Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 898390 Details for
Bug 1098244
[Rubygem-Staypuft]: SELinux avc: denied when running staypuft-installer - comm="ruby" path="/sbin/iptables-multi-1.4.7.
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
mburns-audit-log
audit.log (text/plain), 223.11 KB, created by
Mike Burns
on 2014-05-22 13:17:27 UTC
(
hide
)
Description:
mburns-audit-log
Filename:
MIME Type:
Creator:
Mike Burns
Created:
2014-05-22 13:17:27 UTC
Size:
223.11 KB
patch
obsolete
>type=DAEMON_START msg=audit(1399063595.614:9135): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=877 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1399063595.723:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_AUTH msg=audit(1399063654.807:5): user pid=1065 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=failed' >type=USER_LOGIN msg=audit(1399063654.808:6): user pid=1065 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=failed' >type=USER_AUTH msg=audit(1399063660.278:7): user pid=1065 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1399063660.279:8): user pid=1065 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1399063660.280:9): pid=1065 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1399063660.360:10): user pid=1065 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1399063660.364:11): user pid=1065 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1399063660.364:12): user pid=1065 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1399063660.365:13): user pid=1065 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399063985.798:14): user pid=2135 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2135 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063985.798:15): user pid=2135 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2135 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399063985.804:16): user pid=2134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=2135 suid=74 rport=44900 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399063985.804:17): user pid=2134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=2135 suid=74 rport=44900 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063987.372:18): user pid=2137 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2137 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063987.373:19): user pid=2137 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2137 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399063987.377:20): user pid=2136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=2137 suid=74 rport=44901 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399063987.378:21): user pid=2136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=2137 suid=74 rport=44901 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063987.378:22): user pid=2134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2135 suid=74 rport=44900 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ERR msg=audit(1399063987.383:23): user pid=2134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident acct="?" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399063987.384:24): user pid=2134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2134 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063987.384:25): user pid=2134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2134 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_LOGIN msg=audit(1399063987.384:26): user pid=2134 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=failed' >type=USER_AUTH msg=audit(1399063987.432:27): user pid=2136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399063987.438:28): user pid=2136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2137 suid=74 rport=44901 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ERR msg=audit(1399063987.439:29): user pid=2136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident acct="?" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399063987.440:30): user pid=2136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2136 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063987.440:31): user pid=2136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2136 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_LOGIN msg=audit(1399063987.440:32): user pid=2136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399063987.563:33): user pid=2139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2139 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063987.563:34): user pid=2139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2139 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399063987.567:35): user pid=2138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=2139 suid=74 rport=44902 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399063987.567:36): user pid=2138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=2139 suid=74 rport=44902 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399063987.609:37): user pid=2138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399063987.614:38): user pid=2138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2139 suid=74 rport=44902 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ERR msg=audit(1399063987.615:39): user pid=2138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident acct="?" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399063987.615:40): user pid=2138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2138 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063987.615:41): user pid=2138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2138 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_LOGIN msg=audit(1399063987.615:42): user pid=2138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399063987.666:43): user pid=2141 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2141 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063987.667:44): user pid=2141 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2141 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399063987.671:45): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=2141 suid=74 rport=44904 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399063987.671:46): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=2141 suid=74 rport=44904 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399063989.446:47): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=failed' >type=USER_AUTH msg=audit(1399063989.451:48): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=failed' >type=USER_AUTH msg=audit(1399063998.938:49): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_ACCT msg=audit(1399063998.942:50): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399063998.942:51): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2141 suid=74 rport=44904 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399063998.943:52): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399063998.949:53): user pid=2140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399063998.949:54): pid=2140 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_ROLE_CHANGE msg=audit(1399063999.023:55): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399063999.027:56): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399063999.035:57): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399063999.036:58): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399063999.037:59): user pid=2144 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063999.037:60): user pid=2144 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRED_REFR msg=audit(1399063999.038:61): user pid=2144 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399063999.138:62): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGOUT msg=audit(1399063999.139:63): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399063999.140:64): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399063999.142:65): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399063999.142:66): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2140 suid=0 rport=44904 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063999.142:67): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2140 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399063999.142:68): user pid=2140 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2140 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399064004.500:69): user pid=2149 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2149 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399064004.500:70): user pid=2149 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2149 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399064004.505:71): user pid=2148 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=2149 suid=74 rport=44916 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399064004.505:72): user pid=2148 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=2149 suid=74 rport=44916 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399064005.073:73): user pid=2148 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=44916 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399064005.073:74): user pid=2148 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=44916 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399064005.078:75): user pid=2148 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399064005.078:76): user pid=2148 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2149 suid=74 rport=44916 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399064005.079:77): user pid=2148 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399064005.080:78): user pid=2148 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399064005.080:79): pid=2148 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3 >type=USER_ROLE_CHANGE msg=audit(1399064005.142:80): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399064005.146:81): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399064005.154:82): user pid=2151 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1399064005.155:83): user pid=2151 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399064005.156:84): user pid=2151 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2151 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399064005.156:85): user pid=2151 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2151 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1399064005.157:86): user pid=2151 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=NETFILTER_CFG msg=audit(1399064041.909:87): table=filter family=2 entries=10 >type=SYSCALL msg=audit(1399064041.909:87): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=40 a3=22e2fe0 items=0 ppid=2168 pid=2180 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:iptables_t:s0 key=(null) >type=NETFILTER_CFG msg=audit(1399064041.910:88): table=filter family=2 entries=10 >type=SYSCALL msg=audit(1399064041.910:88): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=40 a3=6a1fe0 items=0 ppid=2168 pid=2181 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:iptables_t:s0 key=(null) >type=NETFILTER_CFG msg=audit(1399064041.910:89): table=filter family=2 entries=10 >type=SYSCALL msg=audit(1399064041.910:89): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=40 a3=121dfe0 items=0 ppid=2168 pid=2182 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:iptables_t:s0 key=(null) >type=NETFILTER_CFG msg=audit(1399064041.911:90): table=filter family=2 entries=10 >type=SYSCALL msg=audit(1399064041.911:90): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=40 a3=18df810 items=0 ppid=2168 pid=2183 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:iptables_t:s0 key=(null) >type=NETFILTER_CFG msg=audit(1399064041.913:91): table=filter family=2 entries=4 >type=SYSCALL msg=audit(1399064041.913:91): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=40 a3=1212600 items=0 ppid=2168 pid=2185 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="iptables" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:iptables_t:s0 key=(null) >type=NETFILTER_CFG msg=audit(1399064042.014:92): table=nat family=2 entries=0 >type=SYSCALL msg=audit(1399064042.014:92): arch=c000003e syscall=175 success=yes exit=0 a0=258c860 a1=3ef0 a2=256f4e0 a3=7fffc5013090 items=0 ppid=2234 pid=2235 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/sbin/modprobe" subj=system_u:system_r:insmod_t:s0 key=(null) >type=NETFILTER_CFG msg=audit(1399064042.025:93): table=nat family=2 entries=4 >type=SYSCALL msg=audit(1399064042.025:93): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1161ec0 items=0 ppid=2168 pid=2232 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="iptables-restor" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:iptables_t:s0 key=(null) >type=NETFILTER_CFG msg=audit(1399064042.036:94): table=filter family=2 entries=0 >type=SYSCALL msg=audit(1399064042.036:94): arch=c000003e syscall=175 success=yes exit=0 a0=11292b0 a1=22a0 a2=11214e0 a3=7fff88bdafc0 items=0 ppid=2238 pid=2239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/sbin/modprobe" subj=system_u:system_r:insmod_t:s0 key=(null) >type=NETFILTER_CFG msg=audit(1399064042.039:95): table=filter family=2 entries=4 >type=SYSCALL msg=audit(1399064042.039:95): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1167480 items=0 ppid=2168 pid=2232 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="iptables-restor" exe="/sbin/iptables-multi-1.4.7" subj=unconfined_u:system_r:iptables_t:s0 key=(null) >type=USER_ACCT msg=audit(1399064461.568:96): user