type=DAEMON_START msg=audit(1773221512.278:7898): op=start ver=3.1.5 format=enriched kernel=5.14.0-503.14.1.el9_5.x86_64 auid=4294967295 pid=696 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root" type=SERVICE_START msg=audit(1773221512.286:5): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221512.294:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CONFIG_CHANGE msg=audit(1773221512.332:7): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1773221512.332:7): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffdb521e840 a2=3c a3=0 items=0 ppid=701 pid=716 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221512.332:7): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=CONFIG_CHANGE msg=audit(1773221512.332:8): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1773221512.332:8): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffdb521e840 a2=3c a3=0 items=0 ppid=701 pid=716 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221512.332:8): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=CONFIG_CHANGE msg=audit(1773221512.332:9): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1773221512.332:9): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffdb521e840 a2=3c a3=0 items=0 ppid=701 pid=716 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221512.332:9): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=SERVICE_START msg=audit(1773221512.335:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_BOOT msg=audit(1773221512.353:11): pid=723 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221512.358:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221512.533:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ldconfig comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221512.559:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221512.578:15): prog-id=20 op=LOAD type=SERVICE_START msg=audit(1773221512.632:16): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221512.635:17): prog-id=21 op=LOAD type=BPF msg=audit(1773221512.655:18): prog-id=22 op=LOAD type=BPF msg=audit(1773221512.655:19): prog-id=23 op=LOAD type=SERVICE_START msg=audit(1773221512.658:20): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221512.661:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221512.666:22): prog-id=24 op=LOAD type=BPF msg=audit(1773221512.666:23): prog-id=25 op=LOAD type=BPF msg=audit(1773221512.666:24): prog-id=26 op=LOAD type=SERVICE_START msg=audit(1773221512.675:25): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221512.710:26): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221512.711:27): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221521.918:28): prog-id=27 op=LOAD type=BPF msg=audit(1773221521.918:29): prog-id=28 op=LOAD type=SERVICE_START msg=audit(1773221521.973:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221522.070:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221522.202:32): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221522.215:33): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221522.230:34): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221522.244:35): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=ADD_GROUP msg=audit(1773221523.541:36): pid=900 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-group acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=ADD_USER msg=audit(1773221523.544:37): pid=900 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221523.544:38): pid=900 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="adm" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221523.544:39): pid=900 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="systemd-journal" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221523.544:40): pid=900 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="adm" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221523.544:41): pid=900 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="systemd-journal" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221523.630:42): pid=900 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky" type=ACCT_LOCK msg=audit(1773221523.662:43): pid=907 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:passwd_t:s0 msg='op=locked-password id=1000 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky" type=SERVICE_START msg=audit(1773221524.052:44): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.091:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.112:46): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.126:47): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221524.474:48): pid=918 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=918 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=SERVICE_STOP msg=audit(1773221524.477:49): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.499:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.552:51): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.571:52): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.581:53): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.584:54): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.592:55): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_RUNLEVEL msg=audit(1773221524.613:56): pid=1113 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221524.616:57): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221524.616:58): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221525.271:59): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221532.357:60): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221533.947:61): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221552.159:62): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221552.197:63): prog-id=28 op=UNLOAD type=BPF msg=audit(1773221552.197:64): prog-id=27 op=UNLOAD type=CRYPTO_KEY_USER msg=audit(1773221600.347:65): pid=3926 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3926 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221600.348:66): pid=3925 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3926 suid=74 rport=50240 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221600.348:67): pid=3925 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3926 suid=74 rport=50240 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221600.427:68): pid=3925 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221600.427:69): pid=3925 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221600.438:70): pid=3925 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221600.439:71): pid=3925 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3926 suid=74 rport=50240 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221600.441:72): pid=3925 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221600.441:73): pid=3925 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=1 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221600.441:73): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fffa2cc84c0 a2=4 a3=3e8 items=0 ppid=1046 pid=3925 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221600.441:73): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221600.443:74): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221600.485:75): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221600.496:76): pid=3929 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1773221600.496:77): pid=3929 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1773221600.497:78): pid=3929 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221600.497:79): pid=3929 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221600.497:79): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffe45d5f170 a2=4 a3=3e8 items=0 ppid=1 pid=3929 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221600.497:79): proctitle="(systemd)" type=USER_START msg=audit(1773221600.499:80): pid=3929 uid=0 auid=1000 ses=2 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_umask,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221600.623:81): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1773221600.643:82): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.644:83): pid=3938 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3938 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221600.645:84): pid=3938 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221600.691:85): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221600.691:86): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.692:87): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3939 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221600.724:88): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221600.724:89): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.724:90): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3938 suid=1000 rport=50240 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.725:91): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3938 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221600.726:92): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221600.726:93): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.727:94): pid=3925 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3925 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221600.754:95): pid=3956 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3956 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221600.755:96): pid=3955 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3956 suid=74 rport=50242 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221600.755:97): pid=3955 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3956 suid=74 rport=50242 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221600.816:98): pid=3955 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221600.816:99): pid=3955 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221600.827:100): pid=3955 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221600.828:101): pid=3955 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3956 suid=74 rport=50242 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221600.829:102): pid=3955 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221600.829:103): pid=3955 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=3 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221600.829:103): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff6f1dcde0 a2=4 a3=3e8 items=0 ppid=1046 pid=3955 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221600.829:103): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221600.831:104): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221600.857:105): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.858:106): pid=3958 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3958 