type=DAEMON_START msg=audit(1773221825.143:8544): op=start ver=3.1.5 format=enriched kernel=5.14.0-503.14.1.el9_5.x86_64 auid=4294967295 pid=660 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root" type=SERVICE_START msg=audit(1773221825.143:5): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-journal-catalog-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221825.162:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CONFIG_CHANGE msg=audit(1773221825.200:7): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1773221825.200:7): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcc3276250 a2=3c a3=0 items=0 ppid=665 pid=680 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221825.200:7): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=CONFIG_CHANGE msg=audit(1773221825.200:8): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1773221825.200:8): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcc3276250 a2=3c a3=0 items=0 ppid=665 pid=680 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221825.200:8): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=CONFIG_CHANGE msg=audit(1773221825.200:9): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset" type=SYSCALL msg=audit(1773221825.200:9): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcc3276250 a2=3c a3=0 items=0 ppid=665 pid=680 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221825.200:9): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573 type=SERVICE_START msg=audit(1773221825.203:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_BOOT msg=audit(1773221825.215:11): pid=687 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221825.221:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221825.309:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-machine-id-commit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221825.390:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ldconfig comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221825.412:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221825.424:16): prog-id=20 op=LOAD type=SERVICE_START msg=audit(1773221825.476:17): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221825.479:18): prog-id=21 op=LOAD type=BPF msg=audit(1773221825.497:19): prog-id=22 op=LOAD type=BPF msg=audit(1773221825.497:20): prog-id=23 op=LOAD type=SERVICE_START msg=audit(1773221825.500:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221825.515:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221825.523:23): prog-id=24 op=LOAD type=BPF msg=audit(1773221825.524:24): prog-id=25 op=LOAD type=BPF msg=audit(1773221825.524:25): prog-id=26 op=LOAD type=SERVICE_START msg=audit(1773221825.541:26): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221825.580:27): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=chronyd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221825.620:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221834.767:29): prog-id=27 op=LOAD type=BPF msg=audit(1773221834.767:30): prog-id=28 op=LOAD type=SERVICE_START msg=audit(1773221834.823:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221834.931:32): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221835.047:33): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221835.051:34): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221835.089:35): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221835.131:36): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=ADD_GROUP msg=audit(1773221836.610:37): pid=864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-group acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=ADD_USER msg=audit(1773221836.614:38): pid=864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221836.614:39): pid=864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="adm" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221836.614:40): pid=864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-user-to-group grp="systemd-journal" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221836.614:41): pid=864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="adm" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221836.614:42): pid=864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-to-shadow-group grp="systemd-journal" acct="rocky" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_MGMT msg=audit(1773221836.705:43): pid=864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:cloud_init_t:s0 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky" type=ACCT_LOCK msg=audit(1773221836.737:44): pid=871 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:passwd_t:s0 msg='op=locked-password id=1000 exe="/usr/bin/passwd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" ID="rocky" type=SERVICE_START msg=audit(1773221837.113:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.198:46): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpc-statd-notify comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.211:47): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.239:48): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221837.584:49): pid=884 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=884 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=SERVICE_STOP msg=audit(1773221837.589:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.612:51): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.672:52): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.692:53): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.700:54): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.707:55): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.713:56): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SYSTEM_RUNLEVEL msg=audit(1773221837.729:57): pid=1172 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221837.732:58): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221837.732:59): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221838.278:60): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-final comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221845.194:61): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221848.150:62): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=kdump comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221862.783:63): pid=3873 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3873 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221862.785:64): pid=3872 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3873 suid=74 rport=46786 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221862.785:65): pid=3872 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3873 suid=74 rport=46786 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221862.913:66): pid=3872 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221862.913:67): pid=3872 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221862.926:68): pid=3872 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221862.927:69): pid=3872 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3873 suid=74 rport=46786 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221862.929:70): pid=3872 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221862.929:71): pid=3872 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=1 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221862.929:71): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdfe1b4be0 a2=4 a3=3e8 items=0 ppid=1102 pid=3872 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221862.929:71): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221862.930:72): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221862.966:73): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221862.978:74): pid=3876 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1773221862.979:75): pid=3876 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1773221862.979:76): pid=3876 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221862.980:77): pid=3876 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221862.980:77): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffd7f350390 a2=4 a3=3e8 items=0 ppid=1 pid=3876 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221862.980:77): proctitle="(systemd)" type=USER_START msg=audit(1773221862.982:78): pid=3876 uid=0 auid=1000 ses=2 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_umask,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221863.073:79): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1773221863.085:80): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.087:81): pid=3885 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3885 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221863.088:82): pid=3885 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221863.090:83): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221863.090:84): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.091:85): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3886 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221863.127:86): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221863.127:87): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.128:88): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3885 suid=1000 rport=46786 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.128:89): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3885 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221863.130:90): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221863.130:91): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.130:92): pid=3872 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3872 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221863.153:93): pid=3903 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3903 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221863.154:94): pid=3902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3903 suid=74 rport=46788 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221863.154:95): pid=3902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3903 suid=74 rport=46788 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221863.282:96): pid=3902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221863.282:97): pid=3902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221863.291:98): pid=3902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221863.292:99): pid=3902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3903 suid=74 rport=46788 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221863.294:100): pid=3902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221863.294:101): pid=3902 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=3 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221863.294:101): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe62b3c5e0 a2=4 a3=3e8 items=0 ppid=1102 pid=3902 