type=DAEMON_START msg=audit(1718702253.723:7917): op=start ver=3.0.7 format=enriched kernel=5.14.0-284.11.1.el9_2.x86_64 auid=4294967295 pid=684 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root" type=SERVICE_START msg=audit(1718702253.731:5): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702253.780:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CONFIG_CHANGE msg=audit(1718702253.926:7): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1718702253.926:7): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc765f8350 a2=3c a3=0 items=0 ppid=689 pid=699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1718702253.926:7): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=CONFIG_CHANGE msg=audit(1718702253.926:8): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1718702253.926:8): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc765f8350 a2=3c a3=0 items=0 ppid=689 pid=699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1718702253.926:8): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=CONFIG_CHANGE msg=audit(1718702253.926:9): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1718702253.926:9): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc765f8350 a2=3c a3=0 items=0 ppid=689 pid=699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1718702253.926:9): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=SERVICE_START msg=audit(1718702253.928:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_BOOT msg=audit(1718702253.934:11): pid=706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702253.939:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702253.955:13): prog-id=18 op=LOAD type=SERVICE_START msg=audit(1718702253.966:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702253.973:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702254.014:16): prog-id=19 op=LOAD type=BPF msg=audit(1718702254.014:17): prog-id=20 op=LOAD type=BPF msg=audit(1718702254.014:18): prog-id=21 op=LOAD type=SERVICE_START msg=audit(1718702254.018:19): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702254.160:20): prog-id=22 op=LOAD type=SERVICE_START msg=audit(1718702254.587:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702254.764:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702254.929:23): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702254.957:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702260.693:25): prog-id=23 op=LOAD type=BPF msg=audit(1718702260.693:26): prog-id=24 op=LOAD type=SERVICE_START msg=audit(1718702260.743:27): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702260.833:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702260.947:29): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702261.236:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702261.257:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702261.361:32): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=ADD_GROUP msg=audit(1718702263.723:33): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-group acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=ADD_USER msg=audit(1718702263.727:34): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1718702263.727:35): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="adm" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1718702263.727:36): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="systemd-journal" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1718702263.727:37): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="adm" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1718702263.727:38): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="systemd-journal" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1718702264.001:39): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky" type=ACCT_LOCK msg=audit(1718702264.063:40): pid=895 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:passwd_t:s0 msg='op=locked-password id=1000 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky" type=SERVICE_START msg=audit(1718702265.072:41): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.105:42): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.111:43): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.114:44): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.117:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.121:46): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.127:47): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_RUNLEVEL msg=audit(1718702265.145:48): pid=914 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.147:49): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702265.147:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1718702265.593:51): pid=902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=902 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=SERVICE_STOP msg=audit(1718702265.598:52): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.624:53): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702265.705:54): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702266.386:55): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1718702266.586:56): pid=1666 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1666 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_KEY_USER msg=audit(1718702266.595:57): pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1670 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1718702266.596:58): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-gcm@openssh.com ksize=128 mac= pfs=curve25519-sha256 spid=1670 suid=74 rport=53512 laddr=10.0.0.28 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1718702266.596:59): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-gcm@openssh.com ksize=128 mac= pfs=curve25519-sha256 spid=1670 suid=74 rport=53512 laddr=10.0.0.28 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1718702266.715:60): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1718702266.715:61): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:92:3f:76:ae:b3:c4:29:f5:3c:2c:a0:b6:51:ea:7a:b4:2a:ad:64:ca:1e:07:10:fa:50:6f:d7:e1:04:76:6a:e7 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1718702266.842:62): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1718702266.842:63): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1670 suid=74 rport=53512 laddr=10.0.0.28 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1718702266.849:64): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1718702266.849:65): pid=1667 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=1 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1718702266.849:65): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc73d69b50 a2=4 a3=3e8 items=0 ppid=1140 pid=1667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1718702266.849:65): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1718702266.855:66): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1718702266.927:67): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1718702267.017:68): pid=1772 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1718702267.017:69): pid=1772 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1718702267.017:70): pid=1772 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1718702267.017:71): pid=1772 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1718702267.017:71): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffe1b1df310 a2=4 a3=3e8 items=0 ppid=1 pid=1772 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1718702267.017:71): proctitle="(systemd)" type=USER_START msg=audit(1718702267.018:72): pid=1772 uid=0 auid=1000 ses=2 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1718702267.115:73): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1718702267.124:74): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1718702267.125:75): pid=1887 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1887 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1718702267.126:76): pid=1887 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1718702267.175:77): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1718702267.175:78): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1718702267.176:79): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1919 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1718702267.217:80): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1718702267.217:81): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGIN msg=audit(1718702267.218:82): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1718702267.218:83): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1718702267.221:84): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1950 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1718702267.235:85): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1718702267.235:86): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGIN msg=audit(1718702267.238:87): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1718702267.238:88): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1718702267.240:89): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1963 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1718702267.355:90): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1718702267.355:91): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620696E7374616C6C202D792062696E642062696E642D7574696C7320686170726F7879206874747064206E65742D746F6F6C73 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1718702267.356:92): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1718702267.357:93): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=SERVICE_STOP msg=audit(1718702271.412:94): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702281.023:95): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=ADD_GROUP msg=audit(1718702282.816:96): pid=4051 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="apache" type=GRP_MGMT msg=audit(1718702282.843:97): pid=4051 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="apache" type=ADD_USER msg=audit(1718702282.910:98): pid=4058 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user acct="apache" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=ADD_GROUP msg=audit(1718702283.671:99): pid=4069 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="named" type=GRP_MGMT msg=audit(1718702283.675:100): pid=4069 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="named" type=ADD_USER msg=audit(1718702283.726:101): pid=4075 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user acct="named" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_STOP msg=audit(1718702291.043:102): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702291.063:103): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702291.063:104): prog-id=0 op=UNLOAD type=MAC_POLICY_LOAD msg=audit(1718702292.634:105): auid=1000 ses=1 lsm=selinux res=1AUID="rocky" type=SYSCALL msg=audit(1718702292.634:105): arch=c000003e syscall=1 success=yes exit=3511466 a0=4 a1=7fe6e3800000 a2=3594aa a3=0 items=0 ppid=4094 pid=4104 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1718702292.634:105): proctitle="/sbin/load_policy" type=ADD_GROUP msg=audit(1718702292.821:106): pid=4110 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=987 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="haproxy" type=GRP_MGMT msg=audit(1718702292.834:107): pid=4110 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=987 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="haproxy" type=ADD_USER msg=audit(1718702292.902:108): pid=4117 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user acct="haproxy" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1718702293.321:109): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-rdb8624aa4e674c03a6cc838f29418677 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702293.572:110): prog-id=25 op=LOAD type=BPF msg=audit(1718702293.572:111): prog-id=26 op=LOAD type=BPF msg=audit(1718702293.572:112): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.572:113): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.573:114): prog-id=27 op=LOAD type=BPF msg=audit(1718702293.573:115): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.575:116): prog-id=28 op=LOAD type=BPF msg=audit(1718702293.575:117): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.578:118): prog-id=29 op=LOAD type=BPF msg=audit(1718702293.578:119): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.578:120): prog-id=30 op=LOAD type=BPF msg=audit(1718702293.578:121): prog-id=31 op=LOAD type=BPF msg=audit(1718702293.578:122): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.578:123): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.580:124): prog-id=32 op=LOAD type=BPF msg=audit(1718702293.580:125): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.580:126): prog-id=33 op=LOAD type=BPF msg=audit(1718702293.580:127): prog-id=34 op=LOAD type=BPF msg=audit(1718702293.580:128): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702293.580:129): prog-id=0 op=UNLOAD type=SOFTWARE_UPDATE msg=audit(1718702293.605:130): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="apr-1.7.0-12.el9_3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.605:131): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="apr-util-bdb-1.6.1-23.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.605:132): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="apr-util-1.6.1-23.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:133): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="apr-util-openssl-1.6.1-23.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:134): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-license-32:9.16.23-18.el9_4.1.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:135): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="protobuf-c-1.3.3-13.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:136): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="fstrm-0.6.1-3.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:137): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="libuv-1:1.42.0-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:138): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-libs-32:9.16.23-18.el9_4.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:139): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-utils-32:9.16.23-18.el9_4.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:140): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-dnssec-doc-32:9.16.23-18.el9_4.1.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.606:141): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="httpd-tools-2.4.57-8.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:142): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="httpd-filesystem-2.4.57-8.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:143): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="rocky-logos-httpd-90.15-2.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:144): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-ply-3.11-14.el9.0.1.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:145): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-bind-32:9.16.23-18.el9_4.1.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:146): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-dnssec-utils-32:9.16.23-18.el9_4.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:147): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="mailcap-2.1.49-5.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:148): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="httpd-core-2.4.57-8.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:149): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="mod_lua-2.4.57-8.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:150): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="httpd-2.4.57-8.