic instructions >Nov 29 05:52:18 localhost kernel: CPU features: detected: Privileged Access Never >Nov 29 05:52:18 localhost kernel: CPU features: detected: RAS Extension Support >Nov 29 05:52:18 localhost kernel: CPU features: detected: Speculative Store Bypassing Safe (SSBS) >Nov 29 05:52:18 localhost kernel: CPU: All CPU(s) started at EL1 >Nov 29 05:52:18 localhost kernel: alternatives: patching kernel code >Nov 29 05:52:18 localhost kernel: devtmpfs: initialized >Nov 29 05:52:18 localhost kernel: KASLR enabled >Nov 29 05:52:18 localhost kernel: clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns >Nov 29 05:52:18 localhost kernel: futex hash table entries: 512 (order: 3, 32768 bytes, linear) >Nov 29 05:52:18 localhost kernel: pinctrl core: initialized pinctrl subsystem >Nov 29 05:52:18 localhost kernel: SMBIOS 2.7 present. >Nov 29 05:52:18 localhost kernel: DMI: Amazon EC2 t4g.large/, BIOS 1.0 11/1/2018 >Nov 29 05:52:18 localhost kernel: NET: Registered PF_NETLINK/PF_ROUTE protocol family >Nov 29 05:52:18 localhost kernel: DMA: preallocated 1024 KiB GFP_KERNEL pool for atomic allocations >Nov 29 05:52:18 localhost kernel: DMA: preallocated 1024 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations >Nov 29 05:52:18 localhost kernel: DMA: preallocated 1024 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations >Nov 29 05:52:18 localhost kernel: audit: initializing netlink subsys (disabled) >Nov 29 05:52:18 localhost kernel: audit: type=2000 audit(0.010:1): state=initialized audit_enabled=0 res=1 >Nov 29 05:52:18 localhost kernel: thermal_sys: Registered thermal governor 'fair_share' >Nov 29 05:52:18 localhost kernel: thermal_sys: Registered thermal governor 'step_wise' >Nov 29 05:52:18 localhost kernel: thermal_sys: Registered thermal governor 'user_space' >Nov 29 05:52:18 localhost kernel: cpuidle: using governor menu >Nov 29 05:52:18 localhost kernel: hw-breakpoint: found 6 breakpoint and 4 watchpoint registers. >Nov 29 05:52:18 localhost kernel: ASID allocator initialised with 32768 entries >Nov 29 05:52:18 localhost kernel: ACPI: bus type PCI registered >Nov 29 05:52:18 localhost kernel: acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5 >Nov 29 05:52:18 localhost kernel: Serial: AMBA PL011 UART driver >Nov 29 05:52:18 localhost kernel: HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages >Nov 29 05:52:18 localhost kernel: HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages >Nov 29 05:52:18 localhost kernel: HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages >Nov 29 05:52:18 localhost kernel: HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages >Nov 29 05:52:18 localhost kernel: cryptd: max_cpu_qlen set to 1000 >Nov 29 05:52:18 localhost kernel: wait_for_initramfs() called before rootfs_initcalls >Nov 29 05:52:18 localhost kernel: ACPI: Added _OSI(Module Device) >Nov 29 05:52:18 localhost kernel: ACPI: Added _OSI(Processor Device) >Nov 29 05:52:18 localhost kernel: ACPI: Added _OSI(3.0 _SCP Extensions) >Nov 29 05:52:18 localhost kernel: ACPI: Added _OSI(Processor Aggregator Device) >Nov 29 05:52:18 localhost kernel: ACPI: Added _OSI(Linux-Dell-Video) >Nov 29 05:52:18 localhost kernel: ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio) >Nov 29 05:52:18 localhost kernel: ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics) >Nov 29 05:52:18 localhost kernel: ACPI: 1 ACPI AML tables successfully acquired and loaded >Nov 29 05:52:18 localhost kernel: ACPI: Interpreter enabled >Nov 29 05:52:18 localhost kernel: ACPI: Using GIC for interrupt routing >Nov 29 05:52:18 localhost kernel: ACPI: MCFG table detected, 1 entries >Nov 29 05:52:18 localhost kernel: ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-0f]) >Nov 29 05:52:18 localhost kernel: acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI EDR HPX-Type3] >Nov 29 05:52:18 localhost kernel: acpi PNP0A08:00: _OSC: platform does not support [LTR DPC] >Nov 29 05:52:18 localhost kernel: acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug PME AER PCIeCapability] >Nov 29 05:52:18 localhost kernel: acpi PNP0A08:00: ECAM area [mem 0x20000000-0x20ffffff] reserved by PNP0C02:00 >Nov 29 05:52:18 localhost kernel: acpi PNP0A08:00: ECAM at [mem 0x20000000-0x20ffffff] for [bus 00-0f] >Nov 29 05:52:18 localhost kernel: ACPI: Remapped I/O 0x000000001fff0000 to [io 0x0000-0xffff window] >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [1] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [2] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [3] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [4] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [5] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [6] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [7] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [8] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [9] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [10] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [11] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [12] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [13] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [14] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [15] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [16] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [17] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [18] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [19] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [20] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [21] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [22] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [23] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [24] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [25] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [26] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [27] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [28] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [29] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [30] registered >Nov 29 05:52:18 localhost kernel: acpiphp: Slot [31] registered >Nov 29 05:52:18 localhost kernel: PCI host bridge to bus 0000:00 >Nov 29 05:52:18 localhost kernel: pci_bus 0000:00: root bus resource [mem 0x80000000-0xffffffff window] >Nov 29 05:52:18 localhost kernel: pci_bus 0000:00: root bus resource [io 0x0000-0xffff window] >Nov 29 05:52:18 localhost kernel: pci_bus 0000:00: root bus resource [mem 0x400000000000-0x407fffffffff window] >Nov 29 05:52:18 localhost kernel: pci_bus 0000:00: root bus resource [bus 00-0f] >Nov 29 05:52:18 localhost kernel: pci 0000:00:00.0: [1d0f:0200] type 00 class 0x060000 >Nov 29 05:52:18 localhost kernel: pci 0000:00:01.0: [1d0f:8250] type 00 class 0x070003 >Nov 29 05:52:18 localhost kernel: pci 0000:00:01.0: reg 0x10: [mem 0x80008000-0x80008fff] >Nov 29 05:52:18 localhost kernel: pci 0000:00:04.0: [1d0f:8061] type 00 class 0x010802 >Nov 29 05:52:18 localhost kernel: pci 0000:00:04.0: reg 0x10: [mem 0x80004000-0x80007fff] >Nov 29 05:52:18 localhost kernel: pci 0000:00:04.0: PME# supported from D0 D1 D2 D3hot D3cold >Nov 29 05:52:18 localhost kernel: pci 0000:00:05.0: [1d0f:ec20] type 00 class 0x020000 >Nov 29 05:52:18 localhost kernel: pci 0000:00:05.0: reg 0x10: [mem 0x80000000-0x80003fff] >Nov 29 05:52:18 localhost kernel: pci 0000:00:05.0: PME# supported from D0 D1 D2 D3hot D3cold >Nov 29 05:52:18 localhost kernel: pci 0000:00:04.0: BAR 0: assigned [mem 0x80000000-0x80003fff] >Nov 29 05:52:18 localhost kernel: pci 0000:00:05.0: BAR 0: assigned [mem 0x80004000-0x80007fff] >Nov 29 05:52:18 localhost kernel: pci 0000:00:01.0: BAR 0: assigned [mem 0x80008000-0x80008fff] >Nov 29 05:52:18 localhost kernel: pci_bus 0000:00: resource 4 [mem 0x80000000-0xffffffff window] >Nov 29 05:52:18 localhost kernel: pci_bus 0000:00: resource 5 [io 0x0000-0xffff window] >Nov 29 05:52:18 localhost kernel: pci_bus 0000:00: resource 6 [mem 0x400000000000-0x407fffffffff window] >Nov 29 05:52:18 localhost kernel: ACPI: PCI: Interrupt link GSI0 configured for IRQ 35 >Nov 29 05:52:18 localhost kernel: ACPI: PCI: Interrupt link GSI1 configured for IRQ 36 >Nov 29 05:52:18 localhost kernel: ACPI: PCI: Interrupt link GSI2 configured for IRQ 37 >Nov 29 05:52:18 localhost kernel: ACPI: PCI: Interrupt link GSI3 configured for IRQ 38 >Nov 29 05:52:18 localhost kernel: iommu: Default domain type: Translated >Nov 29 05:52:18 localhost kernel: vgaarb: loaded >Nov 29 05:52:18 localhost kernel: SCSI subsystem initialized >Nov 29 05:52:18 localhost kernel: libata version 3.00 loaded. >Nov 29 05:52:18 localhost kernel: ACPI: bus type USB registered >Nov 29 05:52:18 localhost kernel: usbcore: registered new interface driver usbfs >Nov 29 05:52:18 localhost kernel: usbcore: registered new interface driver hub >Nov 29 05:52:18 localhost kernel: usbcore: registered new device driver usb >Nov 29 05:52:18 localhost kernel: pps_core: LinuxPPS API ver. 1 registered >Nov 29 05:52:18 localhost kernel: pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it> >Nov 29 05:52:18 localhost kernel: PTP clock support registered >Nov 29 05:52:18 localhost kernel: EDAC MC: Ver: 3.0.0 >Nov 29 05:52:18 localhost kernel: Registered efivars operations >Nov 29 05:52:18 localhost kernel: NetLabel: Initializing >Nov 29 05:52:18 localhost kernel: NetLabel: domain hash size = 128 >Nov 29 05:52:18 localhost kernel: NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO >Nov 29 05:52:18 localhost kernel: NetLabel: unlabeled traffic allowed by default >Nov 29 05:52:18 localhost kernel: clocksource: Switched to clocksource arch_sys_counter >Nov 29 05:52:18 localhost kernel: VFS: Disk quotas dquot_6.6.0 >Nov 29 05:52:18 localhost kernel: VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) >Nov 29 05:52:18 localhost kernel: pnp: PnP ACPI init >Nov 29 05:52:18 localhost kernel: system 00:00: [mem 0x20000000-0x2fffffff] could not be reserved >Nov 29 05:52:18 localhost kernel: pnp: PnP ACPI: found 1 devices >Nov 29 05:52:18 localhost kernel: NET: Registered PF_INET protocol family >Nov 29 05:52:18 localhost kernel: IP idents hash table entries: 131072 (order: 8, 1048576 bytes, linear) >Nov 29 05:52:18 localhost kernel: tcp_listen_portaddr_hash hash table entries: 4096 (order: 4, 65536 bytes, linear) >Nov 29 05:52:18 localhost kernel: TCP established hash table entries: 65536 (order: 7, 524288 bytes, linear) >Nov 29 05:52:18 localhost kernel: TCP bind hash table entries: 65536 (order: 8, 1048576 bytes, linear) >Nov 29 05:52:18 localhost kernel: TCP: Hash tables configured (established 65536 bind 65536) >Nov 29 05:52:18 localhost kernel: MPTCP token hash table entries: 8192 (order: 5, 196608 bytes, linear) >Nov 29 05:52:18 localhost kernel: UDP hash table entries: 4096 (order: 5, 131072 bytes, linear) >Nov 29 05:52:18 localhost kernel: UDP-Lite hash table entries: 4096 (order: 5, 131072 bytes, linear) >Nov 29 05:52:18 localhost kernel: NET: Registered PF_UNIX/PF_LOCAL protocol family >Nov 29 05:52:18 localhost kernel: NET: Registered PF_XDP protocol family >Nov 29 05:52:18 localhost kernel: PCI: CLS 0 bytes, default 64 >Nov 29 05:52:18 localhost kernel: ACPI: bus type thunderbolt registered >Nov 29 05:52:18 localhost kernel: Trying to unpack rootfs image as initramfs... >Nov 29 05:52:18 localhost kernel: hw perfevents: enabled with armv8_pmuv3_0 PMU driver, 4 counters available >Nov 29 05:52:18 localhost kernel: kvm [1]: HYP mode not available >Nov 29 05:52:18 localhost kernel: Freeing initrd memory: 47508K >Nov 29 05:52:18 localhost kernel: Initialise system trusted keyrings >Nov 29 05:52:18 localhost kernel: Key type blacklist registered >Nov 29 05:52:18 localhost kernel: workingset: timestamp_bits=40 max_order=21 bucket_order=0 >Nov 29 05:52:18 localhost kernel: zbud: loaded >Nov 29 05:52:18 localhost kernel: integrity: Platform Keyring initialized >Nov 29 05:52:18 localhost kernel: NET: Registered PF_ALG protocol family >Nov 29 05:52:18 localhost kernel: Key type asymmetric registered >Nov 29 05:52:18 localhost kernel: Asymmetric key parser 'x509' registered >Nov 29 05:52:18 localhost kernel: Block layer SCSI generic (bsg) driver version 0.4 loaded (major 246) >Nov 29 05:52:18 localhost kernel: io scheduler mq-deadline registered >Nov 29 05:52:18 localhost kernel: io scheduler kyber registered >Nov 29 05:52:18 localhost kernel: io scheduler bfq registered >Nov 29 05:52:18 localhost kernel: atomic64_test: passed >Nov 29 05:52:18 localhost kernel: pl061_gpio ARMH0061:00: PL061 GPIO chip registered >Nov 29 05:52:18 localhost kernel: input: Power Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input0 >Nov 29 05:52:18 localhost kernel: ACPI: button: Power Button [PWRB] >Nov 29 05:52:18 localhost kernel: Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled >Nov 29 05:52:18 localhost kernel: ACPI: \_SB_.PCI0.GSI2: Enabled at IRQ 37 >Nov 29 05:52:18 localhost kernel: serial 0000:00:01.0: enabling device (0010 -> 0012) >Nov 29 05:52:18 localhost kernel: printk: console [ttyS0] disabled >Nov 29 05:52:18 localhost kernel: 0000:00:01.0: ttyS0 at MMIO 0x80008000 (irq = 14, base_baud = 115200) is a 16550A >Nov 29 05:52:18 localhost kernel: printk: console [ttyS0] enabled >Nov 29 05:52:18 localhost kernel: rdac: device handler registered >Nov 29 05:52:18 localhost kernel: hp_sw: device handler registered >Nov 29 05:52:18 localhost kernel: emc: device handler registered >Nov 29 05:52:18 localhost kernel: alua: device handler registered >Nov 29 05:52:18 localhost kernel: libphy: Fixed MDIO Bus: probed >Nov 29 05:52:18 localhost kernel: ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver >Nov 29 05:52:18 localhost kernel: ehci-pci: EHCI PCI platform driver >Nov 29 05:52:18 localhost kernel: ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver >Nov 29 05:52:18 localhost kernel: ohci-pci: OHCI PCI platform driver >Nov 29 05:52:18 localhost kernel: uhci_hcd: USB Universal Host Controller Interface driver >Nov 29 05:52:18 localhost kernel: usbcore: registered new interface driver usbserial_generic >Nov 29 05:52:18 localhost kernel: usbserial: USB Serial support registered for generic >Nov 29 05:52:18 localhost kernel: mousedev: PS/2 mouse device common for all mice >Nov 29 05:52:18 localhost kernel: rtc-efi rtc-efi.0: registered as rtc0 >Nov 29 05:52:18 localhost kernel: rtc-efi rtc-efi.0: setting system clock to 2021-11-29T05:52:18 UTC (1638165138) >Nov 29 05:52:18 localhost kernel: hid: raw HID events driver (C) Jiri Kosina >Nov 29 05:52:18 localhost kernel: usbcore: registered new interface driver usbhid >Nov 29 05:52:18 localhost kernel: usbhid: USB HID core driver >Nov 29 05:52:18 localhost kernel: drop_monitor: Initializing network drop monitor service >Nov 29 05:52:18 localhost kernel: Initializing XFRM netlink socket >Nov 29 05:52:18 localhost kernel: NET: Registered PF_INET6 protocol family >Nov 29 05:52:18 localhost kernel: Segment Routing with IPv6 >Nov 29 05:52:18 localhost kernel: NET: Registered PF_PACKET protocol family >Nov 29 05:52:18 localhost kernel: mpls_gso: MPLS GSO support >Nov 29 05:52:18 localhost kernel: registered taskstats version 1 >Nov 29 05:52:18 localhost kernel: Loading compiled-in X.509 certificates >Nov 29 05:52:18 localhost kernel: Loaded X.509 cert 'Red Hat Enterprise Linux kernel signing key: b557252eaefe162214b257935436ae4a50becb22' >Nov 29 05:52:18 localhost kernel: Loaded X.509 cert 'Red Hat Enterprise Linux Driver Update Program (key 3): bf57f3e87362bc7229d9f465321773dfd1f77a80' >Nov 29 05:52:18 localhost kernel: Loaded X.509 cert 'Red Hat Enterprise Linux kpatch signing key: 4d38fd864ebe18c5f0b72e3852e2014c3a676fc8' >Nov 29 05:52:18 localhost kernel: zswap: loaded using pool lzo/zbud >Nov 29 05:52:18 localhost kernel: page_owner is disabled >Nov 29 05:52:18 localhost kernel: Key type big_key registered >Nov 29 05:52:18 localhost kernel: Key type encrypted registered >Nov 29 05:52:18 localhost kernel: integrity: Loading X.509 certificate: UEFI:MokListRT >Nov 29 05:52:18 localhost kernel: integrity: Loaded X.509 cert 'Red Hat Secure Boot (CA key 1): 4016841644ce3a810408050766e8f8a29c65f85c' >Nov 29 05:52:18 localhost kernel: ima: secureboot mode disabled >Nov 29 05:52:18 localhost kernel: ima: No TPM chip found, activating TPM-bypass! >Nov 29 05:52:18 localhost kernel: Loading compiled-in module X.509 certificates >Nov 29 05:52:18 localhost kernel: Loaded X.509 cert 'Red Hat Enterprise Linux kernel signing key: b557252eaefe162214b257935436ae4a50becb22' >Nov 29 05:52:18 localhost kernel: ima: Allocated hash algorithm: sha256 >Nov 29 05:52:18 localhost kernel: ima: No architecture policies found >Nov 29 05:52:18 localhost kernel: evm: Initialising EVM extended attributes: >Nov 29 05:52:18 localhost kernel: evm: security.selinux >Nov 29 05:52:18 localhost kernel: evm: security.SMACK64 (disabled) >Nov 29 05:52:18 localhost kernel: evm: security.SMACK64EXEC (disabled) >Nov 29 05:52:18 localhost kernel: evm: security.SMACK64TRANSMUTE (disabled) >Nov 29 05:52:18 localhost kernel: evm: security.SMACK64MMAP (disabled) >Nov 29 05:52:18 localhost kernel: evm: security.apparmor (disabled) >Nov 29 05:52:18 localhost kernel: evm: security.ima >Nov 29 05:52:18 localhost kernel: evm: security.capability >Nov 29 05:52:18 localhost kernel: evm: HMAC attrs: 0x1 >Nov 29 05:52:18 localhost kernel: Freeing unused kernel memory: 4480K >Nov 29 05:52:18 localhost kernel: Checked W+X mappings: passed, no W+X pages found >Nov 29 05:52:18 localhost kernel: Run /init as init process >Nov 29 05:52:18 localhost kernel: with arguments: >Nov 29 05:52:18 localhost kernel: /init >Nov 29 05:52:18 localhost kernel: with environment: >Nov 29 05:52:18 localhost kernel: HOME=/ >Nov 29 05:52:18 localhost kernel: TERM=linux >Nov 29 05:52:18 localhost kernel: BOOT_IMAGE=(hd0,gpt2)/vmlinuz-5.14.0-1.7.1.el9.aarch64 >Nov 29 05:52:18 localhost systemd[1]: systemd 249-7.el9_b running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS -FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified) >Nov 29 05:52:18 localhost systemd[1]: Detected virtualization amazon. >Nov 29 05:52:18 localhost systemd[1]: Detected architecture arm64. >Nov 29 05:52:18 localhost systemd[1]: Running in initial RAM disk. >Nov 29 05:52:18 localhost systemd[1]: No hostname configured, using default hostname. >Nov 29 05:52:18 localhost systemd[1]: Hostname set to <localhost>. >Nov 29 05:52:18 localhost systemd[1]: Initializing machine ID from VM UUID. >Nov 29 05:52:18 localhost systemd[1]: Queued start job for default target Initrd Default Target. >Nov 29 05:52:18 localhost kernel: random: systemd: uninitialized urandom read (16 bytes read) >Nov 29 05:52:18 localhost systemd[1]: Started Dispatch Password Requests to Console Directory Watch. >Nov 29 05:52:18 localhost kernel: random: systemd: uninitialized urandom read (16 bytes read) >Nov 29 05:52:18 localhost systemd[1]: Reached target Local Encrypted Volumes. >Nov 29 05:52:18 localhost kernel: random: systemd: uninitialized urandom read (16 bytes read) >Nov 29 05:52:18 localhost systemd[1]: Reached target Initrd /usr File System. >Nov 29 05:52:18 localhost systemd[1]: Reached target Local File Systems. >Nov 29 05:52:18 localhost systemd[1]: Reached target Path Units. >Nov 29 05:52:18 localhost systemd[1]: Reached target Slice Units. >Nov 29 05:52:18 localhost systemd[1]: Reached target Swaps. >Nov 29 05:52:18 localhost systemd[1]: Reached target Timer Units. >Nov 29 05:52:18 localhost systemd[1]: Listening on D-Bus System Message Bus Socket. >Nov 29 05:52:18 localhost systemd[1]: Listening on Journal Audit Socket. >Nov 29 05:52:18 localhost systemd[1]: Listening on Journal Socket (/dev/log). >Nov 29 05:52:18 localhost systemd[1]: Listening on Journal Socket. >Nov 29 05:52:18 localhost systemd[1]: Listening on udev Control Socket. >Nov 29 05:52:18 localhost systemd[1]: Listening on udev Kernel Socket. >Nov 29 05:52:18 localhost systemd[1]: Reached target Socket Units. >Nov 29 05:52:18 localhost systemd[1]: Starting Create List of Static Device Nodes... >Nov 29 05:52:18 localhost systemd[1]: Condition check resulted in Memstrack Anylazing Service being skipped. >Nov 29 05:52:18 localhost systemd[1]: Starting Journal Service... >Nov 29 05:52:18 localhost systemd[1]: Condition check resulted in Load Kernel Modules being skipped. >Nov 29 05:52:18 localhost systemd[1]: Starting Apply Kernel Variables... >Nov 29 05:52:18 localhost systemd[1]: Condition check resulted in Create System Users being skipped. >Nov 29 05:52:18 localhost systemd[1]: Starting Setup Virtual Console... >Nov 29 05:52:18 localhost systemd[1]: Finished Create List of Static Device Nodes. >Nov 29 05:52:18 localhost kernel: audit: type=1130 audit(1638165138.809:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=kmod-static-nodes comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost systemd[1]: Starting Create Static Device Nodes in /dev... >Nov 29 05:52:18 localhost systemd-journald[290]: Journal started >Nov 29 05:52:18 localhost systemd-journald[290]: Runtime Journal (/run/log/journal/ec292e777b1ca70078c64ff1aa40c67b) is 8.0M, max 147.5M, 139.5M free. >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=kmod-static-nodes comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-journald comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost systemd[1]: Finished Setup Virtual Console. >Nov 29 05:52:18 localhost systemd[1]: Finished Apply Kernel Variables. >Nov 29 05:52:18 localhost kernel: audit: type=1130 audit(1638165138.829:3): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost systemd[1]: Started Journal Service. >Nov 29 05:52:18 localhost kernel: audit: type=1130 audit(1638165138.829:4): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-journald comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost kernel: audit: type=1130 audit(1638165138.829:5): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost systemd[1]: Finished Create Static Device Nodes in /dev. >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-tmpfiles-setup-dev comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost systemd[1]: Condition check resulted in dracut ask for additional cmdline parameters being skipped. >Nov 29 05:52:18 localhost systemd[1]: Starting dracut cmdline hook... >Nov 29 05:52:18 localhost systemd[1]: Starting Create Volatile Files and Directories... >Nov 29 05:52:18 localhost kernel: audit: type=1130 audit(1638165138.839:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-tmpfiles-setup-dev comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost systemd[1]: Finished Create Volatile Files and Directories. >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-tmpfiles-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost dracut-cmdline[294]: dracut-9.0 (Plow) dracut-055-10.git20210824.el9 >Nov 29 05:52:18 localhost kernel: audit: type=1130 audit(1638165138.849:7): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-tmpfiles-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost dracut-cmdline[294]: Using kernel command line parameters: BOOT_IMAGE=(hd0,gpt2)/vmlinuz-5.14.0-1.7.1.el9.aarch64 root=UUID=80bc63d9-e4f4-4924-a5e1-b4247518c994 console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0 crashkernel=2G-:448M >Nov 29 05:52:18 localhost systemd[1]: Finished dracut cmdline hook. >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-cmdline comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost systemd[1]: Starting dracut pre-udev hook... >Nov 29 05:52:18 localhost kernel: audit: type=1130 audit(1638165138.929:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-cmdline comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost kernel: device-mapper: uevent: version 1.0.3 >Nov 29 05:52:18 localhost kernel: device-mapper: ioctl: 4.45.0-ioctl (2021-03-22) initialised: dm-devel@redhat.com >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-udev comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost audit: BPF prog-id=6 op=LOAD >Nov 29 05:52:18 localhost audit: BPF prog-id=7 op=LOAD >Nov 29 05:52:18 localhost audit: BPF prog-id=8 op=LOAD >Nov 29 05:52:18 localhost systemd[1]: Finished dracut pre-udev hook. >Nov 29 05:52:18 localhost systemd[1]: Starting Rule-based Manager for Device Events and Files... >Nov 29 05:52:18 localhost kernel: audit: type=1130 audit(1638165138.979:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-udev comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:18 localhost kernel: audit: type=1334 audit(1638165138.979:10): prog-id=6 op=LOAD >Nov 29 05:52:18 localhost systemd-udevd[408]: Network interface NamePolicy= disabled on kernel command line, ignoring. >Nov 29 05:52:18 localhost systemd-udevd[408]: /usr/lib/udev/rules.d/50-udev-default.rules:42 Unknown group 'sgx', ignoring >Nov 29 05:52:18 localhost systemd[1]: Started Rule-based Manager for Device Events and Files. >Nov 29 05:52:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-udevd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:19 localhost systemd[1]: Starting dracut pre-trigger hook... >Nov 29 05:52:19 localhost dracut-pre-trigger[414]: rd.md=0: removing MD RAID activation >Nov 29 05:52:19 localhost systemd[1]: Finished dracut pre-trigger hook. >Nov 29 05:52:19 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-trigger comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:19 localhost systemd[1]: Starting Coldplug All udev Devices... >Nov 29 05:52:19 localhost systemd-udevd[408]: Network interface NamePolicy= disabled on kernel command line, ignoring. >Nov 29 05:52:19 localhost systemd-udevd[408]: /usr/lib/udev/rules.d/50-udev-default.rules:42 Unknown group 'sgx', ignoring >Nov 29 05:52:19 localhost systemd[1]: Finished Coldplug All udev Devices. >Nov 29 05:52:19 