pid=2242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399064461.568:97): user pid=2242 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399064461.573:98): pid=2242 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=4 >type=USER_START msg=audit(1399064461.574:99): user pid=2242 uid=0 auid=0 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399064461.629:100): user pid=2242 uid=0 auid=0 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399064461.630:101): user pid=2242 uid=0 auid=0 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1399068061.919:102): user pid=2306 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399068061.919:103): user pid=2306 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399068061.919:104): pid=2306 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=5 >type=USER_START msg=audit(1399068061.919:105): user pid=2306 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399068061.935:106): user pid=2306 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399068061.935:107): user pid=2306 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1399071661.047:108): user pid=2353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399071661.047:109): user pid=2353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399071661.047:110): pid=2353 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=6 >type=USER_START msg=audit(1399071661.048:111): user pid=2353 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399071661.058:112): user pid=2353 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399071661.058:113): user pid=2353 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1399075261.453:114): user pid=2413 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399075261.453:115): user pid=2413 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399075261.453:116): pid=2413 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=7 >type=USER_START msg=audit(1399075261.453:117): user pid=2413 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399075261.462:118): user pid=2413 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399075261.462:119): user pid=2413 uid=0 auid=0 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1399078861.661:120): user pid=2459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399078861.661:121): user pid=2459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399078861.662:122): pid=2459 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=8 >type=USER_START msg=audit(1399078861.662:123): user pid=2459 uid=0 auid=0 ses=8 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399078861.674:124): user pid=2459 uid=0 auid=0 ses=8 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399078861.674:125): user pid=2459 uid=0 auid=0 ses=8 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=SYSTEM_RUNLEVEL msg=audit(1399080420.986:126): user pid=2487 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1399080420.987:127): user pid=2487 uid=0 auid=0 ses=3 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_DISP msg=audit(1399080421.001:128): user pid=1065 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1399080421.012:129): user pid=1065 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399080421.358:130): user pid=950 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=950 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399080421.360:131): user pid=950 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=950 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399080421.478:132): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399080421.479:133): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399080421.480:134): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_LOGOUT msg=audit(1399080421.480:135): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399080421.480:136): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2148 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399080421.480:137): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2148 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399080421.480:138): user pid=2148 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2148 suid=0 rport=44916 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=DAEMON_END msg=audit(1399080421.983:9136): auditd normal halt, sending auid=0 pid=2582 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1399080513.126:555): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=1025 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1399080513.236:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=CRYPTO_KEY_USER msg=audit(1399080517.068:5): user pid=1214 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1214 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399080517.068:6): user pid=1214 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1214 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399080517.073:7): user pid=1213 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1214 suid=74 rport=51108 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399080517.073:8): user pid=1213 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1214 suid=74 rport=51108 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399080518.900:9): user pid=1213 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=51108 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399080518.900:10): user pid=1213 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=51108 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399080518.925:11): user pid=1213 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399080518.925:12): user pid=1213 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1214 suid=74 rport=51108 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399080518.926:13): user pid=1213 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399080518.928:14): user pid=1213 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399080518.928:15): pid=1213 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1399080519.025:16): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399080519.029:17): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399080519.046:18): user pid=1216 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1399080519.048:19): user pid=1216 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399080519.048:20): user pid=1216 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1216 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399080519.048:21): user pid=1216 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1216 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1399080519.050:22): user pid=1216 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=ADD_GROUP msg=audit(1399081327.142:23): user pid=1374 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=175 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399081327.214:24): user pid=1374 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=175 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399081327.215:25): user pid=1374 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=175 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399081327.499:26): user pid=1379 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=175 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1399081375.338:27): user pid=1588 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1399081375.338:28): user pid=1588 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_DISP msg=audit(1399081375.471:29): user pid=1588 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=pts/0 res=success' >type=USER_END msg=audit(1399081375.472:30): user pid=1588 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=pts/0 res=success' >type=AVC msg=audit(1399081375.492:31): avc: denied { read } for pid=1598 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399081375.492:31): avc: denied { open } for pid=1598 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399081375.492:31): arch=c000003e syscall=2 success=yes exit=8 a0=7f178930b2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1598 auid=0 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=1 comm="ovirt-guest-age" exe="/usr/bin/python" subj=unconfined_u:system_r:rhev_agentd_t:s0 key=(null) >type=SYSTEM_RUNLEVEL msg=audit(1399081395.313:32): user pid=1606 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1399081395.313:33): user pid=1606 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399081395.962:34): user pid=1080 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1080 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399081395.962:35): user pid=1080 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1080 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399081396.074:36): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399081396.077:37): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399081396.077:38): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_LOGOUT msg=audit(1399081396.077:39): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399081396.077:40): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1213 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399081396.077:41): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1213 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399081396.079:42): user pid=1213 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1213 suid=0 rport=51108 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=DAEMON_END msg=audit(1399081396.931:556): auditd normal halt, sending auid=0 pid=1715 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1399081576.942:9739): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=1075 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1399081577.049:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_START msg=audit(1399081578.487:5): user pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_ACQ msg=audit(1399081578.488:6): user pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_DISP msg=audit(1399081579.085:7): user pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=USER_END msg=audit(1399081579.085:8): user pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=AVC msg=audit(1399081579.244:9): avc: denied { read } for pid=1336 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399081579.244:9): avc: denied { open } for pid=1336 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399081579.244:9): arch=c000003e syscall=2 success=yes exit=8 a0=7f0fe311c2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1336 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=CRYPTO_KEY_USER msg=audit(1399081600.189:10): user pid=1408 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1408 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399081600.189:11): user pid=1408 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1408 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399081600.192:12): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1408 suid=74 rport=51981 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399081600.193:13): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1408 suid=74 rport=51981 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399081601.560:14): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=51981 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399081601.560:15): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=51981 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399081601.578:16): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399081601.579:17): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1408 suid=74 rport=51981 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399081601.580:18): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399081601.591:19): user pid=1407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399081601.591:20): pid=1407 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1399081601.720:21): user pid=1407 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399081601.724:22): user pid=1407 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399081601.750:23): user pid=1410 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1399081601.751:24): user pid=1410 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399081601.751:25): user pid=1410 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1410 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399081601.751:26): user pid=1410 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1410 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1399081601.752:27): user pid=1410 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=AVC msg=audit(1399081699.209:28): avc: denied { read } for pid=1337 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399081699.209:28): avc: denied { open } for pid=1337 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399081699.209:28): arch=c000003e syscall=2 success=yes exit=6 a0=7f0fe311c2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1337 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=ADD_GROUP msg=audit(1399081703.842:29): user pid=1448 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=32 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399081703.893:30): user pid=1448 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=32 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399081703.894:31): user pid=1448 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=32 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399081703.923:32): user pid=1452 