From f49195852c62c48eea53ed63a99d0495c0d0a4d7 Mon Sep 17 00:00:00 2001
From: Cropi <alakatos@redhat.com>
Date: Fri, 13 Jun 2025 14:53:16 +0200
Subject: [PATCH 1/7] Add new log

---
 auparse/test/auparse_test.enriched | 1127 ++++++++++++++++++++++++++++
 1 file changed, 1127 insertions(+)
 create mode 100644 auparse/test/auparse_test.enriched

diff --git a/auparse/test/auparse_test.enriched b/auparse/test/auparse_test.enriched
new file mode 100644
index 000000000..0705632d3
--- /dev/null
+++ b/auparse/test/auparse_test.enriched
@@ -0,0 +1,1127 @@
+type=DAEMON_START msg=audit(1749816863.720:9625): op=start ver=4.0.3 format=enriched kernel=6.12.0-89.el10.x86_64 auid=4294967295 pid=7516 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root"
+type=SYSCALL msg=audit(1749816863.720:823): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcd478b270 a2=3c a3=0 items=0 ppid=7515 pid=7516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=system_u:system_r:auditd_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1749816863.720:823): proctitle="/usr/sbin/auditd"
+type=CONFIG_CHANGE msg=audit(1749816863.720:824): op=set audit_pid=7516 old=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.720:824): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcd4788f20 a2=3c a3=0 items=0 ppid=7515 pid=7516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=system_u:system_r:auditd_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1749816863.720:824): proctitle="/usr/sbin/auditd"
+type=SERVICE_START msg=audit(1749816863.722:825): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=CONFIG_CHANGE msg=audit(1749816863.766:826): op=set audit_backlog_limit=8192 old=8192 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.766:826): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde9a3b7d0 a2=3c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1749816863.766:826): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.766:827): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.766:827): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde9a3b7d0 a2=3c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1749816863.766:827): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:828): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:828): arch=c000003e syscall=44 success=yes exit=1068 a0=3 a1=7ffde9a3b880 a2=42c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1749816863.767:828): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:829): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:829): arch=c000003e syscall=44 success=yes exit=1068 a0=3 a1=7ffde9a3b880 a2=42c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:829): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.767:829): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:830): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:830): arch=c000003e syscall=44 success=yes exit=1068 a0=3 a1=7ffde9a3b880 a2=42c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:830): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.767:830): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:831): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:831): arch=c000003e syscall=44 success=yes exit=1068 a0=3 a1=7ffde9a3b880 a2=42c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:831): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.767:831): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:832): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:832): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:832): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.767:832): cwd="/"
+type=PATH msg=audit(1749816863.767:832): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.767:832): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:833): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:833): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:833): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.767:833): cwd="/"
+type=PATH msg=audit(1749816863.767:833): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.767:833): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:834): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:834): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:834): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.767:834): cwd="/"
+type=PATH msg=audit(1749816863.767:834): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.767:834): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:835): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:835): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:835): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.767:835): cwd="/"
+type=PATH msg=audit(1749816863.767:835): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.767:835): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:836): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:836): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:836): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.767:836): cwd="/"
+type=PATH msg=audit(1749816863.767:836): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.767:836): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:837): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:837): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:837): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.767:837): cwd="/"
+type=PATH msg=audit(1749816863.767:837): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.767:837): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.767:838): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.767:838): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.767:838): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.767:838): cwd="/"
+type=PATH msg=audit(1749816863.767:838): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.767:838): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:839): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:839): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:839): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:839): cwd="/"
+type=PATH msg=audit(1749816863.768:839): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:839): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:840): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:840): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:840): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:840): cwd="/"
+type=PATH msg=audit(1749816863.768:840): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:840): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:841): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:841): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:841): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:841): cwd="/"
+type=PATH msg=audit(1749816863.768:841): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:841): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:842): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:842): arch=c000003e syscall=44 success=yes exit=1088 a0=3 a1=7ffde9a3b880 a2=440 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:842): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:842): cwd="/"
+type=PATH msg=audit(1749816863.768:842): item=0 name="/etc/security/" inode=8766612 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:842): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:843): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:843): arch=c000003e syscall=44 success=yes exit=1088 a0=3 a1=7ffde9a3b880 a2=440 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:843): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:843): cwd="/"
+type=PATH msg=audit(1749816863.768:843): item=0 name="/etc/security/" inode=8766612 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:843): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:844): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:844): arch=c000003e syscall=44 success=yes exit=1072 a0=3 a1=7ffde9a3b880 a2=430 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:844): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:844): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:845): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:845): arch=c000003e syscall=44 success=yes exit=1072 a0=3 a1=7ffde9a3b880 a2=430 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:845): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:845): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:846): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:846): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:846): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:846): cwd="/"