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221600.859:107): pid=3958 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221600.903:108): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221600.903:109): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.904:110): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3959 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221600.960:111): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221600.960:112): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.960:113): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3958 suid=1000 rport=50242 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.960:114): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3958 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221600.962:115): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221600.962:116): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221600.962:117): pid=3955 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3955 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221600.981:118): pid=3977 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3977 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221600.982:119): pid=3976 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3977 suid=74 rport=50244 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221600.982:120): pid=3976 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3977 suid=74 rport=50244 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221601.043:121): pid=3976 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.043:122): pid=3976 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221601.054:123): pid=3976 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.054:124): pid=3976 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3977 suid=74 rport=50244 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221601.056:125): pid=3976 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221601.056:126): pid=3976 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=4 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221601.056:126): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fffffc6a720 a2=4 a3=3e8 items=0 ppid=1046 pid=3976 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221601.056:126): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221601.057:127): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221601.076:128): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.077:129): pid=3979 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3979 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221601.078:130): pid=3979 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221601.123:131): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221601.123:132): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.124:133): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3980 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221601.169:134): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221601.169:135): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.169:136): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3979 suid=1000 rport=50244 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.169:137): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3979 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221601.170:138): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221601.170:139): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.171:140): pid=3976 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3976 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221601.187:141): pid=3998 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3998 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221601.187:142): pid=3997 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3998 suid=74 rport=50246 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221601.187:143): pid=3997 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3998 suid=74 rport=50246 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221601.247:144): pid=3997 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.247:145): pid=3997 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221601.258:146): pid=3997 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.258:147): pid=3997 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3998 suid=74 rport=50246 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221601.259:148): pid=3997 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221601.259:149): pid=3997 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=5 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221601.259:149): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd961ca7d0 a2=4 a3=3e8 items=0 ppid=1046 pid=3997 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221601.259:149): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221601.260:150): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221601.275:151): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.276:152): pid=4000 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4000 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221601.277:153): pid=4000 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221601.319:154): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221601.319:155): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.320:156): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4001 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=BPF msg=audit(1773221601.333:157): prog-id=29 op=LOAD type=BPF msg=audit(1773221601.333:158): prog-id=30 op=LOAD type=SERVICE_START msg=audit(1773221601.383:159): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221601.423:160): pid=4020 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221601.424:161): pid=4020 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370202D66202E2F7069702E636F6E66202F6574632F7069702E636F6E66 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221601.425:162): pid=4020 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221601.427:163): pid=4020 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221601.431:164): pid=4020 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221601.432:165): pid=4020 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221601.444:166): pid=4023 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221601.444:167): pid=4023 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6D6B646972202D70202F6574632F646F636B65722F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221601.444:168): pid=4023 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221601.446:169): pid=4023 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221601.449:170): pid=4023 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221601.449:171): pid=4023 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221601.460:172): pid=4026 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221601.460:173): pid=4026 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370202D66202E2F646F636B65722D6461656D6F6E2E6A736F6E202F6574632F646F636B65722F6461656D6F6E2E6A736F6E exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221601.461:174): pid=4026 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221601.462:175): pid=4026 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221601.466:176): pid=4026 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221601.466:177): pid=4026 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221601.468:178): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221601.468:179): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.468:180): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4000 suid=1000 rport=50246 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.468:181): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4000 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221601.470:182): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221601.470:183): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.470:184): pid=3997 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=3997 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221601.486:185): pid=4030 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221601.487:186): pid=4029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4030 suid=74 rport=50248 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221601.487:187): pid=4029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4030 suid=74 rport=50248 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221601.545:188): pid=4029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.545:189): pid=4029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221601.557:190): pid=4029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.557:191): pid=4029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4030 suid=74 rport=50248 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221601.558:192): pid=4029 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221601.558:193): pid=4029 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=6 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221601.558:193): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fffaf07f4c0 a2=4 a3=3e8 items=0 ppid=1046 pid=4029 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221601.558:193): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221601.559:194): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221601.576:195): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.577:196): pid=4032 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4032 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221601.578:197): pid=4032 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221601.623:198): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221601.623:199): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.624:200): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4033 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.646:201): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4032 suid=1000 rport=50248 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.647:202): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4032 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221601.649:203): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221601.649:204): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221601.650:205): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221601.650:206): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.650:207): pid=4029 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4029 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221601.665:208): pid=4050 