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221863.294:101): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221863.294:102): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221863.310:103): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.311:104): pid=3905 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3905 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221863.312:105): pid=3905 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221863.358:106): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221863.358:107): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.359:108): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3906 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221863.411:109): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221863.411:110): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.411:111): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3905 suid=1000 rport=46788 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.412:112): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3905 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221863.413:113): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221863.413:114): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.413:115): pid=3902 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3902 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221863.430:116): pid=3924 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3924 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221863.431:117): pid=3923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3924 suid=74 rport=46792 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221863.431:118): pid=3923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3924 suid=74 rport=46792 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221863.555:119): pid=3923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221863.555:120): pid=3923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221863.564:121): pid=3923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221863.564:122): pid=3923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3924 suid=74 rport=46792 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221863.566:123): pid=3923 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221863.566:124): pid=3923 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=4 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221863.566:124): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd34eee420 a2=4 a3=3e8 items=0 ppid=1102 pid=3923 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221863.566:124): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221863.566:125): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221863.576:126): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.577:127): pid=3926 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3926 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221863.578:128): pid=3926 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221863.621:129): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221863.621:130): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.622:131): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3927 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221863.665:132): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221863.665:133): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.665:134): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3926 suid=1000 rport=46792 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.666:135): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3926 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221863.667:136): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221863.667:137): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.667:138): pid=3923 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3923 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221863.682:139): pid=3945 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3945 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221863.683:140): pid=3944 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3945 suid=74 rport=46794 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221863.683:141): pid=3944 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3945 suid=74 rport=46794 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221863.805:142): pid=3944 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221863.805:143): pid=3944 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221863.813:144): pid=3944 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221863.813:145): pid=3944 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3945 suid=74 rport=46794 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221863.814:146): pid=3944 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221863.815:147): pid=3944 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=5 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221863.815:147): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd06510c20 a2=4 a3=3e8 items=0 ppid=1102 pid=3944 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221863.815:147): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221863.815:148): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221863.828:149): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.829:150): pid=3947 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3947 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221863.830:151): pid=3947 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221863.873:152): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221863.873:153): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.874:154): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3948 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221863.923:155): pid=3966 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221863.924:156): pid=3966 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370202D66202E2F7069702E636F6E66202F6574632F7069702E636F6E66 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221863.924:157): pid=3966 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221863.926:158): pid=3966 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221863.930:159): pid=3966 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221863.931:160): pid=3966 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221863.944:161): pid=3969 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221863.944:162): pid=3969 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6D6B646972202D70202F6574632F646F636B65722F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221863.944:163): pid=3969 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221863.946:164): pid=3969 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221863.949:165): pid=3969 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221863.950:166): pid=3969 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221863.960:167): pid=3972 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221863.960:168): pid=3972 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370202D66202E2F646F636B65722D6461656D6F6E2E6A736F6E202F6574632F646F636B65722F6461656D6F6E2E6A736F6E exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221863.960:169): pid=3972 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221863.962:170): pid=3972 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221863.965:171): pid=3972 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221863.966:172): pid=3972 uid=1000 auid=1000 ses=5 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.968:173): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3947 suid=1000 rport=46794 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.969:174): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3947 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221863.970:175): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221863.970:176): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221863.970:177): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221863.970:178): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221863.970:179): pid=3944 uid=0 auid=1000 ses=5 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3944 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221863.987:180): pid=3976 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3976 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221863.988:181): pid=3975 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3976 suid=74 rport=46796 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221863.988:182): pid=3975 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3976 suid=74 rport=46796 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221864.115:183): pid=3975 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221864.115:184): pid=3975 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221864.123:185): pid=3975 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221864.124:186): pid=3975 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3976 suid=74 rport=46796 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221864.125:187): pid=3975 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221864.125:188): pid=3975 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=6 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221864.125:188): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffddcb8f720 a2=4 a3=3e8 items=0 ppid=1102 pid=3975 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221864.125:188): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221864.126:189): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221864.144:190): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.145:191): pid=3978 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3978 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221864.145:192): pid=3978 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221864.147:193): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221864.147:194): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.148:195): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3979 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221864.168:196): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221864.168:197): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.168:198): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3978 suid=1000 rport=46796 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.169:199): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3978 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221864.169:200): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221864.170:201): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.170:202): pid=3975 uid=0 auid=1000 ses=6 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3975 