type=ADD_GROUP msg=audit(1651773419.122:2456): pid=30157 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=994 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' type=ADD_USER msg=audit(1651773419.152:2458): pid=30162 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user id=997 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' type=CRED_ACQ msg=audit(1651773661.082:2750): pid=6361 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1651773661.112:2754): pid=6361 uid=0 auid=0 ses=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_REFR msg=audit(1651773661.092:2753): pid=6361 uid=0 auid=0 ses=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRYPTO_KEY_USER msg=audit(1603812053.531:1466): pid=4903 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:7b:93:19:7c:43:f6:ca:70:9f:58:60:28:76:9b:24:b2:4c:39:bb:1a:a0:25:f7:92:10:4b:99:88:63:9f:fc:a9 direction=? spid=4903 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' type=CRYPTO_SESSION msg=audit(1651763413.462:51): pid=3296 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac= pfs=curve25519-sha256 spid=3301 suid=74 rport=58286 laddr=10.0.139.94 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.43.12.115 terminal=? res=success' type=DEL_GROUP msg=audit(1651773480.132:2643): pid=32475 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=delete-group id=1000 exe="/usr/sbin/groupdel" hostname=? addr=? terminal=? res=success' type=DEL_USER msg=audit(1651773482.152:2645): pid=32482 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=delete-user id=1000 exe="/usr/sbin/userdel" hostname=? addr=? terminal=? res=success' type=GRP_CHAUTHTOK msg=audit(1651773461.132:2624): pid=31391 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=change-password grp="group15619" acct="root" exe="/usr/bin/gpasswd" hostname=ci-vm-10-0-139-94.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/1 res=success' type=GRP_MGMT msg=audit(1651773419.122:2457): pid=30157 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=994 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' type=ROLE_ASSIGN msg=audit(1651773446.462:2612): pid=30911 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login-sename,role,range acct="user9827" old-seuser=? old-role=? old-range=? new-seuser=staff_u new-role=staff_r,sysadm_r,system_r,unconfined_r new-range=s0-s0:c0.c1023 exe="/usr/bin/python2.7" hostname=? addr=? terminal=? res=success' type=ROLE_REMOVE msg=audit(1651773449.752:2615): pid=30971 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login acct="user9827" old-seuser=staff_u old-role=staff_r,sysadm_r,system_r,unconfined_r old-range=s0-s0:c0.c1023 new-seuser=? new-role=? new-range=? exe="/usr/bin/python2.7" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1651773509.192:2705): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_STOP msg=audit(1603812147.351:1595): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SOFTWARE_UPDATE msg=audit(1651763441.922:391): pid=11240 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="mailx-12.5-19.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=? addr=? terminal=? res=success' type=SYSTEM_RUNLEVEL msg=audit(1651763413.462:53): pid=3317 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' type=USER msg=audit(1651773514.212:2706): pid=3031 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='LOCAL0 test exe="/usr/sbin/auditctl" hostname=? addr=? terminal=? res=success' type=USER_ACCT msg=audit(1651773661.082:2749): pid=6361 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_AUTH msg=audit(1651763414.142:56): pid=3296 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=58286 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.43.12.115 terminal=? res=success' type=USER_END msg=audit(1651773661.112:2755): pid=6361 uid=0 auid=0 ses=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_ERR msg=audit(1651773281.952:2237): pid=29956 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident grantors=? acct="?" exe="/usr/sbin/sshd" hostname=10.43.12.115 addr=10.43.12.115 terminal=ssh res=failed' type=USER_LOGIN msg=audit(1603812053.531:1464): pid=11942 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=10.40.208.5 addr=10.40.208.5 terminal=ssh res=success' type=USER_LOGOUT msg=audit(1603812053.121:1463): pid=11942 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=10.40.208.5 addr=10.40.208.5 terminal=ssh res=success' type=USER_MGMT msg=audit(1651773441.232:2610): pid=30721 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' type=USER_ROLE_CHANGE msg=audit(1651763414.212:63): pid=3296 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.43.12.115 addr=10.43.12.115 terminal=ssh res=success' type=USER_START msg=audit(1651773661.092:2752): pid=6361 uid=0 auid=0 ses=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=VIRT_CONTROL msg=audit(1648128277.363:701): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm="bz1878892-vm" uuid=57ad178f-f744-450a-9db4-030fa3a35a89 vm-pid=6942 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=VIRT_MACHINE_ID msg=audit(1648128276.703:679): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm vm="bz1878892-vm" uuid=57ad178f-f744-450a-9db4-030fa3a35a89 vm-ctx=system_u:system_r:svirt_t:s0:c356,c652 img-ctx=system_u:object_r:svirt_image_t:s0:c356,c652 model=selinux exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=VIRT_RESOURCE msg=audit(1648128276.788:683): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=net reason=open vm="bz1878892-vm" uuid=57ad178f-f744-450a-9db4-030fa3a35a89 net=52:54:00:08:99:f5 path="/dev/net/tun" rdev=0A:C8 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=FEATURE_CHANGE msg=audit(1651773876.972:2836): ppid=12457 pid=12459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=7 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 feature=loginuid_immutable old=0 new=1 old_lock=0 new_lock=1 res=1