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4050 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221601.666:209): pid=4049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4050 suid=74 rport=50250 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221601.666:210): pid=4049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4050 suid=74 rport=50250 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221601.725:211): pid=4049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.725:212): pid=4049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221601.737:213): pid=4049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.737:214): pid=4049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4050 suid=74 rport=50250 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221601.739:215): pid=4049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221601.739:216): pid=4049 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=7 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221601.739:216): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdd02f9560 a2=4 a3=3e8 items=0 ppid=1046 pid=4049 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221601.739:216): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221601.740:217): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221601.769:218): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.770:219): pid=4052 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4052 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221601.771:220): pid=4052 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221601.815:221): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221601.815:222): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.816:223): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4053 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221601.852:224): pid=4073 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221601.853:225): pid=4073 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=657468746F6F6C202D4B2065746830207478206F6666 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221601.853:226): pid=4073 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221601.856:227): pid=4073 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221601.861:228): pid=4073 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221601.861:229): pid=4073 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.863:230): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4052 suid=1000 rport=50250 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.863:231): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4052 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221601.864:232): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221601.865:233): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221601.865:234): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221601.865:235): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.865:236): pid=4049 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4049 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221601.884:237): pid=4077 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4077 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221601.885:238): pid=4076 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4077 suid=74 rport=50252 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221601.885:239): pid=4076 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4077 suid=74 rport=50252 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221601.947:240): pid=4076 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.947:241): pid=4076 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221601.957:242): pid=4076 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221601.958:243): pid=4076 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4077 suid=74 rport=50252 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221601.959:244): pid=4076 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221601.959:245): pid=4076 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=8 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221601.959:245): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffda4571190 a2=4 a3=3e8 items=0 ppid=1046 pid=4076 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=8 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221601.959:245): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221601.960:246): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221601.990:247): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221601.991:248): pid=4079 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4079 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221601.992:249): pid=4079 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221602.035:250): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221602.035:251): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.036:252): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4080 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221602.081:253): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221602.081:254): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.081:255): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4079 suid=1000 rport=50252 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.082:256): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4079 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221602.083:257): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221602.083:258): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.084:259): pid=4076 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4076 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221602.099:260): pid=4098 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4098 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221602.099:261): pid=4097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4098 suid=74 rport=50254 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221602.100:262): pid=4097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4098 suid=74 rport=50254 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221602.160:263): pid=4097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.160:264): pid=4097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221602.171:265): pid=4097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.171:266): pid=4097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4098 suid=74 rport=50254 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221602.172:267): pid=4097 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221602.173:268): pid=4097 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=9 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221602.173:268): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fffa4a6c900 a2=4 a3=3e8 items=0 ppid=1046 pid=4097 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221602.173:268): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221602.173:269): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221602.190:270): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.191:271): pid=4100 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4100 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221602.192:272): pid=4100 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221602.235:273): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221602.235:274): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.236:275): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4101 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221602.261:276): pid=4117 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221602.262:277): pid=4117 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=726D202D66202F6574632F79756D2E7265706F732E642F726F636B792D6164646F6E732E7265706F202F6574632F79756D2E7265706F732E642F726F636B792D646576656C2E7265706F202F6574632F79756D2E7265706F732E642F726F636B792D6578747261732E7265706F202F6574632F79756D2E7265706F732E642F726F636B792E7265706F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221602.262:278): pid=4117 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221602.263:279): pid=4117 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221602.265:280): pid=4117 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221602.266:281): pid=4117 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221602.275:282): pid=4101 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221602.275:283): pid=4101 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370206D6972726F722D626173652D726F636B79392E7265706F202F6574632F79756D2E7265706F732E642F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221602.276:284): pid=4101 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221602.277:285): pid=4101 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221602.281:286): pid=4101 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221602.281:287): pid=4101 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.283:288): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4100 suid=1000 rport=50254 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.283:289): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4100 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221602.284:290): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221602.284:291): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221602.285:292): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221602.285:293): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.285:294): pid=4097 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4097 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221602.304:295): pid=4123 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4123 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221602.304:296): pid=4122 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4123 suid=74 rport=50256 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221602.304:297): pid=4122 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4123 suid=74 rport=50256 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221602.364:298): pid=4122 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.364:299): pid=4122 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221602.375:300): pid=4122 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.375:301): pid=4122 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4123 suid=74 rport=50256 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221602.376:302): pid=4122 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221602.377:303): pid=4122 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=10 