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:151): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="mod_http2-2.0.26-2.el9_4.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:152): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-32:9.16.23-18.el9_4.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:153): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="haproxy-2.4.22-3.el9_3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1718702293.607:154): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="net-tools-2.0-0.62.20160912git.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1718702296.654:155): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1718702296.654:156): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1718702296.657:157): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1718702296.657:158): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGIN msg=audit(1718702296.658:159): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1718702296.658:160): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1718702296.661:161): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=5765 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1718702296.675:162): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1718702296.675:163): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGIN msg=audit(1718702296.676:164): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1718702296.676:165): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1718702296.678:166): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=5803 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1718702296.693:167): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1718702296.693:168): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=SERVICE_STOP msg=audit(1718702297.328:169): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-rdb8624aa4e674c03a6cc838f29418677 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.338:170): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.338:171): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.339:172): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1718702297.350:173): pid=1140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1140 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=USER_END msg=audit(1718702297.353:174): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1718702297.353:175): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1718702297.353:176): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1667 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=SERVICE_STOP msg=audit(1718702297.357:177): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-machine-id-commit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.368:178): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.370:179): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.372:180): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.374:181): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.375:182): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702297.376:183): prog-id=0 op=UNLOAD type=SERVICE_STOP msg=audit(1718702297.380:184): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.382:185): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.387:186): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.389:187): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702297.580:188): prog-id=35 op=LOAD type=BPF msg=audit(1718702297.580:189): prog-id=36 op=LOAD type=BPF msg=audit(1718702297.580:190): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702297.580:191): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702297.581:192): prog-id=37 op=LOAD type=BPF msg=audit(1718702297.581:193): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702297.583:194): prog-id=38 op=LOAD type=BPF msg=audit(1718702297.583:195): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702297.583:196): prog-id=39 op=LOAD type=BPF msg=audit(1718702297.583:197): prog-id=40 op=LOAD type=BPF msg=audit(1718702297.583:198): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702297.583:199): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702297.584:200): prog-id=41 op=LOAD type=BPF msg=audit(1718702297.584:201): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702297.584:202): prog-id=42 op=LOAD type=BPF msg=audit(1718702297.584:203): prog-id=43 op=LOAD type=BPF msg=audit(1718702297.584:204): prog-id=0 op=UNLOAD type=BPF msg=audit(1718702297.584:205): prog-id=0 op=UNLOAD type=SERVICE_STOP msg=audit(1718702297.595:206): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.597:207): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1718702297.599:208): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.618:209): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.619:210): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.621:211): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702297.622:212): prog-id=0 op=UNLOAD type=SERVICE_STOP msg=audit(1718702297.631:213): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.652:214): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.655:215): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.666:216): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-network-generator comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.670:217): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1718702297.675:218): prog-id=0 op=UNLOAD type=SERVICE_STOP msg=audit(1718702297.684:219): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nis-domainname comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.685:220): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.686:221): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-modules-load comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.687:222): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.688:223): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ldconfig comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.689:224): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-boot-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.690:225): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.691:226): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_SHUTDOWN msg=audit(1718702297.699:227): pid=6484 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1718702297.703:228): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=DAEMON_END msg=audit(1718702297.706:7918): op=terminate auid=0 pid=1 subj=system_u:system_r:init_t:s0 res=successAUID="root" type=DAEMON_START msg=audit(1744467532.798:4617): op=start ver=3.0.7 format=enriched kernel=5.14.0-284.11.1.el9_2.x86_64 auid=4294967295 pid=705 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root" type=SERVICE_START msg=audit(1744467532.813:5): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CONFIG_CHANGE msg=audit(1744467532.837:6): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1744467532.837:6): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffda0477bc0 a2=3c a3=0 items=0 ppid=710 pid=720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467532.837:6): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=CONFIG_CHANGE msg=audit(1744467532.837:7): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1744467532.837:7): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffda0477bc0 a2=3c a3=0 items=0 ppid=710 pid=720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467532.837:7): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=CONFIG_CHANGE msg=audit(1744467532.837:8): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1744467532.837:8): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffda0477bc0 a2=3c a3=0 items=0 ppid=710 pid=720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467532.837:8): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=SERVICE_START msg=audit(1744467532.839:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_BOOT msg=audit(1744467532.844:10): pid=727 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467532.849:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467532.864:12): prog-id=18 op=LOAD type=SERVICE_START msg=audit(1744467532.876:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467532.880:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467532.890:15): prog-id=19 op=LOAD type=BPF msg=audit(1744467532.890:16): prog-id=20 op=LOAD type=BPF msg=audit(1744467532.890:17): prog-id=21 op=LOAD type=SERVICE_START msg=audit(1744467532.901:18): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467532.903:19): prog-id=22 op=LOAD type=SERVICE_START msg=audit(1744467532.917:20): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467532.939:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r8f609a42439c40458db790931dce8cfb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467532.941:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467532.944:23): prog-id=23 op=LOAD type=SERVICE_START msg=audit(1744467532.967:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=logrotate comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467532.967:25): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=logrotate comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467532.973:26): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.159:27): prog-id=24 op=LOAD type=BPF msg=audit(1744467533.159:28): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.159:29): prog-id=25 op=LOAD type=BPF msg=audit(1744467533.159:30): prog-id=26 op=LOAD type=BPF msg=audit(1744467533.159:31): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.159:32): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.159:33): prog-id=27 op=LOAD type=BPF msg=audit(1744467533.159:34): prog-id=28 op=LOAD type=BPF msg=audit(1744467533.159:35): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.159:36): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.160:37): prog-id=29 op=LOAD type=BPF msg=audit(1744467533.160:38): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.161:39): prog-id=30 op=LOAD type=BPF msg=audit(1744467533.161:40): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.163:41): prog-id=31 op=LOAD type=BPF msg=audit(1744467533.163:42): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.163:43): prog-id=32 op=LOAD type=BPF msg=audit(1744467533.163:44): prog-id=33 op=LOAD type=BPF msg=audit(1744467533.163:45): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467533.163:46): prog-id=0 op=UNLOAD type=SERVICE_START msg=audit(1744467533.177:47): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467533.179:48): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-restart-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467533.179:49): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-restart-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467533.185:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467534.449:51): prog-id=34 op=LOAD type=BPF msg=audit(1744467534.449:52): prog-id=35 op=LOAD type=SERVICE_START msg=audit(1744467534.495:53): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467534.580:54): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467534.633:55): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467534.670:56): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467534.691:57): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467534.739:58): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=ACCT_LOCK msg=audit(1744467535.943:59): pid=4181 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:passwd_t:s0 msg='op=locked-password id=1000 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky" type=SERVICE_START msg=audit(1744467536.772:60): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467536.797:61): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467536.804:62): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467536.808:63): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467536.810:64): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467536.813:65): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467536.818:66): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_RUNLEVEL msg=audit(1744467536.832:67): pid=5609 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467536.835:68): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467536.835:69): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467537.161:70): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467537.599:71): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467538.012:72): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467539.691:73): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467539.691:74): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467539.713:75): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r8f609a42439c40458db790931dce8cfb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467543.650:76): pid=11675 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11675 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467543.652:77): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11675 suid=74 rport=51296 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467543.652:78): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11675 suid=74 rport=51296 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467543.733:79): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467543.733:80): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467543.774:81): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467543.774:82): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11675 suid=74 rport=51296 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467543.777:83): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467543.777:84): pid=11674 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=1 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467543.777:84): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffce5e48520 a2=4 a3=3e8 items=0 ppid=5566 pid=11674 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467543.777:84): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467543.780:85): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1744467543.805:86): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467543.846:87): pid=11678 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1744467543.846:88): pid=11678 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1744467543.847:89): pid=11678 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467543.847:90): pid=11678 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467543.847:90): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7fff56164ef0 a2=4 a3=3e8 items=0 ppid=1 pid=11678 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467543.847:90): proctitle="(systemd)" type=USER_START msg=audit(1744467543.848:91): pid=11678 uid=0 auid=1000 ses=2 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1744467543.926:92): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1744467543.933:93): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467543.934:94): pid=11687 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11687 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467543.935:95): pid=11687 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467543.977:96): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467543.977:97): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467543.978:98): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11688 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.006:99): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11687 suid=1000 rport=51296 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.006:100): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11687 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467544.007:101): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467544.007:102): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467544.008:103): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467544.008:104): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.008:105): pid=11674 