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-udev-trigger comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:19 localhost systemd[1]: Reached target System Initialization. >Nov 29 05:52:19 localhost systemd[1]: Reached target Basic System. >Nov 29 05:52:19 localhost systemd[1]: Condition check resulted in nm-initrd.service being skipped. >Nov 29 05:52:19 localhost systemd[1]: Condition check resulted in nm-wait-online-initrd.service being skipped. >Nov 29 05:52:19 localhost systemd[1]: Starting dracut initqueue hook... >Nov 29 05:52:19 localhost kernel: ACPI: \_SB_.PCI0.GSI0: Enabled at IRQ 35 >Nov 29 05:52:19 localhost kernel: nvme nvme0: pci function 0000:00:04.0 >Nov 29 05:52:19 localhost kernel: ACPI: \_SB_.PCI0.GSI1: Enabled at IRQ 36 >Nov 29 05:52:19 localhost kernel: ena 0000:00:05.0: enabling device (0010 -> 0012) >Nov 29 05:52:19 localhost kernel: nvme nvme0: 2/0/0 default/read/poll queues >Nov 29 05:52:19 localhost kernel: ena 0000:00:05.0: ENA device version: 0.10 >Nov 29 05:52:19 localhost kernel: ena 0000:00:05.0: ENA controller version: 0.0.1 implementation version 1 >Nov 29 05:52:19 localhost kernel: ena 0000:00:05.0: LLQ is not supported Fallback to host mode policy. >Nov 29 05:52:19 localhost systemd-udevd[447]: Using default interface naming scheme 'v249'. >Nov 29 05:52:19 localhost kernel: nvme0n1: p1 p2 p3 >Nov 29 05:52:19 localhost kernel: ena 0000:00:05.0: Elastic Network Adapter (ENA) found at mem 80004000, mac addr 0a:c3:ff:88:3d:a9 >Nov 29 05:52:19 localhost systemd[1]: Found device Amazon Elastic Block Store root. >Nov 29 05:52:19 localhost systemd[1]: Reached target Initrd Root Device. >Nov 29 05:52:19 localhost systemd[1]: Finished dracut initqueue hook. >Nov 29 05:52:19 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-initqueue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:19 localhost systemd[1]: Reached target Preparation for Remote File Systems. >Nov 29 05:52:19 localhost systemd[1]: Reached target Remote Encrypted Volumes. >Nov 29 05:52:19 localhost systemd[1]: Reached target Remote File Systems. >Nov 29 05:52:19 localhost systemd[1]: Starting dracut pre-mount hook... >Nov 29 05:52:19 localhost systemd[1]: Finished dracut pre-mount hook. >Nov 29 05:52:19 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-mount comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:19 localhost systemd[1]: Starting File System Check on /dev/disk/by-uuid/80bc63d9-e4f4-4924-a5e1-b4247518c994... >Nov 29 05:52:19 localhost systemd-fsck[507]: /usr/sbin/fsck.xfs: XFS file system. >Nov 29 05:52:19 localhost systemd[1]: Finished File System Check on /dev/disk/by-uuid/80bc63d9-e4f4-4924-a5e1-b4247518c994. >Nov 29 05:52:19 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-fsck-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:19 localhost systemd[1]: Mounting /sysroot... >Nov 29 05:52:19 localhost kernel: SGI XFS with ACLs, security attributes, scrub, quota, no debug enabled >Nov 29 05:52:20 localhost kernel: XFS (nvme0n1p3): Mounting V5 Filesystem >Nov 29 05:52:20 localhost kernel: XFS (nvme0n1p3): Ending clean mount >Nov 29 05:52:20 localhost systemd[1]: Mounted /sysroot. >Nov 29 05:52:20 localhost systemd[1]: Reached target Initrd Root File System. >Nov 29 05:52:20 localhost systemd[1]: Starting Reload Configuration from the Real Root... >Nov 29 05:52:20 localhost systemd[1]: Reloading. >Nov 29 05:52:20 localhost audit: BPF prog-id=3 op=UNLOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=6 op=UNLOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=9 op=LOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=10 op=LOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=11 op=LOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=4 op=UNLOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=5 op=UNLOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=12 op=LOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=13 op=LOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=14 op=LOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=7 op=UNLOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=8 op=UNLOAD >Nov 29 05:52:20 localhost systemd[1]: initrd-parse-etc.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Finished Reload Configuration from the Real Root. >Nov 29 05:52:20 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=initrd-parse-etc comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=initrd-parse-etc comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: Reached target Initrd File Systems. >Nov 29 05:52:20 localhost systemd[1]: Reached target Initrd Default Target. >Nov 29 05:52:20 localhost systemd[1]: Starting dracut mount hook... >Nov 29 05:52:20 localhost systemd[1]: Finished dracut mount hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-mount comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost kernel: random: fast init done >Nov 29 05:52:20 localhost systemd[1]: Starting dracut pre-pivot and cleanup hook... >Nov 29 05:52:20 localhost systemd[1]: Finished dracut pre-pivot and cleanup hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-pivot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: Starting Cleaning Up and Shutting Down Daemons... >Nov 29 05:52:20 localhost systemd[1]: Stopped target Remote Encrypted Volumes. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Timer Units. >Nov 29 05:52:20 localhost systemd[1]: dbus.socket: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Closed D-Bus System Message Bus Socket. >Nov 29 05:52:20 localhost systemd[1]: dracut-pre-pivot.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped dracut pre-pivot and cleanup hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-pivot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: Stopped target Initrd Default Target. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Basic System. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Initrd Root Device. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Initrd /usr File System. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Path Units. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Remote File Systems. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Preparation for Remote File Systems. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Slice Units. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Socket Units. >Nov 29 05:52:20 localhost systemd[1]: Stopped target System Initialization. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Local File Systems. >Nov 29 05:52:20 localhost systemd[1]: Stopped target Swaps. >Nov 29 05:52:20 localhost systemd[1]: dracut-mount.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped dracut mount hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-mount comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: dracut-pre-mount.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped dracut pre-mount hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-mount comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: Stopped target Local Encrypted Volumes. >Nov 29 05:52:20 localhost systemd[1]: systemd-ask-password-console.path: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped Dispatch Password Requests to Console Directory Watch. >Nov 29 05:52:20 localhost systemd[1]: dracut-initqueue.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped dracut initqueue hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-initqueue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: systemd-sysctl.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped Apply Kernel Variables. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: systemd-tmpfiles-setup.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped Create Volatile Files and Directories. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-tmpfiles-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: systemd-udev-trigger.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped Coldplug All udev Devices. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-udev-trigger comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: dracut-pre-trigger.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped dracut pre-trigger hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-trigger comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: Stopping Rule-based Manager for Device Events and Files... >Nov 29 05:52:20 localhost systemd[1]: systemd-vconsole-setup.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped Setup Virtual Console. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: initrd-cleanup.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Finished Cleaning Up and Shutting Down Daemons. >Nov 29 05:52:20 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=initrd-cleanup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=initrd-cleanup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: systemd-udevd.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped Rule-based Manager for Device Events and Files. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-udevd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: systemd-udevd-control.socket: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Closed udev Control Socket. >Nov 29 05:52:20 localhost systemd[1]: systemd-udevd-kernel.socket: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Closed udev Kernel Socket. >Nov 29 05:52:20 localhost systemd[1]: dracut-pre-udev.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped dracut pre-udev hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-pre-udev comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: dracut-cmdline.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped dracut cmdline hook. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dracut-cmdline comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: Starting Cleanup udev Database... >Nov 29 05:52:20 localhost systemd[1]: systemd-tmpfiles-setup-dev.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped Create Static Device Nodes in /dev. >Nov 29 05:52:20 localhost systemd[1]: kmod-static-nodes.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Stopped Create List of Static Device Nodes. >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=systemd-tmpfiles-setup-dev comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=kmod-static-nodes comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: initrd-udevadm-cleanup-db.service: Deactivated successfully. >Nov 29 05:52:20 localhost systemd[1]: Finished Cleanup udev Database. >Nov 29 05:52:20 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=initrd-udevadm-cleanup-db comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=initrd-udevadm-cleanup-db comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:20 localhost systemd[1]: Reached target Switch Root. >Nov 29 05:52:20 localhost systemd[1]: Starting Switch Root... >Nov 29 05:52:20 localhost systemd[1]: Switching root. >Nov 29 05:52:20 localhost audit: BPF prog-id=9 op=UNLOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=12 op=UNLOAD >Nov 29 05:52:20 localhost systemd-journald[290]: Journal stopped >Nov 29 05:52:21 localhost systemd-journald[290]: Received SIGTERM from PID 1 (systemd). >Nov 29 05:52:21 localhost kernel: SELinux: policy capability network_peer_controls=1 >Nov 29 05:52:21 localhost kernel: SELinux: policy capability open_perms=1 >Nov 29 05:52:21 localhost kernel: SELinux: policy capability extended_socket_class=1 >Nov 29 05:52:21 localhost kernel: SELinux: policy capability always_check_network=0 >Nov 29 05:52:21 localhost kernel: SELinux: policy capability cgroup_seclabel=1 >Nov 29 05:52:21 localhost kernel: SELinux: policy capability nnp_nosuid_transition=1 >Nov 29 05:52:21 localhost kernel: SELinux: policy capability genfs_seclabel_symlinks=0 >Nov 29 05:52:21 localhost systemd[1]: Successfully loaded SELinux policy in 192.649ms. >Nov 29 05:52:21 localhost systemd[1]: Relabelled /dev, /dev/shm, /run, /sys/fs/cgroup in 23.016ms. >Nov 29 05:52:21 localhost systemd[1]: systemd 249-7.el9_b running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS -FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified) >Nov 29 05:52:21 localhost systemd[1]: Detected virtualization amazon. >Nov 29 05:52:21 localhost systemd[1]: Detected architecture arm64. >Nov 29 05:52:21 localhost systemd[1]: Initializing machine ID from VM UUID. >Nov 29 05:52:21 localhost systemd[1]: Installed transient /etc/machine-id file. >Nov 29 05:52:21 localhost systemd-sysv-generator[604]: SysV service '/etc/rc.d/init.d/choose_repo' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:52:21 localhost systemd-sysv-generator[604]: SysV service '/etc/rc.d/init.d/rh-cloud-firstboot' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:52:21 localhost systemd[1]: initrd-switch-root.service: Deactivated successfully. >Nov 29 05:52:21 localhost systemd[1]: Stopped Switch Root. >Nov 29 05:52:21 localhost systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1. >Nov 29 05:52:21 localhost systemd[1]: Created slice Slice /system/getty. >Nov 29 05:52:21 localhost systemd[1]: Created slice Slice /system/modprobe. >Nov 29 05:52:21 localhost systemd[1]: Created slice Slice /system/serial-getty. >Nov 29 05:52:21 localhost systemd[1]: Created slice Slice /system/sshd-keygen. >Nov 29 05:52:21 localhost systemd[1]: Created slice Slice /system/systemd-fsck. >Nov 29 05:52:21 localhost systemd[1]: Created slice User and Session Slice. >Nov 29 05:52:21 localhost systemd[1]: Started Dispatch Password Requests to Console Directory Watch. >Nov 29 05:52:21 localhost systemd[1]: Started Forward Password Requests to Wall Directory Watch. >Nov 29 05:52:21 localhost systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point. >Nov 29 05:52:21 localhost systemd[1]: Reached target Local Encrypted Volumes. >Nov 29 05:52:21 localhost systemd[1]: Stopped target Switch Root. >Nov 29 05:52:21 localhost systemd[1]: Stopped target Initrd File Systems. >Nov 29 05:52:21 localhost systemd[1]: Stopped target Initrd Root File System. >Nov 29 05:52:21 localhost systemd[1]: Reached target Path Units. >Nov 29 05:52:21 localhost systemd[1]: Reached target Remote File Systems. >Nov 29 05:52:21 localhost systemd[1]: Reached target Slice Units. >Nov 29 05:52:21 localhost systemd[1]: Reached target Swaps. >Nov 29 05:52:21 localhost systemd[1]: Reached target Local Verity Integrity Protected Volumes. >Nov 29 05:52:21 localhost systemd[1]: Listening on Process Core Dump Socket. >Nov 29 05:52:21 localhost systemd[1]: Listening on initctl Compatibility Named Pipe. >Nov 29 05:52:21 localhost systemd[1]: Listening on udev Control Socket. >Nov 29 05:52:21 localhost systemd[1]: Listening on udev Kernel Socket. >Nov 29 05:52:21 localhost systemd[1]: Mounting Huge Pages File System... >Nov 29 05:52:21 localhost systemd[1]: Mounting POSIX Message Queue File System... >Nov 29 05:52:21 localhost systemd[1]: Mounting Kernel Debug File System... >Nov 29 05:52:21 localhost systemd[1]: Mounting Kernel Trace File System... >Nov 29 05:52:21 localhost systemd[1]: Starting Create List of Static Device Nodes... >Nov 29 05:52:21 localhost systemd[1]: Starting Load Kernel Module configfs... >Nov 29 05:52:21 localhost systemd[1]: Starting Load Kernel Module drm... >Nov 29 05:52:21 localhost systemd[1]: Starting Load Kernel Module fuse... >Nov 29 05:52:21 localhost systemd[1]: Starting Read and set NIS domainname from /etc/sysconfig/network... >Nov 29 05:52:21 localhost systemd[1]: Condition check resulted in Set Up Additional Binary Formats being skipped. >Nov 29 05:52:21 localhost systemd[1]: systemd-fsck-root.service: Deactivated successfully. >Nov 29 05:52:21 localhost systemd[1]: Stopped File System Check on Root Device. >Nov 29 05:52:21 localhost systemd[1]: Stopped Journal Service. >Nov 29 05:52:21 localhost systemd[1]: Starting Journal Service... >Nov 29 05:52:21 localhost systemd[1]: Condition check resulted in Load Kernel Modules being skipped. >Nov 29 05:52:21 localhost systemd[1]: Starting Remount Root and Kernel File Systems... >Nov 29 05:52:21 localhost systemd[1]: Condition check resulted in Repartition Root Disk being skipped. >Nov 29 05:52:21 localhost systemd[1]: Starting Apply Kernel Variables... >Nov 29 05:52:21 localhost systemd[1]: Starting Coldplug All udev Devices... >Nov 29 05:52:21 localhost systemd[1]: Mounted Huge Pages File System. >Nov 29 05:52:21 localhost systemd[1]: Mounted POSIX Message Queue File System. >Nov 29 05:52:21 localhost systemd[1]: Mounted Kernel Debug File System. >Nov 29 05:52:21 localhost systemd[1]: Mounted Kernel Trace File System. >Nov 29 05:52:21 localhost systemd[1]: Finished Create List of Static Device Nodes. >Nov 29 05:52:21 localhost systemd[1]: modprobe@configfs.service: Deactivated successfully. >Nov 29 05:52:21 localhost systemd[1]: Finished Load Kernel Module configfs. >Nov 29 05:52:21 localhost systemd[1]: Finished Read and set NIS domainname from /etc/sysconfig/network. >Nov 29 05:52:21 localhost systemd-journald[631]: Journal started >Nov 29 05:52:21 localhost systemd-journald[631]: Runtime Journal (/run/log/journal/ec292e777b1ca70078c64ff1aa40c67b) is 8.0M, max 147.5M, 139.5M free. >Nov 29 05:52:20 localhost audit: MAC_STATUS enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 >Nov 29 05:52:20 localhost audit: MAC_POLICY_LOAD auid=4294967295 ses=4294967295 lsm=selinux res=1 >Nov 29 05:52:20 localhost audit: BPF prog-id=15 op=LOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=15 op=UNLOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=16 op=LOAD >Nov 29 05:52:20 localhost audit: BPF prog-id=16 op=UNLOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=17 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=18 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=19 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=10 op=UNLOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=11 op=UNLOAD >Nov 29 05:52:21 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journald comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=initrd-switch-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=initrd-switch-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit: BPF prog-id=17 op=UNLOAD >Nov 29 05:52:21 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-fsck-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journald comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost kernel: xfs filesystem being remounted at / supports timestamps until 2038 (0x7fffffff) >Nov 29 05:52:21 localhost systemd[1]: Started Journal Service. >Nov 29 05:52:21 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journald comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit: BPF prog-id=20 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=21 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=22 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=18 op=UNLOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=19 op=UNLOAD >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kmod-static-nodes comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=modprobe@configfs comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=modprobe@configfs comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nis-domainname comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Queued start job for default target Multi-User System. >Nov 29 05:52:21 localhost systemd[1]: systemd-journald.service: Deactivated successfully. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journald comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Remount Root and Kernel File Systems. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-remount-fs comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Mounting Kernel Configuration File System... >Nov 29 05:52:21 localhost systemd[1]: Condition check resulted in First Boot Wizard being skipped. >Nov 29 05:52:21 localhost systemd[1]: Starting Rebuild Hardware Database... >Nov 29 05:52:21 localhost systemd[1]: Starting Flush Journal to Persistent Storage... >Nov 29 05:52:21 localhost systemd[1]: Starting Load/Save Random Seed... >Nov 29 05:52:21 localhost systemd[1]: Starting Create System Users... >Nov 29 05:52:21 localhost systemd[1]: Mounted Kernel Configuration File System. >Nov 29 05:52:21 localhost systemd-random-seed[639]: Kernel entropy pool is not initialized yet, waiting until it is. >Nov 29 05:52:21 localhost systemd-journald[631]: Runtime Journal (/run/log/journal/ec292e777b1ca70078c64ff1aa40c67b) is 8.0M, max 147.5M, 139.5M free. >Nov 29 05:52:21 localhost systemd[1]: Finished Flush Journal to Persistent Storage. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-flush comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Apply Kernel Variables. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd-sysusers[640]: Creating group sgx with gid 991. >Nov 29 05:52:21 localhost systemd-sysusers[640]: Creating group systemd-oom with gid 990. >Nov 29 05:52:21 localhost systemd-sysusers[640]: Creating user systemd-oom (systemd Userspace OOM Killer) with uid 990 and gid 990. >Nov 29 05:52:21 localhost systemd-sysusers[640]: Creating group systemd-resolve with gid 989. >Nov 29 05:52:21 localhost systemd-sysusers[640]: Creating user systemd-resolve (systemd Resolver) with uid 989 and gid 989. >Nov 29 05:52:21 localhost kernel: fuse: init (API version 7.34) >Nov 29 05:52:21 localhost systemd[1]: modprobe@fuse.service: Deactivated successfully. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=modprobe@fuse comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=modprobe@fuse comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Load Kernel Module fuse. >Nov 29 05:52:21 localhost systemd[1]: Mounting FUSE Control File System... >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=modprobe@drm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=modprobe@drm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: modprobe@drm.service: Deactivated successfully. >Nov 29 05:52:21 localhost systemd[1]: Finished Load Kernel Module drm. >Nov 29 05:52:21 localhost systemd[1]: Mounted FUSE Control File System. >Nov 29 05:52:21 localhost systemd[1]: Finished Create System Users. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-sysusers comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Starting Create Static Device Nodes in /dev... >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-setup-dev comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Create Static Device Nodes in /dev. >Nov 29 05:52:21 localhost systemd[1]: Reached target Preparation for Local File Systems. >Nov 29 05:52:21 localhost systemd[1]: Mounting /boot... >Nov 29 05:52:21 localhost systemd[1]: Starting File System Check on /dev/disk/by-uuid/7B77-95E7... >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-udev-trigger comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Coldplug All udev Devices. >Nov 29 05:52:21 localhost kernel: XFS (nvme0n1p2): Mounting V5 Filesystem >Nov 29 05:52:21 localhost systemd[1]: Mounted /boot. >Nov 29 05:52:21 localhost kernel: XFS (nvme0n1p2): Ending clean mount >Nov 29 05:52:21 localhost kernel: xfs filesystem being mounted at /boot supports timestamps until 2038 (0x7fffffff) >Nov 29 05:52:21 localhost systemd-fsck[655]: fsck.fat 4.2 (2021-01-31) >Nov 29 05:52:21 localhost systemd-fsck[655]: /dev/nvme0n1p1: 12 files, 1789/51145 clusters >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-fsck@dev-disk-by\x2duuid-7B77\x2d95E7 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished File System Check on /dev/disk/by-uuid/7B77-95E7. >Nov 29 05:52:21 localhost systemd[1]: Mounting /boot/efi... >Nov 29 05:52:21 localhost systemd[1]: Mounted /boot/efi. >Nov 29 05:52:21 localhost systemd[1]: Reached target Local File Systems. >Nov 29 05:52:21 localhost systemd[1]: Starting Restore /run/initramfs on shutdown... >Nov 29 05:52:21 localhost systemd[1]: Starting Rebuild Dynamic Linker Cache... >Nov 29 05:52:21 localhost systemd[1]: Condition check resulted in Mark the need to relabel after reboot being skipped. >Nov 29 05:52:21 localhost systemd[1]: Starting Create Volatile Files and Directories... >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Restore /run/initramfs on shutdown. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Create Volatile Files and Directories. >Nov 29 05:52:21 localhost systemd[1]: Starting Security Auditing Service... >Nov 29 05:52:21 localhost systemd[1]: Starting Rebuild Journal Catalog... >Nov 29 05:52:21 localhost auditd[663]: No plugins found, not dispatching events >Nov 29 05:52:21 localhost audit: CONFIG_CHANGE op=set audit_enabled=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 >Nov 29 05:52:21 localhost audit[663]: SYSCALL arch=c00000b7 syscall=206 success=yes exit=60 a0=3 a1=ffffe3f2cf60 a2=3c a3=0 items=0 ppid=661 pid=663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=system_u:system_r:auditd_t:s0 key=(null) >Nov 29 05:52:21 localhost audit: PROCTITLE proctitle="/sbin/auditd" >Nov 29 05:52:21 localhost audit: CONFIG_CHANGE op=set audit_pid=663 old=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 >Nov 29 05:52:21 localhost audit[663]: SYSCALL arch=c00000b7 syscall=206 success=yes exit=60 a0=3 a1=ffffe3f2ac10 a2=3c a3=0 items=0 ppid=661 pid=663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=system_u:system_r:auditd_t:s0 key=(null) >Nov 29 05:52:21 localhost audit: PROCTITLE proctitle="/sbin/auditd" >Nov 29 05:52:21 localhost auditd[663]: Init complete, auditd 3.0.5 listening for events (startup state enable) >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Rebuild Journal Catalog. >Nov 29 05:52:21 localhost audit: CONFIG_CHANGE op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1 >Nov 29 05:52:21 localhost audit[679]: SYSCALL arch=c00000b7 syscall=206 success=yes exit=60 a0=3 a1=ffffda30af90 a2=3c a3=0 items=0 ppid=666 pid=679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null) >Nov 29 05:52:21 localhost audit: PROCTITLE proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 >Nov 29 05:52:21 localhost audit: CONFIG_CHANGE op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1 >Nov 29 05:52:21 localhost audit[679]: SYSCALL arch=c00000b7 syscall=206 success=yes exit=60 a0=3 a1=ffffda30af90 a2=3c a3=0 items=0 ppid=666 pid=679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null) >Nov 29 05:52:21 localhost audit: PROCTITLE proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 >Nov 29 05:52:21 localhost audit: CONFIG_CHANGE op=set audit_backlog_wait_time=60000 old=6000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1 >Nov 29 05:52:21 localhost audit[679]: SYSCALL arch=c00000b7 syscall=206 success=yes exit=60 a0=3 a1=ffffda30af90 a2=3c a3=0 items=0 ppid=666 pid=679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null) >Nov 29 05:52:21 localhost audit: PROCTITLE proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 >Nov 29 05:52:21 localhost augenrules[679]: No rules >Nov 29 05:52:21 localhost augenrules[679]: enabled 1 >Nov 29 05:52:21 localhost augenrules[679]: failure 1 >Nov 29 05:52:21 localhost augenrules[679]: pid 663 >Nov 29 05:52:21 localhost augenrules[679]: rate_limit 0 >Nov 29 05:52:21 localhost augenrules[679]: backlog_limit 8192 >Nov 29 05:52:21 localhost augenrules[679]: lost 0 >Nov 29 05:52:21 localhost augenrules[679]: backlog 0 >Nov 29 05:52:21 localhost augenrules[679]: backlog_wait_time 6000 >Nov 29 05:52:21 localhost augenrules[679]: backlog_wait_time_actual 0 >Nov 29 05:52:21 localhost augenrules[679]: enabled 1 >Nov 29 05:52:21 localhost augenrules[679]: failure 1 >Nov 29 05:52:21 localhost augenrules[679]: pid 663 >Nov 29 05:52:21 localhost augenrules[679]: rate_limit 0 >Nov 29 05:52:21 localhost augenrules[679]: backlog_limit 8192 >Nov 29 05:52:21 localhost augenrules[679]: lost 0 >Nov 29 05:52:21 localhost augenrules[679]: backlog 0 >Nov 29 05:52:21 localhost augenrules[679]: backlog_wait_time 6000 >Nov 29 05:52:21 localhost augenrules[679]: backlog_wait_time_actual 0 >Nov 29 05:52:21 localhost augenrules[679]: enabled 1 >Nov 29 05:52:21 localhost augenrules[679]: failure 1 >Nov 29 05:52:21 localhost augenrules[679]: pid 663 >Nov 29 05:52:21 localhost augenrules[679]: rate_limit 0 >Nov 29 05:52:21 localhost augenrules[679]: backlog_limit 8192 >Nov 29 05:52:21 localhost augenrules[679]: lost 0 >Nov 29 05:52:21 localhost augenrules[679]: backlog 3 >Nov 29 05:52:21 localhost augenrules[679]: backlog_wait_time 60000 >Nov 29 05:52:21 localhost augenrules[679]: backlog_wait_time_actual 0 >Nov 29 05:52:21 localhost systemd[1]: Started Security Auditing Service. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Starting Record System Boot/Shutdown in UTMP... >Nov 29 05:52:21 localhost audit[686]: SYSTEM_BOOT pid=686 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Record System Boot/Shutdown in UTMP. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Rebuild Dynamic Linker Cache. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ldconfig comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Rebuild Hardware Database. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost audit: BPF prog-id=23 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=24 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=25 op=LOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=13 op=UNLOAD >Nov 29 05:52:21 localhost audit: BPF prog-id=14 op=UNLOAD >Nov 29 05:52:21 localhost systemd[1]: Starting Rule-based Manager for Device Events and Files... >Nov 29 05:52:21 localhost systemd[1]: Starting Update is Completed... >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Finished Update is Completed. >Nov 29 05:52:21 localhost systemd-udevd[687]: Network interface NamePolicy= disabled on kernel command line, ignoring. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-udevd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:21 localhost systemd[1]: Started Rule-based Manager for Device Events and Files. >Nov 29 05:52:21 localhost systemd[1]: Reached target System Initialization. >Nov 29 05:52:21 localhost systemd[1]: Started dnf makecache --timer. >Nov 29 05:52:21 localhost systemd[1]: Started Daily rotation of log files. >Nov 29 05:52:21 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:22 localhost audit: BPF prog-id=26 op=LOAD >Nov 29 05:52:22 localhost audit: BPF prog-id=27 op=LOAD >Nov 29 05:52:22 localhost audit: BPF prog-id=28 op=LOAD >Nov 29 05:52:21 localhost systemd[1]: Started Periodically run nm-cloud-setup. >Nov 29 05:52:21 localhost systemd[1]: Started Daily Cleanup of Temporary Directories. >Nov 29 05:52:21 localhost systemd[1]: Started daily update of the root trust anchor for DNSSEC. >Nov 29 05:52:21 localhost systemd[1]: Reached target Timer Units. >Nov 29 05:52:21 localhost systemd[1]: Listening on D-Bus System Message Bus Socket. >Nov 29 05:52:22 localhost rh-cloud-firstboot[703]: /etc/rc.d/init.d/rh-cloud-firstboot: line 28: /etc/init.d/functions: No such file or directory >Nov 29 05:52:21 localhost systemd[1]: Listening on SSSD Kerberos Cache Manager responder socket. >Nov 29 05:52:21 localhost systemd[1]: Reached target Socket Units. >Nov 29 05:52:21 localhost systemd[1]: Reached target Basic System. >Nov 29 05:52:21 localhost systemd[1]: Starting NTP client/server... >Nov 29 05:52:21 localhost systemd[1]: Starting Initial cloud-init job (pre-networking)... >Nov 29 05:52:21 localhost systemd[1]: Started irqbalance daemon. >Nov 29 05:52:21 localhost systemd[1]: Condition check resulted in Software RAID monitoring and management being skipped. >Nov 29 05:52:22 localhost systemd[1]: Starting SYSV: Firstboot runs the first time a cloud instance is booted after installation. It checks for the existance of an /etc/sysconfig/rh-cloud-firstboot file. If the file exists and contains RUN_FIRSTBOOT=NO, firstboot will not run. Otherwise rh-cloud-firstboot will be run.... >Nov 29 05:52:22 localhost systemd[1]: Starting System Logging Service... >Nov 29 05:52:22 localhost systemd[1]: Starting OpenSSH ecdsa Server Key Generation... >Nov 29 05:52:22 localhost systemd[1]: Starting OpenSSH ed25519 Server Key Generation... >Nov 29 05:52:22 localhost systemd[1]: Starting OpenSSH rsa Server Key Generation... >Nov 29 05:52:22 localhost systemd[1]: Condition check resulted in System Security Services Daemon being skipped. >Nov 29 05:52:22 localhost systemd[1]: Reached target User and Group Name Lookups. >Nov 29 05:52:22 localhost systemd[1]: Starting User Login Management... >Nov 29 05:52:22 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:22 localhost rsyslogd[704]: [origin software="rsyslogd" swVersion="8.2102.0-9.el9" x-pid="704" x-info="https://www.rsyslog.com"] start >Nov 29 05:52:22 localhost systemd[1]: Started System Logging Service. >Nov 29 05:52:22 localhost rsyslogd[704]: imjournal: No statefile exists, /var/lib/rsyslog/imjournal.state will be created (ignore if this is first run): No such file or directory [v8.2102.0-9.el9 try https://www.rsyslog.com/e/2040 ] >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ arch_timer(10) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ttyS0(14) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(17) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(18) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(19) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(20) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(21) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(22) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(23) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(24) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(25) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(26) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(27) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(28) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(29) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(30) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(31) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(32) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(33) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(34) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(35) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(36) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(37) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(38) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(39) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(40) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(41) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(42) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(43) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(44) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(45) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(46) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(47) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Ged(48) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ arm-pmu(49) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ACPI:Event(50) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ nvme0q0(51) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ nvme0q1(52) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ nvme0q2(53) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: IRQ ena-mgmnt@pci:0000:00:05.0(54) guessed as class 0 >Nov 29 05:52:22 localhost /usr/sbin/irqbalance[702]: libcap-ng used by "/usr/sbin/irqbalance" failed due to not having CAP_SETPCAP in capng_apply >Nov 29 05:52:22 localhost chronyd[732]: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DEBUG) >Nov 29 05:52:22 localhost chronyd[732]: Loaded seccomp filter (level 2) >Nov 29 05:52:22 localhost systemd[1]: Started NTP client/server. >Nov 29 05:52:22 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:22 localhost audit: BPF prog-id=29 op=LOAD >Nov 29 05:52:22 localhost systemd[1]: Starting D-Bus System Message Bus... >Nov 29 05:52:22 localhost systemd-logind[708]: New seat seat0. >Nov 29 05:52:22 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:22 localhost systemd[1]: Started D-Bus System Message Bus. >Nov 29 05:52:22 localhost dbus-broker-lau[735]: Ready >Nov 29 05:52:22 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:22 localhost systemd[1]: Started User Login Management. >Nov 29 05:52:22 localhost rsyslogd[704]: imjournal: journal files changed, reloading... [v8.2102.0-9.el9 try https://www.rsyslog.com/e/0 ] >Nov 29 05:52:22 localhost systemd[1]: Starting Load Kernel Module configfs... >Nov 29 05:52:22 localhost systemd[1]: modprobe@configfs.service: Deactivated successfully. >Nov 29 05:52:22 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=modprobe@configfs comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:22 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=modprobe@configfs comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:22 localhost systemd[1]: Finished Load Kernel Module configfs. >Nov 29 05:52:22 localhost systemd-udevd[698]: Using default interface naming scheme 'v249'. >Nov 29 05:52:22 localhost rh-cloud-firstboot[741]: /etc/rc.d/init.d/rh-cloud-firstboot: line 48: action: command not found >Nov 29 05:52:22 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rh-cloud-firstboot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:22 localhost systemd[1]: Started SYSV: Firstboot runs the first time a cloud instance is booted after installation. It checks for the existance of an /etc/sysconfig/rh-cloud-firstboot file. If the file exists and contains RUN_FIRSTBOOT=NO, firstboot will not run. Otherwise rh-cloud-firstboot will be run.. >Nov 29 05:52:22 localhost systemd-logind[708]: Watching system buttons on /dev/input/event0 (Power Button) >Nov 29 05:52:22 localhost cloud-init[745]: Cloud-init v. 21.1-7.el9 running 'init-local' at Mon, 29 Nov 2021 05:52:22 +0000. Up 5.28 seconds. >Nov 29 05:52:23 localhost dhclient[748]: Internet Systems Consortium DHCP Client 4.4.2b1 >Nov 29 05:52:23 localhost dhclient[748]: Copyright 2004-2019 Internet Systems Consortium. >Nov 29 05:52:23 localhost dhclient[748]: All rights reserved. >Nov 29 05:52:23 localhost dhclient[748]: For info, please visit https://www.isc.org/software/dhcp/ >Nov 29 05:52:23 localhost dhclient[748]: >Nov 29 05:52:23 localhost dhclient[748]: Listening on LPF/eth0/0a:c3:ff:88:3d:a9 >Nov 29 05:52:23 localhost dhclient[748]: Sending on LPF/eth0/0a:c3:ff:88:3d:a9 >Nov 29 05:52:23 localhost dhclient[748]: Sending on Socket/fallback >Nov 29 05:52:23 localhost dhclient[748]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6 (xid=0x3e906676) >Nov 29 05:52:23 localhost dhclient[748]: DHCPOFFER of 10.116.2.58 from 10.116.2.1 >Nov 29 05:52:23 localhost dhclient[748]: DHCPREQUEST for 10.116.2.58 on eth0 to 255.255.255.255 port 67 (xid=0x3e906676) >Nov 29 05:52:23 localhost dhclient[748]: DHCPACK of 10.116.2.58 from 10.116.2.1 (xid=0x3e906676) >Nov 29 05:52:23 localhost dhclient[748]: bound to 10.116.2.58 -- renewal in 1792 seconds. >Nov 29 05:52:23 localhost audit: BPF prog-id=30 op=LOAD >Nov 29 05:52:23 localhost audit: BPF prog-id=31 op=LOAD >Nov 29 05:52:23 localhost systemd[1]: Starting Hostname Service... >Nov 29 05:52:23 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 localhost systemd[1]: Started Hostname Service. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd-hostnamed[772]: Hostname set to <ip-10-116-2-58.us-west-2.compute.internal> (static) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Initial cloud-init job (pre-networking). >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Preparation for Network. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Network Manager... >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.6649] NetworkManager (version 1.32.10-2.el9) is starting... (for the first time) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.6653] Read config: /etc/NetworkManager/NetworkManager.conf >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=32 op=LOAD >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Network Manager. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.6678] bus-manager: acquired D-Bus service "org.freedesktop.NetworkManager" >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Network. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Network Manager Wait Online... >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Automatically configure NetworkManager in cloud... >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Enable periodic update of entitlement certificates.... >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhsmcertd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Enable periodic update of entitlement certificates.. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.6899] manager[0xaaaaf9d97050]: monitoring kernel firmware directory '/lib/firmware'. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.6935] hostname: hostname: using hostnamed >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.6936] hostname: hostname changed from (none) to "ip-10-116-2-58.us-west-2.compute.internal" >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.6940] dns-mgr[0xaaaaf9d79250]: init: dns=default,systemd-resolved rc-manager=symlink (auto) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7214] manager[0xaaaaf9d97050]: rfkill: Wi-Fi hardware radio set enabled >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7214] manager[0xaaaaf9d97050]: rfkill: WWAN hardware radio set enabled >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7341] Loaded device plugin: NMTeamFactory (/usr/lib64/NetworkManager/1.32.10-2.el9/libnm-device-plugin-team.so) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7342] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7344] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7346] manager: Networking is enabled by state file >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7365] dhcp-init: Using DHCP client 'internal' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal kernel: random: crng init done >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal kernel: random: 7 urandom warning(s) missed due to ratelimiting >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Load/Save Random Seed. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in First Boot Complete being skipped. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Network Manager Script Dispatcher Service... >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Commit a transient machine-id on disk... >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7515] settings: Loaded settings plugin: ifcfg-rh ("/usr/lib64/NetworkManager/1.32.10-2.el9/libnm-settings-plugin-ifcfg-rh.so") >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7518] settings: Loaded settings plugin: keyfile (internal) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Network Manager Script Dispatcher Service. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7563] device (lo): carrier: link connected >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7567] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7576] manager: (eth0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7582] device (eth0): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external') >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: etc-machine\x2did.mount: Deactivated successfully. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Commit a transient machine-id on disk. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-machine-id-commit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7711] device (eth0): carrier: link connected >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7814] device (eth0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed') >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7837] policy: auto-activating connection 'System eth0' (5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7847] device (eth0): Activation: starting connection 'System eth0' (5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7850] device (eth0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7862] manager: NetworkManager state is now CONNECTING >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7868] device (eth0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7908] device (eth0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7918] dhcp4 (eth0): activation: beginning transaction (timeout in 45 seconds) >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7942] dhcp4 (eth0): state changed unknown -> bound, address=10.116.2.58 >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.7964] device (eth0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed') >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8032] device (eth0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed') >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8034] device (eth0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed') >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8040] manager: NetworkManager state is now CONNECTED_LOCAL >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8043] manager: NetworkManager state is now CONNECTED_SITE >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8044] policy: set 'System eth0' (eth0) as default for IPv4 routing and DNS >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8069] device (eth0): Activation: successful, device activated. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8087] manager: NetworkManager state is now CONNECTED_GLOBAL >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8096] manager: startup complete >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Network Manager Wait Online. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Initial cloud-init job (metadata service crawler)... >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165143.8361] audit: op="device-reapply" interface="eth0" ifindex=2 args="ipv4.addresses,ipv4.routes,ipv4.routing-rules" pid=781 uid=0 result="success" >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd-keygen@ecdsa.service: Deactivated successfully. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished OpenSSH ecdsa Server Key Generation. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen@ecdsa comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen@ecdsa comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: nm-cloud-setup.service: Deactivated successfully. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Automatically configure NetworkManager in cloud. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nm-cloud-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nm-cloud-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=33 op=LOAD >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Automatically configure NetworkManager in cloud... >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd-keygen@ed25519.service: Deactivated successfully. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished OpenSSH ed25519 Server Key Generation. >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen@ed25519 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen@ed25519 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=32 op=UNLOAD >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nm-cloud-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:23 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nm-cloud-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: nm-cloud-setup.service: Deactivated successfully. >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Automatically configure NetworkManager in cloud. >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=33 op=UNLOAD >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: Cloud-init v. 21.1-7.el9 running 'init' at Mon, 29 Nov 2021 05:52:24 +0000. Up 6.57 seconds. >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: ++++++++++++++++++++++++++++++Net device info+++++++++++++++++++++++++++++++ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +--------+------+-------------+---------------+--------+-------------------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: | Device | Up | Address | Mask | Scope | Hw-Address | >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +--------+------+-------------+---------------+--------+-------------------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: | eth0 | True | 10.116.2.58 | 255.255.255.0 | global | 0a:c3:ff:88:3d:a9 | >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | host | . | >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: | lo | True | ::1/128 | . | host | . | >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +--------+------+-------------+---------------+--------+-------------------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: ++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +-------+-------------+------------+---------------+-----------+-------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: | Route | Destination | Gateway | Genmask | Interface | Flags | >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +-------+-------------+------------+---------------+-----------+-------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: | 0 | 0.0.0.0 | 10.116.2.1 | 0.0.0.0 | eth0 | UG | >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: | 1 | 10.116.2.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U | >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +-------+-------------+------------+---------------+-----------+-------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +++++++++++++++++++Route IPv6 info+++++++++++++++++++ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +-------+-------------+---------+-----------+-------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: | Route | Destination | Gateway | Interface | Flags | >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +-------+-------------+---------+-----------+-------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: ci-info: +-------+-------------+---------+-----------+-------+ >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal useradd[877]: new group: name=ec2-user, GID=1000 >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit[877]: ADD_GROUP pid=877 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-group acct="ec2-user" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal useradd[877]: new user: name=ec2-user, UID=1000, GID=1000, home=/home/ec2-user, shell=/bin/bash, from=none >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit[877]: ADD_USER pid=877 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user acct="ec2-user" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit[877]: USER_MGMT pid=877 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="adm" acct="ec2-user" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit[877]: USER_MGMT pid=877 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="systemd-journal" acct="ec2-user" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal useradd[877]: add 'ec2-user' to group 'adm' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit[877]: USER_MGMT pid=877 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="adm" acct="ec2-user" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal useradd[877]: add 'ec2-user' to group 'systemd-journal' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit[877]: USER_MGMT pid=877 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="systemd-journal" acct="ec2-user" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal useradd[877]: add 'ec2-user' to shadow group 'adm' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal useradd[877]: add 'ec2-user' to shadow group 'systemd-journal' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit[877]: USER_MGMT pid=877 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:24 ip-10-116-2-58.us-west-2.compute.internal audit[884]: ACCT_LOCK pid=884 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:passwd_t:s0 msg='op=locked-password id=1000 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:26 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd-keygen@rsa.service: Deactivated successfully. >Nov 29 05:52:26 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen@rsa comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:26 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen@rsa comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:26 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished OpenSSH rsa Server Key Generation. >Nov 29 05:52:26 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd-keygen@rsa.service: Consumed 2.971s CPU time. >Nov 29 05:52:26 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target sshd-keygen.target. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: 2021-11-29 05:52:28,081 - util.py[WARNING]: Failed generating key type rsa to file /etc/ssh/ssh_host_rsa_key >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: Generating public/private ecdsa key pair. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: The key fingerprint is: >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: SHA256:Yc3x7KLOdbbb88rhHkit25/IaXdxsryS6VXBfuaHyWA root@ip-10-116-2-58.us-west-2.compute.internal >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: The key's randomart image is: >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: +---[ECDSA 256]---+ >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | . | >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | o + . | >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | o o o o | >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | . . . .. .| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | S . E ..+| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | . + =.Bo| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | . . =+Bo=| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | o . o=X*++| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | o .*BXB+| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: +----[SHA256]-----+ >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: Generating public/private ed25519 key pair. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: Your identification has been saved in /etc/ssh/ssh_host_ed25519_key >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: The key fingerprint is: >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: SHA256:WZfUMdxjJqhz+vXF9p0G52S7zne5HGJkWteh0v7Hu5c root@ip-10-116-2-58.us-west-2.compute.internal >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: The key's randomart image is: >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: +--[ED25519 256]--+ >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | oooo | >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | o oo=.| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | o o +..| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | = o. . o| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | S +. * o.| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | . Bo.++| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | ...+B+O| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | .. =EX| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: | oXX| >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[845]: +----[SHA256]-----+ >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Initial cloud-init job (metadata service crawler). >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Cloud-config availability. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Network is Online. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting LSB: Initializes the correct repo depending on the region.... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Apply the settings specified in cloud-config... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in Run Insights Client at boot being skipped. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Crash recovery kernel arming... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting OpenSSH server daemon... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Permit User Sessions... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Permit User Sessions. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Command Scheduler. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Getty on tty1. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Serial Getty on ttyS0. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Login Prompts. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal crond[899]: (CRON) STARTUP (1.5.7) >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal crond[899]: (CRON) INFO (Syslog will be used instead of sendmail.) >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal crond[899]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 73% if used.) >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal crond[899]: (CRON) INFO (running with inotify support) >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal sshd[896]: Server listening on 0.0.0.0 port 22. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal sshd[896]: Server listening on :: port 22. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started OpenSSH server daemon. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal choose_repo[895]: [INFO:choose_repo] choose_repo:32 2021-11-29 05:52:28,259: Enabling binary repos in redhat-rhui-beta.repo >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal choose_repo[895]: [INFO:choose_repo] choose_repo:52 2021-11-29 05:52:28,264: Enabling client config repo >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal choose_repo[895]: [INFO:choose_repo] choose_repo:60 2021-11-29 05:52:28,264: Executing [sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/redhat-rhui-client-config.repo] >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started LSB: Initializes the correct repo depending on the region.. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=choose_repo comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Multi-User System. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Record Runlevel Change in UTMP... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[909]: SYSTEM_RUNLEVEL pid=909 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: systemd-update-utmp-runlevel.service: Deactivated successfully. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Record Runlevel Change in UTMP. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal chronyd[732]: Selected source 169.254.169.123 >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal kdumpctl[902]: kdump: No kdump initial ramdisk found. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal kdumpctl[902]: kdump: Rebuilding /boot/initramfs-5.14.0-1.7.1.el9.aarch64kdump.img >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal cloud-init[1090]: Cloud-init v. 21.1-7.el9 running 'modules:config' at Mon, 29 Nov 2021 05:52:28 +0000. Up 10.95 seconds. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopping OpenSSH server daemon... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal sshd[896]: Received signal 15; terminating. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[896]: CRYPTO_KEY_USER pid=896 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=896 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd.service: Deactivated successfully. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopped OpenSSH server daemon. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopped target sshd-keygen.target. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopping sshd-keygen.target... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in OpenSSH ecdsa Server Key Generation being skipped. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in OpenSSH ed25519 Server Key Generation being skipped. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in OpenSSH rsa Server Key Generation being skipped. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target sshd-keygen.target. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting OpenSSH server daemon... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal sshd[1152]: Server listening on 0.0.0.0 port 22. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal sshd[1152]: Server listening on :: port 22. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started OpenSSH server daemon. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal dracut[1178]: dracut-055-10.git20210824.el9 >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Apply the settings specified in cloud-config. >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Execute cloud user/final scripts... >Nov 29 05:52:28 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Executing: /usr/bin/dracut --add kdumpbase --quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode strict -o "plymouth dash resume ifcfg earlykdump" --mount "/dev/disk/by-uuid/80bc63d9-e4f4-4924-a5e1-b4247518c994 /sysroot xfs rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota" --no-hostonly-default-device -f /boot/initramfs-5.14.0-1.7.1.el9.aarch64kdump.img 5.14.0-1.7.1.el9.aarch64 >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-networkd' will not be installed, because command 'networkctl' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-networkd' will not be installed, because command '/usr/lib/systemd/systemd-networkd' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-networkd' will not be installed, because command '/usr/lib/systemd/systemd-network-generator' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-networkd' will not be installed, because command '/usr/lib/systemd/systemd-networkd-wait-online' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-resolved' will not be installed, because command 'resolvectl' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-resolved' will not be installed, because command '/usr/lib/systemd/systemd-resolved' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-timesyncd' will not be installed, because command '/usr/lib/systemd/systemd-timesyncd' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-timesyncd' will not be installed, because command '/usr/lib/systemd/systemd-time-wait-sync' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'busybox' will not be installed, because command 'busybox' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'dbus-daemon' will not be installed, because command 'dbus-daemon' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'rngd' will not be installed, because command 'rngd' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'network-wicked' will not be installed, because command 'wicked' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'ifcfg' will not be installed, because it's in the list to be omitted! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'plymouth' will not be installed, because it's in the list to be omitted! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: 62bluetooth: Could not find any command of '/usr/lib/bluetooth/bluetoothd /usr/libexec/bluetooth/bluetoothd'! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'lvmmerge' will not be installed, because command 'lvm' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'btrfs' will not be installed, because command 'btrfs' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'dmraid' will not be installed, because command 'dmraid' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'lvm' will not be installed, because command 'lvm' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal cloud-init[1404]: Cloud-init v. 21.1-7.el9 running 'modules:final' at Mon, 29 Nov 2021 05:52:29 +0000. Up 11.50 seconds. >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'tpm2-tss' will not be installed, because command 'tpm2' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal ec2[1438]: >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal ec2[1438]: ############################################################# >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal ec2[1438]: -----BEGIN SSH HOST KEY FINGERPRINTS----- >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal ec2[1438]: 256 SHA256:Yc3x7KLOdbbb88rhHkit25/IaXdxsryS6VXBfuaHyWA root@ip-10-116-2-58.us-west-2.compute.internal (ECDSA) >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal ec2[1438]: 256 SHA256:WZfUMdxjJqhz+vXF9p0G52S7zne5HGJkWteh0v7Hu5c root@ip-10-116-2-58.us-west-2.compute.internal (ED25519) >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal ec2[1438]: 3072 SHA256:02K2q9a9hVcRzCyG0A/8OuhTAsPlK8lBwHA0eE4P6i4 no comment (RSA) >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal ec2[1438]: -----END SSH HOST KEY FINGERPRINTS----- >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal ec2[1438]: ############################################################# >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal cloud-init[1404]: Cloud-init v. 21.1-7.el9 finished at Mon, 29 Nov 2021 05:52:29 +0000. Datasource DataSourceEc2Local. Up 11.64 seconds >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'iscsi' will not be installed, because command 'iscsiadm' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'iscsi' will not be installed, because command 'iscsid' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: 95nfs: Could not find any command of 'rpcbind portmap'! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'nvmf' will not be installed, because command 'nvme' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'resume' will not be installed, because it's in the list to be omitted! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'biosdevname' will not be installed, because command 'biosdevname' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'earlykdump' will not be installed, because it's in the list to be omitted! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reloading Network Manager... >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165149.3768] audit: op="reload" arg="0" pid=1520 uid=0 result="success" >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal NetworkManager[777]: <info> [1638165149.3773] config: signal: SIGHUP (no changes from disk) >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reloaded Network Manager. >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Execute cloud user/final scripts. >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Cloud-init target. >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-resolved' will not be installed, because command 'resolvectl' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-resolved' will not be installed, because command '/usr/lib/systemd/systemd-resolved' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-timesyncd' will not be installed, because command '/usr/lib/systemd/systemd-timesyncd' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'systemd-timesyncd' will not be installed, because command '/usr/lib/systemd/systemd-time-wait-sync' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'busybox' will not be installed, because command 'busybox' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'dbus-daemon' will not be installed, because command 'dbus-daemon' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'rngd' will not be installed, because command 'rngd' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'network-wicked' will not be installed, because command 'wicked' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: 62bluetooth: Could not find any command of '/usr/lib/bluetooth/bluetoothd /usr/libexec/bluetooth/bluetoothd'! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'lvmmerge' will not be installed, because command 'lvm' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'btrfs' will not be installed, because command 'btrfs' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'dmraid' will not be installed, because command 'dmraid' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'lvm' will not be installed, because command 'lvm' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'tpm2-tss' will not be installed, because command 'tpm2' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'iscsi' will not be installed, because command 'iscsiadm' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'iscsi' will not be installed, because command 'iscsid' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: 95nfs: Could not find any command of 'rpcbind portmap'! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: dracut module 'nvmf' will not be installed, because command 'nvme' could not be found! >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: bash *** >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: systemd *** >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: systemd-initrd *** >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: nss-softokn *** >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: i18n *** >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: prefixdevname *** >Nov 29 05:52:29 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: kernel-modules *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: kernel-modules-extra *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: kernel-modules-extra: configuration source "/run/depmod.d" does not exist >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: kernel-modules-extra: configuration source "/etc/depmod.d" is ignored (directory or doesn't exist) >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: kernel-modules-extra: configuration source "/lib/depmod.d" does not exist >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: fstab-sys *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: rootfs-block *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: terminfo *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: udev-rules *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Skipping udev rule: 91-permissions.rules >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Skipping udev rule: 80-drivers-modprobe.rules >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: dracut-systemd *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: usrmount *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: base *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: fs-lib *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: kdumpbase *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: memstrack *** >Nov 29 05:52:30 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: shutdown *** >Nov 29 05:52:31 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including module: squash *** >Nov 29 05:52:31 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Including modules done *** >Nov 29 05:52:31 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Installing kernel module dependencies *** >Nov 29 05:52:31 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Installing kernel module dependencies done *** >Nov 29 05:52:31 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Resolving executable dependencies *** >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Resolving executable dependencies done *** >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Hardlinking files *** >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Mode: real >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Files: 393 >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Linked: 1 files >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Compared: 0 xattrs >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Compared: 20 files >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Saved: 68.38 KiB >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Duration: 0.004538 seconds >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Hardlinking files done *** >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Could not find 'strip'. Not stripping the initramfs. >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Store current command line parameters *** >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: Stored kernel commandline: >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: No dracut internal kernel commandline stored in the initramfs >Nov 29 05:52:32 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Install squash loader *** >Nov 29 05:52:33 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Squashing the files inside the initramfs *** >Nov 29 05:52:34 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully. >Nov 29 05:52:34 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:36 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Squashing the files inside the initramfs done *** >Nov 29 05:52:36 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Creating image file '/boot/initramfs-5.14.0-1.7.1.el9.aarch64kdump.img' *** >Nov 29 05:52:36 ip-10-116-2-58.us-west-2.compute.internal dracut[1180]: *** Creating initramfs image file '/boot/initramfs-5.14.0-1.7.1.el9.aarch64kdump.img' done *** >Nov 29 05:52:37 ip-10-116-2-58.us-west-2.compute.internal kdumpctl[902]: kdump: kexec: loaded kdump kernel >Nov 29 05:52:37 ip-10-116-2-58.us-west-2.compute.internal kdumpctl[902]: kdump: Starting kdump: [OK] >Nov 29 05:52:37 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished Crash recovery kernel arming. >Nov 29 05:52:37 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Startup finished in 1.073s (kernel) + 2.013s (initrd) + 16.553s (userspace) = 19.639s. >Nov 29 05:52:37 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal systemd-udevd[687]: Network interface NamePolicy= disabled on kernel command line, ignoring. >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal kernel: pci 0000:00:1f.0: [1d0f:8061] type 00 class 0x010802 >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal kernel: pci 0000:00:1f.0: reg 0x10: [mem 0x00000000-0x00003fff] >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal kernel: pci 0000:00:1f.0: PME# supported from D0 D1 D2 D3hot D3cold >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal kernel: pci 0000:00:1f.0: BAR 0: assigned [mem 0x8000c000-0x8000ffff] >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal kernel: ACPI: \_SB_.PCI0.GSI3: Enabled at IRQ 38 >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal kernel: nvme nvme1: pci function 0000:00:1f.0 >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal kernel: nvme 0000:00:1f.0: enabling device (0000 -> 0002) >Nov 29 05:52:38 ip-10-116-2-58.us-west-2.compute.internal kernel: nvme nvme1: 2/0/0 default/read/poll queues >Nov 29 05:52:53 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: systemd-hostnamed.service: Deactivated successfully. >Nov 29 05:52:53 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:52:53 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=31 op=UNLOAD >Nov 29 05:52:53 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=30 op=UNLOAD >Nov 29 05:54:16 ip-10-116-2-58.us-west-2.compute.internal audit[3353]: CRYPTO_KEY_USER pid=3353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3353 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:16 ip-10-116-2-58.us-west-2.compute.internal audit[3352]: CRYPTO_SESSION pid=3352 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=3353 suid=74 rport=46207 laddr=10.116.2.58 lport=22 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=? res=success' >Nov 29 05:54:16 ip-10-116-2-58.us-west-2.compute.internal audit[3352]: CRYPTO_SESSION pid=3352 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=3353 suid=74 rport=46207 laddr=10.116.2.58 lport=22 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=? res=success' >Nov 29 05:54:16 ip-10-116-2-58.us-west-2.compute.internal sshd[3352]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] >Nov 29 05:54:16 ip-10-116-2-58.us-west-2.compute.internal audit[3355]: CRYPTO_KEY_USER pid=3355 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3355 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_SESSION pid=3354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=3355 suid=74 rport=3723 laddr=10.116.2.58 lport=22 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=? res=success' >Nov 29 05:54:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_SESSION pid=3354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=3355 suid=74 rport=3723 laddr=10.116.2.58 lport=22 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_AUTH pid=3354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="ec2-user" exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:32:44:37:ba:ff:32:fa:85:37:bf:a9:bc:1a:b2:f7:48:01:05:66:25:84:fd:50:de:3e:2c:5b:f5:45:68:ff:ab exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_ACCT pid=3354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/sbin/sshd" hostname=66.187.232.127 addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal sshd[3354]: Accepted publickey for ec2-user from 66.187.232.127 port 3723 ssh2: RSA SHA256:MkQ3uv8y+oU3v6m8GrL3SAEFZiWE/VDePixb9UVo/6s >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3355 suid=74 rport=3723 laddr=10.116.2.58 lport=22 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRED_ACQ pid=3354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="ec2-user" exe="/usr/sbin/sshd" hostname=66.187.232.127 addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: SYSCALL arch=c00000b7 syscall=64 success=yes exit=4 a0=3 a1=fffffc053db0 a2=4 a3=ffffaa007010 items=0 ppid=1152 pid=3354 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit: PROCTITLE proctitle=737368643A206563322D75736572205B707269765D >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_ROLE_CHANGE pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=66.187.232.127 addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Created slice User Slice of UID 1000. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting User Runtime Directory /run/user/1000... >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd-logind[708]: New session 1 of user ec2-user. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished User Runtime Directory /run/user/1000. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting User Manager for UID 1000... >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3358]: USER_ACCT pid=3358 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3358]: CRED_ACQ pid=3358 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="ec2-user" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3358]: USER_ROLE_CHANGE pid=3358 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3358]: SYSCALL arch=c00000b7 syscall=64 success=yes exit=4 a0=7 a1=ffffec41df80 a2=4 a3=0 items=0 ppid=1 pid=3358 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null) >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit: PROCTITLE proctitle="(systemd)" >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: pam_unix(systemd-user:session): session opened for user ec2-user(uid=1000) by (uid=0) >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3358]: USER_START pid=3358 uid=0 auid=1000 ses=2 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="ec2-user" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Queued start job for default target Main User Target. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Created slice User Application Slice. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Started Mark boot as successful after the user session has run 2 minutes. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Started Daily Cleanup of User's Temporary Directories. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Reached target Paths. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Reached target Timers. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Starting D-Bus User Message Bus Socket... >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Starting Create User's Volatile Files and Directories... >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Listening on D-Bus User Message Bus Socket. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Reached target Sockets. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Finished Create User's Volatile Files and Directories. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Reached target Basic System. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Reached target Main User Target. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[3358]: Startup finished in 97ms. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started User Manager for UID 1000. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Session 1 of User ec2-user. >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal sshd[3354]: pam_unix(sshd:session): session opened for user ec2-user(uid=1000) by (uid=0) >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="ec2-user" exe="/usr/sbin/sshd" hostname=66.187.232.127 addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3367]: CRYPTO_KEY_USER pid=3367 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3367 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3367]: CRED_ACQ pid=3367 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="ec2-user" exe="/usr/sbin/sshd" hostname=66.187.232.127 addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3368 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3381 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3381]: USER_ACCT pid=3381 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3381]: USER_CMD pid=3381 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal sudo[3381]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3381]: CRED_REFR pid=3381 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal sudo[3381]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3381]: USER_START pid=3381 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal sudo[3381]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3381]: USER_END pid=3381 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:17 ip-10-116-2-58.us-west-2.compute.internal audit[3381]: CRED_DISP pid=3381 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3396 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3396]: USER_ACCT pid=3396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3396]: USER_CMD pid=3396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F6574632F636C6F75642F636C6F75642E636667 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal sudo[3396]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /etc/cloud/cloud.cfg >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3396]: CRED_REFR pid=3396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal sudo[3396]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3396]: USER_START pid=3396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal sudo[3396]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3396]: USER_END pid=3396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3396]: CRED_DISP pid=3396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3411 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3424 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3424]: USER_ACCT pid=3424 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3424]: USER_CMD pid=3424 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal sudo[3424]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3424]: CRED_REFR pid=3424 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal sudo[3424]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3424]: USER_START pid=3424 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal sudo[3424]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3424]: USER_END pid=3424 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3424]: CRED_DISP pid=3424 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3439 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3452 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3452]: USER_ACCT pid=3452 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3452]: USER_CMD pid=3452 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F72756E2F636C6F75642D696E69742F636C6F75642D696E69742D67656E657261746F722E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal sudo[3452]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /run/cloud-init/cloud-init-generator.log >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3452]: CRED_REFR pid=3452 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal sudo[3452]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3452]: USER_START pid=3452 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal sudo[3452]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3452]: USER_END pid=3452 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3452]: CRED_DISP pid=3452 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3467 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3480 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3480]: USER_ACCT pid=3480 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3480]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3480]: USER_CMD pid=3480 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3480]: CRED_REFR pid=3480 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3480]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3480]: USER_START pid=3480 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3480]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3480]: USER_END pid=3480 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3480]: CRED_DISP pid=3480 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3495 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3495]: USER_ACCT pid=3495 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3495]: USER_CMD pid=3495 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=61776B202F424547494E2F2C2F454E442F202F7661722F6C6F672F6D65737361676573 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3495]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/awk /BEGIN/,/END/ /var/log/messages >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3495]: CRED_REFR pid=3495 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3495]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3495]: USER_START pid=3495 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3495]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3495]: USER_END pid=3495 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3495]: CRED_DISP pid=3495 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3510 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3523 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3523]: USER_ACCT pid=3523 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3523]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3523]: USER_CMD pid=3523 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3523]: CRED_REFR pid=3523 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3523]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3523]: USER_START pid=3523 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal sudo[3523]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3523]: USER_END pid=3523 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:20 ip-10-116-2-58.us-west-2.compute.internal audit[3523]: CRED_DISP pid=3523 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3538 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3538]: USER_ACCT pid=3538 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3538]: USER_CMD pid=3538 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal sudo[3538]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init.log >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3538]: CRED_REFR pid=3538 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal sudo[3538]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3538]: USER_START pid=3538 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal sudo[3538]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3538]: USER_END pid=3538 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3538]: CRED_DISP pid=3538 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3553 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3553]: USER_ACCT pid=3553 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3553]: USER_CMD pid=3553 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F6574632F7265646861742D72656C65617365 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal sudo[3553]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /etc/redhat-release >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3553]: CRED_REFR pid=3553 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal sudo[3553]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3553]: USER_START pid=3553 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal sudo[3553]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3553]: USER_END pid=3553 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3553]: CRED_DISP pid=3553 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:21 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3568 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3568]: USER_ACCT pid=3568 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3568]: USER_CMD pid=3568 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742D6F75747075742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3568]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init-output.log >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3568]: CRED_REFR pid=3568 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3568]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3568]: USER_START pid=3568 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3568]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3568]: USER_END pid=3568 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3568]: CRED_DISP pid=3568 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3583 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3596 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3596]: USER_ACCT pid=3596 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3596]: USER_CMD pid=3596 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3596]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3596]: CRED_REFR pid=3596 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3596]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3596]: USER_START pid=3596 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3596]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3596]: USER_END pid=3596 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3596]: CRED_DISP pid=3596 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3611 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3611]: USER_ACCT pid=3611 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3611]: USER_CMD pid=3611 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3611]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init.log >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3611]: CRED_REFR pid=3611 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3611]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3611]: USER_START pid=3611 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal sudo[3611]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3611]: USER_END pid=3611 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:22 ip-10-116-2-58.us-west-2.compute.internal audit[3611]: CRED_DISP pid=3611 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3626 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3626]: USER_ACCT pid=3626 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3626]: USER_CMD pid=3626 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F6574632F7265646861742D72656C65617365 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal sudo[3626]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /etc/redhat-release >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3626]: CRED_REFR pid=3626 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal sudo[3626]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3626]: USER_START pid=3626 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal sudo[3626]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3626]: USER_END pid=3626 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3626]: CRED_DISP pid=3626 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3641 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3641]: USER_ACCT pid=3641 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3641]: USER_CMD pid=3641 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742D6F75747075742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal sudo[3641]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init-output.log >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3641]: CRED_REFR pid=3641 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal sudo[3641]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3641]: USER_START pid=3641 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal sudo[3641]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3641]: USER_END pid=3641 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3641]: CRED_DISP pid=3641 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3656 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:23 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3669 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3669]: USER_ACCT pid=3669 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3669]: USER_CMD pid=3669 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3669]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3669]: CRED_REFR pid=3669 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3669]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3669]: USER_START pid=3669 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3669]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3669]: USER_END pid=3669 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3669]: CRED_DISP pid=3669 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3684 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3684]: USER_ACCT pid=3684 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3684]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/grep -Ri amazon /sys/devices/virtual/dmi/id/bios_date /sys/devices/virtual/dmi/id/bios_release /sys/devices/virtual/dmi/id/bios_vendor /sys/devices/virtual/dmi/id/bios_version >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3684]: USER_CMD pid=3684 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=67726570202D526920616D617A6F6E202F7379732F646576696365732F7669727475616C2F646D692F69642F62696F735F64617465202F7379732F646576696365732F7669727475616C2F646D692F69642F62696F735F72656C65617365202F7379732F646576696365732F7669727475616C2F646D692F69642F62696F735F76656E646F72202F7379732F646576696365732F7669727475616C2F646D692F69642F62696F735F76657273696F6E exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3684]: CRED_REFR pid=3684 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3684]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3684]: USER_START pid=3684 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3684]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3684]: USER_END pid=3684 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3684]: CRED_DISP pid=3684 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3699 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3712]: USER_ACCT pid=3712 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3712]: USER_CMD pid=3712 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=72706D202D716C20636C6F75642D696E6974 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3712]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/rpm -ql cloud-init >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3712]: CRED_REFR pid=3712 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3712]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3712]: USER_START pid=3712 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal sudo[3712]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3712]: USER_END pid=3712 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3712]: CRED_DISP pid=3712 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:24 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3716 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3729]: USER_ACCT pid=3729 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3729]: USER_CMD pid=3729 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7573722F6C69622F707974686F6E332E392F736974652D7061636B616765732F636C6F7564696E69742F736F75726365732F44617461536F757263654563322E7079 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3729]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /usr/lib/python3.9/site-packages/cloudinit/sources/DataSourceEc2.py >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3729]: CRED_REFR pid=3729 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3729]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3729]: USER_START pid=3729 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3729]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3729]: USER_END pid=3729 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3729]: CRED_DISP pid=3729 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3732 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3732]: USER_ACCT pid=3732 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3732]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init.log >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3732]: USER_CMD pid=3732 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3732]: CRED_REFR pid=3732 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3732]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3732]: USER_START pid=3732 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3732]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3732]: USER_END pid=3732 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3732]: CRED_DISP pid=3732 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3747 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3760 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3760]: USER_ACCT pid=3760 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3760]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3760]: USER_CMD pid=3760 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3760]: CRED_REFR pid=3760 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3760]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3760]: USER_START pid=3760 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal sudo[3760]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3760]: USER_END pid=3760 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:25 ip-10-116-2-58.us-west-2.compute.internal audit[3760]: CRED_DISP pid=3760 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3775 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3775]: USER_ACCT pid=3775 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3775]: USER_CMD pid=3775 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal sudo[3775]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init.log >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3775]: CRED_REFR pid=3775 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal sudo[3775]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3775]: USER_START pid=3775 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal sudo[3775]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3775]: USER_END pid=3775 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3775]: CRED_DISP pid=3775 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3790 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3803 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3803]: USER_ACCT pid=3803 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal sudo[3803]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3803]: USER_CMD pid=3803 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3803]: CRED_REFR pid=3803 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal sudo[3803]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3803]: USER_START pid=3803 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal sudo[3803]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3803]: USER_END pid=3803 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3803]: CRED_DISP pid=3803 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3818 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3818]: USER_ACCT pid=3818 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3818]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init.log >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3818]: USER_CMD pid=3818 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3818]: CRED_REFR pid=3818 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3818]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3818]: USER_START pid=3818 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3818]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3818]: USER_END pid=3818 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3818]: CRED_DISP pid=3818 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3833 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3833]: USER_ACCT pid=3833 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3833]: USER_CMD pid=3833 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F6574632F7265646861742D72656C65617365 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3833]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /etc/redhat-release >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3833]: CRED_REFR pid=3833 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3833]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3833]: USER_START pid=3833 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3833]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3833]: USER_END pid=3833 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3833]: CRED_DISP pid=3833 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3848 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3848]: USER_ACCT pid=3848 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3848]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init-output.log >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3848]: USER_CMD pid=3848 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742D6F75747075742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3848]: CRED_REFR pid=3848 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3848]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3848]: USER_START pid=3848 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal sudo[3848]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3848]: USER_END pid=3848 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3848]: CRED_DISP pid=3848 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:27 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3863 