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221602.377:303): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff7a6fc560 a2=4 a3=3e8 items=0 ppid=1046 pid=4122 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221602.377:303): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221602.377:304): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221602.401:305): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.402:306): pid=4125 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4125 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221602.403:307): pid=4125 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221602.447:308): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221602.447:309): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.448:310): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4126 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.496:311): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4125 suid=1000 rport=50256 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.496:312): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4125 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221602.497:313): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221602.497:314): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221602.498:315): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221602.498:316): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.498:317): pid=4122 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4122 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221602.517:318): pid=4144 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4144 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221602.518:319): pid=4143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4144 suid=74 rport=50258 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221602.518:320): pid=4143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4144 suid=74 rport=50258 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221602.580:321): pid=4143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.580:322): pid=4143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221602.591:323): pid=4143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.591:324): pid=4143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4144 suid=74 rport=50258 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221602.593:325): pid=4143 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221602.593:326): pid=4143 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=11 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221602.593:326): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffec3e55c40 a2=4 a3=3e8 items=0 ppid=1046 pid=4143 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221602.593:326): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221602.594:327): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221602.618:328): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.619:329): pid=4146 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4146 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221602.620:330): pid=4146 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221602.663:331): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221602.663:332): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.664:333): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4147 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221602.691:334): pid=4147 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221602.691:335): pid=4147 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370206D6972726F722D6570656C392E7265706F202F6574632F79756D2E7265706F732E642F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221602.691:336): pid=4147 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221602.693:337): pid=4147 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221602.696:338): pid=4147 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221602.697:339): pid=4147 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221602.698:340): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221602.698:341): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.698:342): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4146 suid=1000 rport=50258 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.699:343): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4146 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221602.700:344): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221602.700:345): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.701:346): pid=4143 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4143 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221602.718:347): pid=4166 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4166 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221602.718:348): pid=4165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4166 suid=74 rport=50260 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221602.718:349): pid=4165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4166 suid=74 rport=50260 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221602.780:350): pid=4165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.780:351): pid=4165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221602.791:352): pid=4165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.792:353): pid=4165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4166 suid=74 rport=50260 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221602.794:354): pid=4165 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221602.794:355): pid=4165 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=12 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221602.794:355): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd88408190 a2=4 a3=3e8 items=0 ppid=1046 pid=4165 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=12 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221602.794:355): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221602.795:356): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221602.817:357): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.818:358): pid=4168 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4168 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221602.819:359): pid=4168 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221602.863:360): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221602.863:361): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.864:362): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4169 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221602.895:363): pid=4169 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221602.895:364): pid=4169 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6D6F6470726F62652069705F7461626C6573 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221602.895:365): pid=4169 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221602.897:366): pid=4169 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221602.910:367): pid=4169 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221602.910:368): pid=4169 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221602.912:369): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221602.912:370): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.912:371): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4168 suid=1000 rport=50260 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.913:372): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4168 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221602.914:373): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221602.914:374): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221602.915:375): pid=4165 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4165 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221602.932:376): pid=4191 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4191 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221602.933:377): pid=4189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4191 suid=74 rport=50262 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221602.933:378): pid=4189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4191 suid=74 rport=50262 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221602.995:379): pid=4189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221602.995:380): pid=4189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221603.007:381): pid=4189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221603.007:382): pid=4189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4191 suid=74 rport=50262 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221603.009:383): pid=4189 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221603.009:384): pid=4189 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=13 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221603.009:384): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe97eb24d0 a2=4 a3=3e8 items=0 ppid=1046 pid=4189 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=13 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221603.009:384): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221603.010:385): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221603.027:386): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221603.028:387): pid=4193 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4193 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221603.029:388): pid=4193 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221603.075:389): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221603.075:390): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221603.076:391): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4194 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221603.107:392): pid=4194 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221603.107:393): pid=4194 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620696E7374616C6C202D79206F70656E7373682D736572766572206F70656E73736C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221603.108:394): pid=4194 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221603.109:395): pid=4194 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=SERVICE_START msg=audit(1773221628.779:396): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-raba0f40a2c45406089aa2dbff004d29c comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221628.958:397): prog-id=31 op=LOAD type=BPF msg=audit(1773221628.958:398): prog-id=24 op=UNLOAD type=BPF msg=audit(1773221628.958:399): prog-id=32 op=LOAD type=BPF msg=audit(1773221628.958:400): prog-id=33 op=LOAD