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11674 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467544.030:106): pid=11702 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11702 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467544.031:107): pid=11701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11702 suid=74 rport=51300 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467544.031:108): pid=11701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11702 suid=74 rport=51300 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467544.108:109): pid=11701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467544.109:110): pid=11701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467544.147:111): pid=11701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467544.147:112): pid=11701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11702 suid=74 rport=51300 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467544.149:113): pid=11701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467544.149:114): pid=11701 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=3 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467544.149:114): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc302d2d40 a2=4 a3=3e8 items=0 ppid=5566 pid=11701 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467544.149:114): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467544.149:115): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467544.160:116): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.160:117): pid=11704 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11704 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467544.161:118): pid=11704 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467544.205:119): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467544.205:120): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.206:121): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11705 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467544.251:122): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467544.251:123): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.251:124): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11704 suid=1000 rport=51300 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.252:125): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11704 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467544.253:126): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467544.253:127): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.254:128): pid=11701 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11701 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467544.271:129): pid=11720 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11720 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467544.272:130): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11720 suid=74 rport=51302 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467544.272:131): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11720 suid=74 rport=51302 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467544.349:132): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467544.349:133): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467544.389:134): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467544.389:135): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11720 suid=74 rport=51302 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467544.390:136): pid=11719 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467544.390:137): pid=11719 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=4 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467544.390:137): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd9646de20 a2=4 a3=3e8 items=0 ppid=5566 pid=11719 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467544.390:137): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467544.391:138): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467544.400:139): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.401:140): pid=11722 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11722 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467544.402:141): pid=11722 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467544.445:142): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467544.445:143): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.447:144): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11723 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.490:145): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11722 suid=1000 rport=51302 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.491:146): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11722 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467544.492:147): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467544.492:148): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467544.492:149): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467544.492:150): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.492:151): pid=11719 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11719 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467544.509:152): pid=11738 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11738 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467544.510:153): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11738 suid=74 rport=51304 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467544.510:154): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11738 suid=74 rport=51304 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467544.590:155): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467544.590:156): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467544.630:157): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467544.630:158): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11738 suid=74 rport=51304 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467544.632:159): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467544.632:160): pid=11737 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=5 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467544.632:160): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffcc84081b0 a2=4 a3=3e8 items=0 ppid=5566 pid=11737 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467544.632:160): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467544.632:161): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467544.642:162): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.643:163): pid=11740 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11740 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467544.645:164): pid=11740 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467544.689:165): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467544.689:166): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.691:167): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11741 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467544.771:168): pid=11756 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467544.771:169): pid=11756 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370202D66202E2F7069702E636F6E66202F6574632F7069702E636F6E66 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467544.771:170): pid=11756 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467544.774:171): pid=11756 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467544.780:172): pid=11756 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467544.780:173): pid=11756 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=SERVICE_STOP msg=audit(1744467544.794:174): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467544.825:175): pid=11759 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467544.825:176): pid=11759 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6D6B646972202D70202F6574632F646F636B65722F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467544.826:177): pid=11759 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467544.827:178): pid=11759 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467544.830:179): pid=11759 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467544.830:180): pid=11759 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1744467544.871:181): pid=11762 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467544.871:182): pid=11762 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370202D66202E2F646F636B65722D6461656D6F6E2E6A736F6E202F6574632F646F636B65722F6461656D6F6E2E6A736F6E exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467544.871:183): pid=11762 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467544.872:184): pid=11762 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467544.876:185): pid=11762 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467544.876:186): pid=11762 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.878:187): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11740 suid=1000 rport=51304 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.879:188): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11740 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467544.880:189): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467544.880:190): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467544.881:191): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467544.881:192): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467544.881:193): pid=11737 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11737 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467544.894:194): pid=11766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11766 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467544.894:195): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11766 suid=74 rport=51308 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467544.894:196): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11766 suid=74 rport=51308 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467544.974:197): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467544.974:198): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467545.012:199): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467545.012:200): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11766 suid=74 rport=51308 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467545.014:201): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467545.014:202): pid=11765 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=6 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467545.014:202): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff4a3bd8c0 a2=4 a3=3e8 items=0 ppid=5566 pid=11765 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467545.014:202): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467545.015:203): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467545.025:204): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.026:205): pid=11768 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11768 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467545.027:206): pid=11768 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467545.069:207): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467545.070:208): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.071:209): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11769 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.087:210): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11768 suid=1000 rport=51308 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.087:211): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11768 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467545.089:212): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467545.089:213): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467545.089:214): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467545.090:215): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.090:216): pid=11765 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11765 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467545.103:217): pid=11783 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11783 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467545.103:218): pid=11782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11783 suid=74 rport=51310 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467545.103:219): pid=11782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11783 suid=74 rport=51310 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467545.182:220): pid=11782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467545.182:221): pid=11782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467545.221:222): pid=11782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467545.221:223): pid=11782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11783 suid=74 rport=51310 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467545.223:224): pid=11782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467545.223:225): pid=11782 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=7 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467545.223:225): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe52161270 a2=4 a3=3e8 items=0 ppid=5566 pid=11782 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467545.223:225): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467545.223:226): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467545.232:227): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.233:228): pid=11785 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11785 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467545.234:229): pid=11785 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467545.277:230): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467545.277:231): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.279:232): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11786 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467545.336:233): pid=11803 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467545.337:234): pid=11803 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=657468746F6F6C202D4B2065746830207478206F6666 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467545.337:235): pid=11803 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467545.338:236): pid=11803 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467545.342:237): pid=11803 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467545.342:238): pid=11803 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467545.343:239): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467545.344:240): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.344:241): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11785 suid=1000 rport=51310 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.344:242): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11785 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467545.346:243): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467545.346:244): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.346:245): pid=11782 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11782 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467545.362:246): pid=11807 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11807 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467545.363:247): pid=11806 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11807 suid=74 rport=51312 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467545.363:248): pid=11806 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11807 suid=74 rport=51312 