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221864.186:203): pid=3996 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3996 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221864.187:204): pid=3995 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3996 suid=74 rport=46798 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221864.187:205): pid=3995 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=3996 suid=74 rport=46798 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221864.319:206): pid=3995 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221864.319:207): pid=3995 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221864.328:208): pid=3995 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221864.328:209): pid=3995 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3996 suid=74 rport=46798 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221864.330:210): pid=3995 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221864.330:211): pid=3995 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=7 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221864.330:211): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffce6789470 a2=4 a3=3e8 items=0 ppid=1102 pid=3995 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221864.330:211): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221864.331:212): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221864.350:213): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.351:214): pid=3998 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3998 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221864.352:215): pid=3998 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221864.398:216): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221864.398:217): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.399:218): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3999 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221864.433:219): pid=4019 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221864.433:220): pid=4019 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=657468746F6F6C202D4B2065746830207478206F6666 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221864.433:221): pid=4019 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221864.435:222): pid=4019 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221864.439:223): pid=4019 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221864.440:224): pid=4019 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221864.441:225): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221864.441:226): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.441:227): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=3998 suid=1000 rport=46798 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.442:228): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3998 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221864.443:229): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221864.443:230): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.444:231): pid=3995 uid=0 auid=1000 ses=7 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=3995 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221864.462:232): pid=4023 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4023 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221864.462:233): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4023 suid=74 rport=46802 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221864.463:234): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4023 suid=74 rport=46802 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221864.582:235): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221864.582:236): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221864.591:237): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221864.591:238): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4023 suid=74 rport=46802 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221864.592:239): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221864.592:240): pid=4022 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=8 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221864.592:240): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffcfe46a510 a2=4 a3=3e8 items=0 ppid=1102 pid=4022 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=8 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221864.592:240): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221864.593:241): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221864.609:242): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.610:243): pid=4025 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4025 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221864.611:244): pid=4025 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221864.654:245): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221864.654:246): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.654:247): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4026 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221864.696:248): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221864.696:249): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.696:250): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4025 suid=1000 rport=46802 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.697:251): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4025 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221864.698:252): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221864.698:253): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.699:254): pid=4022 uid=0 auid=1000 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4022 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221864.712:255): pid=4044 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4044 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221864.713:256): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4044 suid=74 rport=46804 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221864.713:257): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4044 suid=74 rport=46804 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221864.841:258): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221864.841:259): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221864.849:260): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221864.850:261): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4044 suid=74 rport=46804 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221864.851:262): pid=4043 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221864.851:263): pid=4043 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=9 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221864.851:263): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd16f8a7e0 a2=4 a3=3e8 items=0 ppid=1102 pid=4043 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221864.851:263): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221864.852:264): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221864.867:265): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.867:266): pid=4046 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4046 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221864.868:267): pid=4046 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221864.869:268): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221864.869:269): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.870:270): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4047 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221864.893:271): pid=4063 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221864.893:272): pid=4063 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=726D202D66202F6574632F79756D2E7265706F732E642F726F636B792D6164646F6E732E7265706F202F6574632F79756D2E7265706F732E642F726F636B792D646576656C2E7265706F202F6574632F79756D2E7265706F732E642F726F636B792D6578747261732E7265706F202F6574632F79756D2E7265706F732E642F726F636B792E7265706F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221864.893:273): pid=4063 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221864.895:274): pid=4063 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221864.896:275): pid=4063 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221864.897:276): pid=4063 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221864.905:277): pid=4047 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221864.905:278): pid=4047 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370206D6972726F722D626173652D726F636B79392E7265706F202F6574632F79756D2E7265706F732E642F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221864.905:279): pid=4047 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221864.907:280): pid=4047 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221864.910:281): pid=4047 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221864.910:282): pid=4047 uid=1000 auid=1000 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.912:283): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4046 suid=1000 rport=46804 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.912:284): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4046 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221864.913:285): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221864.913:286): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221864.914:287): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221864.914:288): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221864.914:289): pid=4043 uid=0 auid=1000 ses=9 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4043 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221864.931:290): pid=4069 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4069 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221864.931:291): pid=4068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4069 suid=74 rport=46806 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221864.931:292): pid=4068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4069 suid=74 rport=46806 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221865.058:293): pid=4068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221865.058:294): pid=4068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221865.067:295): pid=4068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221865.067:296): pid=4068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4069 suid=74 rport=46806 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221865.068:297): pid=4068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221865.068:298): pid=4068 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=10 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221865.068:298): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc658c62c0 