type=DAEMON_START msg=audit(1718702253.723:7917): op=start ver=3.0.7 format=enriched kernel=5.14.0-284.11.1.el9_2.x86_64 auid=4294967295 pid=684 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root"
type=SERVICE_START msg=audit(1718702253.731:5): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702253.780:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CONFIG_CHANGE msg=audit(1718702253.926:7): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
type=SYSCALL msg=audit(1718702253.926:7): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc765f8350 a2=3c a3=0 items=0 ppid=689 pid=699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1718702253.926:7): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1718702253.926:8): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
type=SYSCALL msg=audit(1718702253.926:8): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc765f8350 a2=3c a3=0 items=0 ppid=689 pid=699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1718702253.926:8): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1718702253.926:9): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
type=SYSCALL msg=audit(1718702253.926:9): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc765f8350 a2=3c a3=0 items=0 ppid=689 pid=699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1718702253.926:9): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=SERVICE_START msg=audit(1718702253.928:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSTEM_BOOT msg=audit(1718702253.934:11): pid=706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702253.939:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702253.955:13): prog-id=18 op=LOAD
type=SERVICE_START msg=audit(1718702253.966:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702253.973:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702254.014:16): prog-id=19 op=LOAD
type=BPF msg=audit(1718702254.014:17): prog-id=20 op=LOAD
type=BPF msg=audit(1718702254.014:18): prog-id=21 op=LOAD
type=SERVICE_START msg=audit(1718702254.018:19): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702254.160:20): prog-id=22 op=LOAD
type=SERVICE_START msg=audit(1718702254.587:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702254.764:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702254.929:23): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702254.957:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702260.693:25): prog-id=23 op=LOAD
type=BPF msg=audit(1718702260.693:26): prog-id=24 op=LOAD
type=SERVICE_START msg=audit(1718702260.743:27): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702260.833:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702260.947:29): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702261.236:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702261.257:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702261.361:32): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=ADD_GROUP msg=audit(1718702263.723:33): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-group acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=ADD_USER msg=audit(1718702263.727:34): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_MGMT msg=audit(1718702263.727:35): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="adm" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_MGMT msg=audit(1718702263.727:36): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="systemd-journal" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_MGMT msg=audit(1718702263.727:37): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="adm" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_MGMT msg=audit(1718702263.727:38): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="systemd-journal" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_MGMT msg=audit(1718702264.001:39): pid=888 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky"
type=ACCT_LOCK msg=audit(1718702264.063:40): pid=895 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:passwd_t:s0 msg='op=locked-password id=1000 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky"
type=SERVICE_START msg=audit(1718702265.072:41): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.105:42): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.111:43): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.114:44): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.117:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.121:46): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.127:47): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSTEM_RUNLEVEL msg=audit(1718702265.145:48): pid=914 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.147:49): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702265.147:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1718702265.593:51): pid=902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=902 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=SERVICE_STOP msg=audit(1718702265.598:52): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.624:53): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702265.705:54): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702266.386:55): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1718702266.586:56): pid=1666 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1666 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1718702266.595:57): pid=1670 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1670 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1718702266.596:58): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-gcm@openssh.com ksize=128 mac=<implicit> pfs=curve25519-sha256 spid=1670 suid=74 rport=53512 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1718702266.596:59): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-gcm@openssh.com ksize=128 mac=<implicit> pfs=curve25519-sha256 spid=1670 suid=74 rport=53512 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1718702266.715:60): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1718702266.715:61): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:92:3f:76:ae:b3:c4:29:f5:3c:2c:a0:b6:51:ea:7a:b4:2a:ad:64:ca:1e:07:10:fa:50:6f:d7:e1:04:76:6a:e7 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1718702266.842:62): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1718702266.842:63): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1670 suid=74 rport=53512 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1718702266.849:64): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1718702266.849:65): pid=1667 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=1 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1718702266.849:65): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc73d69b50 a2=4 a3=3e8 items=0 ppid=1140 pid=1667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1718702266.849:65): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1718702266.855:66): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=SERVICE_START msg=audit(1718702266.927:67): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1718702267.017:68): pid=1772 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1718702267.017:69): pid=1772 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
type=USER_ROLE_CHANGE msg=audit(1718702267.017:70): pid=1772 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1718702267.017:71): pid=1772 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1718702267.017:71): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffe1b1df310 a2=4 a3=3e8 items=0 ppid=1 pid=1772 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1718702267.017:71): proctitle="(systemd)"
type=USER_START msg=audit(1718702267.018:72): pid=1772 uid=0 auid=1000 ses=2 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SERVICE_START msg=audit(1718702267.115:73): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1718702267.124:74): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1718702267.125:75): pid=1887 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1887 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1718702267.126:76): pid=1887 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1718702267.175:77): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1718702267.175:78): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1718702267.176:79): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1919 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1718702267.217:80): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1718702267.217:81): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGIN msg=audit(1718702267.218:82): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1718702267.218:83): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1718702267.221:84): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1950 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1718702267.235:85): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1718702267.235:86): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGIN msg=audit(1718702267.238:87): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1718702267.238:88): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1718702267.240:89): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1963 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1718702267.355:90): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1718702267.355:91): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620696E7374616C6C202D792062696E642062696E642D7574696C7320686170726F7879206874747064206E65742D746F6F6C73 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1718702267.356:92): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1718702267.357:93): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=SERVICE_STOP msg=audit(1718702271.412:94): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702281.023:95): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=ADD_GROUP msg=audit(1718702282.816:96): pid=4051 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="apache"
type=GRP_MGMT msg=audit(1718702282.843:97): pid=4051 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=48 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="apache"
type=ADD_USER msg=audit(1718702282.910:98): pid=4058 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user acct="apache" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=ADD_GROUP msg=audit(1718702283.671:99): pid=4069 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="named"
type=GRP_MGMT msg=audit(1718702283.675:100): pid=4069 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=25 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="named"
type=ADD_USER msg=audit(1718702283.726:101): pid=4075 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user acct="named" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SERVICE_STOP msg=audit(1718702291.043:102): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702291.063:103): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702291.063:104): prog-id=0 op=UNLOAD
type=MAC_POLICY_LOAD msg=audit(1718702292.634:105): auid=1000 ses=1 lsm=selinux res=1AUID="rocky"
type=SYSCALL msg=audit(1718702292.634:105): arch=c000003e syscall=1 success=yes exit=3511466 a0=4 a1=7fe6e3800000 a2=3594aa a3=0 items=0 ppid=4094 pid=4104 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1718702292.634:105): proctitle="/sbin/load_policy"
type=ADD_GROUP msg=audit(1718702292.821:106): pid=4110 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=987 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="haproxy"
type=GRP_MGMT msg=audit(1718702292.834:107): pid=4110 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=987 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" ID="haproxy"
type=ADD_USER msg=audit(1718702292.902:108): pid=4117 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user acct="haproxy" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SERVICE_START msg=audit(1718702293.321:109): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-rdb8624aa4e674c03a6cc838f29418677 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702293.572:110): prog-id=25 op=LOAD
type=BPF msg=audit(1718702293.572:111): prog-id=26 op=LOAD
type=BPF msg=audit(1718702293.572:112): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.572:113): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.573:114): prog-id=27 op=LOAD
type=BPF msg=audit(1718702293.573:115): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.575:116): prog-id=28 op=LOAD
type=BPF msg=audit(1718702293.575:117): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.578:118): prog-id=29 op=LOAD
type=BPF msg=audit(1718702293.578:119): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.578:120): prog-id=30 op=LOAD
type=BPF msg=audit(1718702293.578:121): prog-id=31 op=LOAD
type=BPF msg=audit(1718702293.578:122): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.578:123): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.580:124): prog-id=32 op=LOAD
type=BPF msg=audit(1718702293.580:125): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.580:126): prog-id=33 op=LOAD
type=BPF msg=audit(1718702293.580:127): prog-id=34 op=LOAD
type=BPF msg=audit(1718702293.580:128): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702293.580:129): prog-id=0 op=UNLOAD
type=SOFTWARE_UPDATE msg=audit(1718702293.605:130): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="apr-1.7.0-12.el9_3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.605:131): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="apr-util-bdb-1.6.1-23.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.605:132): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="apr-util-1.6.1-23.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:133): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="apr-util-openssl-1.6.1-23.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:134): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-license-32:9.16.23-18.el9_4.1.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:135): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="protobuf-c-1.3.3-13.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:136): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="fstrm-0.6.1-3.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:137): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="libuv-1:1.42.0-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:138): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-libs-32:9.16.23-18.el9_4.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:139): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-utils-32:9.16.23-18.el9_4.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:140): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-dnssec-doc-32:9.16.23-18.el9_4.1.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.606:141): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="httpd-tools-2.4.57-8.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:142): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="httpd-filesystem-2.4.57-8.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:143): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="rocky-logos-httpd-90.15-2.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:144): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-ply-3.11-14.el9.0.1.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:145): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-bind-32:9.16.23-18.el9_4.1.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:146): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-dnssec-utils-32:9.16.23-18.el9_4.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:147): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="mailcap-2.1.49-5.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:148): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="httpd-core-2.4.57-8.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:149): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="mod_lua-2.4.57-8.