Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 896468 Details for
Bug 1098244
[Rubygem-Staypuft]: SELinux avc: denied when running staypuft-installer - comm="ruby" path="/sbin/iptables-multi-1.4.7.
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
audit.log from staypuft-installer
mtaylor_staypuft-installer_audit.log (text/plain), 110.65 KB, created by
Martyn Taylor
on 2014-05-16 16:45:14 UTC
(
hide
)
Description:
audit.log from staypuft-installer
Filename:
MIME Type:
Creator:
Martyn Taylor
Created:
2014-05-16 16:45:14 UTC
Size:
110.65 KB
patch
obsolete
>type=DAEMON_START msg=audit(1400253264.157:3088): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=895 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1400253264.269:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_AUTH msg=audit(1400253287.644:5): user pid=1356 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400253287.647:6): user pid=1356 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400253287.648:7): pid=1356 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1400253287.780:8): user pid=1356 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400253287.858:9): user pid=1356 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253287.859:10): user pid=1356 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400253287.861:11): user pid=1356 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_CMD msg=audit(1400253292.927:12): user pid=1463 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=73687574646F776E202D68206E6F77 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253292.927:13): user pid=1463 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400253292.929:14): user pid=1463 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=SYSTEM_RUNLEVEL msg=audit(1400253292.944:15): user pid=1464 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=tty1 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1400253292.956:16): user pid=1464 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400253292.963:17): user pid=1463 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400253292.964:18): user pid=1463 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400253292.969:19): user pid=1356 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400253292.985:20): user pid=1356 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400253294.086:21): user pid=1196 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1196 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400253294.088:22): user pid=1196 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1196 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=DAEMON_END msg=audit(1400253298.156:3089): auditd normal halt, sending auid=0 pid=1644 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1400253407.501:8649): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=905 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1400253407.612:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_AUTH msg=audit(1400253419.206:5): user pid=1345 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400253419.208:6): user pid=1345 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400253419.209:7): pid=1345 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1400253419.316:8): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400253419.420:9): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253419.421:10): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400253419.422:11): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_CMD msg=audit(1400253476.399:12): user pid=1453 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=696675702065746830 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253476.399:13): user pid=1453 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400253476.401:14): user pid=1453 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_END msg=audit(1400253476.500:15): user pid=1453 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400253476.501:16): user pid=1453 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_CMD msg=audit(1400253504.497:17): user pid=1477 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=73657269766365206E6574776F726B207374617274 terminal=tty1 res=failed' >type=USER_CMD msg=audit(1400253509.712:18): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=73657276696365206E6574776F726B207374617274 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253509.712:19): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400253509.713:20): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_END msg=audit(1400253510.022:21): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400253510.022:22): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_CMD msg=audit(1400253596.247:23): user pid=1722 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=73687574646F776E202D68206E6F77 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253596.248:24): user pid=1722 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400253596.248:25): user pid=1722 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=SYSTEM_RUNLEVEL msg=audit(1400253596.274:26): user pid=1723 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=tty1 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1400253596.274:27): user pid=1723 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400253596.293:28): user pid=1722 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400253596.293:29): user pid=1722 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400253596.298:30): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400253596.313:31): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400253597.279:32): user pid=1187 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1187 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400253597.279:33): user pid=1187 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1187 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=DAEMON_END msg=audit(1400253601.229:8650): auditd normal halt, sending auid=0 pid=1903 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1400253623.706:7216): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=903 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1400253623.815:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_AUTH msg=audit(1400253641.514:5): user pid=1345 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400253641.516:6): user pid=1345 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400253641.517:7): pid=1345 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1400253641.631:8): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400253641.697:9): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253641.698:10): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400253641.700:11): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_CMD