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=32 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399081706.557:33): user pid=1488 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding group acct="rpcuser" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399081706.557:34): user pid=1488 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=29 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399081706.842:35): user pid=1497 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=65534 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399081706.909:36): user pid=1497 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=65534 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399081706.909:37): user pid=1497 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=65534 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399081706.914:38): user pid=1504 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=65534 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=AVC msg=audit(1399081819.675:39): avc: denied { read } for pid=1337 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399081819.675:39): avc: denied { open } for pid=1337 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399081819.675:39): arch=c000003e syscall=2 success=yes exit=6 a0=7f0fe311c2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1337 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=CRYPTO_KEY_USER msg=audit(1399082345.049:40): user pid=2164 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2164 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399082345.049:41): user pid=2164 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2164 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399082345.050:42): user pid=2163 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=2164 suid=74 rport=52347 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399082345.051:43): user pid=2163 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=2164 suid=74 rport=52347 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399082346.695:44): user pid=2163 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=52347 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399082346.695:45): user pid=2163 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=52347 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399082346.718:46): user pid=2163 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399082346.723:47): user pid=2163 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2164 suid=74 rport=52347 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399082346.724:48): user pid=2163 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399082346.725:49): user pid=2163 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399082346.725:50): pid=2163 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_ROLE_CHANGE msg=audit(1399082346.808:51): user pid=2163 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399082346.812:52): user pid=2163 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399082346.834:53): user pid=2166 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/1 res=success' >type=USER_START msg=audit(1399082346.835:54): user pid=2166 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399082346.835:55): user pid=2166 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2166 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399082346.835:56): user pid=2166 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2166 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/1 res=success' >type=CRED_REFR msg=audit(1399082346.837:57): user pid=2166 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=AVC msg=audit(1399082423.782:58): avc: denied { read } for pid=1337 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399082423.782:58): avc: denied { open } for pid=1337 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399082423.782:58): arch=c000003e syscall=2 success=yes exit=6 a0=7f0fe311c2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1337 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=USER_ACCT msg=audit(1399082461.288:59): user pid=2343 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399082461.288:60): user pid=2343 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399082461.294:61): pid=2343 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3 >type=USER_START msg=audit(1399082461.295:62): user pid=2343 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399082461.435:63): user pid=2343 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399082461.435:64): user pid=2343 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=DAEMON_START msg=audit(1399384405.560:7235): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=1220 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1399384405.671:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_START msg=audit(1399384408.011:5): user pid=1621 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_ACQ msg=audit(1399384408.011:6): user pid=1621 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_DISP msg=audit(1399384408.784:7): user pid=1621 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=USER_END msg=audit(1399384408.784:8): user pid=1621 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=AVC msg=audit(1399384408.836:9): avc: denied { read } for pid=1633 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399384408.836:9): avc: denied { open } for pid=1633 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399384408.836:9): arch=c000003e syscall=2 success=yes exit=6 a0=7f3ae1ffe2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1633 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=AVC msg=audit(1399384529.001:10): avc: denied { read } for pid=1634 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399384529.001:10): avc: denied { open } for pid=1634 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399384529.001:10): arch=c000003e syscall=2 success=yes exit=6 a0=7f3ae1ffe2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1634 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=CRYPTO_KEY_USER msg=audit(1399384797.202:11): user pid=1765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1765 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399384797.202:12): user pid=1765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1765 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399384797.206:13): user pid=1764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1765 suid=74 rport=58481 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399384797.206:14): user pid=1764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1765 suid=74 rport=58481 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399384798.583:15): user pid=1767 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1767 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399384798.583:16): user pid=1767 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1767 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399384798.587:17): user pid=1766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1767 suid=74 rport=58482 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399384798.587:18): user pid=1766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1767 suid=74 rport=58482 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399384829.193:19): user pid=1764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=58481 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399384829.193:20): user pid=1764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=58481 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399384829.209:21): user pid=1766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=58482 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399384829.209:22): user pid=1766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=58482 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399384829.227:23): user pid=1764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_ACCT msg=audit(1399384829.227:24): user pid=1766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399384829.228:25): user pid=1766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1767 suid=74 rport=58482 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399384829.228:26): user pid=1766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399384829.228:27): user pid=1764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1765 suid=74 rport=58481 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399384829.229:28): user pid=1764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399384829.237:29): user pid=1766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399384829.237:30): pid=1766 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=CRED_ACQ msg=audit(1399384829.238:31): user pid=1764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399384829.238:32): pid=1764 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_ROLE_CHANGE msg=audit(1399384829.360:33): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_ROLE_CHANGE msg=audit(1399384829.362:34): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399384829.363:35): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399384829.364:36): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399384829.387:37): user pid=1773 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=USER_LOGIN msg=audit(1399384829.387:38): user pid=1774 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/1 res=success' >type=USER_START msg=audit(1399384829.388:39): user pid=1773 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399384829.389:40): user pid=1773 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1773 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399384829.389:41): user pid=1773 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1773 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=USER_START msg=audit(1399384829.389:42): user pid=1774 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399384829.390:43): user pid=1774 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1774 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399384829.390:44): user pid=1774 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1774 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/1 res=success' >type=CRED_REFR msg=audit(1399384829.390:45): user pid=1773 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_REFR msg=audit(1399384829.399:46): user pid=1774 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_ACCT msg=audit(1399384861.657:47): user pid=1799 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399384861.657:48): user pid=1799 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399384861.661:49): pid=1799 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3 >type=USER_START msg=audit(1399384861.662:50): user pid=1799 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399384861.724:51): user pid=1799 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399384861.724:52): user pid=1799 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=AVC msg=audit(1399384894.619:53): avc: denied { read } for pid=1634 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399384894.619:53): avc: denied { open } for pid=1634 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399384894.619:53): arch=c000003e syscall=2 success=yes exit=6 a0=7f3ae1ffe2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1634 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=SYSTEM_RUNLEVEL msg=audit(1399385004.611:54): user pid=1832 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1399385004.611:55): user pid=1832 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399385005.258:56): user pid=1533 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1533 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399385005.258:57): user pid=1533 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1533 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399385005.376:58): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399385005.377:59): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399385005.378:60): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399385005.378:61): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_LOGOUT msg=audit(1399385005.378:62): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399385005.378:63): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1766 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399385005.379:64): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1766 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399385005.379:65): user pid=1766 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1766 suid=0 rport=58482 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRED_DISP msg=audit(1399385005.379:66): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399385005.379:67): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success' >type=USER_LOGOUT msg=audit(1399385005.379:68): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399385005.379:69): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1764 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399385005.379:70): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1764 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399385005.379:71): user pid=1764 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1764 suid=0 rport=58481 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=DAEMON_END msg=audit(1399385007.109:7236): auditd normal halt, sending auid=0 pid=2032 