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467545.442:249): pid=11806 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467545.442:250): pid=11806 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467545.481:251): pid=11806 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467545.481:252): pid=11806 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11807 suid=74 rport=51312 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467545.483:253): pid=11806 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467545.483:254): pid=11806 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=8 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467545.483:254): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffeecfb7f70 a2=4 a3=3e8 items=0 ppid=5566 pid=11806 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=8 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467545.483:254): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467545.484:255): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467545.492:256): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.493:257): pid=11809 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11809 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467545.494:258): pid=11809 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467545.537:259): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467545.537:260): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.539:261): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11810 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.579:262): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11809 suid=1000 rport=51312 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.580:263): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11809 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467545.581:264): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467545.581:265): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467545.582:266): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467545.582:267): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.582:268): pid=11806 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11806 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467545.594:269): pid=11825 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11825 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467545.595:270): pid=11824 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11825 suid=74 rport=51314 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467545.595:271): pid=11824 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11825 suid=74 rport=51314 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467545.676:272): pid=11824 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467545.676:273): pid=11824 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467545.715:274): pid=11824 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467545.715:275): pid=11824 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11825 suid=74 rport=51314 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467545.717:276): pid=11824 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467545.717:277): pid=11824 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=9 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467545.717:277): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffcac53ebf0 a2=4 a3=3e8 items=0 ppid=5566 pid=11824 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467545.717:277): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467545.717:278): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467545.725:279): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.726:280): pid=11827 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11827 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467545.727:281): pid=11827 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467545.769:282): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467545.769:283): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.770:284): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11828 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467545.823:285): pid=11841 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467545.823:286): pid=11841 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=726D202D66202F6574632F79756D2E7265706F732E642F726F636B792D6164646F6E732E7265706F202F6574632F79756D2E7265706F732E642F726F636B792D646576656C2E7265706F202F6574632F79756D2E7265706F732E642F726F636B792D6578747261732E7265706F202F6574632F79756D2E7265706F732E642F726F636B792E7265706F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467545.823:287): pid=11841 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467545.825:288): pid=11841 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467545.826:289): pid=11841 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467545.827:290): pid=11841 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1744467545.867:291): pid=11828 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467545.867:292): pid=11828 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370206D6972726F722D626173652D726F636B79392E7265706F202F6574632F79756D2E7265706F732E642F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467545.867:293): pid=11828 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467545.869:294): pid=11828 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467545.872:295): pid=11828 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467545.872:296): pid=11828 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467545.873:297): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467545.873:298): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.873:299): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11827 suid=1000 rport=51314 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.874:300): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11827 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467545.875:301): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467545.875:302): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467545.875:303): pid=11824 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11824 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467545.892:304): pid=11847 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11847 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467545.892:305): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11847 suid=74 rport=51324 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467545.893:306): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11847 suid=74 rport=51324 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467545.971:307): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467545.971:308): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467546.010:309): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467546.011:310): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11847 suid=74 rport=51324 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467546.012:311): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467546.012:312): pid=11846 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=10 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467546.012:312): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc5390f460 a2=4 a3=3e8 items=0 ppid=5566 pid=11846 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467546.012:312): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467546.013:313): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467546.021:314): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.022:315): pid=11849 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11849 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467546.023:316): pid=11849 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467546.065:317): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467546.065:318): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.066:319): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11850 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.106:320): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11849 suid=1000 rport=51324 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.107:321): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11849 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467546.108:322): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467546.108:323): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467546.108:324): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467546.108:325): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.109:326): pid=11846 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11846 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467546.122:327): pid=11865 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11865 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467546.122:328): pid=11864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11865 suid=74 rport=51328 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467546.122:329): pid=11864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11865 suid=74 rport=51328 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467546.203:330): pid=11864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467546.203:331): pid=11864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467546.241:332): pid=11864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467546.242:333): pid=11864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11865 suid=74 rport=51328 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467546.243:334): pid=11864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467546.243:335): pid=11864 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=11 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467546.243:335): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd6178d8f0 a2=4 a3=3e8 items=0 ppid=5566 pid=11864 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467546.243:335): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467546.244:336): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467546.251:337): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.252:338): pid=11867 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11867 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467546.253:339): pid=11867 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467546.297:340): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467546.297:341): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.298:342): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11868 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467546.352:343): pid=11868 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467546.352:344): pid=11868 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370206D6972726F722D6570656C392E7265706F202F6574632F79756D2E7265706F732E642F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467546.352:345): pid=11868 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467546.354:346): pid=11868 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467546.357:347): pid=11868 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467546.358:348): pid=11868 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467546.359:349): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467546.359:350): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.359:351): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11867 suid=1000 rport=51328 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.360:352): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11867 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467546.360:353): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467546.361:354): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.361:355): pid=11864 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11864 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467546.375:356): pid=11884 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11884 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467546.375:357): pid=11883 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11884 suid=74 rport=51330 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467546.375:358): pid=11883 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11884 suid=74 rport=51330 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467546.454:359): pid=11883 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467546.454:360): pid=11883 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467546.497:361): pid=11883 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467546.497:362): pid=11883 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11884 suid=74 rport=51330 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467546.498:363): pid=11883 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467546.498:364): pid=11883 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=12 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467546.498:364): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff64d91870 a2=4 a3=3e8 items=0 ppid=5566 pid=11883 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=12 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467546.498:364): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467546.499:365): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467546.507:366): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.508:367): pid=11886 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11886 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467546.509:368): pid=11886 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467546.553:369): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467546.554:370): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.555:371): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11887 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467546.609:372): pid=11887 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467546.609:373): pid=11887 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6D6F6470726F62652069705F7461626C6573 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467546.610:374): pid=11887 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467546.611:375): pid=11887 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467546.630:376): pid=11887 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467546.630:377): pid=11887 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.632:378): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11886 suid=1000 rport=51330 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.633:379): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11886 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467546.634:380): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467546.634:381): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467546.635:382): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467546.635:383): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.635:384): pid=11883 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11883 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467546.648:385): pid=11904 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11904 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467546.649:386): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11904 suid=74 rport=51332 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467546.649:387): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=11904 suid=74 rport=51332 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467546.727:388): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467546.727:389): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467546.766:390): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467546.766:391): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11904 