msg=audit(1400253650.700:12): user pid=1454 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=696675702065746830 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253650.700:13): user pid=1454 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400253650.703:14): user pid=1454 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_END msg=audit(1400253650.790:15): user pid=1454 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400253650.790:16): user pid=1454 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_CMD msg=audit(1400253652.526:17): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=696675702065746831 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253652.526:18): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400253652.526:19): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_END msg=audit(1400253652.596:20): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400253652.596:21): user pid=1478 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=SYSTEM_RUNLEVEL msg=audit(1400253688.442:22): user pid=1505 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=6 exe="/sbin/shutdown" hostname=? addr=? terminal=tty1 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1400253688.443:23): user pid=1505 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=tty1 res=success' >type=CRED_DISP msg=audit(1400253688.454:24): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400253688.454:25): user pid=1345 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400253689.442:26): user pid=1187 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1187 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400253689.442:27): user pid=1187 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1187 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=DAEMON_END msg=audit(1400253693.400:7217): auditd normal halt, sending auid=0 pid=1685 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1400253722.644:8809): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=1081 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1400253722.767:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_AUTH msg=audit(1400253785.739:5): user pid=1517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400253785.741:6): user pid=1517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400253785.742:7): pid=1517 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1400253785.851:8): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400253785.921:9): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253785.921:10): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400253785.923:11): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_DISP msg=audit(1400253849.258:12): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400253849.262:13): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_AUTH msg=audit(1400253857.813:14): user pid=1635 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400253857.815:15): user pid=1635 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400253857.815:16): pid=1635 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_ROLE_CHANGE msg=audit(1400253857.901:17): user pid=1635 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400253857.917:18): user pid=1635 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400253857.917:19): user pid=1635 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400253857.917:20): user pid=1635 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400253869.687:21): user pid=1663 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1663 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400253869.687:22): user pid=1663 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1663 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400253869.690:23): user pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1663 suid=74 rport=57500 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400253869.690:24): user pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1663 suid=74 rport=57500 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=USER_AUTH msg=audit(1400253871.026:25): user pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=ssh res=failed' >type=USER_AUTH msg=audit(1400253872.722:26): user pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_ACCT msg=audit(1400253872.725:27): user pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1400253872.726:28): user pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1663 suid=74 rport=57500 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=USER_AUTH msg=audit(1400253872.726:29): user pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1400253872.727:30): user pid=1662 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=LOGIN msg=audit(1400253872.727:31): pid=1662 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3 >type=USER_ROLE_CHANGE msg=audit(1400253872.858:32): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_START msg=audit(1400253872.863:33): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1400253872.868:34): user pid=1666 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400253872.868:35): user pid=1666 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400253872.869:36): user pid=1666 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1666 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400253872.869:37): user pid=1666 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1666 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1400253872.870:38): user pid=1666 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_CMD msg=audit(1400253933.458:39): user pid=1689 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20636C65616E20616C6C terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400253933.458:40): user pid=1689 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400253933.461:41): user pid=1689 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400253934.286:42): user pid=1689 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400253934.289:43): user pid=1689 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400253941.386:44): user pid=1695 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20757064617465 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400253941.387:45): user pid=1695 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400253941.387:46): user pid=1695 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400253960.446:47): user pid=1695 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400253960.446:48): user pid=1695 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400253990.590:49): user pid=1700 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20757064617465 