type=BPF msg=audit(1773221628.958:401): prog-id=25 op=UNLOAD type=BPF msg=audit(1773221628.958:402): prog-id=26 op=UNLOAD type=BPF msg=audit(1773221628.960:403): prog-id=34 op=LOAD type=BPF msg=audit(1773221628.960:404): prog-id=21 op=UNLOAD type=BPF msg=audit(1773221628.960:405): prog-id=35 op=LOAD type=BPF msg=audit(1773221628.960:406): prog-id=36 op=LOAD type=BPF msg=audit(1773221628.960:407): prog-id=18 op=UNLOAD type=BPF msg=audit(1773221628.960:408): prog-id=19 op=UNLOAD type=BPF msg=audit(1773221628.962:409): prog-id=37 op=LOAD type=BPF msg=audit(1773221628.962:410): prog-id=15 op=UNLOAD type=BPF msg=audit(1773221628.962:411): prog-id=38 op=LOAD type=BPF msg=audit(1773221628.962:412): prog-id=39 op=LOAD type=BPF msg=audit(1773221628.962:413): prog-id=16 op=UNLOAD type=BPF msg=audit(1773221628.962:414): prog-id=17 op=UNLOAD type=BPF msg=audit(1773221628.962:415): prog-id=40 op=LOAD type=BPF msg=audit(1773221628.962:416): prog-id=41 op=LOAD type=BPF msg=audit(1773221628.962:417): prog-id=29 op=UNLOAD type=BPF msg=audit(1773221628.962:418): prog-id=30 op=UNLOAD type=BPF msg=audit(1773221628.963:419): prog-id=42 op=LOAD type=BPF msg=audit(1773221628.963:420): prog-id=20 op=UNLOAD type=BPF msg=audit(1773221628.965:421): prog-id=43 op=LOAD type=BPF msg=audit(1773221628.965:422): prog-id=44 op=LOAD type=BPF msg=audit(1773221628.965:423): prog-id=22 op=UNLOAD type=BPF msg=audit(1773221628.965:424): prog-id=23 op=UNLOAD type=CRYPTO_KEY_USER msg=audit(1773221628.979:425): pid=1046 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=1046 suid=0 exe=2F7573722F7362696E2F73736864202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=SERVICE_STOP msg=audit(1773221628.981:426): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221629.008:427): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221629.033:428): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r7e656b0c03054a9aabc9eafbb250078f comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SOFTWARE_UPDATE msg=audit(1773221629.038:429): pid=4211 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssl-libs-1:3.5.1-7.el9_7.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221629.038:430): pid=4211 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="openssl-fips-provider-1:3.5.1-7.el9_7.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221629.038:431): pid=4211 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-8.7p1-47.el9_7.rocky.0.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221629.038:432): pid=4211 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-clients-8.7p1-47.el9_7.rocky.0.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221629.038:433): pid=4211 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-server-8.7p1-47.el9_7.rocky.0.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221629.039:434): pid=4211 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssl-1:3.5.1-7.el9_7.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221629.552:435): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221629.556:436): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_END msg=audit(1773221629.749:437): pid=4194 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221629.749:438): pid=4194 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221629.751:439): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221629.751:440): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221629.751:441): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4193 suid=1000 rport=50262 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221629.752:442): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4193 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221629.753:443): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221629.754:444): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221629.754:445): pid=4189 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=4189 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221629.776:446): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6021 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221629.777:447): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=6021 suid=74 rport=50290 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221629.777:448): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=6021 suid=74 rport=50290 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221629.843:449): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221629.843:450): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221629.854:451): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221629.854:452): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=6021 suid=74 rport=50290 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221629.855:453): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221629.855:454): pid=5987 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=14 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221629.855:454): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffea2d8ec60 a2=4 a3=3e8 items=0 ppid=4608 pid=5987 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=14 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221629.855:454): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221629.856:455): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221629.872:456): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221629.873:457): pid=6228 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6228 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221629.874:458): pid=6228 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221629.918:459): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221629.918:460): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221629.920:461): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6325 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221629.941:462): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221629.941:463): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221629.941:464): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=6228 suid=1000 rport=50290 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221629.941:465): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6228 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221629.943:466): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221629.943:467): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221629.943:468): pid=5987 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=5987 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221629.959:469): pid=6419 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6419 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221629.960:470): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=6419 suid=74 rport=50292 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221629.960:471): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=6419 suid=74 rport=50292 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221630.021:472): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221630.021:473): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221630.031:474): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221630.032:475): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=6419 suid=74 rport=50292 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221630.033:476): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221630.033:477): pid=6398 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=15 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221630.033:477): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff364105c0 a2=4 a3=3e8 items=0 ppid=4608 pid=6398 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=15 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221630.033:477): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221630.033:478): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221630.055:479): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221630.056:480): pid=6609 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6609 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221630.057:481): pid=6609 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221630.098:482): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221630.098:483): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221630.099:484): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6698 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221630.120:485): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=6609 suid=1000 rport=50292 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221630.121:486): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6609 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221630.121:487): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221630.122:488): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221630.122:489): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221630.122:490): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221630.122:491): pid=6398 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=6398 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=SERVICE_STOP msg=audit(1773221631.418:492): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221631.442:493): prog-id=41 op=UNLOAD type=BPF msg=audit(1773221631.442:494): prog-id=40 op=UNLOAD type=SERVICE_START msg=audit(1773221634.446:495): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221634.446:496): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221634.467:497): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-raba0f40a2c45406089aa2dbff004d29c comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221634.468:498): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r7e656b0c03054a9aabc9eafbb250078f comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221640.210:499): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221640.236:500): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221680.631:501): pid=14486 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14486 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221680.632:502): pid=14485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14486 suid=74 rport=50396 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221680.632:503): pid=14485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14486 suid=74 rport=50396 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221680.692:504): pid=14485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221680.692:505): pid=14485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221680.703:506): pid=14485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221680.703:507): pid=14485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14486 