suid=74 rport=51332 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467546.768:392): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467546.768:393): pid=11902 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=13 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467546.768:393): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffeb2c99de0 a2=4 a3=3e8 items=0 ppid=5566 pid=11902 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=13 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467546.768:393): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467546.769:394): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467546.778:395): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.779:396): pid=11906 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11906 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467546.780:397): pid=11906 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467546.825:398): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467546.825:399): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467546.827:400): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11907 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467546.884:401): pid=11907 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467546.884:402): pid=11907 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620696E7374616C6C202D79206F70656E7373682D736572766572206F70656E73736C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467546.885:403): pid=11907 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467546.887:404): pid=11907 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=SERVICE_START msg=audit(1744467561.093:405): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r18df944d98be424b8d6be5d06f3ccba8 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467561.265:406): prog-id=36 op=LOAD type=BPF msg=audit(1744467561.265:407): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.265:408): prog-id=37 op=LOAD type=BPF msg=audit(1744467561.265:409): prog-id=38 op=LOAD type=BPF msg=audit(1744467561.265:410): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.265:411): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.267:412): prog-id=39 op=LOAD type=BPF msg=audit(1744467561.267:413): prog-id=40 op=LOAD type=BPF msg=audit(1744467561.267:414): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.267:415): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.269:416): prog-id=41 op=LOAD type=BPF msg=audit(1744467561.269:417): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.270:418): prog-id=42 op=LOAD type=BPF msg=audit(1744467561.270:419): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.274:420): prog-id=43 op=LOAD type=BPF msg=audit(1744467561.274:421): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.274:422): prog-id=44 op=LOAD type=BPF msg=audit(1744467561.274:423): prog-id=45 op=LOAD type=BPF msg=audit(1744467561.274:424): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.274:425): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.274:426): prog-id=46 op=LOAD type=BPF msg=audit(1744467561.274:427): prog-id=47 op=LOAD type=BPF msg=audit(1744467561.275:428): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467561.275:429): prog-id=0 op=UNLOAD type=CRYPTO_KEY_USER msg=audit(1744467561.287:430): pid=5566 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=5566 suid=0 exe=2F7573722F7362696E2F73736864202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=SERVICE_STOP msg=audit(1744467561.288:431): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467561.300:432): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467561.316:433): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r85179cad4913470ebfa748c1856218b1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SOFTWARE_UPDATE msg=audit(1744467561.320:434): pid=11921 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssl-libs-1:3.2.2-6.el9_5.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467561.320:435): pid=11921 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-8.7p1-43.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467561.320:436): pid=11921 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-clients-8.7p1-43.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467561.320:437): pid=11921 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-server-8.7p1-43.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467561.320:438): pid=11921 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssl-1:3.2.2-6.el9_5.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467561.768:439): pid=11907 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467561.768:440): pid=11907 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467561.770:441): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467561.770:442): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467561.770:443): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11906 suid=1000 rport=51332 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467561.771:444): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11906 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467561.772:445): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467561.772:446): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467561.773:447): pid=11902 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=11902 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467561.787:448): pid=13332 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13332 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467561.788:449): pid=13331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13332 suid=74 rport=51394 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467561.788:450): pid=13331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13332 suid=74 rport=51394 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467561.863:451): pid=13331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467561.863:452): pid=13331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467561.903:453): pid=13331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467561.903:454): pid=13331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13332 suid=74 rport=51394 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467561.904:455): pid=13331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467561.904:456): pid=13331 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=14 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467561.904:456): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffde7cfeca0 a2=4 a3=3e8 items=0 ppid=12353 pid=13331 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=14 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467561.904:456): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467561.905:457): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467561.915:458): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467561.916:459): pid=13334 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13334 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467561.916:460): pid=13334 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467561.958:461): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467561.958:462): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467561.960:463): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13335 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467562.101:464): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467562.101:465): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467562.101:466): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13334 suid=1000 rport=51394 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467562.101:467): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13334 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467562.102:468): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467562.103:469): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467562.103:470): pid=13331 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13331 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467562.116:471): pid=13354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13354 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467562.117:472): pid=13353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13354 suid=74 rport=51396 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467562.117:473): pid=13353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13354 suid=74 rport=51396 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467562.194:474): pid=13353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467562.194:475): pid=13353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467562.221:476): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467562.221:477): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467562.232:478): pid=13353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467562.233:479): pid=13353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13354 suid=74 rport=51396 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467562.234:480): pid=13353 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467562.234:481): pid=13353 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=15 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467562.234:481): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdea832460 a2=4 a3=3e8 items=0 ppid=12353 pid=13353 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=15 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467562.234:481): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467562.235:482): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_STOP msg=audit(1744467562.243:483): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r18df944d98be424b8d6be5d06f3ccba8 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467562.244:484): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r85179cad4913470ebfa748c1856218b1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1744467562.255:485): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467562.255:486): pid=13357 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13357 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467562.256:487): pid=13357 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467562.298:488): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467562.298:489): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467562.300:490): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13358 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467562.316:491): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13357 suid=1000 rport=51396 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467562.317:492): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13357 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467562.317:493): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467562.318:494): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467562.318:495): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467562.318:496): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467562.318:497): pid=13353 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13353 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467572.193:498): pid=13372 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13372 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467572.194:499): pid=13371 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13372 suid=74 rport=51446 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467572.194:500): pid=13371 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13372 suid=74 rport=51446 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467572.256:501): pid=13371 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467572.256:502): pid=13371 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467572.295:503): pid=13371 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467572.296:504): pid=13371 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13372 suid=74 rport=51446 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467572.297:505): pid=13371 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467572.297:506): pid=13371 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=16 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467572.297:506): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd30958ce0 a2=4 a3=3e8 items=0 ppid=12353 pid=13371 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=16 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467572.297:506): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467572.298:507): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467572.306:508): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467572.306:509): pid=13374 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13374 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467572.307:510): pid=13374 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467572.350:511): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467572.350:512): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467572.351:513): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13375 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467572.368:514): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13374 suid=1000 rport=51446 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467572.368:515): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13374 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467572.369:516): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467572.370:517): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467572.370:518): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467572.370:519): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467572.370:520): pid=13371 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13371 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467573.412:521): pid=13390 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13390 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467573.412:522): pid=13389 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13390 suid=74 rport=51450 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467573.412:523): pid=13389 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13390 suid=74 rport=51450 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467573.470:524): pid=13389 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467573.470:525): pid=13389 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467573.511:526): pid=13389 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467573.512:527): pid=13389 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13390 suid=74 rport=51450 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467573.513:528): pid=13389 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467573.514:529): pid=13389 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=17 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467573.514:529): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdac2dcc00 a2=4 a3=3e8 items=0 ppid=12353 pid=13389 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=17 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467573.514:529): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467573.514:530): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467573.524:531): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.525:532): pid=13392 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13392 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467573.526:533): pid=13392 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467573.570:534): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467573.570:535): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.571:536): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13393 