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400253990.590:50): user pid=1700 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400253990.591:51): user pid=1700 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400253990.881:52): user pid=1700 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400253990.881:53): user pid=1700 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_ACCT msg=audit(1400254201.703:54): user pid=1708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400254201.703:55): user pid=1708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400254201.722:56): pid=1708 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=4 >type=USER_START msg=audit(1400254201.725:57): user pid=1708 uid=0 auid=0 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400254201.856:58): user pid=1708 uid=0 auid=0 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400254201.856:59): user pid=1708 uid=0 auid=0 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_CMD msg=audit(1400254226.359:60): user pid=1716 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20636C65616E20616C6C terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400254226.359:61): user pid=1716 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400254226.360:62): user pid=1716 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400254226.586:63): user pid=1716 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400254226.586:64): user pid=1716 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400254332.534:65): user pid=1728 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D2073656172636820646973636F76657279 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400254332.535:66): user pid=1728 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400254332.535:67): user pid=1728 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400254418.532:68): user pid=1728 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400254418.532:69): user pid=1728 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400254443.276:70): user pid=1733 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20696E7374616C6C202D7920666F72656D616E2D646973636F766572792D696D616765 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400254443.277:71): user pid=1733 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400254443.277:72): user pid=1733 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_ACCT msg=audit(1400254801.868:73): user pid=1745 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400254801.869:74): user pid=1745 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400254801.869:75): pid=1745 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=5 >type=USER_START msg=audit(1400254801.869:76): user pid=1745 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400254801.912:77): user pid=1745 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400254801.912:78): user pid=1745 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1400255402.423:79): user pid=1808 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400255402.423:80): user pid=1808 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400255402.426:81): pid=1808 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=6 >type=USER_START msg=audit(1400255402.545:82): user pid=1808 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400255405.139:83): user pid=1808 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400255405.139:84): user pid=1808 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400255417.764:85): user pid=1733 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400255417.765:86): user pid=1733 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400255960.443:87): user pid=1359 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1359 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400255960.443:88): user pid=1359 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1359 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400256002.275:89): user pid=1921 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400256002.323:90): user pid=1921 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400256002.336:91): pid=1921 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=7 >type=USER_START msg=audit(1400256002.411:92): user pid=1921 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400256002.723:93): user pid=1921 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400256002.723:94): user pid=1921 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1400256061.874:95): user pid=2023 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400256061.875:96): user pid=2023 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400256061.878:97): pid=2023 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=8 >type=USER_START msg=audit(1400256061.930:98): user pid=2023 uid=0 auid=0 ses=8 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400256062.583:99): user pid=2023 uid=0 auid=0 ses=8 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400256062.583:100): user pid=2023 uid=0 auid=0 ses=8 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=ADD_USER msg=audit(1400256075.970:101): user pid=2100 uid=0 auid=0 ses=3 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user acct="postfix" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=failed' >type=ADD_USER msg=audit(1400256075.970:102): user pid=2100 uid=0 auid=0 ses=3 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user acct="postfix" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=failed' >type=MAC_POLICY_LOAD msg=audit(1400256102.296:103): policy loaded auid=0 ses=3 >type=SYSCALL msg=audit(1400256102.296:103): arch=c000003e syscall=1 success=yes exit=7292905 a0=4 a1=7f8955a62000 a2=6f47e9 a3=7fff2a3f7590 items=0 ppid=2540 pid=2545 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:system_r:load_policy_t:s0-s0:c0.c1023 key=(null) >type=USER_CMD msg=audit(1400256280.101:104): user pid=12011 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=73687574646F776E202D68206E6F77 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400256280.102:105): user pid=12011 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400256280.105:106): user pid=12011 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=SYSTEM_RUNLEVEL msg=audit(1400256280.133:107): user pid=12012 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1400256280.133:108): user pid=12012 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=USER_END msg=audit(1400256280.154:109): user pid=12011 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400256280.154:110): user pid=12011 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400256280.229:111): user pid=1635 