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:150): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="httpd-2.4.57-8.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:151): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="mod_http2-2.0.26-2.el9_4.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:152): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="bind-32:9.16.23-18.el9_4.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:153): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="haproxy-2.4.22-3.el9_3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1718702293.607:154): pid=2054 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="net-tools-2.0-0.62.20160912git.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1718702296.654:155): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1718702296.654:156): pid=1983 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1718702296.657:157): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1718702296.657:158): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGIN msg=audit(1718702296.658:159): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1718702296.658:160): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1718702296.661:161): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=5765 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1718702296.675:162): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1718702296.675:163): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGIN msg=audit(1718702296.676:164): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1718702296.676:165): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1718702296.678:166): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=5803 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1718702296.693:167): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1718702296.693:168): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=SERVICE_STOP msg=audit(1718702297.328:169): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-rdb8624aa4e674c03a6cc838f29418677 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.338:170): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.338:171): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.339:172): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1718702297.350:173): pid=1140 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1140 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=USER_END msg=audit(1718702297.353:174): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1718702297.353:175): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1718702297.353:176): pid=1667 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:81:7e:64:29:ab:8e:e2:5c:d2:c0:04:94:33:3c:6d:7d:8c:36:a3:31:d6:b7:f4:63:49:4e:be:02:8a:f8:14:96 direction=? spid=1667 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=SERVICE_STOP msg=audit(1718702297.357:177): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-machine-id-commit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.368:178): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.370:179): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.372:180): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.374:181): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.375:182): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702297.376:183): prog-id=0 op=UNLOAD
type=SERVICE_STOP msg=audit(1718702297.380:184): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.382:185): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.387:186): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.389:187): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-random-seed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702297.580:188): prog-id=35 op=LOAD
type=BPF msg=audit(1718702297.580:189): prog-id=36 op=LOAD
type=BPF msg=audit(1718702297.580:190): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702297.580:191): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702297.581:192): prog-id=37 op=LOAD
type=BPF msg=audit(1718702297.581:193): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702297.583:194): prog-id=38 op=LOAD
type=BPF msg=audit(1718702297.583:195): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702297.583:196): prog-id=39 op=LOAD
type=BPF msg=audit(1718702297.583:197): prog-id=40 op=LOAD
type=BPF msg=audit(1718702297.583:198): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702297.583:199): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702297.584:200): prog-id=41 op=LOAD
type=BPF msg=audit(1718702297.584:201): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702297.584:202): prog-id=42 op=LOAD
type=BPF msg=audit(1718702297.584:203): prog-id=43 op=LOAD
type=BPF msg=audit(1718702297.584:204): prog-id=0 op=UNLOAD
type=BPF msg=audit(1718702297.584:205): prog-id=0 op=UNLOAD
type=SERVICE_STOP msg=audit(1718702297.595:206): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.597:207): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1718702297.599:208): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.618:209): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.619:210): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.621:211): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702297.622:212): prog-id=0 op=UNLOAD
type=SERVICE_STOP msg=audit(1718702297.631:213): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.652:214): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.655:215): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.666:216): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-network-generator comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.670:217): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1718702297.675:218): prog-id=0 op=UNLOAD
type=SERVICE_STOP msg=audit(1718702297.684:219): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nis-domainname comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.685:220): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-sysctl comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.686:221): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-modules-load comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.687:222): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.688:223): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ldconfig comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.689:224): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-boot-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.690:225): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.691:226): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSTEM_SHUTDOWN msg=audit(1718702297.699:227): pid=6484 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1718702297.703:228): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=DAEMON_END msg=audit(1718702297.706:7918): op=terminate auid=0 pid=1 subj=system_u:system_r:init_t:s0 res=successAUID="root"
type=DAEMON_START msg=audit(1743315225.494:907): op=start ver=3.0.7 format=enriched kernel=5.14.0-284.11.1.el9_2.x86_64 auid=4294967295 pid=699 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root"
type=SERVICE_START msg=audit(1743315225.510:5): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CONFIG_CHANGE msg=audit(1743315225.540:6): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
type=SYSCALL msg=audit(1743315225.540:6): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffd9c9a4c40 a2=3c a3=0 items=0 ppid=704 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315225.540:6): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1743315225.540:7): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
type=SYSCALL msg=audit(1743315225.540:7): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffd9c9a4c40 a2=3c a3=0 items=0 ppid=704 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315225.540:7): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=CONFIG_CHANGE msg=audit(1743315225.540:8): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
type=SYSCALL msg=audit(1743315225.540:8): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffd9c9a4c40 a2=3c a3=0 items=0 ppid=704 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315225.540:8): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
type=SERVICE_START msg=audit(1743315225.542:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSTEM_BOOT msg=audit(1743315225.549:10): pid=721 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315225.554:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315225.567:12): prog-id=18 op=LOAD
type=SERVICE_START msg=audit(1743315225.582:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315225.588:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315225.599:15): prog-id=19 op=LOAD
type=BPF msg=audit(1743315225.599:16): prog-id=20 op=LOAD
type=BPF msg=audit(1743315225.599:17): prog-id=21 op=LOAD
type=SERVICE_START msg=audit(1743315225.610:18): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315225.614:19): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315225.617:20): prog-id=22 op=LOAD
type=SERVICE_START msg=audit(1743315225.637:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315225.649:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r5afa5814cfaf493db725696621aa2bdf comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315225.674:23): prog-id=23 op=LOAD
type=BPF msg=audit(1743315225.895:24): prog-id=24 op=LOAD
type=BPF msg=audit(1743315225.896:25): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.896:26): prog-id=25 op=LOAD
type=BPF msg=audit(1743315225.896:27): prog-id=26 op=LOAD
type=BPF msg=audit(1743315225.896:28): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.896:29): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.897:30): prog-id=27 op=LOAD
type=BPF msg=audit(1743315225.899:31): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.901:32): prog-id=28 op=LOAD
type=BPF msg=audit(1743315225.901:33): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.901:34): prog-id=29 op=LOAD
type=BPF msg=audit(1743315225.901:35): prog-id=30 op=LOAD
type=BPF msg=audit(1743315225.901:36): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.901:37): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.902:38): prog-id=31 op=LOAD
type=BPF msg=audit(1743315225.902:39): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.903:40): prog-id=32 op=LOAD
type=BPF msg=audit(1743315225.906:41): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.906:42): prog-id=33 op=LOAD
type=BPF msg=audit(1743315225.906:43): prog-id=34 op=LOAD
type=BPF msg=audit(1743315225.906:44): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315225.906:45): prog-id=0 op=UNLOAD
type=SERVICE_START msg=audit(1743315225.915:46): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315225.917:47): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=logrotate comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315225.917:48): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=logrotate comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315225.919:49): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-restart-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315225.919:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-restart-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315225.921:51): prog-id=0 op=UNLOAD
type=SERVICE_START msg=audit(1743315225.922:52): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315230.418:53): prog-id=35 op=LOAD
type=BPF msg=audit(1743315230.418:54): prog-id=36 op=LOAD
type=SERVICE_START msg=audit(1743315230.465:55): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315230.547:56): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315230.599:57): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315230.628:58): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315230.652:59): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315230.816:60): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=ACCT_LOCK msg=audit(1743315231.902:61): pid=7894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:passwd_t:s0 msg='op=locked-password id=1000 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky"
type=SERVICE_START msg=audit(1743315233.092:62): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315233.120:63): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315233.122:64): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315233.127:65): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315233.136:66): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315233.140:67): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315233.144:68): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SYSTEM_RUNLEVEL msg=audit(1743315233.155:69): pid=9638 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315233.158:70): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315233.158:71): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315233.554:72): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315234.110:73): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315234.291:74): pid=11611 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11611 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315234.292:75): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11611 suid=74 rport=43380 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315234.293:76): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11611 suid=74 rport=43380 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=SERVICE_START msg=audit(1743315234.366:77): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315234.366:78): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315234.643:79): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r5afa5814cfaf493db725696621aa2bdf comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1743315234.645:80): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315234.645:81): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315234.722:82): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315234.726:83): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315234.726:84): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11611 suid=74 rport=43380 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315234.729:85): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315234.729:86): pid=11596 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=1 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315234.729:86): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdeb135ca0 a2=4 a3=3e8 items=0 ppid=9566 pid=11596 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315234.729:86): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315234.731:87): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=SERVICE_START msg=audit(1743315234.752:88): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315234.809:89): pid=11673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1743315234.809:90): pid=11673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
type=USER_ROLE_CHANGE msg=audit(1743315234.809:91): pid=11673 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315234.809:92): pid=11673 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315234.809:92): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffd6b410570 a2=4 a3=3e8 items=0 ppid=1 pid=11673 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315234.809:92): proctitle="(systemd)"