suid=74 rport=50396 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221680.704:508): pid=14485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221680.704:509): pid=14485 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=16 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221680.704:509): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd5f61c110 a2=4 a3=3e8 items=0 ppid=4608 pid=14485 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=16 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221680.704:509): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221680.705:510): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221680.731:511): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221680.752:512): pid=14489 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1773221680.752:513): pid=14489 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1773221680.753:514): pid=14489 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221680.753:515): pid=14489 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=17 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221680.753:515): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffe45d5f170 a2=4 a3=3e8 items=0 ppid=1 pid=14489 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=17 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221680.753:515): proctitle="(systemd)" type=USER_START msg=audit(1773221680.754:516): pid=14489 uid=0 auid=1000 ses=17 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_umask,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221680.854:517): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1773221680.868:518): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221680.869:519): pid=14498 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14498 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221680.870:520): pid=14498 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221680.916:521): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221680.916:522): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221680.917:523): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14499 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221680.937:524): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221680.937:525): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221680.937:526): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14498 suid=1000 rport=50396 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221680.937:527): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14498 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221680.939:528): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221680.939:529): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221680.939:530): pid=14485 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14485 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221680.958:531): pid=14517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14517 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221680.958:532): pid=14516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14517 suid=74 rport=50398 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221680.959:533): pid=14516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14517 suid=74 rport=50398 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221681.018:534): pid=14516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221681.018:535): pid=14516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221681.029:536): pid=14516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221681.029:537): pid=14516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14517 suid=74 rport=50398 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221681.030:538): pid=14516 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221681.030:539): pid=14516 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=18 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221681.030:539): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffecda11fd0 a2=4 a3=3e8 items=0 ppid=4608 pid=14516 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=18 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221681.030:539): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221681.031:540): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221681.049:541): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.050:542): pid=14519 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14519 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221681.051:543): pid=14519 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221681.095:544): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221681.096:545): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.096:546): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14520 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221681.123:547): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221681.123:548): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.123:549): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14519 suid=1000 rport=50398 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.123:550): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14519 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221681.124:551): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221681.124:552): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.125:553): pid=14516 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14516 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221681.144:554): pid=14537 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14537 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221681.144:555): pid=14536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14537 suid=74 rport=50400 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221681.144:556): pid=14536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14537 suid=74 rport=50400 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221681.203:557): pid=14536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221681.203:558): pid=14536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221681.214:559): pid=14536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221681.214:560): pid=14536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14537 suid=74 rport=50400 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221681.215:561): pid=14536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221681.215:562): pid=14536 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=19 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221681.215:562): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffec58779e0 a2=4 a3=3e8 items=0 ppid=4608 pid=14536 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=19 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221681.215:562): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221681.216:563): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221681.239:564): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.240:565): pid=14539 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14539 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221681.241:566): pid=14539 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221681.283:567): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221681.283:568): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.284:569): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14540 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221681.309:570): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221681.309:571): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.309:572): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14539 suid=1000 rport=50400 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.309:573): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14539 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221681.310:574): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221681.310:575): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.311:576): pid=14536 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14536 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221681.326:577): pid=14557 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14557 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221681.326:578): pid=14556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14557 suid=74 rport=50404 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221681.326:579): pid=14556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14557 suid=74 rport=50404 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221681.385:580): pid=14556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221681.385:581): pid=14556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221681.397:582): pid=14556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221681.397:583): pid=14556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14557 suid=74 rport=50404 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221681.398:584): pid=14556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221681.398:585): pid=14556 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=20 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221681.398:585): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffeb3788ac0 a2=4 a3=3e8 items=0 ppid=4608 pid=14556 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=20 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221681.398:585): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221681.399:586): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221681.418:587): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.419:588): pid=14559 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14559 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221681.420:589): pid=14559 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221681.463:590): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221681.464:591): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.464:592): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14560 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221681.485:593): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221681.485:594): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.485:595): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14559 suid=1000 rport=50404 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.486:596): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14559 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221681.487:597): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221681.487:598): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221681.488:599): pid=14556 