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe=2F62696E2F6C6F67696E202864656C6574656429 hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400256280.297:112): user pid=1635 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe=2F62696E2F6C6F67696E202864656C6574656429 hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400256281.264:113): user pid=1879 uid=0 auid=0 ses=3 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1879 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400256281.264:114): user pid=1879 uid=0 auid=0 ses=3 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1879 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400256281.403:115): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=CRED_DISP msg=audit(1400256281.404:116): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_END msg=audit(1400256281.410:117): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_LOGOUT msg=audit(1400256281.410:118): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400256281.410:119): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1662 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400256281.414:120): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1662 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400256281.415:121): user pid=1662 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1662 suid=0 rport=57500 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=DAEMON_END msg=audit(1400256285.236:8810): auditd normal halt, sending auid=0 pid=12183 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1400256514.519:4916): auditd start, ver=2.2 format=raw kernel=2.6.32-431.17.1.el6.x86_64 auid=4294967295 pid=936 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1400256514.638:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_AUTH msg=audit(1400256548.374:5): user pid=1375 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400256548.376:6): user pid=1375 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400256548.377:7): pid=1375 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1400256548.498:8): user pid=1375 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400256548.572:9): user pid=1375 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400256548.573:10): user pid=1375 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400256548.574:11): user pid=1375 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_CMD msg=audit(1400256564.560:12): user pid=1482 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=79756D20696E7374616C6C20666F72656D616E2D696E7374616C6C65722D7374617970756674 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400256564.561:13): user pid=1482 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400256564.565:14): user pid=1482 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_END msg=audit(1400256571.293:15): user pid=1482 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400256571.293:16): user pid=1482 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_ACCT msg=audit(1400256601.903:17): user pid=1505 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400256601.903:18): user pid=1505 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400256601.911:19): pid=1505 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_START msg=audit(1400256601.913:20): user pid=1505 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400256602.029:21): user pid=1505 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400256602.029:22): user pid=1505 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=DAEMON_START msg=audit(1400256737.754:1293): auditd start, ver=2.2 format=raw kernel=2.6.32-431.17.1.el6.x86_64 auid=4294967295 pid=1129 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1400256737.866:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_AUTH msg=audit(1400256746.136:5): user pid=1565 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400256746.139:6): user pid=1565 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400256746.141:7): pid=1565 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1400256746.257:8): user pid=1565 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400256746.326:9): user pid=1565 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400256746.328:10): user pid=1565 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400256746.329:11): user pid=1565 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_CMD msg=audit(1400256757.366:12): user pid=1672 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=79756D20696E7374616C6C20666F72656D616E2D696E7374616C6C65722D7374617970756674 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400256757.367:13): user pid=1672 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400256757.369:14): user pid=1672 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=ADD_GROUP msg=audit(1400257004.389:15): user pid=1688 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=498 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257004.459:16): user pid=1688 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=498 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257004.459:17): user pid=1688 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=498 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1400257004.570:18): user pid=1693 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=498 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1400257010.803:19): user pid=1704 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400257010.803:20): user pid=1704 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400257010.809:21): user pid=1704 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400257010.809:22): user pid=1704 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400257013.462:23): user pid=1704 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400257013.462:24): user pid=1704 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1400257013.472:25): user pid=1734 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400257013.473:26): user pid=1734 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400257013.473:27): user pid=1734 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400257013.473:28): user pid=1734 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400257016.086:29): user pid=1734 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400257016.087:30): user pid=1734 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257043.845:31): user pid=1776 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=27 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257043.945:32): user pid=1776 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=27 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257043.945:33): user pid=1776 