type=USER_START msg=audit(1743315234.810:93): pid=11673 uid=0 auid=1000 ses=2 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SERVICE_START msg=audit(1743315234.911:94): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1743315234.917:95): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315234.917:96): pid=11682 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11682 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315234.919:97): pid=11682 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315234.962:98): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315234.962:99): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315234.963:100): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11683 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315234.990:101): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315234.990:102): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315234.990:103): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11682 suid=1000 rport=43380 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315234.991:104): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11682 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315234.992:105): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315234.992:106): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315234.992:107): pid=11596 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11596 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315235.012:108): pid=11697 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11697 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315235.013:109): pid=11696 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11697 suid=74 rport=43382 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315235.013:110): pid=11696 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11697 suid=74 rport=43382 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315235.073:111): pid=11696 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315235.073:112): pid=11696 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315235.122:113): pid=11696 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315235.122:114): pid=11696 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11697 suid=74 rport=43382 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315235.123:115): pid=11696 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315235.123:116): pid=11696 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=3 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315235.123:116): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffffc1210a0 a2=4 a3=3e8 items=0 ppid=9566 pid=11696 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315235.123:116): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315235.124:117): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315235.133:118): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.134:119): pid=11699 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11699 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315235.135:120): pid=11699 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315235.182:121): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315235.182:122): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.186:123): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11700 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315235.230:124): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315235.230:125): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.230:126): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11699 suid=1000 rport=43382 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.231:127): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11699 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315235.233:128): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315235.234:129): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.234:130): pid=11696 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11696 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315235.247:131): pid=11715 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11715 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315235.247:132): pid=11714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11715 suid=74 rport=43384 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315235.247:133): pid=11714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11715 suid=74 rport=43384 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315235.310:134): pid=11714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315235.310:135): pid=11714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315235.363:136): pid=11714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315235.363:137): pid=11714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11715 suid=74 rport=43384 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315235.365:138): pid=11714 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315235.365:139): pid=11714 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=4 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315235.365:139): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe832fd680 a2=4 a3=3e8 items=0 ppid=9566 pid=11714 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315235.365:139): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315235.365:140): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315235.374:141): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.375:142): pid=11717 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11717 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315235.376:143): pid=11717 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315235.418:144): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315235.418:145): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.419:146): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11718 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.460:147): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11717 suid=1000 rport=43384 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.460:148): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11717 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315235.461:149): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315235.461:150): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315235.462:151): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315235.462:152): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.462:153): pid=11714 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11714 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315235.474:154): pid=11733 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11733 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315235.474:155): pid=11732 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11733 suid=74 rport=43386 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315235.474:156): pid=11732 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11733 suid=74 rport=43386 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315235.542:157): pid=11732 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315235.542:158): pid=11732 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315235.590:159): pid=11732 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315235.590:160): pid=11732 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11733 suid=74 rport=43386 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315235.592:161): pid=11732 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315235.592:162): pid=11732 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=5 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315235.592:162): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd52189a80 a2=4 a3=3e8 items=0 ppid=9566 pid=11732 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315235.592:162): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315235.592:163): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315235.601:164): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.602:165): pid=11735 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11735 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315235.603:166): pid=11735 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315235.647:167): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315235.647:168): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.648:169): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11736 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315235.746:170): pid=11751 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315235.746:171): pid=11751 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370202D66202E2F7069702E636F6E66202F6574632F7069702E636F6E66 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315235.746:172): pid=11751 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315235.748:173): pid=11751 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315235.752:174): pid=11751 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315235.753:175): pid=11751 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315235.808:176): pid=11754 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315235.809:177): pid=11754 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6D6B646972202D70202F6574632F646F636B65722F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315235.809:178): pid=11754 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315235.811:179): pid=11754 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315235.812:180): pid=11754 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315235.812:181): pid=11754 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315235.871:182): pid=11757 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315235.872:183): pid=11757 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370202D66202E2F646F636B65722D6461656D6F6E2E6A736F6E202F6574632F646F636B65722F6461656D6F6E2E6A736F6E exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315235.872:184): pid=11757 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315235.873:185): pid=11757 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315235.879:186): pid=11757 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315235.879:187): pid=11757 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315235.881:188): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315235.881:189): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.881:190): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11735 suid=1000 rport=43386 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.881:191): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11735 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315235.882:192): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315235.882:193): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315235.883:194): pid=11732 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11732 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315235.895:195): pid=11761 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11761 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315235.897:196): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11761 suid=74 rport=43388 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315235.897:197): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11761 suid=74 rport=43388 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315235.959:198): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315235.959:199): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315236.010:200): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315236.010:201): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11761 suid=74 rport=43388 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315236.012:202): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315236.012:203): pid=11760 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=6 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315236.012:203): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffebfeacf40 a2=4 a3=3e8 items=0 ppid=9566 pid=11760 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315236.012:203): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315236.013:204): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315236.023:205): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.024:206): pid=11763 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11763 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315236.025:207): pid=11763 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315236.073:208): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315236.073:209): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.074:210): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11764 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315236.092:211): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315236.092:212): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.092:213): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11763 suid=1000 rport=43388 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.092:214): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11763 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315236.092:215): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315236.092:216): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.093:217): pid=11760 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11760 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315236.106:218): pid=11778 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11778 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315236.107:219): pid=11777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11778 suid=74 rport=43390 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315236.107:220): pid=11777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11778 suid=74 rport=43390 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315236.174:221): pid=11777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315236.174:222): pid=11777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315236.225:223): pid=11777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315236.227:224): pid=11777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11778 suid=74 rport=43390 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315236.229:225): pid=11777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315236.230:226): pid=11777 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=7 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315236.230:226): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffec2dbdd90 a2=4 a3=3e8 items=0 ppid=9566 pid=11777 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315236.230:226): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315236.231:227): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315236.239:228): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.240:229): pid=11780 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11780 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315236.242:230): pid=11780 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315236.288:231): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315236.288:232): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.292:233): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11781 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315236.378:234): pid=11798 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315236.378:235): pid=11798 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=657468746F6F6C202D4B2065746830207478206F6666 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315236.378:236): pid=11798 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315236.379:237): pid=11798 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315236.382:238): pid=11798 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315236.382:239): pid=11798 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315236.385:240): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315236.385:241): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.385:242): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11780 suid=1000 rport=43390 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.386:243): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11780 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315236.387:244): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315236.387:245): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.387:246): pid=11777 