+type=PATH msg=audit(1749816863.768:846): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:846): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:847): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:847): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:847): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:847): cwd="/"
+type=PATH msg=audit(1749816863.768:847): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:847): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:848): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:848): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:848): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:848): cwd="/"
+type=PATH msg=audit(1749816863.768:848): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:848): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:849): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:849): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:849): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:849): cwd="/"
+type=PATH msg=audit(1749816863.768:849): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:849): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:850): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:850): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:850): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:850): cwd="/"
+type=PATH msg=audit(1749816863.768:850): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:850): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:851): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:851): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:851): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:851): cwd="/"
+type=PATH msg=audit(1749816863.768:851): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:851): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:852): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:852): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:852): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:852): cwd="/"
+type=PATH msg=audit(1749816863.768:852): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:852): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:853): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:853): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:853): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:853): cwd="/"
+type=PATH msg=audit(1749816863.768:853): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:853): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:854): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:854): arch=c000003e syscall=44 success=yes exit=1092 a0=3 a1=7ffde9a3b880 a2=444 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:854): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:854): cwd="/"
+type=PATH msg=audit(1749816863.768:854): item=0 name="/etc/NetworkManager/" inode=4504980 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:NetworkManager_etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:854): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:855): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:855): arch=c000003e syscall=44 success=yes exit=1092 a0=3 a1=7ffde9a3b880 a2=444 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:855): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:855): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:856): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="MAC-policy" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:856): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:856): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.768:856): cwd="/"
+type=PATH msg=audit(1749816863.768:856): item=0 name="/etc/selinux/" inode=264268 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:selinux_config_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.768:856): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:857): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="MAC-policy" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:857): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:857): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:857): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:858): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:858): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:858): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:858): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:859): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:859): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:859): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:859): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:860): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:860): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:860): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:860): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:861): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:861): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:861): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:861): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:862): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:862): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:862): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:862): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.768:863): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.768:863): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.768:863): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.768:863): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:864): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="access" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:864): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:864): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:864): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:865): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="access" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:865): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:865): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:865): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:866): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="access" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:866): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:866): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:866): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:867): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="access" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:867): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:867): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:867): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:868): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="export" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:868): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:868): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:868): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:869): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="export" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:869): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:869): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:869): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:870): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="delete" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:870): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:870): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:870): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:871): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="delete" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:871): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:871): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:871): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:872): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="actions" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:872): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:872): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.769:872): cwd="/"
+type=PATH msg=audit(1749816863.769:872): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.769:872): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:873): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="actions" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:873): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:873): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.769:873): cwd="/"