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=27 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1400257044.040:34): user pid=1780 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=27 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257047.300:35): user pid=1791 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=52 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257047.391:36): user pid=1791 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=52 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257047.391:37): user pid=1791 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=52 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1400257047.505:38): user pid=1796 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=52 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1400257059.722:39): user pid=1806 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400257059.723:40): user pid=1806 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400257059.727:41): user pid=1806 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400257059.727:42): user pid=1806 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400257062.916:43): user pid=1806 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400257062.916:44): user pid=1806 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1400257062.943:45): user pid=1832 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400257062.943:46): user pid=1832 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400257062.944:47): user pid=1832 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400257062.944:48): user pid=1832 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400257066.035:49): user pid=1832 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400257066.036:50): user pid=1832 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1400257066.050:51): user pid=1858 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400257066.050:52): user pid=1858 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400257066.050:53): user pid=1858 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400257066.050:54): user pid=1858 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400257069.269:55): user pid=1858 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400257069.270:56): user pid=1858 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400257081.405:57): user pid=1672 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400257081.406:58): user pid=1672 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_CMD msg=audit(1400257127.367:59): user pid=1893 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=73687574646F776E202D68206E6F77 terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400257127.367:60): user pid=1893 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=USER_START msg=audit(1400257127.371:61): user pid=1893 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=SYSTEM_RUNLEVEL msg=audit(1400257127.392:62): user pid=1894 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=tty1 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1400257127.392:63): user pid=1894 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400257127.416:64): user pid=1893 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400257127.416:65): user pid=1893 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/tty1 res=success' >type=CRED_DISP msg=audit(1400257127.430:66): user pid=1565 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1400257127.441:67): user pid=1565 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400257128.493:68): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1407 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400257128.493:69): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1407 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=DAEMON_END msg=audit(1400257132.556:1294): auditd normal halt, sending auid=0 pid=2073 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1400257237.758:6790): auditd start, ver=2.2 format=raw kernel=2.6.32-431.17.1.el6.x86_64 auid=4294967295 pid=1081 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1400257237.885:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_AUTH msg=audit(1400257256.485:5): user pid=1517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400257256.487:6): user pid=1517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400257256.487:7): pid=1517 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1400257256.585:8): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400257256.655:9): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400257256.658:10): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400257256.659:11): user pid=1517 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400257310.782:12): user pid=1626 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1626 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400257310.782:13): user pid=1626 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1626 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400257310.785:14): user pid=1625 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1626 suid=74 rport=57738 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400257310.785:15): user pid=1625 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1626 suid=74 rport=57738 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=USER_AUTH msg=audit(1400257311.071:16): user pid=1625 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=ssh res=failed' >type=USER_AUTH msg=audit(1400257313.211:17): user pid=1625 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_ACCT msg=audit(1400257313.218:18): user pid=1625 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1400257313.222:19): user pid=1625 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1626 suid=74 rport=57738 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=USER_AUTH msg=audit(1400257313.223:20): user pid=1625 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1400257313.223:21): user pid=1625 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=LOGIN msg=audit(1400257313.223:22): pid=1625 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_ROLE_CHANGE msg=audit(1400257313.383:23): user pid=1625 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_START msg=audit(1400257313.387:24): user pid=1625 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1400257313.393:25): user pid=1629 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257313.393:26): user pid=1629 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400257313.393:27): user pid=1629 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=1629 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400257313.393:28): user pid=1629 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=1629 