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467573.593:537): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467573.593:538): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.593:539): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13392 suid=1000 rport=51450 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.594:540): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13392 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467573.595:541): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467573.595:542): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.596:543): pid=13389 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13389 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467573.612:544): pid=13407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13407 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467573.612:545): pid=13406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13407 suid=74 rport=51456 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467573.612:546): pid=13406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13407 suid=74 rport=51456 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467573.671:547): pid=13406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467573.671:548): pid=13406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467573.710:549): pid=13406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467573.711:550): pid=13406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13407 suid=74 rport=51456 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467573.713:551): pid=13406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467573.713:552): pid=13406 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=18 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467573.713:552): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff13acfcb0 a2=4 a3=3e8 items=0 ppid=12353 pid=13406 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=18 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467573.713:552): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467573.714:553): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467573.726:554): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.727:555): pid=13409 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13409 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467573.728:556): pid=13409 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467573.770:557): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467573.770:558): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.771:559): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13410 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467573.794:560): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467573.794:561): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.794:562): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13409 suid=1000 rport=51456 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.795:563): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13409 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467573.796:564): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467573.796:565): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.797:566): pid=13406 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13406 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467573.810:567): pid=13424 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13424 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467573.811:568): pid=13423 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13424 suid=74 rport=51458 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467573.811:569): pid=13423 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13424 suid=74 rport=51458 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467573.870:570): pid=13423 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467573.870:571): pid=13423 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467573.909:572): pid=13423 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467573.910:573): pid=13423 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13424 suid=74 rport=51458 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467573.911:574): pid=13423 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467573.911:575): pid=13423 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=19 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467573.911:575): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff6a99a120 a2=4 a3=3e8 items=0 ppid=12353 pid=13423 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=19 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467573.911:575): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467573.912:576): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467573.922:577): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.923:578): pid=13426 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13426 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467573.924:579): pid=13426 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467573.966:580): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467573.966:581): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.968:582): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13427 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.985:583): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13426 suid=1000 rport=51458 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.986:584): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13426 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467573.987:585): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467573.987:586): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467573.988:587): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467573.988:588): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467573.988:589): pid=13423 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13423 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467574.003:590): pid=13443 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13443 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467574.003:591): pid=13442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13443 suid=74 rport=51460 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467574.003:592): pid=13442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13443 suid=74 rport=51460 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467574.063:593): pid=13442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467574.063:594): pid=13442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467574.102:595): pid=13442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467574.102:596): pid=13442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13443 suid=74 rport=51460 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467574.103:597): pid=13442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467574.104:598): pid=13442 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=20 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467574.104:598): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd7d405b10 a2=4 a3=3e8 items=0 ppid=12353 pid=13442 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=20 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467574.104:598): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467574.104:599): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467574.112:600): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.113:601): pid=13445 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13445 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467574.114:602): pid=13445 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467574.158:603): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467574.158:604): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.159:605): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13446 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.174:606): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13445 suid=1000 rport=51460 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.175:607): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13445 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467574.176:608): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467574.176:609): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467574.176:610): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467574.176:611): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.176:612): pid=13442 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13442 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467574.192:613): pid=13460 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13460 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467574.192:614): pid=13459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13460 suid=74 rport=51462 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467574.192:615): pid=13459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13460 suid=74 rport=51462 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467574.250:616): pid=13459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467574.250:617): pid=13459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467574.289:618): pid=13459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467574.289:619): pid=13459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13460 suid=74 rport=51462 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467574.291:620): pid=13459 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467574.291:621): pid=13459 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=21 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467574.291:621): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffcaff08d00 a2=4 a3=3e8 items=0 ppid=12353 pid=13459 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=21 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467574.291:621): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467574.292:622): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467574.300:623): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.301:624): pid=13462 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13462 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467574.302:625): pid=13462 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467574.346:626): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467574.346:627): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.347:628): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13463 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467574.406:629): pid=13463 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467574.406:630): pid=13463 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=62617368202D63207072696E746620225C6E31302E302E302E353020202020636E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D616E7369626C652D6B38732D3331322D315C6E22203E3E202F6574632F686F737473 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467574.407:631): pid=13463 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467574.409:632): pid=13463 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467574.411:633): pid=13463 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467574.411:634): pid=13463 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467574.413:635): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467574.413:636): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.413:637): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13462 suid=1000 rport=51462 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.413:638): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13462 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467574.414:639): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467574.414:640): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467574.415:641): pid=13459 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13459 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=SERVICE_STOP msg=audit(1744467574.733:642): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467574.763:643): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467574.763:644): prog-id=0 op=UNLOAD type=CRYPTO_KEY_USER msg=audit(1744467575.177:645): pid=13481 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13481 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467575.177:646): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13481 suid=74 rport=51466 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467575.177:647): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13481 suid=74 rport=51466 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467575.236:648): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467575.236:649): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467575.275:650): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467575.276:651): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13481 suid=74 rport=51466 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467575.277:652): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467575.277:653): pid=13480 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=22 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467575.277:653): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe46d138c0 a2=4 a3=3e8 items=0 ppid=12353 pid=13480 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=22 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467575.277:653): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467575.277:654): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467575.286:655): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467575.287:656): pid=13483 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13483 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467575.288:657): pid=13483 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467575.330:658): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467575.330:659): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467575.331:660): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13484 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467575.525:661): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467575.525:662): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467575.526:663): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13483 suid=1000 rport=51466 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467575.526:664): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13483 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467575.527:665): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467575.528:666): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467575.528:667): pid=13480 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13480 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467575.542:668): pid=13499 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13499 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467575.543:669): pid=13498 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13499 suid=74 rport=51468 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467575.543:670): pid=13498 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=13499 suid=74 rport=51468 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467575.601:671): pid=13498 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467575.601:672): pid=13498 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467575.640:673): pid=13498 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467575.640:674): pid=13498 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13499 suid=74 rport=51468 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467575.641:675): pid=13498 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467575.641:676): pid=13498 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=23 