+type=PATH msg=audit(1749816863.769:873): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.769:873): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:874): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="actions" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:874): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:874): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.769:874): cwd="/"
+type=PATH msg=audit(1749816863.769:874): item=0 name="/etc/sudoers.d/" inode=14362654 dev=fd:02 mode=040750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.769:874): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:875): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="actions" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:875): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:875): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:875): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:876): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:876): arch=c000003e syscall=44 success=yes exit=1092 a0=3 a1=7ffde9a3b880 a2=444 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:876): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.769:876): cwd="/"
+type=PATH msg=audit(1749816863.769:876): item=0 name="/usr/bin/" inode=8519818 dev=fd:02 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.769:876): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:877): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:877): arch=c000003e syscall=44 success=yes exit=1092 a0=3 a1=7ffde9a3b880 a2=444 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:877): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.769:877): cwd="/"
+type=PATH msg=audit(1749816863.769:877): item=0 name="/usr/bin/" inode=8519818 dev=fd:02 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.769:877): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:878): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:878): arch=c000003e syscall=44 success=yes exit=1088 a0=3 a1=7ffde9a3b880 a2=440 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:878): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.769:878): cwd="/"
+type=PATH msg=audit(1749816863.769:878): item=0 name="/usr/bin/" inode=8519818 dev=fd:02 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.769:878): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:879): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:879): arch=c000003e syscall=44 success=yes exit=1088 a0=3 a1=7ffde9a3b880 a2=440 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:879): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=CWD msg=audit(1749816863.769:879): cwd="/"
+type=PATH msg=audit(1749816863.769:879): item=0 name="/usr/bin/" inode=8519818 dev=fd:02 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816863.769:879): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1749816863.769:880): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
+type=SYSCALL msg=audit(1749816863.769:880): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde9a3b7d0 a2=3c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=SOCKADDR msg=audit(1749816863.769:880): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
+type=PROCTITLE msg=audit(1749816863.769:880): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=SERVICE_START msg=audit(1749816863.774:881): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=audit-rules comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1749816863.774:882): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=audit-rules comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=CRYPTO_KEY_USER msg=audit(1749816865.604:883): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:2a:b3:d8:02:9a:b3:b3:cf:f0:6f:b5:e5:28:cb:13:46:0f:1e:d7:31:b3:97:96:7b:4c:23:82:6a:26:93:d8:eb direction=? spid=7556 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
+type=CRYPTO_KEY_USER msg=audit(1749816865.604:884): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:55:3c:d2:20:05:94:06:52:a5:6e:20:b1:90:2d:56:4c:ee:27:bc:d6:9a:5c:3e:f1:4b:d1:6a:27:ea:a0:83:17 direction=? spid=7556 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
+type=CRYPTO_KEY_USER msg=audit(1749816865.604:885): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:37:63:70:14:0b:16:ef:e5:2c:12:d9:56:b5:01:ee:9c:cb:ce:ee:43:67:b3:28:00:b5:c3:80:dc:33:e9:97:9c direction=? spid=7556 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
+type=CRYPTO_SESSION msg=audit(1749816865.731:886): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=7556 suid=74 rport=34884 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
+type=CRYPTO_SESSION msg=audit(1749816865.731:887): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=7556 suid=74 rport=34884 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
+type=USER_AUTH msg=audit(1749816866.874:888): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=ssh res=failed'UID="root" AUID="unset"
+type=USER_AUTH msg=audit(1749816868.400:889): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=failed'UID="root" AUID="unset"
+type=CRYPTO_KEY_USER msg=audit(1749816872.643:890): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=7556 suid=74 rport=34884 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
+type=USER_LOGIN msg=audit(1749816872.644:891): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=ssh res=failed'UID="root" AUID="unset"
+type=CRYPTO_KEY_USER msg=audit(1749816873.508:892): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:2a:b3:d8:02:9a:b3:b3:cf:f0:6f:b5:e5:28:cb:13:46:0f:1e:d7:31:b3:97:96:7b:4c:23:82:6a:26:93:d8:eb direction=? spid=7559 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
+type=CRYPTO_KEY_USER msg=audit(1749816873.508:893): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:55:3c:d2:20:05:94:06:52:a5:6e:20:b1:90:2d:56:4c:ee:27:bc:d6:9a:5c:3e:f1:4b:d1:6a:27:ea:a0:83:17 direction=? spid=7559 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
+type=CRYPTO_KEY_USER msg=audit(1749816873.508:894): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:37:63:70:14:0b:16:ef:e5:2c:12:d9:56:b5:01:ee:9c:cb:ce:ee:43:67:b3:28:00:b5:c3:80:dc:33:e9:97:9c direction=? spid=7559 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
+type=CRYPTO_SESSION msg=audit(1749816873.634:895): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=7559 suid=74 rport=43496 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
+type=CRYPTO_SESSION msg=audit(1749816873.634:896): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=7559 suid=74 rport=43496 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
+type=USER_AUTH msg=audit(1749816874.752:897): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=ssh res=failed'UID="root" AUID="unset"
+type=USER_AUTH msg=audit(1749816875.564:898): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1749816875.589:899): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="unset"
+type=CRYPTO_KEY_USER msg=audit(1749816875.590:900): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=7559 suid=74 rport=43496 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
+type=CRED_ACQ msg=audit(1749816875.592:901): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1749816875.592:902): pid=7558 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=11 res=1UID="root" OLD-AUID="unset" AUID="newuser"
+type=SYSCALL msg=audit(1749816875.592:902): arch=c000003e syscall=1 success=yes exit=4 a0=5 a1=7ffc7843e8b0 a2=4 a3=0 items=0 ppid=5058 pid=7558 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd-session" exe="/usr/libexec/openssh/sshd-session" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1749816875.592:902): proctitle=737368642D73657373696F6E3A206E657775736572205B707269765D
+type=USER_ROLE_CHANGE msg=audit(1749816875.594:903): pid=7558 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="newuser"
+type=SERVICE_START msg=audit(1749816875.634:904): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1749816875.650:905): pid=7564 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1749816875.650:906): pid=7564 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="newuser" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
+type=USER_ROLE_CHANGE msg=audit(1749816875.651:907): pid=7564 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1749816875.651:908): pid=7564 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=12 res=1UID="root" OLD-AUID="unset" AUID="newuser"
+type=SYSCALL msg=audit(1749816875.651:908): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffd93263930 a2=4 a3=0 items=0 ppid=1 pid=7564 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=12 comm="(systemd)" exe="/usr/lib/systemd/systemd-executor" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1749816875.651:908): proctitle="(systemd)"