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1400257313.394:29): user pid=1629 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_CMD msg=audit(1400257326.516:30): user pid=1647 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=79756D20696E7374616C6C20666F72656D616E2D73656C696E75782D312E352E302D302E322E5243322E656C362E6E6F617263682E72706D terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257326.516:31): user pid=1647 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257326.519:32): user pid=1647 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=MAC_CONFIG_CHANGE msg=audit(1400257404.854:33): bool=httpd_setrlimit val=1 old_val=0 auid=0 ses=2 >type=SYSCALL msg=audit(1400257404.854:33): arch=c000003e syscall=1 success=yes exit=2 a0=7 a1=7fffa7012fa0 a2=2 a3=0 items=0 ppid=1664 pid=1666 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="semanage" exe="/usr/bin/python" subj=unconfined_u:system_r:semanage_t:s0-s0:c0.c1023 key=(null) >type=MAC_POLICY_LOAD msg=audit(1400257405.066:34): policy loaded auid=0 ses=2 >type=SYSCALL msg=audit(1400257405.066:34): arch=c000003e syscall=1 success=yes exit=7318910 a0=4 a1=7fb4204c6000 a2=6fad7e a3=7fff0d0c5440 items=0 ppid=1666 pid=1667 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:system_r:load_policy_t:s0-s0:c0.c1023 key=(null) >type=USER_END msg=audit(1400257410.890:35): user pid=1647 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400257410.891:36): user pid=1647 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=ANOM_ABEND msg=audit(1400257482.448:37): auid=0 uid=0 gid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=2783 comm="puppet" sig=6 >type=USER_AUTH msg=audit(1400257490.378:38): user pid=3542 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_ACCT msg=audit(1400257490.378:39): user pid=3542 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_START msg=audit(1400257490.383:40): user pid=3542 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257490.383:41): user pid=3542 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_DISP msg=audit(1400257493.822:42): user pid=3542 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_END msg=audit(1400257493.823:43): user pid=3542 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=MAC_STATUS msg=audit(1400257514.867:44): enforcing=0 old_enforcing=1 auid=0 ses=2 >type=SYSCALL msg=audit(1400257514.867:44): arch=c000003e syscall=1 success=yes exit=1 a0=3 a1=7fffa079f620 a2=1 a3=7fffa079e3a0 items=0 ppid=1629 pid=3571 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="setenforce" exe="/usr/sbin/setenforce" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) >type=ANOM_ABEND msg=audit(1400257537.769:45): auid=0 uid=0 gid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=4120 comm="puppet" sig=6 >type=USER_AUTH msg=audit(1400257544.331:46): user pid=4879 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_ACCT msg=audit(1400257544.332:47): user pid=4879 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_START msg=audit(1400257544.332:48): user pid=4879 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257544.332:49): user pid=4879 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_DISP msg=audit(1400257546.927:50): user pid=4879 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_END msg=audit(1400257546.927:51): user pid=4879 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_CMD msg=audit(1400257586.068:52): user pid=4906 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=79756D20757064617465 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257586.069:53): user pid=4906 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257586.069:54): user pid=4906 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400257586.760:55): user pid=4906 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400257586.760:56): user pid=4906 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400257599.977:57): user pid=4909 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20636C65616E terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257599.979:58): user pid=4909 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257599.979:59): user pid=4909 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400257600.167:60): user pid=4909 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400257600.167:61): user pid=4909 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400257604.704:62): user pid=4911 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20636C65616E20616C6C terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257604.704:63): user pid=4911 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257604.704:64): user pid=4911 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400257604.942:65): user pid=4911 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400257604.942:66): user pid=4911 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400257608.181:67): user pid=4913 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20757064617465 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257608.182:68): user pid=4913 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257608.182:69): user pid=4913 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400257641.099:70): user pid=4913 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400257641.099:71): user pid=4913 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400257669.261:72): user pid=4921 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D2072656D6F766520666F72656D616E2D696E7374616C6C2D7374617970756674 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257669.261:73): user pid=4921 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257669.262:74): user pid=4921 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400257669.909:75): user pid=4921 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400257669.909:76): user pid=4921 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400257673.287:77): user pid=4923 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D2072656D6F766520666F72656D616E2D696E7374616C6C65722D7374617970756674 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257673.287:78): user pid=4923 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257673.288:79): user pid=4923 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400257679.679:80): user pid=4923 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400257679.680:81): user pid=4923 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_CMD msg=audit(1400257684.978:82): user pid=4925 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/etc/yum.repos.d" cmd=79756D20696E7374616C6C20666F72656D616E2D696E7374616C6C65722D7374617970756674 terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400257684.980:83): user pid=4925 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400257684.980:84): user pid=4925 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_END msg=audit(1400257689.860:85): user pid=4925 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRED_DISP msg=audit(1400257689.860:86): user pid=4925 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=ADD_GROUP msg=audit(1400257779.470:87): user pid=6693 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257779.579:88): user pid=6693 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257779.579:89): user pid=6693 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1400257779.714:90): user pid=6697 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=25 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257797.859:91): user pid=6725 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=26 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257797.920:92): user pid=6725 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=26 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257797.922:93): user pid=6725 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=26 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1400257798.003:94): user pid=6729 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=26 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400257801.130:95): user pid=6737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400257801.130:96): user pid=6737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1400257801.136:97): user pid=6738 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400257801.136:98): user pid=6738 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400257801.139:99): pid=6738 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3 >type=LOGIN msg=audit(1400257801.142:100): pid=6737 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=498 old ses=4294967295 new ses=4 >type=USER_START msg=audit(1400257801.148:101): user pid=6737 uid=0 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_START msg=audit(1400257801.152:102): user pid=6738 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400257801.339:103): user pid=6738 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400257801.339:104): user pid=6738 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400257809.519:105): user pid=6737 uid=498 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400257809.519:106): user pid=6737 uid=498 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=ADD_GROUP msg=audit(1400257829.452:107): user pid=6766 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=497 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257829.545:108): user pid=6766 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=497 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257829.545:109): user pid=6766 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=497 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1400257829.635:110): user pid=6771 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=497 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257836.941:111): user pid=6789 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=177 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257837.003:112): user pid=6789 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=177 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257837.003:113): user pid=6789 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=177 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1400257837.077:114): user pid=6794 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=177 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400257862.473:115): user pid=6907 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=6907 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400257862.473:116): user pid=6907 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=6907 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400257862.480:117): user pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=6907 suid=74 rport=57761 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400257862.480:118): user pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=6907 suid=74 rport=57761 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=USER_AUTH msg=audit(1400257862.731:119): user pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=ssh res=failed' >type=USER_AUTH msg=audit(1400257864.578:120): user pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_ACCT msg=audit(1400257864.580:121): user pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1400257864.581:122): user pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=6907 suid=74 rport=57761 laddr=192.168.200.16 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=? res=success' >type=USER_AUTH msg=audit(1400257864.582:123): user pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1400257864.583:124): user pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=LOGIN msg=audit(1400257864.583:125): pid=6906 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=5 >type=USER_ROLE_CHANGE msg=audit(1400257864.756:126): user pid=6906 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_START msg=audit(1400257864.761:127): user pid=6906 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1400257864.767:128): user pid=6915 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=/dev/pts/2 res=success' >type=USER_START msg=audit(1400257864.767:129): user pid=6915 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=/dev/pts/2 res=success' >type=CRYPTO_KEY_USER msg=audit(1400257864.768:130): user pid=6915 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=76:03:c2:6e:6c:d1:76:66:28:0b:c3:ee:86:03:96:e8 direction=? spid=6915 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=pts/2 res=success' >type=CRYPTO_KEY_USER msg=audit(1400257864.768:131): user pid=6915 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=4e:ab:85:31:83:b7:ed:ef:af:e1:7d:a2:c3:5e:ad:74 direction=? spid=6915 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.200.1 terminal=pts/2 res=success' >type=CRED_REFR msg=audit(1400257864.773:132): user pid=6915 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=192.168.200.1 addr=192.168.200.1 terminal=ssh res=success' >type=ADD_GROUP msg=audit(1400257864.820:133): user pid=6914 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257864.879:134): user pid=6914 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1400257864.879:135): user pid=6914 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1400257865.009:136): user pid=6936 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=48 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400257906.236:137): user