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1399399166.838:1778): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=1154 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1399399166.950:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_START msg=audit(1399399169.869:5): user pid=1555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_ACQ msg=audit(1399399169.869:6): user pid=1555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_DISP msg=audit(1399399170.525:7): user pid=1555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=USER_END msg=audit(1399399170.525:8): user pid=1555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=AVC msg=audit(1399399170.559:9): avc: denied { read } for pid=1566 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399399170.559:9): avc: denied { open } for pid=1566 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399399170.559:9): arch=c000003e syscall=2 success=yes exit=6 a0=7ff8f2fce2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1566 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=CRYPTO_KEY_USER msg=audit(1399399243.154:10): user pid=1641 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1641 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399243.154:11): user pid=1641 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1641 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399399243.159:12): user pid=1640 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1641 suid=74 rport=41574 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399399243.159:13): user pid=1640 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1641 suid=74 rport=41574 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399244.218:14): user pid=1640 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=41574 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399244.218:15): user pid=1640 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=41574 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399399244.238:16): user pid=1640 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399399244.241:17): user pid=1640 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1641 suid=74 rport=41574 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399244.241:18): user pid=1640 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399399244.249:19): user pid=1640 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399399244.249:20): pid=1640 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1399399244.366:21): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399399244.370:22): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399399244.391:23): user pid=1643 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1399399244.393:24): user pid=1643 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399399244.393:25): user pid=1643 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1643 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399399244.393:26): user pid=1643 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1643 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1399399244.395:27): user pid=1643 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_ACCT msg=audit(1399399261.755:28): user pid=1656 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399399261.755:29): user pid=1656 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399399261.760:30): pid=1656 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_START msg=audit(1399399261.761:31): user pid=1656 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399399261.834:32): user pid=1656 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399399261.834:33): user pid=1656 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRYPTO_KEY_USER msg=audit(1399399265.541:34): user pid=1671 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1671 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399265.541:35): user pid=1671 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1671 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399399265.547:36): user pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1671 suid=74 rport=41588 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399399265.547:37): user pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1671 suid=74 rport=41588 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399266.599:38): user pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=41588 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399266.599:39): user pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=41588 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399399266.604:40): user pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399399266.605:41): user pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1671 suid=74 rport=41588 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399266.607:42): user pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399399266.608:43): user pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399399266.608:44): pid=1670 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3 >type=USER_ROLE_CHANGE msg=audit(1399399266.674:45): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399399266.678:46): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399399266.685:47): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399399266.686:48): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399399266.687:49): user pid=1673 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1673 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399266.687:50): user pid=1673 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1673 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRED_REFR msg=audit(1399399266.689:51): user pid=1673 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399399266.706:52): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399399266.707:53): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399399266.708:54): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGOUT msg=audit(1399399266.709:55): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399399266.710:56): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1670 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399266.710:57): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1670 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399266.710:58): user pid=1670 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1670 suid=0 rport=41588 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=AVC msg=audit(1399399290.097:59): avc: denied { read } for pid=1567 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399399290.097:59): avc: denied { open } for pid=1567 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399399290.097:59): arch=c000003e syscall=2 success=yes exit=6 a0=7ff8f2fce2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1567 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=CRYPTO_KEY_USER msg=audit(1399399334.302:60): user pid=1713 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1713 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399334.302:61): user pid=1713 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1713 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399399334.307:62): user pid=1712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1713 suid=74 rport=41613 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399399334.307:63): user pid=1712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1713 suid=74 rport=41613 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399335.319:64): user pid=1712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=41613 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399335.319:65): user pid=1712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=41613 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399399335.325:66): user pid=1712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399399335.325:67): user pid=1712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1713 suid=74 rport=41613 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399399335.326:68): user pid=1712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399399335.327:69): user pid=1712 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399399335.327:70): pid=1712 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=4 >type=USER_ROLE_CHANGE msg=audit(1399399335.400:71): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399399335.403:72): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399399335.411:73): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399399335.412:74): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399399335.413:75): user pid=1715 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1715 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399335.413:76): user pid=1715 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1715 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRED_REFR msg=audit(1399399335.414:77): user pid=1715 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399399335.869:78): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399399335.870:79): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399399335.872:80): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGOUT msg=audit(1399399335.873:81): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399399335.873:82): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1712 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399335.873:83): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1712 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399399335.873:84): user pid=1712 uid=0 auid=0 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1712 suid=0 rport=41613 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=AVC msg=audit(1399399410.546:85): avc: denied { read } for pid=1567 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399399410.546:85): avc: denied { open } for pid=1567 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399399410.546:85): arch=c000003e syscall=2 success=yes exit=6 a0=7ff8f2fce2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1567 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=ADD_GROUP msg=audit(1399400104.507:86): user pid=1842 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=499 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400104.583:87): user pid=1842 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=499 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400104.583:88): user pid=1842 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=499 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399400107.469:89): user pid=1857 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1857 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399400107.469:90): user pid=1857 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1857 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399400107.470:91): user pid=1856 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1857 suid=74 rport=53872 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399400107.471:92): user pid=1856 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1857 suid=74 rport=53872 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=USER_AUTH msg=audit(1399400107.643:93): user pid=1856 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=53872 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=USER_AUTH msg=audit(1399400107.643:94): user pid=1856 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=53872 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=USER_ACCT msg=audit(1399400107.649:95): user pid=1856 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399400107.649:96): user pid=1856 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1857 suid=74 rport=53872 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=USER_AUTH msg=audit(1399400107.649:97): user pid=1856 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399400107.650:98): user pid=1856 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=LOGIN msg=audit(1399400107.651:99): pid=1856 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=5 >type=USER_ROLE_CHANGE msg=audit(1399400107.726:100): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=USER_START msg=audit(1399400107.729:101): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399400107.731:102): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=USER_START msg=audit(1399400107.732:103): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399400107.732:104): user pid=1859 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1859 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399400107.732:105): user pid=1859 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1859 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=CRED_REFR msg=audit(1399400107.733:106): user pid=1859 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=USER_END msg=audit(1399400110.874:107): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399400110.875:108): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=USER_END msg=audit(1399400110.876:109): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=USER_LOGOUT msg=audit(1399400110.877:110): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=infra.mburnsfire.net addr=172.31.12.250 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399400110.877:111): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1856 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399400110.877:112): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1856 