a2=4 a3=3e8 items=0 ppid=1102 pid=4068 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221865.068:298): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221865.069:299): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221865.086:300): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.086:301): pid=4071 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4071 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221865.087:302): pid=4071 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221865.088:303): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221865.088:304): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.089:305): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4072 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.132:306): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4071 suid=1000 rport=46806 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.132:307): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4071 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221865.133:308): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221865.134:309): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221865.134:310): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221865.134:311): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.134:312): pid=4068 uid=0 auid=1000 ses=10 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4068 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221865.148:313): pid=4091 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4091 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221865.149:314): pid=4090 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4091 suid=74 rport=46810 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221865.149:315): pid=4090 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4091 suid=74 rport=46810 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221865.276:316): pid=4090 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221865.276:317): pid=4090 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221865.284:318): pid=4090 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221865.284:319): pid=4090 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4091 suid=74 rport=46810 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221865.285:320): pid=4090 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221865.285:321): pid=4090 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=11 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221865.285:321): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe1a65fc60 a2=4 a3=3e8 items=0 ppid=1102 pid=4090 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221865.285:321): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221865.286:322): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221865.309:323): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.310:324): pid=4093 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4093 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221865.311:325): pid=4093 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221865.312:326): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221865.312:327): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.313:328): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4094 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221865.339:329): pid=4094 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221865.340:330): pid=4094 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6370206D6972726F722D6570656C392E7265706F202F6574632F79756D2E7265706F732E642F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221865.340:331): pid=4094 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221865.342:332): pid=4094 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221865.346:333): pid=4094 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221865.346:334): pid=4094 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.348:335): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4093 suid=1000 rport=46810 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.349:336): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4093 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221865.350:337): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221865.350:338): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221865.351:339): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221865.351:340): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.351:341): pid=4090 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4090 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221865.365:342): pid=4113 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4113 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221865.365:343): pid=4112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4113 suid=74 rport=46814 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221865.366:344): pid=4112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4113 suid=74 rport=46814 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221865.484:345): pid=4112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221865.484:346): pid=4112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221865.493:347): pid=4112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221865.493:348): pid=4112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4113 suid=74 rport=46814 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221865.495:349): pid=4112 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221865.495:350): pid=4112 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=12 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221865.495:350): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffda1c0e4b0 a2=4 a3=3e8 items=0 ppid=1102 pid=4112 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=12 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221865.495:350): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221865.496:351): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221865.524:352): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.524:353): pid=4115 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4115 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221865.525:354): pid=4115 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221865.526:355): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221865.526:356): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.527:357): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4116 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221865.552:358): pid=4116 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221865.553:359): pid=4116 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=6D6F6470726F62652069705F7461626C6573 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221865.553:360): pid=4116 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221865.554:361): pid=4116 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221865.571:362): pid=4116 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221865.572:363): pid=4116 uid=1000 auid=1000 ses=12 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221865.574:364): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221865.574:365): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.574:366): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4115 suid=1000 rport=46814 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.574:367): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4115 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221865.575:368): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221865.575:369): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.576:370): pid=4112 uid=0 auid=1000 ses=12 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4112 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221865.593:371): pid=4138 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4138 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221865.593:372): pid=4136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4138 suid=74 rport=46816 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221865.593:373): pid=4136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=4138 suid=74 rport=46816 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221865.727:374): pid=4136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221865.727:375): pid=4136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221865.735:376): pid=4136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221865.735:377): pid=4136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4138 suid=74 rport=46816 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221865.737:378): pid=4136 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221865.737:379): pid=4136 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=13 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221865.737:379): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fffade1e030 a2=4 a3=3e8 items=0 ppid=1102 pid=4136 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=13 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221865.737:379): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221865.737:380): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221865.750:381): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.751:382): pid=4140 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4140 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221865.752:383): pid=4140 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221865.753:384): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221865.753:385): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221865.754:386): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4141 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221865.777:387): pid=4141 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221865.777:388): pid=4141 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=646E6620696E7374616C6C202D79206F70656E7373682D736572766572206F70656E73736C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221865.777:389): pid=4141 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221865.779:390): pid=4141 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=SERVICE_START msg=audit(1773221889.219:391): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r20e33c1cd07544bebd45e13e6f7700a3 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221889.444:392): prog-id=29 op=LOAD type=BPF msg=audit(1773221889.444:393): prog-id=15 op=UNLOAD type=BPF msg=audit(1773221889.444:394): prog-id=30 op=LOAD type=BPF msg=audit(1773221889.444:395): prog-id=31 op=LOAD type=BPF msg=audit(1773221889.444:396): prog-id=16 op=UNLOAD type=BPF msg=audit(1773221889.444:397): prog-id=17 op=UNLOAD type=BPF msg=audit(1773221889.444:398): prog-id=32 op=LOAD type=BPF