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11777 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315236.403:247): pid=11802 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11802 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315236.404:248): pid=11801 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11802 suid=74 rport=43392 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315236.404:249): pid=11801 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11802 suid=74 rport=43392 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315236.467:250): pid=11801 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315236.467:251): pid=11801 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315236.519:252): pid=11801 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315236.519:253): pid=11801 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11802 suid=74 rport=43392 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315236.521:254): pid=11801 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315236.521:255): pid=11801 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=8 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315236.521:255): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff2d053620 a2=4 a3=3e8 items=0 ppid=9566 pid=11801 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=8 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315236.521:255): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315236.521:256): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315236.530:257): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.531:258): pid=11804 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11804 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315236.532:259): pid=11804 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315236.580:260): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315236.580:261): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.580:262): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11805 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315236.624:263): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315236.624:264): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.624:265): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11804 suid=1000 rport=43392 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.625:266): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11804 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315236.625:267): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315236.625:268): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.626:269): pid=11801 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11801 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315236.638:270): pid=11820 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11820 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315236.638:271): pid=11819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11820 suid=74 rport=43394 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315236.638:272): pid=11819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11820 suid=74 rport=43394 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315236.703:273): pid=11819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315236.703:274): pid=11819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315236.755:275): pid=11819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315236.755:276): pid=11819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11820 suid=74 rport=43394 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315236.756:277): pid=11819 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315236.756:278): pid=11819 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=9 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315236.756:278): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd9d5a0cc0 a2=4 a3=3e8 items=0 ppid=9566 pid=11819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315236.756:278): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315236.757:279): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315236.768:280): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.768:281): pid=11822 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11822 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315236.769:282): pid=11822 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315236.818:283): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315236.818:284): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.819:285): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11823 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315236.900:286): pid=11836 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315236.900:287): pid=11836 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=726D202D66202F6574632F79756D2E7265706F732E642F726F636B792D6164646F6E732E7265706F202F6574632F79756D2E7265706F732E642F726F636B792D646576656C2E7265706F202F6574632F79756D2E7265706F732E642F726F636B792D6578747261732E7265706F202F6574632F79756D2E7265706F732E642F726F636B792E7265706F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315236.901:288): pid=11836 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315236.902:289): pid=11836 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315236.907:290): pid=11836 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315236.907:291): pid=11836 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315236.959:292): pid=11823 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315236.959:293): pid=11823 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370206D6972726F722D626173652D726F636B79392E7265706F202F6574632F79756D2E7265706F732E642F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315236.960:294): pid=11823 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315236.961:295): pid=11823 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315236.963:296): pid=11823 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315236.964:297): pid=11823 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315236.965:298): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315236.965:299): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.965:300): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11822 suid=1000 rport=43394 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.965:301): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11822 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315236.966:302): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315236.967:303): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315236.967:304): pid=11819 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11819 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315236.985:305): pid=11842 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11842 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315236.985:306): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11842 suid=74 rport=43396 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315236.985:307): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11842 suid=74 rport=43396 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315237.050:308): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315237.051:309): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315237.107:310): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315237.107:311): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11842 suid=74 rport=43396 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315237.109:312): pid=11841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315237.109:313): pid=11841 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=10 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315237.109:313): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffff830ac50 a2=4 a3=3e8 items=0 ppid=9566 pid=11841 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315237.109:313): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315237.109:314): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315237.119:315): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.120:316): pid=11844 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11844 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315237.121:317): pid=11844 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315237.169:318): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315237.169:319): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.170:320): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11845 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315237.215:321): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315237.215:322): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.215:323): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11844 suid=1000 rport=43396 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.215:324): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11844 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315237.218:325): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315237.218:326): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.219:327): pid=11841 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11841 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315237.231:328): pid=11860 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11860 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315237.232:329): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11860 suid=74 rport=43398 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315237.232:330): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11860 suid=74 rport=43398 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315237.298:331): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315237.298:332): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315237.349:333): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315237.350:334): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11860 suid=74 rport=43398 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315237.351:335): pid=11859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315237.351:336): pid=11859 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=11 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315237.351:336): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe895f7ce0 a2=4 a3=3e8 items=0 ppid=9566 pid=11859 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315237.351:336): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315237.352:337): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315237.361:338): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.362:339): pid=11862 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11862 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315237.363:340): pid=11862 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315237.410:341): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315237.410:342): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.412:343): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11863 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315237.481:344): pid=11863 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315237.481:345): pid=11863 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370206D6972726F722D6570656C392E7265706F202F6574632F79756D2E7265706F732E642F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315237.482:346): pid=11863 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315237.484:347): pid=11863 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315237.491:348): pid=11863 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315237.491:349): pid=11863 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315237.492:350): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315237.492:351): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.492:352): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11862 suid=1000 rport=43398 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.493:353): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11862 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315237.494:354): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315237.494:355): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.495:356): pid=11859 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11859 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315237.507:357): pid=11879 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11879 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315237.508:358): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11879 suid=74 rport=43400 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315237.508:359): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11879 suid=74 rport=43400 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315237.575:360): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315237.575:361): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315237.629:362): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315237.629:363): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11879 suid=74 rport=43400 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315237.630:364): pid=11878 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315237.631:365): pid=11878 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=12 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315237.631:365): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc3e45de00 a2=4 a3=3e8 items=0 ppid=9566 pid=11878 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=12 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315237.631:365): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315237.631:366): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315237.640:367): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.641:368): pid=11881 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11881 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315237.642:369): pid=11881 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315237.689:370): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315237.689:371): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.690:372): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11882 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315237.761:373): pid=11882 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315237.761:374): pid=11882 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6D6F6470726F62652069705F7461626C6573 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315237.761:375): pid=11882 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315237.765:376): pid=11882 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315237.779:377): pid=11882 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315237.779:378): pid=11882 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315237.780:379): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315237.780:380): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.781:381): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11881 suid=1000 rport=43400 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.781:382): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11881 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315237.782:383): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315237.782:384): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.783:385): pid=11878 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11878 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315237.796:386): pid=11899 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11899 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315237.796:387): pid=11897 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11899 suid=74 rport=43402 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315237.798:388): pid=11897 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=11899 suid=74 rport=43402 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315237.860:389): pid=11897 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315237.860:390): pid=11897 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315237.920:391): pid=11897 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315237.920:392): pid=11897 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11899 suid=74 rport=43402 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315237.922:393): pid=11897 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315237.922:394): pid=11897 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=13 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315237.922:394): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffde06df330 a2=4 a3=3e8 items=0 ppid=9566 pid=11897 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=13 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315237.922:394): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315237.922:395): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315237.933:396): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.934:397): pid=11901 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11901 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315237.935:398): pid=11901 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315237.982:399): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315237.983:400): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315237.983:401): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11902 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315238.055:402): pid=11902 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315238.056:403): pid=11902 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620696E7374616C6C202D79206F70656E7373682D736572766572206F70656E73736C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315238.056:404): pid=11902 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315238.057:405): pid=11902 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=SERVICE_STOP msg=audit(1743315240.850:406): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315253.051:407): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r76d2bf3b0e1945039120dcdffe800d9a comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315253.211:408): prog-id=37 op=LOAD