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399400110.877:113): user pid=1856 uid=0 auid=0 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1856 suid=0 rport=53872 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.250 terminal=? res=success' >type=ADD_GROUP msg=audit(1399400135.427:114): user pid=1865 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400135.520:115): user pid=1865 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400135.520:116): user pid=1865 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399400135.642:117): user pid=1870 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=48 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400137.987:118): user pid=1880 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=52 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400138.061:119): user pid=1880 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=52 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400138.061:120): user pid=1880 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=52 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399400138.121:121): user pid=1885 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=52 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=AVC msg=audit(1399400142.915:122): avc: denied { read } for pid=1567 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399400142.915:122): avc: denied { open } for pid=1567 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399400142.915:122): arch=c000003e syscall=2 success=yes exit=6 a0=7ff8f2fce2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1567 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=ADD_GROUP msg=audit(1399400300.778:123): user pid=1925 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=498 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400300.820:124): user pid=1925 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=498 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400300.820:125): user pid=1925 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=498 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399400300.888:126): user pid=1930 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=498 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=MAC_CONFIG_CHANGE msg=audit(1399400347.466:127): bool=httpd_setrlimit val=1 old_val=0 auid=0 ses=1 >type=SYSCALL msg=audit(1399400347.466:127): arch=c000003e syscall=1 success=yes exit=2 a0=7 a1=7fff6268d490 a2=2 a3=0 items=0 ppid=1980 pid=1982 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="semanage" exe="/usr/bin/python" subj=unconfined_u:system_r:semanage_t:s0-s0:c0.c1023 key=(null) >type=MAC_POLICY_LOAD msg=audit(1399400347.719:128): policy loaded auid=0 ses=1 >type=SYSCALL msg=audit(1399400347.719:128): arch=c000003e syscall=1 success=yes exit=7314966 a0=4 a1=7f60cf51a000 a2=6f9e16 a3=7fff8ab53a60 items=0 ppid=1982 pid=1985 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:system_r:load_policy_t:s0-s0:c0.c1023 key=(null) >type=ADD_GROUP msg=audit(1399400356.355:129): user pid=1998 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=497 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400356.404:130): user pid=1998 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=497 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400356.404:131): user pid=1998 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=497 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399400356.464:132): user pid=2003 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=497 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400357.285:133): user pid=2011 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=27 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400357.342:134): user pid=2011 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=27 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400357.342:135): user pid=2011 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=27 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399400357.376:136): user pid=2015 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=27 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400360.264:137): user pid=2026 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=26 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400360.306:138): user pid=2026 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=26 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400360.306:139): user pid=2026 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=26 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399400360.332:140): user pid=2030 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=26 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400362.146:141): user pid=2039 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400362.196:142): user pid=2039 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400362.196:143): user pid=2039 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399400362.221:144): user pid=2043 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=25 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400363.936:145): user pid=2054 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group id=177 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400363.986:146): user pid=2054 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow id=177 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_GROUP msg=audit(1399400363.986:147): user pid=2054 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= id=177 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399400364.010:148): user pid=2059 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user id=177 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1399400370.079:149): user pid=2086 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1399400370.079:150): user pid=2086 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1399400370.094:151): user pid=2086 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1399400370.094:152): user pid=2086 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1399400374.359:153): user pid=2086 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399400374.359:154): user pid=2086 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1399400374.365:155): user pid=2106 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1399400374.365:156): user pid=2106 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1399400374.365:157): user pid=2106 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1399400374.365:158): user pid=2106 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1399400377.082:159): user pid=2106 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399400377.082:160): user pid=2106 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1399400377.088:161): user pid=2126 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1399400377.088:162): user pid=2126 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1399400377.088:163): user pid=2126 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1399400377.088:164): user pid=2126 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1399400379.818:165): user pid=2126 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399400379.819:166): user pid=2126 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=AVC msg=audit(1399400388.983:167): avc: denied { read } for pid=1567 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399400388.983:167): avc: denied { open } for pid=1567 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399400388.983:167): arch=c000003e syscall=2 success=yes exit=6 a0=7ff8f2fce2b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1567 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=SYSTEM_RUNLEVEL msg=audit(1399400930.085:168): user pid=2265 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1399400930.085:169): user pid=2265 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399400931.007:170): user pid=1468 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1468 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399400931.052:171): user pid=1468 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1468 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399400931.137:172): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399400931.172:173): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399400931.412:174): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_LOGOUT msg=audit(1399400931.412:175): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399400931.413:176): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1640 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399400931.413:177): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1640 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399400931.413:178): user pid=1640 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1640 suid=0 rport=41574 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=DAEMON_END msg=audit(1399400934.914:1779): auditd normal halt, sending auid=0 pid=2468 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1399401172.438:5934): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=1152 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1399401172.886:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_START msg=audit(1399401202.148:5): user pid=1570 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_ACQ msg=audit(1399401202.148:6): user pid=1570 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_DISP msg=audit(1399401210.809:7): user pid=1570 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=USER_END msg=audit(1399401210.809:8): user pid=1570 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=AVC msg=audit(1399401210.846:9): avc: denied { read } for pid=1582 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399401210.846:9): avc: denied { open } for pid=1582 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399401210.846:9): arch=c000003e syscall=2 success=yes exit=8 a0=7f0e20de72b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1582 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=AVC msg=audit(1399401212.885:10): avc: denied { read } for pid=1583 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399401212.885:10): avc: denied { open } for pid=1583 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399401212.885:10): arch=c000003e syscall=2 success=yes exit=6 a0=7f0e20de72b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1583 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=AVC msg=audit(1399401334.761:11): avc: denied { read } for pid=1583 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399401334.761:11): avc: denied { open } for pid=1583 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399401334.761:11): arch=c000003e syscall=2 success=yes exit=6 a0=7f0e20de72b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1583 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=CRYPTO_KEY_USER msg=audit(1399401479.689:12): user pid=1707 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1707 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399401479.689:13): user pid=1707 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1707 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399401479.693:14): user pid=1706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1707 suid=74 rport=42633 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399401479.693:15): user pid=1706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1707 suid=74 rport=42633 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399401480.792:16): user pid=1706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=42633 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399401480.792:17): user pid=1706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=42633 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399401481.239:18): user pid=1706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399401481.240:19): user pid=1706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1707 suid=74 rport=42633 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399401481.241:20): user pid=1706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399401481.251:21): user pid=1706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399401481.251:22): pid=1706 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1399401483.300:23): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399401483.304:24): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399401483.330:25): user pid=1709 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1399401483.331:26): user pid=1709 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399401483.332:27): user pid=1709 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1709 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399401483.332:28): user pid=1709 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1709 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1399401483.333:29): user pid=1709 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=AVC msg=audit(1399401581.239:30): avc: denied { read } for pid=1583 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399401581.239:30): avc: denied { open } for pid=1583 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399401581.239:30): arch=c000003e syscall=2 success=yes exit=6 a0=7f0e20de72b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1583 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=SYSTEM_RUNLEVEL msg=audit(1399401837.697:31): user pid=1767 