----
time->Fri Jan  1 16:51:36 2021
type=PROCTITLE msg=audit(1609519896.829:44609): proctitle=66696E64002E002D72656765787479706500706F7369782D657874656E646564002D7265676578002E2F61756469746450726F6365737365642E5B302D395D2B2E5B302D395D2B24
type=PATH msg=audit(1609519896.829:44609): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=209023 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1609519896.829:44609): item=0 name="/usr/bin/find" inode=50332900 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1609519896.829:44609):  cwd="/usr/security/auditd/queue"
type=EXECVE msg=audit(1609519896.829:44609): argc=6 a0="find" a1="." a2="-regextype" a3="posix-extended" a4="-regex" a5="./auditdProcessed.[0-9]+.[0-9]+$"
type=SYSCALL msg=audit(1609519896.829:44609): arch=c000003e syscall=59 success=yes exit=0 a0=254c440 a1=2527e90 a2=252b650 a3=7ffdfdce0cd0 items=2 ppid=27755 pid=27854 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=268 comm="find" exe="/usr/bin/find" subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 key="cmds"
----
time->Fri Jan  1 16:51:40 2021
type=PROCTITLE msg=audit(1609519900.161:44607): proctitle="hostname"
type=PATH msg=audit(1609519900.161:44607): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=209023 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1609519900.161:44607): item=0 name="/usr/bin/hostname" inode=50333283 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_exec_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1609519900.161:44607):  cwd="/root"
type=EXECVE msg=audit(1609519900.161:44607): argc=1 a0="hostname"
type=SYSCALL msg=audit(1609519900.161:44607): arch=c000003e syscall=59 success=yes exit=0 a0=1130ce0 a1=1125fd0 a2=1124650 a3=7ffdb79a1440 items=2 ppid=27828 pid=27856 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=269 comm="hostname" exe="/usr/bin/hostname" subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 key="cmds"
----
time->Fri Jan  1 16:51:40 2021
type=PROCTITLE msg=audit(1609519900.163:44608): proctitle=66696E64002F7573722F73656375726974792F6175646974642F6C6F636B732F7374726F6F6D5F6175646974645F6665656465722E73682E6C636B002D6D6D696E002B313830002D6578656300726D002D66007B7D003B
type=PATH msg=audit(1609519900.163:44608): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=209023 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1609519900.163:44608): item=0 name="/usr/bin/find" inode=50332900 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1609519900.163:44608):  cwd="/root"
type=EXECVE msg=audit(1609519900.163:44608): argc=9 a0="find" a1="/usr/security/auditd/locks/stroom_auditd_feeder.sh.lck" a2="-mmin" a3="+180" a4="-exec" a5="rm" a6="-f" a7="{}" a8=";"
type=SYSCALL msg=audit(1609519900.163:44608): arch=c000003e syscall=59 success=yes exit=0 a0=11312b0 a1=11302f0 a2=1124650 a3=7ffdb79a1e80 items=2 ppid=27828 pid=27857 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=269 comm="find" exe="/usr/bin/find" subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 key="cmds"
----
time->Fri Jan  1 16:51:40 2021
type=CRED_DISP msg=audit(1609519900.170:44610): pid=27825 uid=0 auid=0 ses=269 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
----
time->Fri Jan  1 16:51:40 2021
type=PROCTITLE msg=audit(1609519900.170:44611): proctitle=66696E64002E002D72656765787479706500706F7369782D657874656E646564002D7265676578002E2F61756469746450726F6365737365642E5B302D395D2B2E5B302D395D2B2E677A24
type=PATH msg=audit(1609519900.170:44611): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=209023 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1609519900.170:44611): item=0 name="/usr/bin/find" inode=50332900 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1609519900.170:44611):  cwd="/usr/security/auditd/queue"
type=EXECVE msg=audit(1609519900.170:44611): argc=6 a0="find" a1="." a2="-regextype" a3="posix-extended" a4="-regex" a5="./auditdProcessed.[0-9]+.[0-9]+.gz$"
type=SYSCALL msg=audit(1609519900.170:44611): arch=c000003e syscall=59 success=yes exit=0 a0=252be60 a1=2535d20 a2=252b650 a3=7ffdfdce0cd0 items=2 ppid=27755 pid=27858 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=268 comm="find" exe="/usr/bin/find" subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 key="cmds"