msg=audit(1773221889.444:399): prog-id=33 op=LOAD type=BPF msg=audit(1773221889.444:400): prog-id=22 op=UNLOAD type=BPF msg=audit(1773221889.444:401): prog-id=23 op=UNLOAD type=BPF msg=audit(1773221889.445:402): prog-id=34 op=LOAD type=BPF msg=audit(1773221889.445:403): prog-id=35 op=LOAD type=BPF msg=audit(1773221889.445:404): prog-id=18 op=UNLOAD type=BPF msg=audit(1773221889.445:405): prog-id=19 op=UNLOAD type=BPF msg=audit(1773221889.446:406): prog-id=36 op=LOAD type=BPF msg=audit(1773221889.446:407): prog-id=24 op=UNLOAD type=BPF msg=audit(1773221889.447:408): prog-id=37 op=LOAD type=BPF msg=audit(1773221889.447:409): prog-id=38 op=LOAD type=BPF msg=audit(1773221889.447:410): prog-id=25 op=UNLOAD type=BPF msg=audit(1773221889.447:411): prog-id=26 op=UNLOAD type=BPF msg=audit(1773221889.448:412): prog-id=39 op=LOAD type=BPF msg=audit(1773221889.448:413): prog-id=21 op=UNLOAD type=BPF msg=audit(1773221889.450:414): prog-id=40 op=LOAD type=BPF msg=audit(1773221889.451:415): prog-id=20 op=UNLOAD type=BPF msg=audit(1773221889.451:416): prog-id=41 op=LOAD type=BPF msg=audit(1773221889.451:417): prog-id=42 op=LOAD type=BPF msg=audit(1773221889.451:418): prog-id=27 op=UNLOAD type=BPF msg=audit(1773221889.451:419): prog-id=28 op=UNLOAD type=CRYPTO_KEY_USER msg=audit(1773221889.466:420): pid=1102 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=1102 suid=0 exe=2F7573722F7362696E2F73736864202864656C6574656429 hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=SERVICE_STOP msg=audit(1773221889.467:421): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221889.485:422): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221889.510:423): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r184fea94016c48368fe0208c8780d382 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SOFTWARE_UPDATE msg=audit(1773221889.517:424): pid=4158 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssl-libs-1:3.5.1-7.el9_7.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221889.517:425): pid=4158 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="openssl-fips-provider-1:3.5.1-7.el9_7.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221889.517:426): pid=4158 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-8.7p1-47.el9_7.rocky.0.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221889.517:427): pid=4158 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-clients-8.7p1-47.el9_7.rocky.0.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221889.517:428): pid=4158 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssh-server-8.7p1-47.el9_7.rocky.0.1.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SOFTWARE_UPDATE msg=audit(1773221889.517:429): pid=4158 uid=0 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=update sw="openssl-1:3.5.1-7.el9_7.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221890.033:430): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1773221890.036:431): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_END msg=audit(1773221890.322:432): pid=4141 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221890.322:433): pid=4141 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221890.324:434): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221890.324:435): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.324:436): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4140 suid=1000 rport=46816 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.324:437): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4140 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221890.326:438): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221890.327:439): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.327:440): pid=4136 uid=0 auid=1000 ses=13 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=4136 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221890.345:441): pid=6376 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=6376 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221890.346:442): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=6376 suid=74 rport=46882 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221890.346:443): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=6376 suid=74 rport=46882 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221890.462:444): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221890.462:445): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221890.470:446): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221890.471:447): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=6376 suid=74 rport=46882 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221890.472:448): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221890.472:449): pid=6350 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=14 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221890.472:449): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff0a321180 a2=4 a3=3e8 items=0 ppid=4607 pid=6350 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=14 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221890.472:449): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221890.473:450): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221890.485:451): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.486:452): pid=6705 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=6705 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221890.487:453): pid=6705 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221890.488:454): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221890.488:455): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.490:456): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=6710 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221890.507:457): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221890.507:458): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.508:459): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=6705 suid=1000 rport=46882 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.508:460): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=6705 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221890.509:461): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221890.509:462): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.510:463): pid=6350 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=6350 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221890.525:464): pid=6797 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=6797 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221890.526:465): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=6797 suid=74 rport=46884 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221890.526:466): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=6797 suid=74 rport=46884 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221890.652:467): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221890.652:468): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221890.659:469): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221890.660:470): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=6797 suid=74 rport=46884 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221890.660:471): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221890.661:472): pid=6774 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=15 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221890.661:472): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd8bc40210 a2=4 a3=3e8 items=0 ppid=4607 pid=6774 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=15 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221890.661:472): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221890.661:473): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221890.674:474): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.675:475): pid=7048 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=7048 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221890.675:476): pid=7048 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221890.677:477): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221890.677:478): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.677:479): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=7055 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221890.697:480): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221890.697:481): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.697:482): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=7048 suid=1000 rport=46884 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.697:483): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=7048 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221890.699:484): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221890.699:485): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221890.700:486): pid=6774 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=6774 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=SERVICE_STOP msg=audit(1773221893.917:487): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=BPF msg=audit(1773221893.933:488): prog-id=42 op=UNLOAD type=BPF msg=audit(1773221893.933:489): prog-id=41 op=UNLOAD type=SERVICE_START msg=audit(1773221894.313:490): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221894.313:491): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221894.331:492): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r20e33c1cd07544bebd45e13e6f7700a3 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221894.332:493): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r184fea94016c48368fe0208c8780d382 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221900.911:494): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221900.931:495): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221901.480:496): pid=14410 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14410 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221901.480:497): pid=14409 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14410 suid=74 rport=46928 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221901.480:498): pid=14409 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14410 suid=74 rport=46928 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221901.606:499): pid=14409 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221901.606:500): pid=14409 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221901.615:501): pid=14409 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221901.615:502): pid=14409 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14410 suid=74 rport=46928 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221901.616:503): pid=14409 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221901.617:504): pid=14409 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=16 