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1399401837.697:32): user pid=1767 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399401838.424:33): user pid=1475 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1475 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399401838.424:34): user pid=1475 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1475 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399401838.541:35): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399401838.542:36): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399401838.543:37): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_LOGOUT msg=audit(1399401838.543:38): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399401838.543:39): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1706 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399401838.543:40): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1706 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399401838.543:41): user pid=1706 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1706 suid=0 rport=42633 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=DAEMON_END msg=audit(1399401840.912:5935): auditd normal halt, sending auid=0 pid=1973 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1399549121.833:1502): auditd start, ver=2.2 format=raw kernel=2.6.32-431.el6.x86_64 auid=4294967295 pid=1157 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1399549121.948:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_START msg=audit(1399549124.333:5): user pid=1575 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_ACQ msg=audit(1399549124.333:6): user pid=1575 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_DISP msg=audit(1399549124.907:7): user pid=1575 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=USER_END msg=audit(1399549124.907:8): user pid=1575 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=AVC msg=audit(1399549124.940:9): avc: denied { read } for pid=1587 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399549124.940:9): avc: denied { open } for pid=1587 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399549124.940:9): arch=c000003e syscall=2 success=yes exit=8 a0=7f62c55502b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1587 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=USER_AUTH msg=audit(1399549135.488:10): user pid=1637 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1399549135.491:11): user pid=1637 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1399549135.491:12): pid=1637 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1399549135.781:13): user pid=1637 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1399549135.798:14): user pid=1637 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1399549135.799:15): user pid=1637 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1399549135.800:16): user pid=1637 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399549176.346:17): user pid=1674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1674 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549176.346:18): user pid=1674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1674 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399549176.351:19): user pid=1673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1674 suid=74 rport=43293 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399549176.351:20): user pid=1673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1674 suid=74 rport=43293 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399549178.750:21): user pid=1673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=43293 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399549178.750:22): user pid=1673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=43293 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399549178.754:23): user pid=1673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399549178.755:24): user pid=1673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1674 suid=74 rport=43293 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399549178.756:25): user pid=1673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399549178.757:26): user pid=1673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399549178.757:27): pid=1673 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_ROLE_CHANGE msg=audit(1399549178.823:28): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399549178.831:29): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399549178.841:30): user pid=1677 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1399549178.842:31): user pid=1677 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399549178.843:32): user pid=1677 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1677 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399549178.843:33): user pid=1677 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1677 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1399549178.844:34): user pid=1677 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=AVC msg=audit(1399549248.130:35): avc: denied { read } for pid=1588 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=AVC msg=audit(1399549248.130:35): avc: denied { open } for pid=1588 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file >type=SYSCALL msg=audit(1399549248.130:35): arch=c000003e syscall=2 success=yes exit=6 a0=7f62c55502b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1588 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null) >type=USER_AUTH msg=audit(1399549503.964:36): user pid=1842 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1399549503.964:37): user pid=1842 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1399549503.968:38): user pid=1842 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1399549503.968:39): user pid=1842 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1399549508.219:40): user pid=1842 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399549508.219:41): user pid=1842 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=ADD_USER msg=audit(1399549517.153:42): user pid=1897 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user acct="postfix" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=failed' >type=ADD_USER msg=audit(1399549517.153:43): user pid=1897 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding user acct="postfix" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=failed' >type=MAC_POLICY_LOAD msg=audit(1399549549.065:44): policy loaded auid=0 ses=2 >type=SYSCALL msg=audit(1399549549.065:44): arch=c000003e syscall=1 success=yes exit=7315026 a0=4 a1=7f35168bc000 a2=6f9e52 a3=7fffccb3a310 items=0 ppid=2339 pid=2346 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:system_r:load_policy_t:s0-s0:c0.c1023 key=(null) >type=USER_START msg=audit(1399549558.967:45): user pid=2417 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1399549558.967:46): user pid=2417 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1399549564.620:47): user pid=2417 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399549564.620:48): user pid=2417 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1399549581.473:49): user pid=2455 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1399549581.473:50): user pid=2455 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1399549581.477:51): user pid=2455 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1399549581.477:52): user pid=2455 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1399549584.462:53): user pid=2455 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399549584.464:54): user pid=2455 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1399549584.470:55): user pid=2476 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1399549584.470:56): user pid=2476 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1399549584.470:57): user pid=2476 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1399549584.470:58): user pid=2476 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1399549587.238:59): user pid=2476 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399549587.238:60): user pid=2476 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1399549587.244:61): user pid=2496 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1399549587.244:62): user pid=2496 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1399549587.244:63): user pid=2496 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1399549587.244:64): user pid=2496 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1399549589.978:65): user pid=2496 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399549589.978:66): user pid=2496 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549881.827:67): user pid=11300 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=11300 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549881.827:68): user pid=11300 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=11300 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399549881.828:69): user pid=11299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=11300 suid=74 rport=43852 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399549881.828:70): user pid=11299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=11300 suid=74 rport=43852 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549882.589:71): user pid=11299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11300 suid=74 rport=43852 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ERR msg=audit(1399549882.590:72): user pid=11299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident acct="?" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399549882.590:73): user pid=11299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=11299 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549882.590:74): user pid=11299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=11299 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_LOGIN msg=audit(1399549882.590:75): user pid=11299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=failed' >type=CRYPTO_KEY_USER msg=audit(1399549884.025:76): user pid=11302 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=11302 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549884.025:77): user pid=11302 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=11302 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399549884.031:78): user pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=11302 suid=74 rport=43853 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1399549884.031:79): user pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=11302 suid=74 rport=43853 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399549885.187:80): user pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=43853 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399549885.187:81): user pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=43853 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399549885.231:82): user pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399549885.232:83): user pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11302 suid=74 rport=43853 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1399549885.232:84): user pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1399549885.250:85): user pid=11301 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1399549885.250:86): pid=11301 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3 >type=USER_ROLE_CHANGE msg=audit(1399549885.355:87): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399549885.359:88): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1399549885.368:89): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1399549885.369:90): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399549885.370:91): user pid=11304 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=11304 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549885.370:92): user pid=11304 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=11304 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRED_REFR msg=audit(1399549885.371:93): user pid=11304 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399549885.588:94): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399549885.589:95): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399549885.590:96): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGOUT msg=audit(1399549885.591:97): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1399549885.591:98): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=11301 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549885.591:99): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=11301 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399549885.591:100): user pid=11301 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11301 suid=0 rport=43853 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1399550401.699:101): user pid=11885 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399550401.699:102): user pid=11885 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399550401.701:103): pid=11885 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=498 old ses=4294967295 new ses=4 >type=USER_START msg=audit(1399550401.701:104): user pid=11885 uid=0 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1399550401.704:105): user pid=11886 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399550401.704:106): user pid=11886 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399550401.704:107): pid=11886 