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467575.641:676): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffcf4d9e940 a2=4 a3=3e8 items=0 ppid=12353 pid=13498 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=23 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467575.641:676): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467575.642:677): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467575.651:678): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467575.652:679): pid=13501 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13501 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467575.652:680): pid=13501 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467575.694:681): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467575.694:682): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467575.695:683): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13502 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467575.818:684): pid=13573 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467575.818:685): pid=13573 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620636865636B2D757064617465 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467575.819:686): pid=13573 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467575.821:687): pid=13573 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467576.330:688): pid=13573 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467576.330:689): pid=13573 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1744467576.372:690): pid=13576 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467576.372:691): pid=13576 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620696E7374616C6C202D79206375726C20707974686F6E3320707974686F6E332D7365747570746F6F6C73206C696273656C696E75782D707974686F6E33206970726F757465206A712062696E642D7574696C7320707974686F6E332D706970206F70656E7373682D736572766572206F70656E7373682D636C69656E747320707974686F6E332D7669727475616C656E76 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467576.373:692): pid=13576 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467576.374:693): pid=13576 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=SERVICE_STOP msg=audit(1744467579.489:694): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1744467579.491:695): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=MAC_POLICY_LOAD msg=audit(1744467583.256:696): auid=1000 ses=23 lsm=selinux res=1AUID="rocky" type=SYSCALL msg=audit(1744467583.256:696): arch=c000003e syscall=1 success=yes exit=3511466 a0=4 a1=7f3fe4200000 a2=3594aa a3=0 items=0 ppid=13596 pid=13600 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=23 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467583.256:696): proctitle="/sbin/load_policy" type=SERVICE_START msg=audit(1744467584.260:697): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r7db1bd6aa0c9447f9710fea7602955a7 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1744467584.429:698): prog-id=48 op=LOAD type=BPF msg=audit(1744467584.429:699): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.429:700): prog-id=49 op=LOAD type=BPF msg=audit(1744467584.429:701): prog-id=50 op=LOAD type=BPF msg=audit(1744467584.429:702): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.429:703): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.430:704): prog-id=51 op=LOAD type=BPF msg=audit(1744467584.430:705): prog-id=52 op=LOAD type=BPF msg=audit(1744467584.430:706): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.430:707): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.431:708): prog-id=53 op=LOAD type=BPF msg=audit(1744467584.431:709): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.432:710): prog-id=54 op=LOAD type=BPF msg=audit(1744467584.432:711): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.435:712): prog-id=55 op=LOAD type=BPF msg=audit(1744467584.435:713): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.435:714): prog-id=56 op=LOAD type=BPF msg=audit(1744467584.435:715): prog-id=57 op=LOAD type=BPF msg=audit(1744467584.435:716): prog-id=0 op=UNLOAD type=BPF msg=audit(1744467584.435:717): prog-id=0 op=UNLOAD type=SERVICE_START msg=audit(1744467584.463:718): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r9b3f64d7f47e49e18bada6f5f2bd448c comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SOFTWARE_UPDATE msg=audit(1744467584.477:719): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-libs-3.9.21-1.el9_5.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.477:720): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python-unversioned-command-3.9.21-1.el9_5.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.477:721): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-3.9.21-1.el9_5.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:722): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-license-32:9.16.23-24.el9_5.3.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:723): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-libs-32:9.16.23-24.el9_5.3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:724): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-utils-32:9.16.23-24.el9_5.3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:725): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="libsepol-3.6-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:726): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="libselinux-3.6-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:727): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="iproute-6.2.0-6.el9_4.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:728): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="libselinux-utils-3.6-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:729): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-dnssec-doc-32:9.16.23-24.el9_5.3.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:730): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-bind-32:9.16.23-24.el9_5.3.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:731): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-dnssec-utils-32:9.16.23-24.el9_5.3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:732): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-distlib-0.3.2-1.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:733): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-filelock-3.7.1-1.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:734): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-platformdirs-2.5.4-1.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:735): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-setuptools-53.0.0-13.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:736): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="libcurl-7.76.1-31.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:737): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-wheel-wheel-1:0.36.2-8.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:738): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="oniguruma-6.9.6-1.el9.6.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:739): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="jq-1.6-17.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:740): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-virtualenv-20.21.1-14.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:741): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="curl-7.76.1-31.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:742): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-pip-21.3.1-1.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:743): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-32:9.16.23-24.el9_5.3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:744): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="iproute-tc-6.2.0-6.el9_4.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1744467584.478:745): pid=13578 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-libselinux-3.6-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467584.980:746): pid=13576 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467584.980:747): pid=13576 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=SERVICE_START msg=audit(1744467585.148:748): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467585.148:749): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467585.170:750): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r7db1bd6aa0c9447f9710fea7602955a7 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1744467585.171:751): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r9b3f64d7f47e49e18bada6f5f2bd448c comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467703.115:752): pid=15220 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467703.116:753): pid=15220 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=726D202D7266202F686F6D652F726F636B792F74662D616E7369626C652D6465706C6F796572 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467703.117:754): pid=15220 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467703.120:755): pid=15220 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467703.122:756): pid=15220 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467703.122:757): pid=15220 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1744467706.524:758): pid=15339 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467706.525:759): pid=15339 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky/tf-ansible-deployer/playbooks" cmd=2F62696E2F7368202D63206563686F204245434F4D452D535543434553532D6163756D7564756273647466666E696C6D6A6D78696B66646D716E676566646C203B202F686F6D652F726F636B792F2E76656E762F62696E2F707974686F6E33202F686F6D652F726F636B792F2E616E7369626C652F746D702F616E7369626C652D746D702D313734343436373730362E343537323837382D31353332372D33333435313735343138323437362F416E736962616C6C5A5F636F6D6D616E642E7079 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467706.525:760): pid=15339 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467706.527:761): pid=15339 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467709.928:762): pid=15339 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467709.928:763): pid=15339 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.011:764): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13501 suid=1000 rport=51468 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.011:765): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13501 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467712.013:766): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467712.013:767): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467712.014:768): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467712.014:769): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.014:770): pid=13498 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=13498 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467712.041:771): pid=15445 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15445 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467712.041:772): pid=15444 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=15445 suid=74 rport=51994 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467712.042:773): pid=15444 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=15445 suid=74 rport=51994 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467712.103:774): pid=15444 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467712.103:775): pid=15444 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467712.143:776): pid=15444 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467712.144:777): pid=15444 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15445 suid=74 rport=51994 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467712.145:778): pid=15444 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467712.145:779): pid=15444 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=24 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467712.145:779): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd4d075680 a2=4 a3=3e8 items=0 ppid=12353 pid=15444 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=24 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467712.145:779): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467712.146:780): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467712.155:781): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.156:782): pid=15447 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15447 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467712.157:783): pid=15447 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467712.202:784): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467712.202:785): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.203:786): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15448 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.219:787): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15447 suid=1000 rport=51994 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.220:788): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15447 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467712.220:789): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467712.221:790): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467712.221:791): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467712.221:792): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.221:793): pid=15444 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15444 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467712.242:794): pid=15462 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15462 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467712.243:795): pid=15461 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=15462 suid=74 rport=51996 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467712.243:796): pid=15461 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=15462 suid=74 rport=51996 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467712.302:797): pid=15461 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467712.302:798): pid=15461 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467712.340:799): pid=15461 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467712.341:800): pid=15461 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15462 suid=74 rport=51996 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467712.342:801): pid=15461 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467712.342:802): pid=15461 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=25 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467712.342:802): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdcb6f6480 a2=4 a3=3e8 items=0 ppid=12353 pid=15461 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=25 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467712.342:802): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467712.343:803): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467712.353:804): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.354:805): pid=15464 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15464 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467712.355:806): pid=15464 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467712.398:807): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467712.398:808): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.400:809): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15465 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.454:810): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15464 suid=1000 rport=51996 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.455:811): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15464 