+type=USER_START msg=audit(1749816875.657:909): pid=7564 uid=0 auid=1000 ses=12 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_umask,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="newuser" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'UID="root" AUID="newuser"
+type=SYSCALL msg=audit(1749816875.669:910): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffddcf7d6e0 a2=80000 a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.669:910): cwd="/"
+type=PATH msg=audit(1749816875.669:910): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.669:910): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.672:911): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=16d a2=55a009f15156 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.672:911): cwd="/"
+type=PATH msg=audit(1749816875.672:911): item=0 name=(null) inode=3 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.672:911): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.672:912): arch=c000003e syscall=91 success=yes exit=0 a0=4 a1=1a4 a2=55a553a46 a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.672:912): cwd="/"
+type=PATH msg=audit(1749816875.672:912): item=0 name=(null) inode=11 dev=00:2b mode=0100640 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.672:912): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.684:913): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffe34f53ac0 a2=80000 a3=0 items=1 ppid=7567 pid=7568 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="30-systemd-envi" exe="/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.684:913): cwd="/"
+type=PATH msg=audit(1749816875.684:913): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.684:913): proctitle="/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator"
+type=SYSCALL msg=audit(1749816875.692:914): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffd90913f80 a2=80000 a3=0 items=1 ppid=7569 pid=7570 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd-xdg-aut" exe="/usr/lib/systemd/user-generators/systemd-xdg-autostart-generator" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.692:914): cwd="/"
+type=PATH msg=audit(1749816875.692:914): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.692:914): proctitle=2F7573722F6C69622F73797374656D642F757365722D67656E657261746F72732F73797374656D642D7864672D6175746F73746172742D67656E657261746F72002F72756E2F757365722F313030302F73797374656D642F67656E657261746F72002F72756E2F757365722F313030302F73797374656D642F67656E65726174
+type=SYSCALL msg=audit(1749816875.695:915): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffddcf7d4a0 a2=80100 a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.695:915): cwd="/"
+type=PATH msg=audit(1749816875.695:915): item=0 name="/sys/module/fuse/uevent" inode=23603 dev=00:17 mode=0100200 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.695:915): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.695:916): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffddcf7d4a0 a2=80100 a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.695:916): cwd="/"
+type=PATH msg=audit(1749816875.695:916): item=0 name="/sys/module/configfs/uevent" inode=9728 dev=00:17 mode=0100200 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.695:916): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.720:917): arch=c000003e syscall=87 success=no exit=-2 a0=7ffddcf7d762 a1=1d a2=6c a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.720:917): cwd="/"
+type=PATH msg=audit(1749816875.720:917): item=0 name="/run/user/1000/systemd/" inode=2 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.720:917): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.720:918): arch=c000003e syscall=87 success=no exit=-2 a0=7ffddcf7d762 a1=1e a2=6c a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.720:918): cwd="/"
+type=PATH msg=audit(1749816875.720:918): item=0 name="/run/user/1000/systemd/" inode=2 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.720:918): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.729:919): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bce770 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.729:919): cwd="/"
+type=PATH msg=audit(1749816875.729:919): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.729:919): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.729:920): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bce770 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.729:920): cwd="/"
+type=PATH msg=audit(1749816875.729:920): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.729:920): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.729:921): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bce770 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.729:921): cwd="/"
+type=PATH msg=audit(1749816875.729:921): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.729:921): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.729:922): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.729:922): cwd="/"
+type=PATH msg=audit(1749816875.729:922): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/init.scope" inode=7591 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.729:922): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.729:923): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.729:923): cwd="/"
+type=PATH msg=audit(1749816875.729:923): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/init.scope" inode=7591 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.729:923): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.729:924): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.729:924): cwd="/"
+type=PATH msg=audit(1749816875.729:924): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/init.scope" inode=7591 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.729:924): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.730:925): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.730:925): cwd="/"
+type=PATH msg=audit(1749816875.730:925): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice" inode=7637 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.730:925): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.730:926): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.730:926): cwd="/"
+type=PATH msg=audit(1749816875.730:926): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice" inode=7637 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.730:926): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.730:927): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.730:927): cwd="/"
+type=PATH msg=audit(1749816875.730:927): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice" inode=7637 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.730:927): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.733:928): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.733:928): cwd="/"
+type=PATH msg=audit(1749816875.733:928): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/dbus.socket" inode=7683 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.733:928): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.733:929): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.733:929): cwd="/"
+type=PATH msg=audit(1749816875.733:929): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/dbus.socket" inode=7683 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.733:929): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.733:930): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d93f58 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.733:930): cwd="/"
+type=PATH msg=audit(1749816875.733:930): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/dbus.socket" inode=7683 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.733:930): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.733:931): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.733:931): cwd="/"
+type=PATH msg=audit(1749816875.733:931): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/dbus.socket" inode=7683 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.733:931): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.733:932): arch=c000003e syscall=264 success=yes exit=0 a0=ffffff9c a1=55a553bb16a0 a2=ffffff9c a3=55a553bce0b0 items=4 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=renameat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.733:932): cwd="/"
+type=PATH msg=audit(1749816875.733:932): item=0 name="/run/user/1000/systemd/units/" inode=12 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PATH msg=audit(1749816875.733:932): item=1 name="/run/user/1000/systemd/units/" inode=12 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PATH msg=audit(1749816875.733:932): item=2 name="/run/user/1000/systemd/units/.#invocation:dbus.socket5e939d8a43598ad4" inode=19 dev=00:2b mode=0120777 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PATH msg=audit(1749816875.733:932): item=3 name="/run/user/1000/systemd/units/invocation:dbus.socket" inode=19 dev=00:2b mode=0120777 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.733:932): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.735:933): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcb230 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.735:933): cwd="/"