type=BPF msg=audit(1743315253.212:409): prog-id=38 op=LOAD
type=BPF msg=audit(1743315253.212:410): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.212:411): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.212:412): prog-id=39 op=LOAD
type=BPF msg=audit(1743315253.212:413): prog-id=40 op=LOAD
type=BPF msg=audit(1743315253.212:414): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.212:415): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.213:416): prog-id=41 op=LOAD
type=BPF msg=audit(1743315253.213:417): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.215:418): prog-id=42 op=LOAD
type=BPF msg=audit(1743315253.215:419): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.215:420): prog-id=43 op=LOAD
type=BPF msg=audit(1743315253.215:421): prog-id=44 op=LOAD
type=BPF msg=audit(1743315253.215:422): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.215:423): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.217:424): prog-id=45 op=LOAD
type=BPF msg=audit(1743315253.217:425): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.217:426): prog-id=46 op=LOAD
type=BPF msg=audit(1743315253.217:427): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.217:428): prog-id=47 op=LOAD
type=BPF msg=audit(1743315253.217:429): prog-id=48 op=LOAD
type=BPF msg=audit(1743315253.217:430): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315253.217:431): prog-id=0 op=UNLOAD
type=CRYPTO_KEY_USER msg=audit(1743315253.229:432): pid=9566 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=9566 suid=0  exe=2F7573722F7362696E2F73736864202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=SERVICE_STOP msg=audit(1743315253.230:433): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315253.243:434): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315253.259:435): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r80cc46471e5d4cdfaac0a9867988207c comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SOFTWARE_UPDATE msg=audit(1743315253.265:436): pid=11916 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssl-libs-1:3.2.2-6.el9_5.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315253.265:437): pid=11916 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-8.7p1-43.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315253.265:438): pid=11916 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-clients-8.7p1-43.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315253.265:439): pid=11916 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-server-8.7p1-43.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315253.265:440): pid=11916 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssl-1:3.2.2-6.el9_5.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315253.718:441): pid=11902 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315253.718:442): pid=11902 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315253.720:443): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315253.720:444): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315253.720:445): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=11901 suid=1000 rport=43402 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315253.721:446): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11901 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315253.723:447): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315253.723:448): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315253.723:449): pid=11897 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=11897 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315253.735:450): pid=13321 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13321 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315253.736:451): pid=13320 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13321 suid=74 rport=43420 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315253.736:452): pid=13320 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13321 suid=74 rport=43420 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315253.850:453): pid=13320 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315253.850:454): pid=13320 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315253.914:455): pid=13320 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315253.914:456): pid=13320 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13321 suid=74 rport=43420 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315253.916:457): pid=13320 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315253.916:458): pid=13320 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=14 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315253.916:458): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe31f17fb0 a2=4 a3=3e8 items=0 ppid=12296 pid=13320 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=14 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315253.916:458): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315253.917:459): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315253.928:460): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315253.929:461): pid=13323 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13323 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315253.930:462): pid=13323 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315253.972:463): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315253.972:464): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315253.975:465): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13324 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315254.034:466): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315254.034:467): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315254.034:468): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13323 suid=1000 rport=43420 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315254.034:469): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13323 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315254.035:470): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315254.036:471): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315254.036:472): pid=13320 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13320 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315254.050:473): pid=13343 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13343 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315254.051:474): pid=13342 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13343 suid=74 rport=43424 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315254.051:475): pid=13342 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13343 suid=74 rport=43424 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315254.119:476): pid=13342 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315254.119:477): pid=13342 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315254.158:478): pid=13342 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315254.158:479): pid=13342 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13343 suid=74 rport=43424 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315254.160:480): pid=13342 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315254.160:481): pid=13342 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=15 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315254.160:481): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc76aa5a40 a2=4 a3=3e8 items=0 ppid=12296 pid=13342 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=15 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315254.160:481): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315254.161:482): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315254.173:483): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315254.174:484): pid=13345 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13345 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315254.176:485): pid=13345 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=SERVICE_START msg=audit(1743315254.178:486): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315254.178:487): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315254.198:488): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r76d2bf3b0e1945039120dcdffe800d9a comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315254.199:489): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r80cc46471e5d4cdfaac0a9867988207c comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_LOGIN msg=audit(1743315254.220:490): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315254.220:491): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315254.222:492): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13347 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315254.240:493): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13345 suid=1000 rport=43424 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315254.241:494): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13345 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315254.242:495): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315254.242:496): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315254.242:497): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315254.243:498): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315254.243:499): pid=13342 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13342 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315261.252:500): pid=13361 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13361 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315261.253:501): pid=13360 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13361 suid=74 rport=43452 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315261.253:502): pid=13360 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13361 suid=74 rport=43452 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315261.312:503): pid=13360 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315261.312:504): pid=13360 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315261.352:505): pid=13360 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315261.352:506): pid=13360 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13361 suid=74 rport=43452 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315261.354:507): pid=13360 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315261.354:508): pid=13360 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=16 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315261.354:508): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd6c826db0 a2=4 a3=3e8 items=0 ppid=12296 pid=13360 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=16 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315261.354:508): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315261.355:509): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315261.364:510): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.365:511): pid=13363 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13363 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315261.365:512): pid=13363 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315261.408:513): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315261.409:514): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.410:515): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13364 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315261.429:516): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315261.429:517): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.429:518): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13363 suid=1000 rport=43452 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.430:519): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13363 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315261.431:520): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315261.431:521): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.432:522): pid=13360 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13360 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315261.449:523): pid=13379 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13379 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315261.450:524): pid=13378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13379 suid=74 rport=43454 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315261.450:525): pid=13378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13379 suid=74 rport=43454 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315261.508:526): pid=13378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315261.508:527): pid=13378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315261.552:528): pid=13378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315261.553:529): pid=13378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13379 suid=74 rport=43454 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315261.554:530): pid=13378 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315261.555:531): pid=13378 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=17 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315261.555:531): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc2a437350 a2=4 a3=3e8 items=0 ppid=12296 pid=13378 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=17 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315261.555:531): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315261.556:532): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315261.564:533): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.565:534): pid=13381 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13381 