pid=7711 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400257906.237:138): user pid=7711 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400257906.325:139): user pid=7711 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400257906.326:140): user pid=7711 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400257907.285:141): user pid=7770 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400257907.285:142): user pid=7770 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400257907.314:143): user pid=7770 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400257907.314:144): user pid=7770 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400257936.601:145): user pid=8003 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/bin/crontab" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400257936.602:146): user pid=8003 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/crontab" hostname=? addr=? terminal=cron res=success' >type=USER_CHAUTHTOK msg=audit(1400257937.001:147): user pid=8014 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing user shell id=498 exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400257937.120:148): user pid=8021 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to group acct="foreman" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400257937.121:149): user pid=8021 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to shadow group acct="foreman" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400258008.226:150): user pid=8153 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400258008.226:151): user pid=8153 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400258023.101:152): user pid=8153 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400258023.101:153): user pid=8153 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400258028.227:154): user pid=8393 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing comment id=497 exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400258028.394:155): user pid=8400 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing user shell id=497 exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400258028.544:156): user pid=8407 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to group acct="foreman-proxy" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400258028.545:157): user pid=8407 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to group acct="foreman-proxy" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400258028.545:158): user pid=8407 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to shadow group acct="foreman-proxy" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400258028.545:159): user pid=8407 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to shadow group acct="foreman-proxy" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400258031.503:160): user pid=8558 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400258031.507:161): user pid=8558 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400258032.724:162): user pid=8558 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400258032.724:163): user pid=8558 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=AVC msg=audit(1400258033.035:164): avc: denied { relabelto } for pid=8510 comm="ruby" name="yaml" dev=dm-0 ino=537367 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=dir >type=SYSCALL msg=audit(1400258033.035:164): arch=c000003e syscall=189 success=yes exit=0 a0=335cd90 a1=7f906eed6319 a2=229cdf0 a3=26 items=0 ppid=8340 pid=8510 auid=0 uid=52 gid=52 euid=52 suid=52 fsuid=52 egid=52 sgid=52 fsgid=52 tty=(none) ses=2 comm="ruby" exe="/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=AVC msg=audit(1400258033.076:165): avc: denied { relabelto } for pid=8510 comm="ruby" name="masterhttp.log" dev=dm-0 ino=536269 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_log_t:s0 tclass=file >type=SYSCALL msg=audit(1400258033.076:165): arch=c000003e syscall=189 success=yes exit=0 a0=2954b00 a1=7f906eed6319 a2=3f93010 a3=22 items=0 ppid=8340 pid=8510 auid=0 uid=52 gid=52 euid=52 suid=52 fsuid=52 egid=52 sgid=52 fsgid=52 tty=(none) ses=2 comm="ruby" exe="/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=AVC msg=audit(1400258033.337:166): avc: denied { relabelto } for pid=8510 comm="ruby" name="ca_crt.pem" dev=dm-0 ino=536250 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file >type=SYSCALL msg=audit(1400258033.337:166): arch=c000003e syscall=189 success=yes exit=0 a0=45278a0 a1=7f906eed6319 a2=4622a90 a3=26 items=0 ppid=8340 pid=8510 auid=0 uid=52 gid=52 euid=52 suid=52 fsuid=52 egid=52 sgid=52 fsgid=52 tty=(none) ses=2 comm="ruby" exe="/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=AVC msg=audit(1400258050.395:167): avc: denied { write } for pid=8914 comm="ruby" name="dynflow_socket" dev=dm-0 ino=282452 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:foreman_var_run_t:s0 tclass=sock_file >type=AVC msg=audit(1400258050.395:167): avc: denied { connectto } for pid=8914 comm="ruby" path="/var/run/foreman/sockets/dynflow_socket" scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket >type=SYSCALL msg=audit(1400258050.395:167): arch=c000003e syscall=42 success=yes exit=0 a0=9 a1=7fb016e3d820 a2=6e a3=7fb016e3d1c0 items=0 ppid=8637 pid=8914 auid=0 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=498 sgid=498 fsgid=498 tty=(none) ses=2 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=USER_AUTH msg=audit(1400258070.004:168): user pid=9309 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_ACCT msg=audit(1400258070.006:169): user pid=9309 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_START msg=audit(1400258070.023:170): user pid=9309 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400258070.023:171): user pid=9309 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_DISP msg=audit(1400258271.558:172): user pid=9309 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_END msg=audit(1400258271.560:173): user pid=9309 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_ACCT msg=audit(1400258401.610:174): user pid=9767 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400258401.612:175): user pid=9767 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400258401.637:176): pid=9767 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=6 >type=USER_START msg=audit(1400258401.661:177): user pid=9767 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400258401.752:178): user pid=9767 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400258401.753:179): user pid=9767 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=896468">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1098244
:
895963
| 896468 |
896469
|
898390
|
899508
|
899509