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467712.456:812): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467712.456:813): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467712.456:814): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467712.457:815): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.457:816): pid=15461 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15461 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467712.470:817): pid=15480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15480 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467712.471:818): pid=15479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=15480 suid=74 rport=51998 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467712.471:819): pid=15479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=15480 suid=74 rport=51998 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467712.534:820): pid=15479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467712.534:821): pid=15479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467712.572:822): pid=15479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467712.573:823): pid=15479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15480 suid=74 rport=51998 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467712.575:824): pid=15479 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467712.575:825): pid=15479 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=26 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467712.575:825): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff5b47b190 a2=4 a3=3e8 items=0 ppid=12353 pid=15479 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=26 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467712.575:825): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467712.577:826): pid=15479 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467712.586:827): pid=15479 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.587:828): pid=15482 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15482 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467712.587:829): pid=15482 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467712.630:830): pid=15479 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467712.630:831): pid=15479 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.632:832): pid=15479 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15483 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467712.769:833): pid=15573 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15573 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467712.770:834): pid=15572 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=15573 suid=74 rport=46764 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467712.770:835): pid=15572 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=15573 suid=74 rport=46764 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=SERVICE_START msg=audit(1744467714.963:836): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_AUTH msg=audit(1744467715.405:837): pid=15572 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467715.405:838): pid=15572 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:a3:c3:9b:38:68:31:a7:5b:e8:e7:5b:d0:7a:6b:b8:a4:29:df:7e:d9:97:0b:a3:ba:44:64:a5:91:ae:62:45:6e exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467715.445:839): pid=15572 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467715.446:840): pid=15572 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15573 suid=74 rport=46764 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467715.447:841): pid=15572 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467715.447:842): pid=15572 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=27 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467715.447:842): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc10d83ee0 a2=4 a3=3e8 items=0 ppid=12353 pid=15572 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=27 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467715.447:842): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467715.448:843): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467715.458:844): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.459:845): pid=15577 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15577 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467715.460:846): pid=15577 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467715.501:847): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467715.501:848): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.502:849): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15578 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.544:850): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15577 suid=1000 rport=46764 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.544:851): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15577 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467715.545:852): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467715.546:853): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467715.546:854): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467715.546:855): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.546:856): pid=15572 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15572 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467715.563:857): pid=15594 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15594 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467715.563:858): pid=15593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=15594 suid=74 rport=46772 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467715.563:859): pid=15593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=15594 suid=74 rport=46772 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467715.634:860): pid=15593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467715.634:861): pid=15593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:a3:c3:9b:38:68:31:a7:5b:e8:e7:5b:d0:7a:6b:b8:a4:29:df:7e:d9:97:0b:a3:ba:44:64:a5:91:ae:62:45:6e exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467715.679:862): pid=15593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467715.679:863): pid=15593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15594 suid=74 rport=46772 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467715.681:864): pid=15593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467715.681:865): pid=15593 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=28 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467715.681:865): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff81cf6820 a2=4 a3=3e8 items=0 ppid=12353 pid=15593 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=28 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467715.681:865): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467715.682:866): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467715.693:867): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.694:868): pid=15596 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15596 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467715.695:869): pid=15596 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467715.736:870): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467715.736:871): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.737:872): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15597 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.828:873): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15596 suid=1000 rport=46772 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.829:874): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15596 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467715.830:875): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467715.831:876): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467715.831:877): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467715.831:878): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.831:879): pid=15593 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15593 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467715.847:880): pid=15613 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15613 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467715.848:881): pid=15612 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=15613 suid=74 rport=46774 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467715.848:882): pid=15612 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=15613 suid=74 rport=46774 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467715.923:883): pid=15612 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467715.923:884): pid=15612 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:a3:c3:9b:38:68:31:a7:5b:e8:e7:5b:d0:7a:6b:b8:a4:29:df:7e:d9:97:0b:a3:ba:44:64:a5:91:ae:62:45:6e exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467715.964:885): pid=15612 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467715.964:886): pid=15612 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15613 suid=74 rport=46774 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467715.966:887): pid=15612 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467715.966:888): pid=15612 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=29 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467715.966:888): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc0698c000 a2=4 a3=3e8 items=0 ppid=12353 pid=15612 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=29 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467715.966:888): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467715.966:889): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467715.977:890): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467715.978:891): pid=15615 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15615 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467715.979:892): pid=15615 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467716.021:893): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467716.021:894): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467716.022:895): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15616 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467716.110:896): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15615 suid=1000 rport=46774 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467716.110:897): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15615 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1744467716.111:898): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1744467716.112:899): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1744467716.112:900): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1744467716.112:901): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467716.112:902): pid=15612 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15612 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1744467716.127:903): pid=15631 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15631 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1744467716.127:904): pid=15630 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=15631 suid=74 rport=46790 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1744467716.127:905): pid=15630 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=15631 suid=74 rport=46790 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1744467716.201:906): pid=15630 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467716.201:907): pid=15630 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:a3:c3:9b:38:68:31:a7:5b:e8:e7:5b:d0:7a:6b:b8:a4:29:df:7e:d9:97:0b:a3:ba:44:64:a5:91:ae:62:45:6e exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1744467716.242:908): pid=15630 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1744467716.242:909): pid=15630 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15631 suid=74 rport=46790 laddr=10.0.0.50 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1744467716.243:910): pid=15630 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1744467716.243:911): pid=15630 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=30 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1744467716.243:911): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff0a8e4080 a2=4 a3=3e8 items=0 ppid=12353 pid=15630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=30 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1744467716.243:911): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1744467716.244:912): pid=15630 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1744467716.253:913): pid=15630 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467716.254:914): pid=15633 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15633 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1744467716.255:915): pid=15633 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.50 addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1744467716.297:916): pid=15630 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1744467716.297:917): pid=15630 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.50 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1744467716.298:918): pid=15630 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:fd:bd:78:7f:44:8c:ae:e1:fb:49:cd:16:0b:cb:60:b1:f4:23:0f:ba:4c:55:f3:0d:ad:a6:12:2e:0f:09:d1:2c direction=? spid=15634 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1744467716.414:919): pid=15667 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467716.414:920): pid=15667 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/ansible-logs" cmd=6E657473746174202D6C706E exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467716.414:921): pid=15667 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467716.416:922): pid=15667 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467716.437:923): pid=15667 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467716.437:924): pid=15667 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1744467716.516:925): pid=15685 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467716.516:926): pid=15685 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/ansible-logs" cmd=6370202F6574632F6368726F6E792E636F6E66202F746D702F616E7369626C652D6C6F67732F6C6F67732F73797374656D2F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467716.517:927): pid=15685 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467716.518:928): pid=15685 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467716.520:929): pid=15685 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467716.520:930): pid=15685 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1744467716.568:931): pid=15690 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467716.568:932): pid=15690 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/ansible-logs" cmd=6370202F7661722F6C6F672F6D65737361676573202F746D702F616E7369626C652D6C6F67732F6C6F67732F73797374656D2F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467716.569:933): pid=15690 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467716.572:934): pid=15690 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1744467716.595:935): pid=15690 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1744467716.595:936): pid=15690 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1744467716.637:937): pid=15694 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1744467716.638:938): pid=15694 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/ansible-logs" cmd=62617368202D63206370202D72202F7661722F6C6F672F61756469742F2A202F746D702F616E7369626C652D6C6F67732F6C6F67732F73797374656D2F61756469742F20323E2F6465762F6E756C6C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1744467716.638:939): pid=15694 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1744467716.640:940): pid=15694 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"