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=498 old ses=4294967295 new ses=5 >type=USER_START msg=audit(1399550401.704:108): user pid=11886 uid=0 auid=498 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399550407.368:109): user pid=11886 uid=498 auid=498 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399550407.368:110): user pid=11886 uid=498 auid=498 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399550407.384:111): user pid=11885 uid=498 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399550407.384:112): user pid=11885 uid=498 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1399550461.390:113): user pid=11916 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1399550461.390:114): user pid=11916 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1399550461.394:115): pid=11916 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=6 >type=USER_START msg=audit(1399550461.396:116): user pid=11916 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1399550461.895:117): user pid=11916 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1399550461.895:118): user pid=11916 uid=0 auid=0 ses=6 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=SYSTEM_RUNLEVEL msg=audit(1399550469.577:119): user pid=11930 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='old-level=3 new-level=0 exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=SYSTEM_SHUTDOWN msg=audit(1399550469.577:120): user pid=11930 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:shutdown_t:s0-s0:c0.c1023 msg='init exe="/sbin/shutdown" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_DISP msg=audit(1399550470.017:121): user pid=1637 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe=2F62696E2F6C6F67696E202864656C6574656429 hostname=? addr=? terminal=tty1 res=success' >type=USER_END msg=audit(1399550470.028:122): user pid=1637 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe=2F62696E2F6C6F67696E202864656C6574656429 hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1399550472.636:123): user pid=1479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1479 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399550472.636:124): user pid=1479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1479 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1399550473.142:125): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRED_DISP msg=audit(1399550473.144:126): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_END msg=audit(1399550473.145:127): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=USER_LOGOUT msg=audit(1399550473.145:128): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1399550473.145:129): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1673 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399550473.145:130): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1673 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1399550473.145:131): user pid=1673 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1673 suid=0 rport=43293 laddr=172.31.12.100 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=DAEMON_END msg=audit(1399550476.967:1503): auditd normal halt, sending auid=0 pid=12132 subj=system_u:system_r:initrc_t:s0 res=success >type=DAEMON_START msg=audit(1400759703.964:2888): auditd start, ver=2.2 format=raw kernel=2.6.32-431.17.1.el6.x86_64 auid=4294967295 pid=1080 subj=system_u:system_r:auditd_t:s0 res=success >type=CONFIG_CHANGE msg=audit(1400759704.075:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 >type=USER_START msg=audit(1400759706.381:5): user pid=1505 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_ACQ msg=audit(1400759706.381:6): user pid=1505 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=CRED_DISP msg=audit(1400759706.927:7): user pid=1505 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=USER_END msg=audit(1400759706.930:8): user pid=1505 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="ovirtagent" exe="/sbin/runuser" hostname=? addr=? terminal=console res=success' >type=USER_AUTH msg=audit(1400759742.025:9): user pid=1567 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_ACCT msg=audit(1400759742.026:10): user pid=1567 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=LOGIN msg=audit(1400759742.026:11): pid=1567 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 >type=USER_ROLE_CHANGE msg=audit(1400759742.124:12): user pid=1567 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_START msg=audit(1400759742.143:13): user pid=1567 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRED_ACQ msg=audit(1400759742.143:14): user pid=1567 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=USER_LOGIN msg=audit(1400759742.144:15): user pid=1567 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400759881.973:16): user pid=2268 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2268 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400759881.973:17): user pid=2268 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2268 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400759881.979:18): user pid=2267 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=2268 suid=74 rport=39193 laddr=172.31.12.73 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400759881.979:19): user pid=2267 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=2268 suid=74 rport=39193 laddr=172.31.12.73 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1400759882.165:20): user pid=2267 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=39193 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1400759882.165:21): user pid=2267 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=39193 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1400759882.170:22): user pid=2267 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1400759882.170:23): user pid=2267 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2268 suid=74 rport=39193 laddr=172.31.12.73 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1400759882.171:24): user pid=2267 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1400759882.172:25): user pid=2267 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1400759882.172:26): pid=2267 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 >type=USER_ROLE_CHANGE msg=audit(1400759882.244:27): user pid=2267 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1400759882.247:28): user pid=2267 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1400759882.258:29): user pid=2270 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=USER_START msg=audit(1400759882.259:30): user pid=2270 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400759882.259:31): user pid=2270 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=2270 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400759882.259:32): user pid=2270 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=2270 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/0 res=success' >type=CRED_REFR msg=audit(1400759882.261:33): user pid=2270 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_ACCT msg=audit(1400760001.963:34): user pid=2294 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400760001.963:35): user pid=2294 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400760001.968:36): pid=2294 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=498 old ses=4294967295 new ses=3 >type=USER_START msg=audit(1400760001.968:37): user pid=2294 uid=0 auid=498 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1400760001.970:38): user pid=2295 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400760001.971:39): user pid=2295 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400760001.971:40): pid=2295 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=498 old ses=4294967295 new ses=4 >type=USER_START msg=audit(1400760001.971:41): user pid=2295 uid=0 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400760010.345:42): user pid=2294 uid=498 auid=498 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400760010.345:43): user pid=2294 uid=498 auid=498 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400760010.355:44): user pid=2295 uid=498 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400760010.355:45): user pid=2295 uid=498 auid=498 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_ACCT msg=audit(1400760061.363:46): user pid=2327 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400760061.364:47): user pid=2327 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400760061.364:48): pid=2327 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=5 >type=USER_START msg=audit(1400760061.365:49): user pid=2327 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400760061.535:50): user pid=2327 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400760061.535:51): user pid=2327 uid=0 auid=0 ses=5 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRYPTO_KEY_USER msg=audit(1400760075.714:52): user pid=1410 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=1410 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400760075.714:53): user pid=1410 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=1410 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' >type=MAC_POLICY_LOAD msg=audit(1400760130.200:54): policy loaded auid=0 ses=2 >type=SYSCALL msg=audit(1400760130.200:54): arch=c000003e syscall=1 success=yes exit=7315182 a0=4 a1=7fb7b23d7000 a2=6f9eee a3=7fff072b5540 items=0 ppid=2387 pid=2395 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:system_r:load_policy_t:s0-s0:c0.c1023 key=(null) >type=MAC_POLICY_LOAD msg=audit(1400760488.680:55): policy loaded auid=0 ses=2 >type=SYSCALL msg=audit(1400760488.680:55): arch=c000003e syscall=1 success=yes exit=7318910 a0=4 a1=7f5052160000 a2=6fad7e a3=7fffc600b950 items=0 ppid=2496 pid=2500 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:system_r:load_policy_t:s0-s0:c0.c1023 key=(null) >type=USER_START msg=audit(1400760496.743:56): user pid=2525 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760496.744:57): user pid=2525 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760502.251:58): user pid=2525 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760502.251:59): user pid=2525 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400760502.908:60): user pid=2547 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760502.908:61): user pid=2547 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760503.523:62): user pid=2547 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760503.523:63): user pid=2547 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1400760504.716:64): user pid=2556 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400760504.716:65): user pid=2556 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400760504.719:66): user pid=2556 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760504.719:67): user pid=2556 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760507.755:68): user pid=2556 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760507.755:69): user pid=2556 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1400760507.761:70): user pid=2576 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400760507.761:71): user pid=2576 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400760507.761:72): user pid=2576 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760507.761:73): user pid=2576 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760510.592:74): user pid=2576 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760510.592:75): user pid=2576 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_AUTH msg=audit(1400760510.598:76): user pid=2596 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400760510.598:77): user pid=2596 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400760510.598:78): user pid=2596 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760510.598:79): user pid=2596 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760513.543:80): user pid=2596 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760513.543:81): user pid=2596 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=? res=success' >type=MAC_STATUS msg=audit(1400760659.156:82): enforcing=0 old_enforcing=1 auid=0 ses=2 >type=SYSCALL msg=audit(1400760659.156:82): arch=c000003e syscall=1 success=yes exit=1 a0=3 a1=7fff958b4660 a2=1 a3=7fff958b33e0 items=0 ppid=2270 pid=2652 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="setenforce" exe="/usr/sbin/setenforce" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) >type=USER_START msg=audit(1400760713.543:83): user pid=4344 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760713.543:84): user pid=4344 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760713.591:85): user pid=4344 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760713.591:86): user pid=4344 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400760713.832:87): user pid=4389 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760713.832:88): user pid=4389 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760713.842:89): user pid=4389 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760713.842:90): user pid=4389 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="postgres" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_ACCT msg=audit(1400760725.790:91): user pid=4597 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/bin/crontab" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400760725.790:92): user pid=4597 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/crontab" hostname=? addr=? terminal=cron