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315261.566:535): pid=13381 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315261.608:536): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315261.609:537): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.610:538): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13382 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.631:539): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13381 suid=1000 rport=43454 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.632:540): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13381 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315261.633:541): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315261.633:542): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315261.634:543): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315261.634:544): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.634:545): pid=13378 uid=0 auid=1000 ses=17 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13378 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315261.647:546): pid=13396 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13396 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315261.648:547): pid=13395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13396 suid=74 rport=43456 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315261.648:548): pid=13395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13396 suid=74 rport=43456 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315261.705:549): pid=13395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315261.705:550): pid=13395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315261.743:551): pid=13395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315261.743:552): pid=13395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13396 suid=74 rport=43456 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315261.745:553): pid=13395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315261.745:554): pid=13395 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=18 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315261.745:554): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe14dd77b0 a2=4 a3=3e8 items=0 ppid=12296 pid=13395 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=18 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315261.745:554): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315261.745:555): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315261.753:556): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.754:557): pid=13398 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13398 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315261.755:558): pid=13398 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315261.801:559): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315261.801:560): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.802:561): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13399 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315261.823:562): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315261.823:563): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.823:564): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13398 suid=1000 rport=43456 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.823:565): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13398 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315261.824:566): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315261.824:567): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.825:568): pid=13395 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13395 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315261.838:569): pid=13413 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13413 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315261.839:570): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13413 suid=74 rport=43458 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315261.839:571): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13413 suid=74 rport=43458 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315261.899:572): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315261.899:573): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315261.937:574): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315261.938:575): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13413 suid=74 rport=43458 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315261.939:576): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315261.939:577): pid=13412 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=19 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315261.939:577): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdfc8470a0 a2=4 a3=3e8 items=0 ppid=12296 pid=13412 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=19 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315261.939:577): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315261.940:578): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315261.949:579): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.950:580): pid=13415 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13415 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315261.951:581): pid=13415 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315261.997:582): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315261.997:583): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315261.998:584): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13416 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.015:585): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13415 suid=1000 rport=43458 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.015:586): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13415 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315262.017:587): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315262.017:588): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315262.018:589): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315262.018:590): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.018:591): pid=13412 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13412 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315262.034:592): pid=13432 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13432 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315262.034:593): pid=13431 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13432 suid=74 rport=43460 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315262.034:594): pid=13431 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13432 suid=74 rport=43460 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315262.091:595): pid=13431 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315262.091:596): pid=13431 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315262.133:597): pid=13431 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315262.133:598): pid=13431 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13432 suid=74 rport=43460 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315262.133:599): pid=13431 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315262.133:600): pid=13431 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=20 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315262.133:600): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc2a05d5e0 a2=4 a3=3e8 items=0 ppid=12296 pid=13431 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=20 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315262.133:600): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315262.134:601): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315262.142:602): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.143:603): pid=13434 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13434 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315262.144:604): pid=13434 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315262.188:605): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315262.188:606): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.189:607): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13435 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315262.204:608): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315262.204:609): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.204:610): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13434 suid=1000 rport=43460 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.205:611): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13434 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315262.206:612): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315262.206:613): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.207:614): pid=13431 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13431 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315262.223:615): pid=13449 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13449 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315262.224:616): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13449 suid=74 rport=43462 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315262.224:617): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13449 suid=74 rport=43462 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315262.283:618): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315262.283:619): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315262.322:620): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315262.323:621): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13449 suid=74 rport=43462 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315262.325:622): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315262.325:623): pid=13448 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=21 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315262.325:623): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff05a6b0e0 a2=4 a3=3e8 items=0 ppid=12296 pid=13448 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=21 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315262.325:623): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315262.326:624): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315262.335:625): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.336:626): pid=13451 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13451 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315262.337:627): pid=13451 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315262.380:628): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315262.380:629): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.381:630): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13452 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315262.440:631): pid=13452 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315262.441:632): pid=13452 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=62617368202D63207072696E746620225C6E31302E302E302E323820202020636E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D616E7369626C652D6B38732D3239362D315C6E22203E3E202F6574632F686F737473 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315262.441:633): pid=13452 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315262.444:634): pid=13452 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315262.447:635): pid=13452 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315262.447:636): pid=13452 uid=1000 auid=1000 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.448:637): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13451 suid=1000 rport=43462 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.449:638): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13451 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315262.450:639): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315262.450:640): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315262.451:641): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315262.451:642): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315262.451:643): pid=13448 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13448 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315263.334:644): pid=13468 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13468 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315263.335:645): pid=13467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13468 suid=74 rport=43466 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315263.335:646): pid=13467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13468 suid=74 rport=43466 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315263.393:647): pid=13467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315263.393:648): pid=13467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315263.430:649): pid=13467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315263.430:650): pid=13467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13468 suid=74 rport=43466 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315263.432:651): pid=13467 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315263.432:652): pid=13467 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=22 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315263.432:652): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fffae447d10 a2=4 a3=3e8 items=0 ppid=12296 pid=13467 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=22 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315263.432:652): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315263.433:653): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315263.441:654): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315263.442:655): pid=13470 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13470 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315263.443:656): pid=13470 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315263.488:657): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315263.488:658): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315263.489:659): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13471 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315263.652:660): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315263.652:661): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315263.652:662): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13470 suid=1000 rport=43466 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315263.652:663): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13470 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315263.654:664): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315263.654:665): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315263.655:666): pid=13467 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13467 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315263.667:667): pid=13486 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13486 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315263.668:668): pid=13485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13486 suid=74 rport=43468 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315263.668:669): pid=13485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=13486 suid=74 rport=43468 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315263.727:670): pid=13485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315263.727:671): pid=13485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315263.765:672): pid=13485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315263.766:673): pid=13485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13486 suid=74 rport=43468 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315263.767:674): pid=13485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315263.767:675): pid=13485 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=23 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315263.767:675): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe17d81130 a2=4 a3=3e8 items=0 ppid=12296 pid=13485 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=23 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315263.767:675): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315263.768:676): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315263.778:677): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315263.779:678): pid=13488 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13488 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315263.780:679): pid=13488 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315263.824:680): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315263.824:681): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315263.825:682): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13489 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315263.938:683): pid=13560 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315263.938:684): pid=13560 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620636865636B2D757064617465 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315263.939:685): pid=13560 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315263.940:686): pid=13560 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315264.469:687): pid=13560 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315264.469:688): pid=13560 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315264.513:689): pid=13563 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315264.513:690): pid=13563 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620696E7374616C6C202D79206375726C20707974686F6E3320707974686F6E332D7365747570746F6F6C73206C696273656C696E75782D707974686F6E33206970726F757465206A712062696E642D7574696C7320707974686F6E332D706970206F70656E7373682D736572766572206F70656E7373682D636C69656E7473 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315264.514:691): pid=13563 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315264.515:692): pid=13563 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=SERVICE_STOP msg=audit(1743315265.692:693): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315265.714:694): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315265.714:695): prog-id=0 op=UNLOAD