+type=PATH msg=audit(1749816875.735:933): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/systemd-tmpfiles-setup.service" inode=7722 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.735:933): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.735:934): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcb230 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.735:934): cwd="/"
+type=PATH msg=audit(1749816875.735:934): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/systemd-tmpfiles-setup.service" inode=7722 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.735:934): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.735:935): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcb230 a1=7f91a7d93f58 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.735:935): cwd="/"
+type=PATH msg=audit(1749816875.735:935): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/systemd-tmpfiles-setup.service" inode=7722 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.735:935): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.735:936): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcb230 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.735:936): cwd="/"
+type=PATH msg=audit(1749816875.735:936): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/systemd-tmpfiles-setup.service" inode=7722 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.735:936): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.735:937): arch=c000003e syscall=264 success=yes exit=0 a0=ffffff9c a1=55a553bb2aa0 a2=ffffff9c a3=55a553bb1880 items=4 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=renameat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.735:937): cwd="/"
+type=PATH msg=audit(1749816875.735:937): item=0 name="/run/user/1000/systemd/units/" inode=12 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PATH msg=audit(1749816875.735:937): item=1 name="/run/user/1000/systemd/units/" inode=12 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PATH msg=audit(1749816875.735:937): item=2 name="/run/user/1000/systemd/units/.#invocation:systemd-tmpfiles-setup.servicecb04d43a9bf93964" inode=20 dev=00:2b mode=0120777 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PATH msg=audit(1749816875.735:937): item=3 name="/run/user/1000/systemd/units/invocation:systemd-tmpfiles-setup.service" inode=20 dev=00:2b mode=0120777 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.735:937): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.737:938): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bb1880 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.737:938): cwd="/"
+type=PATH msg=audit(1749816875.737:938): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.737:938): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.737:939): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bb1880 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.737:939): cwd="/"
+type=PATH msg=audit(1749816875.737:939): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.737:939): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.737:940): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bb1880 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.737:940): cwd="/"
+type=PATH msg=audit(1749816875.737:940): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1749816875.737:940): proctitle="(systemd)"
+type=SYSCALL msg=audit(1749816875.740:941): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5642de9d5b24 a2=80101 a3=0 items=1 ppid=7564 pid=7571 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="9" exe="/usr/lib/systemd/systemd-executor" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=SYSCALL msg=audit(1749816875.740:942): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55a9e6ed7b24 a2=80101 a3=0 items=1 ppid=7564 pid=7572 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="9" exe="/usr/lib/systemd/systemd-executor" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.740:941): cwd="/"
+type=PATH msg=audit(1749816875.740:941): item=0 name="/dev/kmsg" inode=10 dev=00:06 mode=020644 ouid=0 ogid=0 rdev=01:0b obj=system_u:object_r:kmsg_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.740:941): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003332002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
+type=SYSCALL msg=audit(1749816875.740:943): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5642de9d07ab a2=80101 a3=0 items=1 ppid=7564 pid=7571 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="9" exe="/usr/lib/systemd/systemd-executor" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.740:943): cwd="/"
+type=PATH msg=audit(1749816875.740:943): item=0 name="/dev/console" inode=12 dev=00:06 mode=020620 ouid=0 ogid=5 rdev=05:01 obj=system_u:object_r:console_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1749816875.740:943): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003332002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
+type=CWD msg=audit(1749816875.740:942): cwd="/"
+type=PATH msg=audit(1749816875.740:942): item=0 name="/dev/kmsg" inode=10 dev=00:06 mode=020644 ouid=0 ogid=0 rdev=01:0b obj=system_u:object_r:kmsg_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.740:942): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003333002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
+type=SYSCALL msg=audit(1749816875.742:944): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55a9e6ed27ab a2=80101 a3=0 items=1 ppid=7564 pid=7572 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="9" exe="/usr/lib/systemd/systemd-executor" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.742:944): cwd="/"
+type=PATH msg=audit(1749816875.742:944): item=0 name="/dev/console" inode=12 dev=00:06 mode=020620 ouid=0 ogid=5 rdev=05:01 obj=system_u:object_r:console_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1749816875.742:944): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003333002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
+type=SYSCALL msg=audit(1749816875.750:945): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffde8eeeea0 a2=80000 a3=0 items=1 ppid=7564 pid=7572 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd-tmpfile" exe="/usr/bin/systemd-tmpfiles" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=SYSCALL msg=audit(1749816875.750:946): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffeef5b2160 a2=80000 a3=0 items=1 ppid=7564 pid=7571 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.750:945): cwd="/home/newuser"
+type=PATH msg=audit(1749816875.750:945): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.750:945): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003333002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
+type=CWD msg=audit(1749816875.750:946): cwd="/home/newuser"
+type=PATH msg=audit(1749816875.750:946): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816875.750:946): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003332002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
+type=SYSCALL msg=audit(1749816875.752:947): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f0492b658a7 a2=280000 a3=0 items=1 ppid=7564 pid=7571 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816875.752:947): cwd="/home/newuser"
+type=PATH msg=audit(1749816875.752:947): item=0 name="/proc/1/root" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
+type=PROCTITLE msg=audit(1749816875.752:947): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003332002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
+type=SERVICE_START msg=audit(1749816875.761:948): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_START msg=audit(1749816875.767:949): pid=7558 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="newuser"
+type=CRYPTO_KEY_USER msg=audit(1749816875.768:950): pid=7575 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:2a:b3:d8:02:9a:b3:b3:cf:f0:6f:b5:e5:28:cb:13:46:0f:1e:d7:31:b3:97:96:7b:4c:23:82:6a:26:93:d8:eb direction=? spid=7575 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="newuser" SUID="root"
+type=CRYPTO_KEY_USER msg=audit(1749816875.768:951): pid=7575 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:55:3c:d2:20:05:94:06:52:a5:6e:20:b1:90:2d:56:4c:ee:27:bc:d6:9a:5c:3e:f1:4b:d1:6a:27:ea:a0:83:17 direction=? spid=7575 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="newuser" SUID="root"