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14556 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=SERVICE_STOP msg=audit(1773221691.707:600): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221691.729:601): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221902.775:602): pid=14583 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14583 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221902.776:603): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14583 suid=74 rport=51362 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221902.776:604): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14583 suid=74 rport=51362 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221902.838:605): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221902.838:606): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221902.848:607): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221902.849:608): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14583 suid=74 rport=51362 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221902.850:609): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221902.850:610): pid=14582 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=21 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221902.850:610): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc35779600 a2=4 a3=3e8 items=0 ppid=4608 pid=14582 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=21 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221902.850:610): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221902.850:611): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221902.881:612): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221902.889:613): pid=14586 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1773221902.889:614): pid=14586 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1773221902.889:615): pid=14586 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221902.889:616): pid=14586 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=22 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221902.889:616): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffe45d5f170 a2=4 a3=3e8 items=0 ppid=1 pid=14586 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=22 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221902.889:616): proctitle="(systemd)" type=USER_START msg=audit(1773221902.891:617): pid=14586 uid=0 auid=1000 ses=22 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_umask,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221902.983:618): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1773221902.988:619): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.989:620): pid=14597 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14597 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221902.990:621): pid=14597 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221903.035:622): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221903.035:623): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.036:624): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14598 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.057:625): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14597 suid=1000 rport=51362 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.057:626): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14597 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221903.059:627): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221903.059:628): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221903.059:629): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221903.059:630): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.060:631): pid=14582 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14582 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221903.996:632): pid=14615 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14615 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221903.997:633): pid=14614 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14615 suid=74 rport=51374 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221903.997:634): pid=14614 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14615 suid=74 rport=51374 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221904.061:635): pid=14614 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221904.061:636): pid=14614 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221904.072:637): pid=14614 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221904.073:638): pid=14614 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14615 suid=74 rport=51374 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221904.074:639): pid=14614 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221904.074:640): pid=14614 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=23 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221904.074:640): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc31e65140 a2=4 a3=3e8 items=0 ppid=4608 pid=14614 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=23 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221904.074:640): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221904.075:641): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221904.089:642): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.090:643): pid=14617 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14617 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221904.091:644): pid=14617 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221904.135:645): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221904.135:646): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.136:647): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14618 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221904.168:648): pid=14618 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221904.168:649): pid=14618 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=62617368202D63207072696E746620225C6E31302E302E302E313920202020636E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D315C6E31302E302E302E31323920202020636E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D325C6E31302E302E302E32343120202020636E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D335C6E31302E302E302E32343220202020616E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D315C6E31302E302E302E343120202020616E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D325C6E22203E3E202F6574632F686F737473 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221904.169:650): pid=14618 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221904.171:651): pid=14618 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221904.174:652): pid=14618 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221904.174:653): pid=14618 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.176:654): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14617 suid=1000 rport=51374 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.176:655): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14617 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221904.178:656): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221904.178:657): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221904.178:658): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221904.178:659): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.179:660): pid=14614 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14614 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=SERVICE_STOP msg=audit(1773221914.202:661): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221914.222:662): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221935.081:663): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.005:664): pid=14639 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14639 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221953.005:665): pid=14638 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14639 suid=74 rport=58182 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221953.005:666): pid=14638 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14639 suid=74 rport=58182 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221953.078:667): pid=14638 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.078:668): pid=14638 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:84:9d:46:9b:23:ea:21:fa:54:61:0a:b7:a5:ef:97:84:46:39:f0:f6:ea:b6:c0:e9:43:16:92:20:39:47:44:6b exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221953.089:669): pid=14638 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.090:670): pid=14638 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14639 suid=74 rport=58182 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221953.090:671): pid=14638 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221953.091:672): pid=14638 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=24 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221953.091:672): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdb66f23e0 a2=4 a3=3e8 items=0 ppid=4608 pid=14638 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=24 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221953.091:672): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221953.091:673): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221953.117:674): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221953.124:675): pid=14642 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1773221953.124:676): pid=14642 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1773221953.124:677): pid=14642 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221953.124:678): pid=14642 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=25 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221953.124:678): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffe45d5f170 a2=4 a3=3e8 items=0 ppid=1 pid=14642 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=25 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221953.124:678): proctitle="(systemd)" type=USER_START msg=audit(1773221953.126:679): pid=14642 uid=0 auid=1000 ses=25 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_umask,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221953.221:680): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1773221953.233:681): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.234:682): pid=14651 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14651 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221953.235:683): pid=14651 