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221901.617:504): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff8aa0f500 a2=4 a3=3e8 items=0 ppid=4607 pid=14409 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=16 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221901.617:504): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221901.617:505): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221901.647:506): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221901.658:507): pid=14413 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1773221901.658:508): pid=14413 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1773221901.659:509): pid=14413 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221901.659:510): pid=14413 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=17 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221901.659:510): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffd7f350390 a2=4 a3=3e8 items=0 ppid=1 pid=14413 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=17 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221901.659:510): proctitle="(systemd)" type=USER_START msg=audit(1773221901.661:511): pid=14413 uid=0 auid=1000 ses=17 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_umask,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221901.755:512): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1773221901.766:513): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221901.767:514): pid=14422 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14422 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221901.768:515): pid=14422 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221901.769:516): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221901.769:517): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221901.770:518): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14423 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221901.787:519): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221901.788:520): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221901.788:521): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14422 suid=1000 rport=46928 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221901.788:522): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14422 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221901.790:523): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221901.790:524): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221901.790:525): pid=14409 uid=0 auid=1000 ses=16 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14409 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221901.807:526): pid=14441 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14441 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221901.808:527): pid=14440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14441 suid=74 rport=46930 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221901.808:528): pid=14440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14441 suid=74 rport=46930 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221901.934:529): pid=14440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221901.934:530): pid=14440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221901.942:531): pid=14440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221901.943:532): pid=14440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14441 suid=74 rport=46930 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221901.944:533): pid=14440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221901.944:534): pid=14440 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=18 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221901.944:534): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc9b316f80 a2=4 a3=3e8 items=0 ppid=4607 pid=14440 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=18 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221901.944:534): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221901.944:535): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221901.959:536): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221901.959:537): pid=14443 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14443 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221901.960:538): pid=14443 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221902.005:539): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221902.005:540): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.006:541): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14444 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.036:542): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14443 suid=1000 rport=46930 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.037:543): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14443 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221902.039:544): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221902.039:545): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221902.040:546): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221902.040:547): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.040:548): pid=14440 uid=0 auid=1000 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14440 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221902.056:549): pid=14461 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14461 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221902.056:550): pid=14460 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14461 suid=74 rport=46932 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221902.056:551): pid=14460 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14461 suid=74 rport=46932 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221902.183:552): pid=14460 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221902.183:553): pid=14460 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221902.192:554): pid=14460 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221902.192:555): pid=14460 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14461 suid=74 rport=46932 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221902.193:556): pid=14460 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221902.193:557): pid=14460 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=19 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221902.193:557): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe2dacb0c0 a2=4 a3=3e8 items=0 ppid=4607 pid=14460 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=19 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221902.193:557): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221902.194:558): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221902.212:559): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.213:560): pid=14463 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14463 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221902.214:561): pid=14463 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221902.215:562): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221902.215:563): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.216:564): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14464 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221902.237:565): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221902.237:566): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.237:567): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14463 suid=1000 rport=46932 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.237:568): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14463 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221902.238:569): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221902.238:570): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.239:571): pid=14460 uid=0 auid=1000 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14460 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221902.254:572): pid=14481 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14481 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221902.255:573): pid=14480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14481 suid=74 rport=46936 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221902.255:574): pid=14480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14481 suid=74 rport=46936 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221902.381:575): pid=14480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221902.381:576): pid=14480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221902.389:577): pid=14480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221902.390:578): pid=14480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14481 suid=74 rport=46936 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221902.391:579): pid=14480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221902.391:580): pid=14480 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=20 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221902.391:580): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffdba417c00 a2=4 a3=3e8 items=0 ppid=4607 pid=14480 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=20 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221902.391:580): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221902.392:581): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221902.406:582): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.407:583): pid=14483 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14483 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221902.408:584): pid=14483 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221902.453:585): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221902.453:586): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.454:587): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14484 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221902.476:588): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221902.476:589): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.476:590): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14483 suid=1000 rport=46936 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.477:591): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14483 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221902.478:592): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221902.478:593): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221902.479:594): pid=14480 uid=0 auid=1000 ses=20 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14480 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221903.558:595): pid=14503 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14503 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221903.559:596): pid=14502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14503 