+type=CRYPTO_KEY_USER msg=audit(1749816875.768:952): pid=7575 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:37:63:70:14:0b:16:ef:e5:2c:12:d9:56:b5:01:ee:9c:cb:ce:ee:43:67:b3:28:00:b5:c3:80:dc:33:e9:97:9c direction=? spid=7575 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="newuser" SUID="root"
+type=CRED_ACQ msg=audit(1749816875.769:953): pid=7575 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="newuser"
+type=SYSCALL msg=audit(1749816876.065:954): arch=c000003e syscall=188 success=yes exit=0 a0=5594d870a9bc a1=7f50cd8191ac a2=5594d8728430 a3=27 items=1 ppid=5058 pid=7558 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd-session" exe="/usr/libexec/openssh/sshd-session" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=setxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816876.065:954): cwd="/"
+type=PATH msg=audit(1749816876.065:954): item=0 name="/dev/pts/2" inode=5 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:02 obj=system_u:object_r:sshd_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1749816876.065:954): proctitle=737368642D73657373696F6E3A206E657775736572205B707269765D
+type=SYSCALL msg=audit(1749816876.066:955): arch=c000003e syscall=92 success=yes exit=0 a0=5594d870a9bc a1=3e8 a2=5 a3=5594c8c061cf items=1 ppid=5058 pid=7558 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd-session" exe="/usr/libexec/openssh/sshd-session" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816876.066:955): cwd="/"
+type=PATH msg=audit(1749816876.066:955): item=0 name="/dev/pts/2" inode=5 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:02 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1749816876.066:955): proctitle=737368642D73657373696F6E3A206E657775736572205B707269765D
+type=USER_LOGIN msg=audit(1749816876.066:956): pid=7558 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/libexec/openssh/sshd-session" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=10.45.224.176 terminal=/dev/pts/2 res=success'UID="root" AUID="newuser" ID="newuser"
+type=USER_START msg=audit(1749816876.066:957): pid=7558 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/libexec/openssh/sshd-session" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=10.45.224.176 terminal=/dev/pts/2 res=success'UID="root" AUID="newuser" ID="newuser"
+type=BPF msg=audit(1749816876.080:958): prog-id=95 op=UNLOAD
+type=BPF msg=audit(1749816876.080:959): prog-id=94 op=UNLOAD
+type=BPF msg=audit(1749816876.081:960): prog-id=96 op=LOAD
+type=BPF msg=audit(1749816876.082:961): prog-id=97 op=LOAD
+type=BPF msg=audit(1749816876.082:962): prog-id=98 op=LOAD
+type=SERVICE_START msg=audit(1749816876.145:963): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_AUTH msg=audit(1749816880.463:964): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_ACCT msg=audit(1749816880.465:965): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1749816880.467:966): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=757365726D6F64202D6320546573742075736572206E657775736572 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1749816880.468:967): arch=c000003e syscall=92 success=yes exit=0 a0=7fff7a155c50 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7607 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816880.468:967): cwd="/home/newuser"
+type=PATH msg=audit(1749816880.468:967): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1749816880.468:967): proctitle=7375646F00757365726D6F64002D6300546573742075736572006E657775736572
+type=CRED_REFR msg=audit(1749816880.469:968): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1749816880.473:969): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_END msg=audit(1749816880.479:970): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1749816880.479:971): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_ACCT msg=audit(1749816885.822:972): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1749816885.824:973): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=757365726D6F64202D632054657374206E65772075736572206E657775736572 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1749816885.825:974): arch=c000003e syscall=92 success=yes exit=0 a0=7fffd398f050 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7613 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816885.825:974): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.825:974): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1749816885.825:974): proctitle=7375646F00757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=CRED_REFR msg=audit(1749816885.825:975): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1749816885.828:976): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1749816885.834:977): arch=c000003e syscall=87 success=yes exit=0 a0=55c8a544e770 a1=55c8a544e770 a2=0 a3=0 items=2 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.834:977): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.834:977): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1749816885.834:977): item=1 name="/etc/passwd.7616" inode=4836609 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.834:977): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.834:978): arch=c000003e syscall=257 success=yes exit=5 a0=ffffff9c a1=55c871d48320 a2=a0902 a3=0 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.834:978): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.834:978): item=0 name="/etc/passwd" inode=4836612 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.834:978): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.838:979): arch=c000003e syscall=87 success=yes exit=0 a0=55c8a54557f0 a1=55c8a54557f0 a2=0 a3=0 items=2 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.838:979): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.838:979): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1749816885.838:979): item=1 name="/etc/shadow.7616" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.838:979): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.838:980): arch=c000003e syscall=257 success=yes exit=6 a0=ffffff9c a1=55c871d49040 a2=a0902 a3=0 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.838:980): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.838:980): item=0 name="/etc/shadow" inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.838:980): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=USER_MGMT msg=audit(1749816885.838:981): pid=7616 uid=0 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-comment id=1000 exe="/usr/sbin/usermod" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=pts/3 res=success'UID="root" AUID="newuser" ID="newuser"
+type=SYSCALL msg=audit(1749816885.841:982): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=0 a2=0 a3=1b6 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.841:982): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.841:982): item=0 name=(null) inode=4534412 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.841:982): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.842:983): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=0 a3=1b6 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.842:983): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.842:983): item=0 name=(null) inode=4534412 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.842:983): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.846:984): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.846:984): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.846:984): item=0 name=(null) inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.846:984): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.846:985): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.846:985): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.846:985): item=0 name=(null) inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.846:985): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.848:986): arch=c000003e syscall=82 success=yes exit=0 a0=7ffee06d3050 a1=55c871d48320 a2=7ffee06d2fc0 a3=100 items=5 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.848:986): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.848:986): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1749816885.848:986): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1749816885.848:986): item=2 name="/etc/passwd+" inode=4836614 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1749816885.848:986): item=3 name="/etc/passwd" inode=4836612 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1749816885.848:986): item=4 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.848:986): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.849:987): arch=c000003e syscall=87 success=yes exit=0 a0=7ffee06d3070 a1=6b636f6c a2=0 a3=0 items=2 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.849:987): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.849:987): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1749816885.849:987): item=1 name="/etc/shadow.lock" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.849:987): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=SYSCALL msg=audit(1749816885.849:988): arch=c000003e syscall=87 success=yes exit=0 a0=7ffee06d3070 a1=6b636f6c a2=0 a3=0 items=2 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1749816885.849:988): cwd="/home/newuser"