type=SERVICE_STOP msg=audit(1743315267.684:696): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1743315267.687:697): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=MAC_POLICY_LOAD msg=audit(1743315271.335:698): auid=1000 ses=23 lsm=selinux res=1AUID="rocky"
type=SYSCALL msg=audit(1743315271.335:698): arch=c000003e syscall=1 success=yes exit=3511466 a0=4 a1=7f5961200000 a2=3594aa a3=0 items=0 ppid=13585 pid=13589 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=23 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315271.335:698): proctitle="/sbin/load_policy"
type=SERVICE_START msg=audit(1743315272.408:699): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r218222256200485194e89de9b0e18477 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1743315272.582:700): prog-id=49 op=LOAD
type=BPF msg=audit(1743315272.582:701): prog-id=50 op=LOAD
type=BPF msg=audit(1743315272.582:702): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.582:703): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.583:704): prog-id=51 op=LOAD
type=BPF msg=audit(1743315272.583:705): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.585:706): prog-id=52 op=LOAD
type=BPF msg=audit(1743315272.585:707): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.586:708): prog-id=53 op=LOAD
type=BPF msg=audit(1743315272.586:709): prog-id=54 op=LOAD
type=BPF msg=audit(1743315272.586:710): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.586:711): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.587:712): prog-id=55 op=LOAD
type=BPF msg=audit(1743315272.587:713): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.588:714): prog-id=56 op=LOAD
type=BPF msg=audit(1743315272.588:715): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.588:716): prog-id=57 op=LOAD
type=BPF msg=audit(1743315272.588:717): prog-id=58 op=LOAD
type=BPF msg=audit(1743315272.588:718): prog-id=0 op=UNLOAD
type=BPF msg=audit(1743315272.588:719): prog-id=0 op=UNLOAD
type=SERVICE_START msg=audit(1743315272.621:720): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r85b5f01745ad4211ae5aec28c588c914 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:721): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-libs-3.9.21-1.el9_5.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:722): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python-unversioned-command-3.9.21-1.el9_5.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:723): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-3.9.21-1.el9_5.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:724): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-license-32:9.16.23-24.el9_5.3.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:725): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-libs-32:9.16.23-24.el9_5.3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:726): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-utils-32:9.16.23-24.el9_5.3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:727): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="libsepol-3.6-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:728): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="libselinux-3.6-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:729): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="iproute-6.2.0-6.el9_4.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:730): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="libselinux-utils-3.6-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:731): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-dnssec-doc-32:9.16.23-24.el9_5.3.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:732): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-bind-32:9.16.23-24.el9_5.3.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:733): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-dnssec-utils-32:9.16.23-24.el9_5.3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:734): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-setuptools-53.0.0-13.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:735): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="libcurl-7.76.1-31.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:736): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="oniguruma-6.9.6-1.el9.6.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:737): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="jq-1.6-17.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:738): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="curl-7.76.1-31.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:739): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="python3-pip-21.3.1-1.el9.noarch" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:740): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="bind-32:9.16.23-24.el9_5.3.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:741): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="iproute-tc-6.2.0-6.el9_4.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=SOFTWARE_UPDATE msg=audit(1743315272.635:742): pid=13565 uid=0 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="python3-libselinux-3.6-1.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe=2F7573722F62696E2F707974686F6E332E39202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315273.159:743): pid=13563 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315273.159:744): pid=13563 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315273.204:745): pid=14751 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315273.204:746): pid=14751 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=707974686F6E33202D6D2070697020696E7374616C6C202D2D7570677261646520616E7369626C653C36206A696E6A61323D3D332E302E332070796F70656E73736C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315273.205:747): pid=14751 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315273.208:748): pid=14751 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=SERVICE_START msg=audit(1743315273.331:749): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315273.331:750): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315273.352:751): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r218222256200485194e89de9b0e18477 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1743315273.353:752): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r85b5f01745ad4211ae5aec28c588c914 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_END msg=audit(1743315390.691:753): pid=14751 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315390.691:754): pid=14751 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315391.377:755): pid=15200 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315391.377:756): pid=15200 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=726D202D7266202F686F6D652F726F636B792F74662D616E7369626C652D6465706C6F796572 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315391.378:757): pid=15200 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315391.380:758): pid=15200 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315391.382:759): pid=15200 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315391.383:760): pid=15200 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315392.947:761): pid=15232 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315392.947:762): pid=15232 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=656E7620504154483D2F686F6D652F726F636B792F2E6C6F63616C2F62696E3A2F686F6D652F726F636B792F62696E3A2F7573722F6C6F63616C2F62696E3A2F7573722F62696E3A2F7573722F6C6F63616C2F7362696E3A2F7573722F7362696E3A2F7573722F7362696E3A2F7573722F7362696E3A2F7573722F6C6F63616C2F62696E20616E7369626C652D706C6179626F6F6B202D76202D65206F7263686573747261746F723D6B756265726E65746573202D6520636F6E6669675F66696C653D2F686F6D652F726F636B792F74662D616E7369626C652D6465706C6F7965722F696E7374616E6365732E79616D6C202F686F6D652F726F636B792F74662D616E7369626C652D6465706C6F7965722F706C6179626F6F6B732F636F6E6669677572655F696E7374616E6365732E796D6C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315392.948:763): pid=15232 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315392.950:764): pid=15232 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315393.408:765): pid=15232 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315393.408:766): pid=15232 uid=1000 auid=1000 ses=23 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315393.412:767): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315393.412:768): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.412:769): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=13488 suid=1000 rport=43468 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.413:770): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13488 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315393.415:771): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315393.415:772): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.416:773): pid=13485 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=13485 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315393.438:774): pid=15239 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15239 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315393.438:775): pid=15238 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=15239 suid=74 rport=43652 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315393.438:776): pid=15238 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=15239 suid=74 rport=43652 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315393.496:777): pid=15238 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315393.497:778): pid=15238 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315393.535:779): pid=15238 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315393.535:780): pid=15238 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15239 suid=74 rport=43652 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315393.537:781): pid=15238 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315393.537:782): pid=15238 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=24 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315393.537:782): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe457b2550 a2=4 a3=3e8 items=0 ppid=12296 pid=15238 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=24 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315393.537:782): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315393.537:783): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315393.547:784): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.548:785): pid=15241 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15241 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315393.549:786): pid=15241 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315393.592:787): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315393.592:788): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.594:789): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15242 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315393.610:790): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315393.610:791): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.610:792): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15241 suid=1000 rport=43652 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.611:793): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15241 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315393.612:794): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315393.612:795): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.613:796): pid=15238 uid=0 auid=1000 ses=24 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15238 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315393.630:797): pid=15256 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15256 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315393.630:798): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=15256 suid=74 rport=43654 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315393.630:799): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=15256 suid=74 rport=43654 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315393.688:800): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315393.688:801): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315393.726:802): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315393.726:803): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15256 suid=74 rport=43654 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315393.728:804): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315393.728:805): pid=15255 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=25 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315393.728:805): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd55040900 a2=4 a3=3e8 items=0 ppid=12296 pid=15255 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=25 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315393.728:805): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315393.729:806): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315393.741:807): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.744:808): pid=15258 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15258 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315393.744:809): pid=15258 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315393.788:810): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315393.788:811): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.789:812): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15259 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.845:813): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15258 