res=success' >type=USER_CHAUTHTOK msg=audit(1400760726.012:93): user pid=4607 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing user shell id=498 exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400760726.131:94): user pid=4612 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to group acct="foreman" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400760726.131:95): user pid=4612 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to shadow group acct="foreman" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400760791.421:96): user pid=4742 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760791.422:97): user pid=4742 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760806.033:98): user pid=4742 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760806.033:99): user pid=4742 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="foreman" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400760810.741:100): user pid=4941 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing comment id=497 exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400760810.842:101): user pid=4946 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing user shell id=497 exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400760810.933:102): user pid=4953 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to group acct="foreman-proxy" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400760810.933:103): user pid=4953 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to group acct="foreman-proxy" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400760810.933:104): user pid=4953 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to shadow group acct="foreman-proxy" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=USER_CHAUTHTOK msg=audit(1400760810.933:105): user pid=4953 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=adding user to shadow group acct="foreman-proxy" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' >type=AVC msg=audit(1400760814.848:106): avc: denied { relabelto } for pid=5009 comm="ruby" name="yaml" dev=dm-0 ino=2887313 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=dir >type=SYSCALL msg=audit(1400760814.848:106): arch=c000003e syscall=189 success=yes exit=0 a0=345c0d0 a1=7f13717c4319 a2=4029820 a3=26 items=0 ppid=4891 pid=5009 auid=0 uid=52 gid=52 euid=52 suid=52 fsuid=52 egid=52 sgid=52 fsgid=52 tty=(none) ses=2 comm="ruby" exe="/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=AVC msg=audit(1400760814.859:107): avc: denied { relabelto } for pid=5009 comm="ruby" name="masterhttp.log" dev=dm-0 ino=2889663 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_log_t:s0 tclass=file >type=SYSCALL msg=audit(1400760814.859:107): arch=c000003e syscall=189 success=yes exit=0 a0=2a3fa20 a1=7f13717c4319 a2=4029970 a3=22 items=0 ppid=4891 pid=5009 auid=0 uid=52 gid=52 euid=52 suid=52 fsuid=52 egid=52 sgid=52 fsgid=52 tty=(none) ses=2 comm="ruby" exe="/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=AVC msg=audit(1400760815.024:108): avc: denied { relabelto } for pid=5009 comm="ruby" name="ca_crt.pem" dev=dm-0 ino=2889641 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file >type=SYSCALL msg=audit(1400760815.024:108): arch=c000003e syscall=189 success=yes exit=0 a0=4750fb0 a1=7f13717c4319 a2=3c16da0 a3=26 items=0 ppid=4891 pid=5009 auid=0 uid=52 gid=52 euid=52 suid=52 fsuid=52 egid=52 sgid=52 fsgid=52 tty=(none) ses=2 comm="ruby" exe="/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=USER_START msg=audit(1400760815.613:109): user pid=5095 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_ACQ msg=audit(1400760815.613:110): user pid=5095 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400760817.467:111): user pid=5095 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400760817.467:112): user pid=5095 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="foreman-proxy" exe="/sbin/runuser" hostname=? addr=? terminal=? res=success' >type=AVC msg=audit(1400760835.704:113): avc: denied { read } for pid=5271 comm="ruby" name="migrate" dev=dm-0 ino=2884473 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=lnk_file >type=SYSCALL msg=audit(1400760835.704:113): arch=c000003e syscall=2 success=yes exit=7 a0=6e01490 a1=90800 a2=6e01400 a3=2 items=0 ppid=5268 pid=5271 auid=0 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=498 sgid=498 fsgid=498 tty=(none) ses=2 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=AVC msg=audit(1400760839.978:114): avc: denied { write } for pid=5313 comm="ruby" name="dynflow_socket" dev=dm-0 ino=2889624 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:foreman_var_run_t:s0 tclass=sock_file >type=AVC msg=audit(1400760839.978:114): avc: denied { connectto } for pid=5313 comm="ruby" path="/var/run/foreman/sockets/dynflow_socket" scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket >type=SYSCALL msg=audit(1400760839.978:114): arch=c000003e syscall=42 success=yes exit=0 a0=9 a1=7f23e69b3820 a2=6e a3=7f23e69b31c0 items=0 ppid=5271 pid=5313 auid=0 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=498 sgid=498 fsgid=498 tty=(none) ses=2 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=USER_AUTH msg=audit(1400760868.772:115): user pid=5581 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_ACCT msg=audit(1400760868.772:116): user pid=5581 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_START msg=audit(1400760868.810:117): user pid=5581 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400760868.810:118): user pid=5581 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_DISP msg=audit(1400761049.489:119): user pid=5581 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_END msg=audit(1400761049.523:120): user pid=5581 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRYPTO_KEY_USER msg=audit(1400761128.777:121): user pid=5943 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=5943 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_KEY_USER msg=audit(1400761128.777:122): user pid=5943 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=5943 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400761128.779:123): user pid=5942 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=5943 suid=74 rport=39727 laddr=172.31.12.73 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=CRYPTO_SESSION msg=audit(1400761128.779:124): user pid=5942 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=5943 suid=74 rport=39727 laddr=172.31.12.73 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1400761129.223:125): user pid=5942 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=39727 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1400761129.223:126): user pid=5942 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ac:a5:4d:5c:c6:e0:f2:0e:fa:40:38:d9:c6:03:e3:9a rport=39727 acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_ACCT msg=audit(1400761129.274:127): user pid=5942 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=CRYPTO_KEY_USER msg=audit(1400761129.275:128): user pid=5942 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=5943 suid=74 rport=39727 laddr=172.31.12.73 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=? res=success' >type=USER_AUTH msg=audit(1400761129.275:129): user pid=5942 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="root" exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=ssh res=success' >type=CRED_ACQ msg=audit(1400761129.276:130): user pid=5942 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=LOGIN msg=audit(1400761129.276:131): pid=5942 uid=0 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 old auid=0 new auid=0 old ses=2 new ses=6 >type=USER_ROLE_CHANGE msg=audit(1400761129.347:132): user pid=5942 uid=0 auid=0 ses=6 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_START msg=audit(1400761129.351:133): user pid=5942 uid=0 auid=0 ses=6 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_LOGIN msg=audit(1400761129.436:134): user pid=5945 uid=0 auid=0 ses=6 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/1 res=success' >type=USER_START msg=audit(1400761129.437:135): user pid=5945 uid=0 auid=0 ses=6 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=/dev/pts/1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400761129.437:136): user pid=5945 uid=0 auid=0 ses=6 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=2b:8d:15:15:19:d1:75:c8:28:92:df:0c:f4:32:5d:92 direction=? spid=5945 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/1 res=success' >type=CRYPTO_KEY_USER msg=audit(1400761129.437:137): user pid=5945 uid=0 auid=0 ses=6 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=42:c3:7b:5a:4f:0f:15:4f:ba:87:21:01:d6:58:31:cf direction=? spid=5945 suid=0 exe="/usr/sbin/sshd" hostname=? addr=172.31.12.117 terminal=pts/1 res=success' >type=CRED_REFR msg=audit(1400761129.438:138): user pid=5945 uid=0 auid=0 ses=6 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd" hostname=beelzebub.mburnsfire.net addr=172.31.12.117 terminal=ssh res=success' >type=USER_AUTH msg=audit(1400761158.567:139): user pid=6305 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_ACCT msg=audit(1400761158.567:140): user pid=6305 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_START msg=audit(1400761158.571:141): user pid=6305 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_ACQ msg=audit(1400761158.572:142): user pid=6305 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=CRED_DISP msg=audit(1400761187.498:143): user pid=6305 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=USER_END msg=audit(1400761187.498:144): user pid=6305 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' >type=AVC msg=audit(1400761399.262:145): avc: denied { read } for pid=6486 comm="ruby" name="migrate" dev=dm-0 ino=2884473 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=lnk_file >type=SYSCALL msg=audit(1400761399.262:145): arch=c000003e syscall=2 success=yes exit=7 a0=93c27f0 a1=90800 a2=93c2700 a3=2 items=0 ppid=6483 pid=6486 auid=0 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=498 sgid=498 fsgid=498 tty=(none) ses=2 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=AVC msg=audit(1400761401.555:146): avc: denied { write } for pid=6518 comm="ruby" name="dynflow_socket" dev=dm-0 ino=2889624 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:foreman_var_run_t:s0 tclass=sock_file >type=AVC msg=audit(1400761401.555:146): avc: denied { connectto } for pid=6518 comm="ruby" path="/var/run/foreman/sockets/dynflow_socket" scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket >type=SYSCALL msg=audit(1400761401.555:146): arch=c000003e syscall=42 success=yes exit=0 a0=9 a1=7f5f56fac820 a2=6e a3=7f5f56fac1c0 items=0 ppid=6486 pid=6518 auid=0 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=498 sgid=498 fsgid=498 tty=(none) ses=2 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=AVC msg=audit(1400761785.693:147): avc: denied { name_bind } for pid=6811 comm="ruby" src=9747 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket >type=SYSCALL msg=audit(1400761785.693:147): arch=c000003e syscall=49 success=yes exit=0 a0=7 a1=7f1db04ae930 a2=10 a3=7f1dbab2a838 items=0 ppid=6773 pid=6811 auid=0 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=498 sgid=498 fsgid=498 tty=(none) ses=2 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=USER_ACCT msg=audit(1400761801.919:148): user pid=6879 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_ACQ msg=audit(1400761801.935:149): user pid=6879 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=LOGIN msg=audit(1400761801.943:150): pid=6879 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=498 old ses=4294967295 new ses=7 >type=USER_START msg=audit(1400761802.005:151): user pid=6879 uid=0 auid=498 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=CRED_DISP msg=audit(1400761811.204:152): user pid=6879 uid=498 auid=498 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=USER_END msg=audit(1400761811.215:153): user pid=6879 uid=498 auid=498 ses=7 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' >type=AVC msg=audit(1400761819.518:154): avc: denied { connectto } for pid=6918 comm="ruby" path="/var/run/foreman/sockets/dynflow_socket" scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket >type=SYSCALL msg=audit(1400761819.518:154): arch=c000003e syscall=42 success=yes exit=0 a0=9 a1=7f1dc4861820 a2=6e a3=7f1dc48611c0 items=0 ppid=6773 pid=6918 auid=0 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=498 sgid=498 fsgid=498 tty=(none) ses=2 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null) >type=USER_CMD msg=audit(1400762297.139:155): user pid=7463 uid=497 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='cwd="/" cmd=2F7573722F62696E2F7075707065742063657274202D2D73736C646972202F7661722F6C69622F7075707065742F73736C202D2D636C65616E203030316134613930646430372E73746179707566742E6D6275726E73666972652E6E6574 terminal=? res=success' >type=CRED_ACQ msg=audit(1400762297.142:156): user pid=7463 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >type=USER_START msg=audit(1400762297.145:157): user pid=7463 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >type=USER_END msg=audit(1400762299.748:158): user pid=7463 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' >type=CRED_DISP msg=audit(1400762299.751:159): user pid=7463 uid=0 auid=0 ses=2 subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=898390">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1098244
:
895963
|
896468
|
896469
| 898390 |
899508
|
899509