+type=PATH msg=audit(1749816885.849:988): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1749816885.849:988): item=1 name="/etc/passwd.lock" inode=4836609 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1749816885.849:988): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
+type=USER_END msg=audit(1749816885.851:989): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1749816885.851:990): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_ACCT msg=audit(1749816889.489:991): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1749816889.491:992): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=64617465202D7320323032332D30312D30312031323A30303A3030 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1749816889.492:993): arch=c000003e syscall=92 success=yes exit=0 a0=7ffe6cc2e070 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7617 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1749816889.492:993): cwd="/home/newuser"
+type=PATH msg=audit(1749816889.492:993): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1749816889.492:993): proctitle=7375646F0064617465002D7300323032332D30312D30312031323A30303A3030
+type=CRED_REFR msg=audit(1749816889.493:994): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1749816889.497:995): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1749816889.499:996): arch=c000003e syscall=227 success=yes exit=0 a0=0 a1=7ffcb4b0f630 a2=0 a3=7ffcb4b0f5e0 items=0 ppid=7619 pid=7620 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="date" exe="/usr/bin/date" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="time-change"ARCH=x86_64 SYSCALL=clock_settime AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=TIME_INJOFFSET msg=audit(1749816889.499:996): sec=-77224490 nsec=499251461
+type=PROCTITLE msg=audit(1749816889.499:996): proctitle=64617465002D7300323032332D30312D30312031323A30303A3030
+type=USER_END msg=audit(1672592400.001:997): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592400.001:998): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SERVICE_START msg=audit(1672592400.500:999): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1672592400.500:1000): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SYSCALL msg=audit(1672592410.288:1001): arch=c000003e syscall=268 success=no exit=-1 a0=ffffff9c a1=55f34ea94620 a2=1ff a3=0 items=1 ppid=7576 pid=7624 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="chmod" exe="/usr/bin/chmod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=fchmodat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592410.288:1001): cwd="/home/newuser"
+type=PATH msg=audit(1672592410.288:1001): item=0 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592410.288:1001): proctitle=63686D6F6400373737002F6574632F706173737764
+type=USER_ACCT msg=audit(1672592416.454:1002): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1672592416.456:1003): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=63686D6F6420373737202F6574632F706173737764 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592416.457:1004): arch=c000003e syscall=92 success=yes exit=0 a0=7ffc9a06e190 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7625 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592416.457:1004): cwd="/home/newuser"
+type=PATH msg=audit(1672592416.457:1004): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1672592416.457:1004): proctitle=7375646F0063686D6F6400373737002F6574632F706173737764
+type=CRED_REFR msg=audit(1672592416.457:1005): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592416.460:1006): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592416.462:1007): arch=c000003e syscall=268 success=yes exit=0 a0=ffffff9c a1=5615d2f57620 a2=1ff a3=0 items=1 ppid=7627 pid=7628 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="chmod" exe="/usr/bin/chmod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=fchmodat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592416.462:1007): cwd="/home/newuser"
+type=PATH msg=audit(1672592416.462:1007): item=0 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592416.462:1007): proctitle=63686D6F6400373737002F6574632F706173737764
+type=USER_END msg=audit(1672592416.463:1008): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592416.464:1009): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SERVICE_STOP msg=audit(1672592416.664:1010): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=BPF msg=audit(1672592416.670:1011): prog-id=96 op=UNLOAD
+type=USER_ACCT msg=audit(1672592420.638:1012): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1672592420.640:1013): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=63686F776E206E6577757365723A6E657775736572202F686F6D652F6E6577757365722F2E626173687263 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592420.641:1014): arch=c000003e syscall=92 success=yes exit=0 a0=7ffd872a24b0 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7633 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592420.641:1014): cwd="/home/newuser"
+type=PATH msg=audit(1672592420.641:1014): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1672592420.641:1014): proctitle=7375646F0063686F776E006E6577757365723A6E657775736572002F686F6D652F6E6577757365722F2E626173687263
+type=CRED_REFR msg=audit(1672592420.642:1015): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592420.645:1016): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592420.650:1017): arch=c000003e syscall=260 success=yes exit=0 a0=ffffff9c a1=562a658976e0 a2=3e8 a3=3e8 items=1 ppid=7635 pid=7636 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="chown" exe="/usr/bin/chown" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchownat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592420.650:1017): cwd="/home/newuser"
+type=PATH msg=audit(1672592420.650:1017): item=0 name="/home/newuser/.bashrc" inode=20971709 dev=fd:02 mode=0100644 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1672592420.650:1017): proctitle=63686F776E006E6577757365723A6E657775736572002F686F6D652F6E6577757365722F2E626173687263
+type=USER_END msg=audit(1672592420.651:1018): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592420.651:1019): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592423.207:1020): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffe31d8253a a2=0 a3=0 items=1 ppid=7576 pid=7637 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="cat" exe="/usr/bin/cat" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592423.207:1020): cwd="/home/newuser"
+type=PATH msg=audit(1672592423.207:1020): item=0 name="/root/secret.txt" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
+type=PROCTITLE msg=audit(1672592423.207:1020): proctitle=636174002F726F6F742F7365637265742E747874
+type=SYSCALL msg=audit(1672592427.603:1021): arch=c000003e syscall=263 success=yes exit=0 a0=ffffff9c a1=5560cbcd05f0 a2=0 a3=200 items=2 ppid=7576 pid=7638 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlinkat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592427.603:1021): cwd="/home/newuser"
+type=PATH msg=audit(1672592427.603:1021): item=0 name="/home/newuser/" inode=20971706 dev=fd:02 mode=040700 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PATH msg=audit(1672592427.603:1021): item=1 name="/home/newuser/.bashrc" inode=20971709 dev=fd:02 mode=0100644 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
+type=PROCTITLE msg=audit(1672592427.603:1021): proctitle=726D002F686F6D652F6E6577757365722F2E626173687263
+type=USER_ACCT msg=audit(1672592430.992:1022): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1672592430.994:1023): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=6D6F756E74202F6465762F73646231202F6D6E74 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592430.995:1024): arch=c000003e syscall=92 success=yes exit=0 a0=7ffd3b023070 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7639 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592430.995:1024): cwd="/home/newuser"
+type=PATH msg=audit(1672592430.995:1024): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1672592430.995:1024): proctitle=7375646F006D6F756E74002F6465762F73646231002F6D6E74