suid=74 rport=46946 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221903.559:597): pid=14502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14503 suid=74 rport=46946 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221903.683:598): pid=14502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221903.683:599): pid=14502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221903.692:600): pid=14502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221903.692:601): pid=14502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14503 suid=74 rport=46946 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221903.693:602): pid=14502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221903.693:603): pid=14502 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=21 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221903.693:603): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff4ec8ff70 a2=4 a3=3e8 items=0 ppid=4607 pid=14502 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=21 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221903.693:603): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221903.694:604): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221903.713:605): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.714:606): pid=14505 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14505 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221903.715:607): pid=14505 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221903.757:608): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221903.757:609): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.758:610): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14506 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.775:611): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14505 suid=1000 rport=46946 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.776:612): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14505 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221903.777:613): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221903.777:614): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221903.777:615): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221903.777:616): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221903.777:617): pid=14502 uid=0 auid=1000 ses=21 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14502 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221904.579:618): pid=14523 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14523 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221904.579:619): pid=14522 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14523 suid=74 rport=46958 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221904.579:620): pid=14522 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256 spid=14523 suid=74 rport=46958 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221904.698:621): pid=14522 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221904.698:622): pid=14522 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:ae:fa:7f:d9:b8:d5:af:f6:9e:8b:ef:bd:d3:40:20:24:0b:d0:a4:08:26:68:ad:f8:4d:f1:fc:07:ba:40:a5:df exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221904.707:623): pid=14522 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221904.707:624): pid=14522 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14523 suid=74 rport=46958 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221904.708:625): pid=14522 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221904.708:626): pid=14522 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=22 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221904.708:626): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffc9ed77c40 a2=4 a3=3e8 items=0 ppid=4607 pid=14522 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=22 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221904.708:626): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221904.709:627): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221904.723:628): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.723:629): pid=14525 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14525 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221904.724:630): pid=14525 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221904.769:631): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221904.769:632): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.770:633): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14526 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221904.794:634): pid=14526 uid=1000 auid=1000 ses=22 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221904.794:635): pid=14526 uid=1000 auid=1000 ses=22 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/rocky" cmd=62617368202D63207072696E746620225C6E31302E302E302E313920202020636E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D315C6E31302E302E302E31323920202020636E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D325C6E31302E302E302E32343120202020636E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D335C6E31302E302E302E32343220202020616E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D315C6E31302E302E302E343120202020616E2D6A656E6B696E732D6465706C6F792D706C6174666F726D2D6B38732D6D616E6966657374732D3336342D325C6E22203E3E202F6574632F686F737473 exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221904.795:636): pid=14526 uid=1000 auid=1000 ses=22 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221904.798:637): pid=14526 uid=1000 auid=1000 ses=22 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221904.800:638): pid=14526 uid=1000 auid=1000 ses=22 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221904.800:639): pid=14526 uid=1000 auid=1000 ses=22 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221904.801:640): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221904.801:641): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.802:642): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14525 suid=1000 rport=46958 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.25 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.802:643): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14525 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221904.803:644): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221904.803:645): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.25 addr=10.0.0.25 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221904.804:646): pid=14522 uid=0 auid=1000 ses=22 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14522 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=SERVICE_STOP msg=audit(1773221914.906:647): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1773221914.935:648): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.124:649): pid=14547 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14547 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221959.126:650): pid=14546 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14547 suid=74 rport=39860 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221959.126:651): pid=14546 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14547 suid=74 rport=39860 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221959.200:652): pid=14546 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.200:653): pid=14546 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:84:9d:46:9b:23:ea:21:fa:54:61:0a:b7:a5:ef:97:84:46:39:f0:f6:ea:b6:c0:e9:43:16:92:20:39:47:44:6b exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221959.210:654): pid=14546 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.210:655): pid=14546 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14547 suid=74 rport=39860 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221959.211:656): pid=14546 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221959.211:657): pid=14546 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=23 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221959.211:657): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffe45626a10 a2=4 a3=3e8 items=0 ppid=4607 pid=14546 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=23 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221959.211:657): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221959.212:658): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221959.234:659): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221959.247:660): pid=14550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=CRED_ACQ msg=audit(1773221959.247:661): pid=14550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=USER_ROLE_CHANGE msg=audit(1773221959.247:662): pid=14550 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221959.248:663): pid=14550 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=24 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221959.248:663): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffd7f350390 a2=4 a3=3e8 items=0 ppid=1 pid=14550 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=24 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221959.248:663): proctitle="(systemd)" type=USER_START msg=audit(1773221959.249:664): pid=14550 uid=0 auid=1000 ses=24 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_umask,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="rocky" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" type=SERVICE_START msg=audit(1773221959.328:665): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=USER_START msg=audit(1773221959.336:666): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.337:667): pid=14559 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14559 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221959.337:668): pid=14559 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221959.379:669): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221959.379:670): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.380:671): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14560 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221959.397:672): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221959.397:673): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.397:674): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14559 suid=1000 rport=39860 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.398:675): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14559 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221959.399:676): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221959.400:677): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.400:678): pid=14546 uid=0 auid=1000 ses=23 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14546 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221959.418:679): pid=14577 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14577 