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221953.277:684): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221953.277:685): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.279:686): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14652 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221953.298:687): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221953.298:688): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.298:689): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14651 suid=1000 rport=58182 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.298:690): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14651 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221953.300:691): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221953.300:692): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.300:693): pid=14638 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14638 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221953.319:694): pid=14669 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14669 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221953.319:695): pid=14668 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14669 suid=74 rport=58188 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221953.320:696): pid=14668 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14669 suid=74 rport=58188 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221953.390:697): pid=14668 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.390:698): pid=14668 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:84:9d:46:9b:23:ea:21:fa:54:61:0a:b7:a5:ef:97:84:46:39:f0:f6:ea:b6:c0:e9:43:16:92:20:39:47:44:6b exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221953.402:699): pid=14668 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.402:700): pid=14668 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14669 suid=74 rport=58188 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221953.403:701): pid=14668 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221953.403:702): pid=14668 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=26 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221953.403:702): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe01fc7c20 a2=4 a3=3e8 items=0 ppid=4608 pid=14668 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=26 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221953.403:702): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221953.404:703): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221953.423:704): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.424:705): pid=14671 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14671 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221953.425:706): pid=14671 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221953.467:707): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221953.467:708): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.468:709): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14672 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221953.497:710): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221953.497:711): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.497:712): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14671 suid=1000 rport=58188 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.498:713): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14671 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221953.499:714): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221953.499:715): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.500:716): pid=14668 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14668 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221953.521:717): pid=14689 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14689 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221953.522:718): pid=14688 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14689 suid=74 rport=58204 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221953.522:719): pid=14688 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14689 suid=74 rport=58204 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221953.594:720): pid=14688 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.594:721): pid=14688 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:84:9d:46:9b:23:ea:21:fa:54:61:0a:b7:a5:ef:97:84:46:39:f0:f6:ea:b6:c0:e9:43:16:92:20:39:47:44:6b exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221953.606:722): pid=14688 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.606:723): pid=14688 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14689 suid=74 rport=58204 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221953.607:724): pid=14688 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221953.607:725): pid=14688 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=27 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221953.607:725): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff9f15ab20 a2=4 a3=3e8 items=0 ppid=4608 pid=14688 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=27 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221953.607:725): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221953.608:726): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221953.626:727): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.627:728): pid=14691 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14691 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221953.628:729): pid=14691 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221953.670:730): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221953.670:731): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.671:732): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14692 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221953.701:733): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221953.701:734): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.701:735): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14691 suid=1000 rport=58204 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.701:736): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14691 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221953.703:737): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221953.703:738): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.704:739): pid=14688 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14688 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221953.719:740): pid=14709 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14709 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221953.720:741): pid=14708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14709 suid=74 rport=58208 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221953.720:742): pid=14708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14709 suid=74 rport=58208 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221953.790:743): pid=14708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.790:744): pid=14708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:84:9d:46:9b:23:ea:21:fa:54:61:0a:b7:a5:ef:97:84:46:39:f0:f6:ea:b6:c0:e9:43:16:92:20:39:47:44:6b exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221953.802:745): pid=14708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221953.802:746): pid=14708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14709 suid=74 rport=58208 laddr=10.0.0.129 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221953.803:747): pid=14708 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221953.803:748): pid=14708 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=28 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221953.803:748): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff9373bd90 a2=4 a3=3e8 items=0 ppid=4608 pid=14708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=28 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221953.803:748): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221953.804:749): pid=14708 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221953.821:750): pid=14708 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.822:751): pid=14711 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14711 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221953.823:752): pid=14711 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221953.865:753): pid=14708 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221953.865:754): pid=14708 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221953.866:755): pid=14708 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:bb:f2:3a:80:aa:7f:ac:05:23:0f:7f:dc:e7:a1:b5:5f:05:56:3f:dc:79:c8:2f:d6:b0:86:32:84:64:ec:9b direction=? spid=14712 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221953.953:756): pid=14760 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221953.953:757): pid=14760 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/k8s_manifests-logs" cmd=6370202F6574632F6368726F6E792E636F6E66202F746D702F6B38735F6D616E6966657374732D6C6F67732F6C6F67732F73797374656D2F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221953.954:758): pid=14760 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221953.957:759): pid=14760 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221953.959:760): pid=14760 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221953.959:761): pid=14760 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221953.977:762): pid=14765 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221953.977:763): pid=14765 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/k8s_manifests-logs" cmd=6370202F7661722F6C6F672F6D65737361676573202F746D702F6B38735F6D616E6966657374732D6C6F67732F6C6F67732F73797374656D2F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221953.977:764): pid=14765 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221953.979:765): pid=14765 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221953.983:766): pid=14765 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221953.983:767): pid=14765 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221953.995:768): pid=14769 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221953.995:769): pid=14769 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/k8s_manifests-logs" cmd=62617368202D63206370202D72202F7661722F6C6F672F61756469742F2A202F746D702F6B38735F6D616E6966657374732D6C6F67732F6C6F67732F73797374656D2F61756469742F20323E2F6465762F6E756C6C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221953.996:770): pid=14769 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221953.997:771): pid=14769 uid=1000 auid=1000 ses=28 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"