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3876 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3876]: USER_ACCT pid=3876 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal sudo[3876]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3876]: USER_CMD pid=3876 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3876]: CRED_REFR pid=3876 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal sudo[3876]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3876]: USER_START pid=3876 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal sudo[3876]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3876]: USER_END pid=3876 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3876]: CRED_DISP pid=3876 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3891 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3891]: USER_ACCT pid=3891 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3891]: USER_CMD pid=3891 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal sudo[3891]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init.log >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3891]: CRED_REFR pid=3891 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal sudo[3891]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3891]: USER_START pid=3891 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal sudo[3891]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3891]: USER_END pid=3891 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3891]: CRED_DISP pid=3891 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3906 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:28 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3919 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3919]: USER_ACCT pid=3919 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3919]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3919]: USER_CMD pid=3919 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3919]: CRED_REFR pid=3919 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3919]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3919]: USER_START pid=3919 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3919]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3919]: USER_END pid=3919 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3919]: CRED_DISP pid=3919 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3934 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3934]: USER_ACCT pid=3934 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3934]: USER_CMD pid=3934 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2073746174757320636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3934]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl status cloud-init-local >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3934]: CRED_REFR pid=3934 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3934]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3934]: USER_START pid=3934 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3934]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3934]: USER_END pid=3934 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3934]: CRED_DISP pid=3934 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3949 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3949]: USER_ACCT pid=3949 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3949]: USER_CMD pid=3949 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D61637469766520636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3949]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-active cloud-init-local >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3949]: CRED_REFR pid=3949 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3949]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3949]: USER_START pid=3949 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3949]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3949]: USER_END pid=3949 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3949]: CRED_DISP pid=3949 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3964 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3964]: USER_ACCT pid=3964 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3964]: USER_CMD pid=3964 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2073746174757320636C6F75642D696E6974 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3964]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl status cloud-init >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3964]: CRED_REFR pid=3964 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3964]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3964]: USER_START pid=3964 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal sudo[3964]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3964]: USER_END pid=3964 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:29 ip-10-116-2-58.us-west-2.compute.internal audit[3964]: CRED_DISP pid=3964 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3979 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3979]: USER_ACCT pid=3979 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3979]: USER_CMD pid=3979 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D61637469766520636C6F75642D696E6974 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[3979]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-active cloud-init >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3979]: CRED_REFR pid=3979 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[3979]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3979]: USER_START pid=3979 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[3979]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3979]: USER_END pid=3979 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3979]: CRED_DISP pid=3979 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=3994 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3994]: USER_ACCT pid=3994 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[3994]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl status cloud-config >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3994]: USER_CMD pid=3994 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2073746174757320636C6F75642D636F6E666967 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3994]: CRED_REFR pid=3994 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[3994]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3994]: USER_START pid=3994 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[3994]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3994]: USER_END pid=3994 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3994]: CRED_DISP pid=3994 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4009 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[4009]: USER_ACCT pid=4009 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[4009]: USER_CMD pid=4009 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D61637469766520636C6F75642D636F6E666967 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[4009]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-active cloud-config >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[4009]: CRED_REFR pid=4009 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[4009]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[4009]: USER_START pid=4009 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal sudo[4009]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[4009]: USER_END pid=4009 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:30 ip-10-116-2-58.us-west-2.compute.internal audit[4009]: CRED_DISP pid=4009 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4024 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4024]: USER_ACCT pid=4024 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4024]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl status cloud-final >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4024]: USER_CMD pid=4024 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2073746174757320636C6F75642D66696E616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4024]: CRED_REFR pid=4024 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4024]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4024]: USER_START pid=4024 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4024]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4024]: USER_END pid=4024 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4024]: CRED_DISP pid=4024 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4039 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4039]: USER_ACCT pid=4039 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4039]: USER_CMD pid=4039 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D61637469766520636C6F75642D66696E616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4039]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-active cloud-final >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4039]: CRED_REFR pid=4039 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4039]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4039]: USER_START pid=4039 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4039]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4039]: USER_END pid=4039 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4039]: CRED_DISP pid=4039 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4054 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4067 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4067]: USER_ACCT pid=4067 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4067]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4067]: USER_CMD pid=4067 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4067]: CRED_REFR pid=4067 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4067]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4067]: USER_START pid=4067 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal sudo[4067]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4067]: USER_END pid=4067 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:31 ip-10-116-2-58.us-west-2.compute.internal audit[4067]: CRED_DISP pid=4067 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4082 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4095 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4108 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[4108]: USER_ACCT pid=4108 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[4108]: USER_CMD pid=4108 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal sudo[4108]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[4108]: CRED_REFR pid=4108 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal sudo[4108]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[4108]: USER_START pid=4108 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal sudo[4108]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[4108]: USER_END pid=4108 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[4108]: CRED_DISP pid=4108 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:32 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4123 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4136 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4136]: USER_ACCT pid=4136 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4136]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /sys/devices/virtual/dmi/id/product_family /sys/devices/virtual/dmi/id/product_name /sys/devices/virtual/dmi/id/product_serial /sys/devices/virtual/dmi/id/product_sku /sys/devices/virtual/dmi/id/product_uuid /sys/devices/virtual/dmi/id/product_version >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4136]: USER_CMD pid=4136 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7379732F646576696365732F7669727475616C2F646D692F69642F70726F647563745F66616D696C79202F7379732F646576696365732F7669727475616C2F646D692F69642F70726F647563745F6E616D65202F7379732F646576696365732F7669727475616C2F646D692F69642F70726F647563745F73657269616C202F7379732F646576696365732F7669727475616C2F646D692F69642F70726F647563745F736B75202F7379732F646576696365732F7669727475616C2F646D692F69642F70726F647563745F75756964202F7379732F646576696365732F7669727475616C2F646D692F69642F70726F647563745F76657273696F6E exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4136]: CRED_REFR pid=4136 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4136]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4136]: USER_START pid=4136 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4136]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4136]: USER_END pid=4136 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4136]: CRED_DISP pid=4136 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4151 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4151]: USER_ACCT pid=4151 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4151]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /sys/devices/virtual/dmi/id/bios_date /sys/devices/virtual/dmi/id/bios_release /sys/devices/virtual/dmi/id/bios_vendor /sys/devices/virtual/dmi/id/bios_version >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4151]: USER_CMD pid=4151 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7379732F646576696365732F7669727475616C2F646D692F69642F62696F735F64617465202F7379732F646576696365732F7669727475616C2F646D692F69642F62696F735F72656C65617365202F7379732F646576696365732F7669727475616C2F646D692F69642F62696F735F76656E646F72202F7379732F646576696365732F7669727475616C2F646D692F69642F62696F735F76657273696F6E exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4151]: CRED_REFR pid=4151 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4151]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4151]: USER_START pid=4151 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4151]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4151]: USER_END pid=4151 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4151]: CRED_DISP pid=4151 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4166 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4166]: USER_ACCT pid=4166 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4166]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init-output.log >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4166]: USER_CMD pid=4166 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742D6F75747075742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4166]: CRED_REFR pid=4166 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4166]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4166]: USER_START pid=4166 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal sudo[4166]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4166]: USER_END pid=4166 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:33 ip-10-116-2-58.us-west-2.compute.internal audit[4166]: CRED_DISP pid=4166 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4181 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4194 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[4194]: USER_ACCT pid=4194 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal sudo[4194]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl is-enabled cloud-init-local >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[4194]: USER_CMD pid=4194 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C2069732D656E61626C656420636C6F75642D696E69742D6C6F63616C exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[4194]: CRED_REFR pid=4194 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal sudo[4194]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[4194]: USER_START pid=4194 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal sudo[4194]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[4194]: USER_END pid=4194 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[4194]: CRED_DISP pid=4194 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4209 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:34 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4222 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4222]: USER_ACCT pid=4222 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4222]: USER_CMD pid=4222 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=6370202D66202F6574632F7373682F737368645F636F6E666967202F6574632F7373682F737368645F636F6E6669672E62616B exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4222]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cp -f /etc/ssh/sshd_config /etc/ssh/sshd_config.bak >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4222]: CRED_REFR pid=4222 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4222]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4222]: USER_START pid=4222 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4222]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4222]: USER_END pid=4222 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4222]: CRED_DISP pid=4222 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4237 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4237]: USER_ACCT pid=4237 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4237]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/sed -i /DenyUsers/d /etc/ssh/sshd_config >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4237]: USER_CMD pid=4237 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=736564202D69202F44656E7955736572732F64202F6574632F7373682F737368645F636F6E666967 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4237]: CRED_REFR pid=4237 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4237]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4237]: USER_START pid=4237 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4237]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4237]: USER_END pid=4237 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4237]: CRED_DISP pid=4237 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4252 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4252]: USER_ACCT pid=4252 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4252]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/bash -c echo DenyUsers >> /etc/ssh/sshd_config >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4252]: USER_CMD pid=4252 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=62617368202D63206563686F2044656E795573657273203E3E202F6574632F7373682F737368645F636F6E666967 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4252]: CRED_REFR pid=4252 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4252]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4252]: USER_START pid=4252 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4252]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4252]: USER_END pid=4252 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4252]: CRED_DISP pid=4252 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4267 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4267]: USER_ACCT pid=4267 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4267]: USER_CMD pid=4267 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636C6F75642D696E697420636C65616E exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4267]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cloud-init clean >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4267]: CRED_REFR pid=4267 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal sudo[4267]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:35 ip-10-116-2-58.us-west-2.compute.internal audit[4267]: USER_START pid=4267 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal sudo[4267]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[4267]: USER_END pid=4267 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[4267]: CRED_DISP pid=4267 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4284 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[4284]: USER_ACCT pid=4284 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal sudo[4284]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cloud-init init >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[4284]: USER_CMD pid=4284 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636C6F75642D696E697420696E6974 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[4284]: CRED_REFR pid=4284 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal sudo[4284]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:36 ip-10-116-2-58.us-west-2.compute.internal audit[4284]: USER_START pid=4284 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:37 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=34 op=LOAD >Nov 29 05:54:37 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=35 op=LOAD >Nov 29 05:54:37 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Hostname Service... >Nov 29 05:54:37 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:37 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Hostname Service. >Nov 29 05:54:37 ip-10-116-2-58.us-west-2.compute.internal audit[4336]: ACCT_LOCK pid=4336 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=locked-password id=1000 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:38 ip-10-116-2-58.us-west-2.compute.internal sudo[4284]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:38 ip-10-116-2-58.us-west-2.compute.internal audit[4284]: USER_END pid=4284 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:38 ip-10-116-2-58.us-west-2.compute.internal audit[4284]: CRED_DISP pid=4284 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4340 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4340]: USER_ACCT pid=4340 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4340]: USER_CMD pid=4340 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=6370202D66202F6574632F7373682F737368645F636F6E6669672E62616B202F6574632F7373682F737368645F636F6E666967 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal sudo[4340]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cp -f /etc/ssh/sshd_config.bak /etc/ssh/sshd_config >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4340]: CRED_REFR pid=4340 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal sudo[4340]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4340]: USER_START pid=4340 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal sudo[4340]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4340]: USER_END pid=4340 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4340]: CRED_DISP pid=4340 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4355 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4355]: USER_ACCT pid=4355 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4355]: USER_CMD pid=4355 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7661722F6C6F672F636C6F75642D696E69742E6C6F67 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal sudo[4355]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /var/log/cloud-init.log >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4355]: CRED_REFR pid=4355 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal sudo[4355]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4355]: USER_START pid=4355 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal sudo[4355]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4355]: USER_END pid=4355 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[4355]: CRED_DISP pid=4355 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:39 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4370 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4383 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[4383]: USER_ACCT pid=4383 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal sudo[4383]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl restart sshd >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[4383]: USER_CMD pid=4383 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C20726573746172742073736864 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[4383]: CRED_REFR pid=4383 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal sudo[4383]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[4383]: USER_START pid=4383 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal sshd[1152]: Received signal 15; terminating. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopping OpenSSH server daemon... >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[1152]: CRYPTO_KEY_USER pid=1152 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=1152 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd.service: Deactivated successfully. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd.service: Unit process 3352 (sshd) remains running after unit stopped. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd.service: Unit process 3353 (sshd) remains running after unit stopped. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopped OpenSSH server daemon. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopped target sshd-keygen.target. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopping sshd-keygen.target... >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in OpenSSH ecdsa Server Key Generation being skipped. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in OpenSSH ed25519 Server Key Generation being skipped. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in OpenSSH rsa Server Key Generation being skipped. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target sshd-keygen.target. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd.service: Found left-over process 3352 (sshd) in control group while starting unit. Ignoring. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: sshd.service: Found left-over process 3353 (sshd) in control group while starting unit. Ignoring. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting OpenSSH server daemon... >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal sshd[4398]: Server listening on 0.0.0.0 port 22. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal sshd[4398]: Server listening on :: port 22. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started OpenSSH server daemon. >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[4383]: USER_END pid=4383 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal sudo[4383]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[4383]: CRED_DISP pid=4383 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4399 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4412 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4425 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4425]: USER_ACCT pid=4425 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal sudo[4425]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /sys/devices/system/clocksource/clocksource0/available_clocksource >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4425]: USER_CMD pid=4425 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=636174202F7379732F646576696365732F73797374656D2F636C6F636B736F757263652F636C6F636B736F75726365302F617661696C61626C655F636C6F636B736F75726365 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4425]: CRED_REFR pid=4425 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal sudo[4425]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4425]: USER_START pid=4425 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal sudo[4425]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4425]: USER_END pid=4425 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4425]: CRED_DISP pid=4425 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4440 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=/dev/pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=/dev/pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4453 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4453]: USER_ACCT pid=4453 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4453]: USER_CMD pid=4453 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=6175736561726368202D6D20415643202D747320746F646179 exe="/usr/bin/sudo" terminal=pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal sudo[4453]: ec2-user : TTY=pts/0 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/ausearch -m AVC -ts today >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4453]: CRED_REFR pid=4453 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal sudo[4453]: pam_unix(sudo:session): session opened for user root(uid=0) by ec2-user(uid=1000) >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4453]: USER_START pid=4453 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal sudo[4453]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4453]: USER_END pid=4453 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[4453]: CRED_DISP pid=4453 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:54:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4471 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4484 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4497 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=4512 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[4512]: USER_ACCT pid=4512 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal sudo[4512]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/yum install -y nfs-utils >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[4512]: USER_CMD pid=4512 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=79756D20696E7374616C6C202D79206E66732D7574696C73 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[4512]: CRED_REFR pid=4512 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal sudo[4512]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:43 ip-10-116-2-58.us-west-2.compute.internal audit[4512]: USER_START pid=4512 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal audit[4559]: ADD_GROUP pid=4559 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=32 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal groupadd[4559]: group added to /etc/group: name=rpc, GID=32 >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal audit[4559]: GRP_MGMT pid=4559 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=32 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal groupadd[4559]: group added to /etc/gshadow: name=rpc >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal groupadd[4559]: new group: name=rpc, GID=32 >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal useradd[4567]: new user: name=rpc, UID=32, GID=32, home=/var/lib/rpcbind, shell=/sbin/nologin, from=none >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal audit[4567]: ADD_USER pid=4567 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user acct="rpc" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reloading. >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=26 op=UNLOAD >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=29 op=UNLOAD >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=20 op=UNLOAD >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=23 op=UNLOAD >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal systemd-sysv-generator[4592]: SysV service '/etc/rc.d/init.d/choose_repo' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:54:47 ip-10-116-2-58.us-west-2.compute.internal systemd-sysv-generator[4592]: SysV service '/etc/rc.d/init.d/rh-cloud-firstboot' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=36 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=37 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=38 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=39 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=27 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=28 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=40 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=41 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=42 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=21 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=22 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=43 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=44 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=45 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=24 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=25 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=46 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=47 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=34 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=35 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Listening on RPCbind Server Activation Socket. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target RPC Port Mapper. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reloading. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=37 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=36 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=40 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=43 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd-sysv-generator[4626]: SysV service '/etc/rc.d/init.d/choose_repo' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd-sysv-generator[4626]: SysV service '/etc/rc.d/init.d/rh-cloud-firstboot' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=48 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=49 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=50 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=51 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=38 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=39 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=52 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=53 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=54 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=41 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=42 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=55 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=56 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=57 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=44 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=45 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=58 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=59 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=46 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=47 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: rpcbind.socket: Deactivated successfully. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Closed RPCbind Server Activation Socket. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopping RPCbind Server Activation Socket... >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Listening on RPCbind Server Activation Socket. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit[4647]: ADD_GROUP pid=4647 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=29 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal groupadd[4647]: group added to /etc/group: name=rpcuser, GID=29 >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit[4647]: GRP_MGMT pid=4647 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=29 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal groupadd[4647]: group added to /etc/gshadow: name=rpcuser >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal groupadd[4647]: new group: name=rpcuser, GID=29 >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal useradd[4656]: new user: name=rpcuser, UID=29, GID=29, home=/var/lib/nfs, shell=/sbin/nologin, from=none >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit[4656]: ADD_USER pid=4656 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user acct="rpcuser" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reloading. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=49 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=48 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=52 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=55 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd-sysv-generator[4686]: SysV service '/etc/rc.d/init.d/choose_repo' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd-sysv-generator[4686]: SysV service '/etc/rc.d/init.d/rh-cloud-firstboot' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=60 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=61 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=62 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=63 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=50 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=51 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=64 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=65 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=66 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=53 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=54 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=67 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=68 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=69 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=56 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=57 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=70 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=71 op=LOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=58 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=59 op=UNLOAD >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Mounting RPC Pipe File System... >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in Kernel Module supporting RPCSEC_GSS being skipped. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting GSSAPI Proxy Daemon... >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting Notify NFS peers of a restart... >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal sm-notify[4700]: Version 2.5.4 starting >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started Notify NFS peers of a restart. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started GSSAPI Proxy Daemon. >Nov 29 05:54:48 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal kernel: RPC: Registered named UNIX socket transport module. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal kernel: RPC: Registered udp transport module. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal kernel: RPC: Registered tcp transport module. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal kernel: RPC: Registered tcp NFSv4.1 backchannel transport module. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Mounted RPC Pipe File System. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target rpc_pipefs.target. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in RPC security service for NFS client and server being skipped. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target NFS client services. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Preparation for Remote File Systems. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd-udevd[687]: Network interface NamePolicy= disabled on kernel command line, ignoring. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopping GSSAPI Proxy Daemon... >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: gssproxy.service: Deactivated successfully. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopped GSSAPI Proxy Daemon. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting GSSAPI Proxy Daemon... >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started GSSAPI Proxy Daemon. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopping GSSAPI Proxy Daemon... >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: gssproxy.service: Deactivated successfully. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Stopped GSSAPI Proxy Daemon. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting GSSAPI Proxy Daemon... >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started GSSAPI Proxy Daemon. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started /usr/bin/systemctl start man-db-cache-update. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r8e4921e660124cf79608aae6ef2b471c comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting man-db-cache-update.service... >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reloading. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=61 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=60 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=64 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=67 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd-sysv-generator[4872]: SysV service '/etc/rc.d/init.d/choose_repo' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd-sysv-generator[4872]: SysV service '/etc/rc.d/init.d/rh-cloud-firstboot' lacks a native systemd unit file. Automatically generating a unit file for compatibility. Please update package to include a native systemd unit file, in order to make it more safe and robust. >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=72 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=73 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=74 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=75 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=62 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=63 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=76 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=77 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=78 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=65 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=66 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=79 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=80 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=81 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=68 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=69 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=82 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=83 op=LOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=70 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=71 op=UNLOAD >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Queuing reload/restart jobs for marked units… >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="libtirpc-1.3.2-1.el9.aarch64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="rpcbind-1.2.6-2.el9.aarch64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="keyutils-1.6.1-4.el9.aarch64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="quota-nls-1:4.06-6.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="quota-1:4.06-6.el9.aarch64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="libev-4.33-5.el9.aarch64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="libverto-libev-0.3.2-3.el9.aarch64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="gssproxy-0.8.4-4.el9.aarch64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:49 ip-10-116-2-58.us-west-2.compute.internal audit[4526]: SOFTWARE_UPDATE pid=4526 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="nfs-utils-1:2.5.4-5.el9.aarch64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal sudo[4512]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[4512]: USER_END pid=4512 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[4512]: CRED_DISP pid=4512 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=6757 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=7086 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=7320 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[7320]: USER_ACCT pid=7320 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[7320]: USER_CMD pid=7320 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D63746C207374617274206E66732D7365727665722E73657276696365 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[7320]: CRED_REFR pid=7320 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal sudo[7320]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemctl start nfs-server.service >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[7320]: USER_START pid=7320 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal sudo[7320]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reached target Host and Network Name Lookups. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Mounting NFSD configuration filesystem... >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in Kernel Module supporting RPCSEC_GSS being skipped. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting NFSv4 ID-name mapping service... >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Condition check resulted in RPC security service for NFS client and server being skipped. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting NFS status monitor for NFSv2/3 locking.... >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal rpc.idmapd[7421]: Setting log level to 0 >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting RPC Bind... >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started RPC Bind. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal rpc.statd[7440]: Version 2.5.4 starting >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal rpc.statd[7440]: Flags: TI-RPC >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal rpc.statd[7440]: Initializing NSM state >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started NFSv4 ID-name mapping service. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nfs-idmapd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started NFS status monitor for NFSv2/3 locking.. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Mounted NFSD configuration filesystem. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting NFS Mount Daemon... >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting NFSv4 Client Tracking Daemon... >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de). >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started NFSv4 Client Tracking Daemon. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nfsdcld comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nfs-mountd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Started NFS Mount Daemon. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal rpc.mountd[7476]: Version 2.5.4 starting >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Starting NFS server and services... >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal kernel: RPC: Registered rdma transport module. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal kernel: RPC: Registered rdma backchannel transport module. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal kernel: NFSD: Using nfsdcld client tracking operations. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal kernel: NFSD: no clients to reclaim, skipping NFSv4 grace period (net f0000070) >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reloading GSSAPI Proxy Daemon... >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Reloaded GSSAPI Proxy Daemon. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished NFS server and services. >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nfs-server comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[7320]: USER_END pid=7320 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[7320]: CRED_DISP pid=7320 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal sudo[7320]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=8106 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[8106]: USER_ACCT pid=8106 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[8106]: USER_CMD pid=8106 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=6D6B646972202F746D702F746573747277 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal sudo[8106]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/mkdir /tmp/testrw >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[8106]: CRED_REFR pid=8106 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal sudo[8106]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[8106]: USER_START pid=8106 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal sudo[8106]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[8106]: USER_END pid=8106 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:51 ip-10-116-2-58.us-west-2.compute.internal audit[8106]: CRED_DISP pid=8106 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=8678 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[8678]: USER_ACCT pid=8678 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal sudo[8678]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/chmod -R 777 /tmp/testrw >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[8678]: USER_CMD pid=8678 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=63686D6F64202D5220373737202F746D702F746573747277 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[8678]: CRED_REFR pid=8678 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal sudo[8678]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[8678]: USER_START pid=8678 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal sudo[8678]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[8678]: USER_END pid=8678 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[8678]: CRED_DISP pid=8678 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=9113 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal sudo[9113]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/exportfs -o rw,insecure_locks,all_squash,fsid=1 *:/tmp/testrw >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9113]: USER_ACCT pid=9113 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9113]: USER_CMD pid=9113 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=6578706F72746673202D6F2072772C696E7365637572655F6C6F636B732C616C6C5F7371756173682C667369643D31202A3A2F746D702F746573747277 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9113]: CRED_REFR pid=9113 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9113]: USER_START pid=9113 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal sudo[9113]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9113]: USER_END pid=9113 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9113]: CRED_DISP pid=9113 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal sudo[9113]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=9570 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9570]: USER_ACCT pid=9570 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9570]: USER_CMD pid=9570 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=6D6F756E74202D74206E6673203132372E302E302E313A2F746D702F746573747277202F6D6E74 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal sudo[9570]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/mount -t nfs 127.0.0.1:/tmp/testrw /mnt >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9570]: CRED_REFR pid=9570 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal sudo[9570]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal audit[9570]: USER_START pid=9570 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal kernel: FS-Cache: Loaded >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal kernel: FS-Cache: Netfs 'nfs' registered for caching >Nov 29 05:54:52 ip-10-116-2-58.us-west-2.compute.internal kernel: Key type dns_resolver registered >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal kernel: NFS: Registering the id_resolver key type >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal kernel: Key type id_resolver registered >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal kernel: Key type id_legacy registered >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[9570]: USER_END pid=9570 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[9570]: CRED_DISP pid=9570 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal sudo[9570]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=10404 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[10404]: USER_ACCT pid=10404 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[10404]: USER_CMD pid=10404 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=756D6F756E74202F6D6E74 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal sudo[10404]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/umount /mnt >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[10404]: CRED_REFR pid=10404 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal sudo[10404]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[10404]: USER_START pid=10404 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: mnt.mount: Deactivated successfully. >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal sudo[10404]: pam_unix(sudo:session): session closed for user root >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[10404]: USER_END pid=10404 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[10404]: CRED_DISP pid=10404 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:54:56 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: man-db-cache-update.service: Deactivated successfully. >Nov 29 05:54:56 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: Finished man-db-cache-update.service. >Nov 29 05:54:56 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:56 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:54:56 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: man-db-cache-update.service: Consumed 6.545s CPU time. >Nov 29 05:54:56 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: run-r8e4921e660124cf79608aae6ef2b471c.service: Deactivated successfully. >Nov 29 05:54:56 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r8e4921e660124cf79608aae6ef2b471c comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=/dev/pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=/dev/pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14396 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[14396]: USER_ACCT pid=14396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal sudo[14396]: ec2-user : TTY=pts/0 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/ausearch -m AVC -ts today 05:54:42 >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[14396]: USER_CMD pid=14396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=6175736561726368202D6D20415643202D747320746F6461792030353A35343A3432 exe="/usr/bin/sudo" terminal=pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[14396]: CRED_REFR pid=14396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal sudo[14396]: pam_unix(sudo:session): session opened for user root(uid=0) by ec2-user(uid=1000) >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[14396]: USER_START pid=14396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal sudo[14396]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[14396]: USER_END pid=14396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[14396]: CRED_DISP pid=14396 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:55:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14414 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14427 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14427]: USER_ACCT pid=14427 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal sudo[14427]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/which systemd-analyze >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14427]: USER_CMD pid=14427 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=77686963682073797374656D642D616E616C797A65 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14427]: CRED_REFR pid=14427 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal sudo[14427]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14427]: USER_START pid=14427 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal sudo[14427]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14427]: USER_END pid=14427 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14427]: CRED_DISP pid=14427 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14442 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14442]: USER_ACCT pid=14442 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14442]: USER_CMD pid=14442 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd="systemd-analyze" exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal sudo[14442]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemd-analyze >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14442]: CRED_REFR pid=14442 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal sudo[14442]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14442]: USER_START pid=14442 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal sudo[14442]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14442]: USER_END pid=14442 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:04 ip-10-116-2-58.us-west-2.compute.internal audit[14442]: CRED_DISP pid=14442 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14457 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[14470]: USER_ACCT pid=14470 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[14470]: USER_CMD pid=14470 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=73797374656D642D616E616C797A6520626C616D65 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal sudo[14470]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemd-analyze blame >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[14470]: CRED_REFR pid=14470 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal sudo[14470]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[14470]: USER_START pid=14470 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal sudo[14470]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[14470]: USER_END pid=14470 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[14470]: CRED_DISP pid=14470 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:05 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14473 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14486 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[14486]: USER_ACCT pid=14486 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[14486]: USER_CMD pid=14486 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd="systemd-analyze" exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal sudo[14486]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/systemd-analyze >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[14486]: CRED_REFR pid=14486 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal sudo[14486]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[14486]: USER_START pid=14486 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal sudo[14486]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[14486]: USER_END pid=14486 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[14486]: CRED_DISP pid=14486 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14501 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14514 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal systemd[1]: systemd-hostnamed.service: Deactivated successfully. >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14531 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=83 op=UNLOAD >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit: BPF prog-id=82 op=UNLOAD >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14546 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[14559]: USER_ACCT pid=14559 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[14559]: USER_CMD pid=14559 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=67726570202E202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F69746C625F6D756C7469686974202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F6C317466202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F6D6473202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F6D656C74646F776E202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F737065635F73746F72655F627970617373202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F737065637472655F7631202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F737065637472655F7632202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F7372626473202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F7473785F6173796E635F61626F7274 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal sudo[14559]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/grep . /sys/devices/system/cpu/vulnerabilities/itlb_multihit /sys/devices/system/cpu/vulnerabilities/l1tf /sys/devices/system/cpu/vulnerabilities/mds /sys/devices/system/cpu/vulnerabilities/meltdown /sys/devices/system/cpu/vulnerabilities/spec_store_bypass /sys/devices/system/cpu/vulnerabilities/spectre_v1 /sys/devices/system/cpu/vulnerabilities/spectre_v2 /sys/devices/system/cpu/vulnerabilities/srbds /sys/devices/system/cpu/vulnerabilities/tsx_async_abort >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[14559]: CRED_REFR pid=14559 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal sudo[14559]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[14559]: USER_START pid=14559 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal sudo[14559]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[14559]: USER_END pid=14559 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[14559]: CRED_DISP pid=14559 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14564 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14577 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14590 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14603 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[14616]: USER_ACCT pid=14616 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal sudo[14616]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/grep . /sys/devices/system/cpu/vulnerabilities/itlb_multihit /sys/devices/system/cpu/vulnerabilities/l1tf /sys/devices/system/cpu/vulnerabilities/mds /sys/devices/system/cpu/vulnerabilities/meltdown /sys/devices/system/cpu/vulnerabilities/spec_store_bypass /sys/devices/system/cpu/vulnerabilities/spectre_v1 /sys/devices/system/cpu/vulnerabilities/spectre_v2 /sys/devices/system/cpu/vulnerabilities/srbds /sys/devices/system/cpu/vulnerabilities/tsx_async_abort >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[14616]: USER_CMD pid=14616 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=67726570202E202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F69746C625F6D756C7469686974202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F6C317466202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F6D6473202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F6D656C74646F776E202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F737065635F73746F72655F627970617373202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F737065637472655F7631202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F737065637472655F7632202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F7372626473202F7379732F646576696365732F73797374656D2F6370752F76756C6E65726162696C69746965732F7473785F6173796E635F61626F7274 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:08 ip-10-116-2-58.us-west-2.compute.internal audit[14616]: CRED_REFR pid=14616 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal sudo[14616]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[14616]: USER_START pid=14616 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal sudo[14616]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[14616]: USER_END pid=14616 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[14616]: CRED_DISP pid=14616 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14625 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14638 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:09 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14653 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14666 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14679 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14692 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:10 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14705 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14718 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14731 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14744 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:11 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14757 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14770 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14783 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:12 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14797 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14810 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14823 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:13 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14836 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14849 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14862 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14875 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:14 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14888 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14901 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:15 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14914 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14927 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14940 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:16 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14955 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14955]: USER_ACCT pid=14955 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14955]: USER_CMD pid=14955 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=646D696465636F6465202D2D64756D702D62696E202F746D702F6F735F74657374735F726573756C745F32303231313132395F7268656C395F7434672E6C617267652F64656275672F646D696465636F64655F64656275672E62696E exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal sudo[14955]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/dmidecode --dump-bin /tmp/os_tests_result_20211129_rhel9_t4g.large/debug/dmidecode_debug.bin >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14955]: CRED_REFR pid=14955 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal sudo[14955]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14955]: USER_START pid=14955 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal sudo[14955]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14955]: USER_END pid=14955 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14955]: CRED_DISP pid=14955 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14970 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14970]: USER_ACCT pid=14970 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal sudo[14970]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/dmidecode --dump >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14970]: USER_CMD pid=14970 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=646D696465636F6465202D2D64756D70 exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14970]: CRED_REFR pid=14970 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal sudo[14970]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14970]: USER_START pid=14970 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal sudo[14970]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14970]: USER_END pid=14970 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[14970]: CRED_DISP pid=14970 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14985 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:17 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=14998 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15013 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15013]: USER_ACCT pid=15013 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal sudo[15013]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/dmidecode --dump-bin /tmp/os_tests_result_20211129_rhel9_t4g.large/debug/dmidecode_debug.bin >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15013]: USER_CMD pid=15013 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd=646D696465636F6465202D2D64756D702D62696E202F746D702F6F735F74657374735F726573756C745F32303231313132395F7268656C395F7434672E6C617267652F64656275672F646D696465636F64655F64656275672E62696E exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15013]: CRED_REFR pid=15013 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal sudo[15013]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15013]: USER_START pid=15013 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal sudo[15013]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15013]: USER_END pid=15013 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15013]: CRED_DISP pid=15013 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15028 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15028]: USER_ACCT pid=15028 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="ec2-user" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal sudo[15028]: ec2-user : PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/dmidecode >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15028]: USER_CMD pid=15028 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/ec2-user" cmd="dmidecode" exe="/usr/bin/sudo" terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15028]: CRED_REFR pid=15028 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal sudo[15028]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15028]: USER_START pid=15028 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal sudo[15028]: pam_unix(sudo:session): session closed for user root >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15028]: USER_END pid=15028 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[15028]: CRED_DISP pid=15028 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15043 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:18 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15056 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15069 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15082 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:19 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15095 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15109 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15122 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:20 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15135 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15148 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15161 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:25 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15175 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15188 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:26 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15201 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:36 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15214 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15227 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:37 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15241 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:38 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:38 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:38 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:38 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:38 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15254 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:38 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:38 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:40 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15267 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15280 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15293 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:41 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15307 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15320 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:42 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:44 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:44 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:44 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15333 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15346 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15359 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:45 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15373 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:46 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:46 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:46 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:46 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:46 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15386 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:46 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:46 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:48 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:48 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:48 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15399 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:48 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:48 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:48 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:48 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:48 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15412 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15425 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:49 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15439 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15452 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:50 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:52 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15465 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15478 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15491 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:53 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15505 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:54 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:54 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:54 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:54 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:54 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15518 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:54 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:54 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15531 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15544 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15557 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:57 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15571 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15584 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:55:58 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:01 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:01 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:01 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15597 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15610 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15623 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:02 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15637 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:56:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:03 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15650 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:56:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:06 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15663 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15676 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_END pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGOUT pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_LOGIN pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: USER_START pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=66.187.232.127 terminal=ssh res=success' >Nov 29 05:56:07 ip-10-116-2-58.us-west-2.compute.internal audit[3354]: CRYPTO_KEY_USER pid=3354 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:59:97:d4:31:dc:63:26:a8:73:fa:f5:c5:f6:9d:06:e7:64:bb:ce:77:b9:1c:62:64:5a:d7:a1:d2:fe:c7:bb:97 direction=? spid=15689 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' > >INFO:not found found! >INFO:This is a new exception! >INFO:Nov 29 05:52:22 localhost rh-cloud-firstboot[741]: /etc/rc.d/init.d/rh-cloud-firstboot: line 48: action: command not found > >Traceback (most recent call last): > File "/root/.local/lib/python3.6/site-packages/os_tests/tests/test_general_check.py", line 559, in test_check_journalctl_not_found > utils_lib.check_log(self, 'not found,no such', skip_words='test_check_journalctl_not_found', rmt_redirect_stdout=True) > File "/root/.local/lib/python3.6/site-packages/os_tests/libs/utils_lib.py", line 662, in check_log > test_instance.fail("New {} in {} log".format(keyword, check_cmd)) >AssertionError: New not found in journalctl -b 0 log >os_tests.tests.test_general_check.TestGeneralCheck.test_check_journalctl_not_found - FAIL
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1843970">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2027263
: 1843970