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221959.419:680): pid=14576 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14577 suid=74 rport=39876 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221959.419:681): pid=14576 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14577 suid=74 rport=39876 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221959.486:682): pid=14576 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.486:683): pid=14576 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:84:9d:46:9b:23:ea:21:fa:54:61:0a:b7:a5:ef:97:84:46:39:f0:f6:ea:b6:c0:e9:43:16:92:20:39:47:44:6b exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221959.496:684): pid=14576 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.496:685): pid=14576 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14577 suid=74 rport=39876 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221959.497:686): pid=14576 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221959.497:687): pid=14576 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=25 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221959.497:687): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7ffd38aa6840 a2=4 a3=3e8 items=0 ppid=4607 pid=14576 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=25 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221959.497:687): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221959.498:688): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221959.519:689): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.520:690): pid=14579 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14579 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221959.521:691): pid=14579 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221959.563:692): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221959.563:693): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.563:694): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14580 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221959.585:695): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221959.585:696): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.585:697): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14579 suid=1000 rport=39876 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.586:698): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14579 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221959.587:699): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221959.587:700): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.588:701): pid=14576 uid=0 auid=1000 ses=25 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14576 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221959.608:702): pid=14597 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14597 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221959.608:703): pid=14596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14597 suid=74 rport=39884 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221959.608:704): pid=14596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14597 suid=74 rport=39884 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221959.682:705): pid=14596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.682:706): pid=14596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:84:9d:46:9b:23:ea:21:fa:54:61:0a:b7:a5:ef:97:84:46:39:f0:f6:ea:b6:c0:e9:43:16:92:20:39:47:44:6b exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221959.692:707): pid=14596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.692:708): pid=14596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14597 suid=74 rport=39884 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221959.693:709): pid=14596 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221959.693:710): pid=14596 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=26 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221959.693:710): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fff2df99600 a2=4 a3=3e8 items=0 ppid=4607 pid=14596 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=26 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221959.693:710): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221959.694:711): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221959.711:712): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.712:713): pid=14599 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14599 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221959.713:714): pid=14599 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221959.755:715): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221959.755:716): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.755:717): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14600 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.777:718): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14599 suid=1000 rport=39884 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.777:719): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14599 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_END msg=audit(1773221959.778:720): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRED_DISP msg=audit(1773221959.778:721): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_END msg=audit(1773221959.779:722): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_LOGOUT msg=audit(1773221959.779:723): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.779:724): pid=14596 uid=0 auid=1000 ses=26 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14596 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRYPTO_KEY_USER msg=audit(1773221959.793:725): pid=14617 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14617 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root" type=CRYPTO_SESSION msg=audit(1773221959.794:726): pid=14616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14617 suid=74 rport=39888 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRYPTO_SESSION msg=audit(1773221959.794:727): pid=14616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=14617 suid=74 rport=39888 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=USER_AUTH msg=audit(1773221959.862:728): pid=14616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="rocky" exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.862:729): pid=14616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:84:9d:46:9b:23:ea:21:fa:54:61:0a:b7:a5:ef:97:84:46:39:f0:f6:ea:b6:c0:e9:43:16:92:20:39:47:44:6b exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1773221959.871:730): pid=14616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1773221959.871:731): pid=14616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=14617 suid=74 rport=39888 laddr=10.0.0.41 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1773221959.872:732): pid=14616 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1773221959.872:733): pid=14616 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=27 res=1UID="root" OLD-AUID="unset" AUID="rocky" type=SYSCALL msg=audit(1773221959.872:733): arch=c000003e syscall=1 success=yes exit=4 a0=3 a1=7fffb087dc40 a2=4 a3=3e8 items=0 ppid=4607 pid=14616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=27 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="rocky" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" type=PROCTITLE msg=audit(1773221959.872:733): proctitle=737368643A20726F636B79205B707269765D type=USER_ROLE_CHANGE msg=audit(1773221959.873:734): pid=14616 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_START msg=audit(1773221959.894:735): pid=14616 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.895:736): pid=14619 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14619 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="root" type=CRED_ACQ msg=audit(1773221959.895:737): pid=14619 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="rocky" exe="/usr/sbin/sshd" hostname=10.0.0.19 addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" type=USER_LOGIN msg=audit(1773221959.938:738): pid=14616 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=USER_START msg=audit(1773221959.938:739): pid=14616 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.0.19 terminal=ssh res=success'UID="root" AUID="rocky" ID="rocky" type=CRYPTO_KEY_USER msg=audit(1773221959.938:740): pid=14616 uid=0 auid=1000 ses=27 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:ef:74:52:c2:27:89:71:8c:69:cf:86:67:21:37:e6:5c:b3:97:91:39:1c:f8:7d:03:53:18:41:c1:8c:75:cf:b7 direction=? spid=14620 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="rocky" SUID="rocky" type=USER_ACCT msg=audit(1773221960.020:741): pid=14668 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221960.020:742): pid=14668 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/k8s_manifests-logs" cmd=6370202F6574632F6368726F6E792E636F6E66202F746D702F6B38735F6D616E6966657374732D6C6F67732F6C6F67732F73797374656D2F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221960.021:743): pid=14668 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221960.024:744): pid=14668 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221960.026:745): pid=14668 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221960.026:746): pid=14668 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221960.039:747): pid=14673 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221960.040:748): pid=14673 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/k8s_manifests-logs" cmd=6370202F7661722F6C6F672F6D65737361676573202F746D702F6B38735F6D616E6966657374732D6C6F67732F6C6F67732F73797374656D2F exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221960.040:749): pid=14673 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221960.042:750): pid=14673 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_END msg=audit(1773221960.046:751): pid=14673 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_DISP msg=audit(1773221960.046:752): pid=14673 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_ACCT msg=audit(1773221960.057:753): pid=14677 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="rocky" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_CMD msg=audit(1773221960.057:754): pid=14677 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/tmp/k8s_manifests-logs" cmd=62617368202D63206370202D72202F7661722F6C6F672F61756469742F2A202F746D702F6B38735F6D616E6966657374732D6C6F67732F6C6F67732F73797374656D2F61756469742F20323E2F6465762F6E756C6C exe="/usr/bin/sudo" terminal=? res=success'UID="rocky" AUID="rocky" type=CRED_REFR msg=audit(1773221960.057:755): pid=14677 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky" type=USER_START msg=audit(1773221960.059:756): pid=14677 uid=1000 auid=1000 ses=27 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="rocky" AUID="rocky"