suid=1000 rport=43654 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.846:814): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15258 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315393.847:815): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315393.847:816): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315393.848:817): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315393.848:818): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.848:819): pid=15255 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15255 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315393.861:820): pid=15274 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15274 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315393.861:821): pid=15273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=15274 suid=74 rport=43656 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315393.862:822): pid=15273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=15274 suid=74 rport=43656 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315393.919:823): pid=15273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315393.919:824): pid=15273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315393.958:825): pid=15273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315393.959:826): pid=15273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15274 suid=74 rport=43656 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315393.960:827): pid=15273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315393.960:828): pid=15273 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=26 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315393.960:828): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc38744e80 a2=4 a3=3e8 items=0 ppid=12296 pid=15273 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=26 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315393.960:828): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315393.961:829): pid=15273 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315393.970:830): pid=15273 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315393.971:831): pid=15276 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15276 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315393.972:832): pid=15276 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315394.016:833): pid=15273 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315394.016:834): pid=15273 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315394.017:835): pid=15273 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15277 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315394.163:836): pid=15367 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15367 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315394.164:837): pid=15366 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=15367 suid=74 rport=41496 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315394.164:838): pid=15366 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=15367 suid=74 rport=41496 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=SERVICE_START msg=audit(1743315396.104:839): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1743315396.732:840): pid=15366 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315396.732:841): pid=15366 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:dd:c1:96:f0:37:bd:60:32:e8:1e:5d:9e:b0:cb:f9:66:a3:19:b5:9a:f9:94:4c:b4:25:dd:2b:a9:80:23:57:6e exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315396.775:842): pid=15366 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315396.776:843): pid=15366 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15367 suid=74 rport=41496 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315396.779:844): pid=15366 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315396.779:845): pid=15366 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=27 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315396.779:845): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff305c2c10 a2=4 a3=3e8 items=0 ppid=12296 pid=15366 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=27 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315396.779:845): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315396.780:846): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315396.789:847): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315396.791:848): pid=15371 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15371 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315396.792:849): pid=15371 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315396.833:850): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315396.833:851): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315396.835:852): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15372 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315396.854:853): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15371 suid=1000 rport=41496 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315396.855:854): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15371 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315396.856:855): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315396.856:856): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315396.857:857): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315396.857:858): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315396.857:859): pid=15366 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15366 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315396.878:860): pid=15388 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15388 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315396.878:861): pid=15387 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=15388 suid=74 rport=41504 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315396.880:862): pid=15387 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=15388 suid=74 rport=41504 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315396.952:863): pid=15387 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315396.952:864): pid=15387 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:dd:c1:96:f0:37:bd:60:32:e8:1e:5d:9e:b0:cb:f9:66:a3:19:b5:9a:f9:94:4c:b4:25:dd:2b:a9:80:23:57:6e exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315396.993:865): pid=15387 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315396.993:866): pid=15387 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15388 suid=74 rport=41504 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315396.994:867): pid=15387 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315396.995:868): pid=15387 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=28 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315396.995:868): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe16232f70 a2=4 a3=3e8 items=0 ppid=12296 pid=15387 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=28 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315396.995:868): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315396.995:869): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315397.004:870): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.006:871): pid=15390 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15390 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315397.007:872): pid=15390 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315397.048:873): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315397.048:874): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.049:875): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15391 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.106:876): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15390 suid=1000 rport=41504 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.107:877): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15390 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315397.108:878): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315397.108:879): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315397.109:880): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315397.109:881): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.109:882): pid=15387 uid=0 auid=1000 ses=28 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15387 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315397.126:883): pid=15407 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15407 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315397.126:884): pid=15406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=15407 suid=74 rport=41516 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315397.126:885): pid=15406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=15407 suid=74 rport=41516 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315397.200:886): pid=15406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315397.200:887): pid=15406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:dd:c1:96:f0:37:bd:60:32:e8:1e:5d:9e:b0:cb:f9:66:a3:19:b5:9a:f9:94:4c:b4:25:dd:2b:a9:80:23:57:6e exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315397.240:888): pid=15406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315397.240:889): pid=15406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15407 suid=74 rport=41516 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315397.242:890): pid=15406 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315397.242:891): pid=15406 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=29 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315397.242:891): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffde6016b10 a2=4 a3=3e8 items=0 ppid=12296 pid=15406 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=29 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315397.242:891): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315397.243:892): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315397.253:893): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.254:894): pid=15409 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15409 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315397.255:895): pid=15409 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315397.296:896): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315397.296:897): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.298:898): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15410 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.384:899): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15409 suid=1000 rport=41516 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.384:900): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15409 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_END msg=audit(1743315397.385:901): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRED_DISP msg=audit(1743315397.386:902): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_END msg=audit(1743315397.386:903): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_LOGOUT msg=audit(1743315397.386:904): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.386:905): pid=15406 uid=0 auid=1000 ses=29 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15406 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1743315397.400:906): pid=15425 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15425 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1743315397.401:907): pid=15424 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=15425 suid=74 rport=41522 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1743315397.401:908): pid=15424 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=15425 suid=74 rport=41522 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1743315397.472:909): pid=15424 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315397.472:910): pid=15424 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:dd:c1:96:f0:37:bd:60:32:e8:1e:5d:9e:b0:cb:f9:66:a3:19:b5:9a:f9:94:4c:b4:25:dd:2b:a9:80:23:57:6e exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1743315397.512:911): pid=15424 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1743315397.513:912): pid=15424 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=15425 suid=74 rport=41522 laddr=10.0.0.28 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1743315397.515:913): pid=15424 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1743315397.515:914): pid=15424 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=30 res=1UID="root" OLD-AUID="unset" AUID="rocky"
type=SYSCALL msg=audit(1743315397.515:914): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc49b78650 a2=4 a3=3e8 items=0 ppid=12296 pid=15424 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=30 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1743315397.515:914): proctitle=737368643A20726F636B79205B707269765D
type=USER_ROLE_CHANGE msg=audit(1743315397.516:915): pid=15424 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_START msg=audit(1743315397.526:916): pid=15424 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.527:917): pid=15427 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15427 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root"
type=CRED_ACQ msg=audit(1743315397.528:918): pid=15427 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.28 addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky"
type=USER_LOGIN msg=audit(1743315397.569:919): pid=15424 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=USER_START msg=audit(1743315397.569:920): pid=15424 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.28 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky"
type=CRYPTO_KEY_USER msg=audit(1743315397.570:921): pid=15424 uid=0 auid=1000 ses=30 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:51:87:f3:9f:73:6d:95:bf:42:d3:d5:51:f1:42:6e:49:52:b2:62:02:57:f6:55:5f:49:11:b1:00:52:4b:07 direction=? spid=15428 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky"
type=USER_ACCT msg=audit(1743315397.685:922): pid=15461 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315397.686:923): pid=15461 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/ansible-logs" cmd=6E657473746174202D6C706E exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315397.686:924): pid=15461 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315397.688:925): pid=15461 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315397.705:926): pid=15461 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315397.706:927): pid=15461 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315397.790:928): pid=15480 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315397.791:929): pid=15480 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/ansible-logs" cmd=6370202F6574632F6368726F6E792E636F6E66202F746D702F616E7369626C652D6C6F67732F6C6F67732F73797374656D2F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315397.791:930): pid=15480 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315397.793:931): pid=15480 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315397.813:932): pid=15480 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_DISP msg=audit(1743315397.813:933): pid=15480 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_ACCT msg=audit(1743315397.861:934): pid=15485 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_CMD msg=audit(1743315397.862:935): pid=15485 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/ansible-logs" cmd=6370202F7661722F6C6F672F6D65737361676573202F746D702F616E7369626C652D6C6F67732F6C6F67732F73797374656D2F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky"
type=CRED_REFR msg=audit(1743315397.863:936): pid=15485 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_START msg=audit(1743315397.864:937): pid=15485 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"
type=USER_END msg=audit(1743315397.928:938): pid=15485 uid=1000 auid=1000 ses=30 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"