+type=CRED_REFR msg=audit(1672592430.995:1025): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592430.997:1026): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_END msg=audit(1672592431.114:1027): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592431.115:1028): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_ACCT msg=audit(1672592434.391:1029): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1672592434.392:1030): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=746565202D61202F6574632F686F737473 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592434.393:1031): arch=c000003e syscall=92 success=yes exit=0 a0=7ffe10ab2b10 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7646 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592434.393:1031): cwd="/home/newuser"
+type=PATH msg=audit(1672592434.393:1031): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1672592434.393:1031): proctitle=7375646F00746565002D61002F6574632F686F737473
+type=CRED_REFR msg=audit(1672592434.394:1032): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592434.396:1033): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592434.398:1034): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7ffd911c5734 a2=441 a3=1b6 items=1 ppid=7648 pid=7649 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="tee" exe="/usr/bin/tee" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="system-locale"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592434.398:1034): cwd="/home/newuser"
+type=PATH msg=audit(1672592434.398:1034): item=0 name="/etc/hosts" inode=4329581 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:net_conf_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592434.398:1034): proctitle=746565002D61002F6574632F686F737473
+type=USER_END msg=audit(1672592434.399:1035): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592434.399:1036): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_ACCT msg=audit(1672592436.989:1037): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1672592436.990:1038): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=686F73746E616D6563746C207365742D686F73746E616D652074657374686F7374 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592436.991:1039): arch=c000003e syscall=92 success=yes exit=0 a0=7ffd9445d8d0 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7650 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592436.991:1039): cwd="/home/newuser"
+type=PATH msg=audit(1672592436.991:1039): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1672592436.991:1039): proctitle=7375646F00686F73746E616D6563746C007365742D686F73746E616D650074657374686F7374
+type=CRED_REFR msg=audit(1672592436.992:1040): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592436.994:1041): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=BPF msg=audit(1672592437.000:1042): prog-id=98 op=UNLOAD
+type=BPF msg=audit(1672592437.000:1043): prog-id=97 op=UNLOAD
+type=BPF msg=audit(1672592437.001:1044): prog-id=99 op=LOAD
+type=BPF msg=audit(1672592437.002:1045): prog-id=100 op=LOAD
+type=BPF msg=audit(1672592437.002:1046): prog-id=101 op=LOAD
+type=SERVICE_START msg=audit(1672592437.049:1047): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SYSCALL msg=audit(1672592437.053:1048): arch=c000003e syscall=264 success=yes exit=0 a0=ffffff9c a1=55fcb015a910 a2=ffffff9c a3=55fca8a5c01c items=5 ppid=1 pid=7654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hostnam" exe="/usr/lib/systemd/systemd-hostnamed" subj=system_u:system_r:systemd_hostnamed_t:s0 key="system-locale"ARCH=x86_64 SYSCALL=renameat AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592437.053:1048): cwd="/"
+type=PATH msg=audit(1672592437.053:1048): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592437.053:1048): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592437.053:1048): item=2 name="/etc/.#hostnameee111b086543a43a" inode=4836608 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592437.053:1048): item=3 name="/etc/hostname" inode=4836982 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592437.053:1048): item=4 name="/etc/hostname" inode=4836608 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592437.053:1048): proctitle="/usr/lib/systemd/systemd-hostnamed"
+type=SYSCALL msg=audit(1672592437.053:1049): arch=c000003e syscall=170 success=yes exit=0 a0=55fcb015a650 a1=8 a2=55fcb0142 a3=55fcb0142010 items=0 ppid=1 pid=7654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hostnam" exe="/usr/lib/systemd/systemd-hostnamed" subj=system_u:system_r:systemd_hostnamed_t:s0 key="system-locale"ARCH=x86_64 SYSCALL=sethostname AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1672592437.053:1049): proctitle="/usr/lib/systemd/systemd-hostnamed"
+type=USER_END msg=audit(1672592437.058:1050): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592437.058:1051): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SERVICE_START msg=audit(1672592437.079:1052): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1672592440.565:1053): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1672592440.567:1054): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=75736572616464207465737475736572 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592440.568:1055): arch=c000003e syscall=92 success=yes exit=0 a0=7ffd772a1290 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7664 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592440.568:1055): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.568:1055): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1672592440.568:1055): proctitle=7375646F0075736572616464007465737475736572
+type=CRED_REFR msg=audit(1672592440.569:1056): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592440.571:1057): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592440.580:1058): arch=c000003e syscall=87 success=yes exit=0 a0=557f68591230 a1=557f68591230 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.580:1058): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.580:1058): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.580:1058): item=1 name="/etc/passwd.7667" inode=4194437 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.580:1058): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.580:1059): arch=c000003e syscall=257 success=yes exit=5 a0=ffffff9c a1=557f65336040 a2=a0902 a3=0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.580:1059): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.580:1059): item=0 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.580:1059): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.583:1060): arch=c000003e syscall=87 success=yes exit=0 a0=557f6859ef40 a1=557f6859ef40 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.583:1060): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.583:1060): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.583:1060): item=1 name="/etc/group.7667" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.583:1060): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.583:1061): arch=c000003e syscall=257 success=yes exit=6 a0=ffffff9c a1=557f653364a0 a2=a0902 a3=0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.583:1061): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.583:1061): item=0 name="/etc/group" inode=4836610 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.583:1061): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.587:1062): arch=c000003e syscall=87 success=yes exit=0 a0=557f6857b5a0 a1=557f6857b5a0 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.587:1062): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.587:1062): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.587:1062): item=1 name="/etc/gshadow.7667" inode=4836612 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.587:1062): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.587:1063): arch=c000003e syscall=257 success=yes exit=7 a0=ffffff9c a1=557f65336900 a2=a0902 a3=0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.587:1063): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.587:1063): item=0 name="/etc/gshadow" inode=4836613 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.587:1063): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.589:1064): arch=c000003e syscall=87 success=yes exit=0 a0=557f685a29c0 a1=557f685a29c0 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.589:1064): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.589:1064): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.589:1064): item=1 name="/etc/subuid.7667" inode=4836619 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.589:1064): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.593:1065): arch=c000003e syscall=87 success=yes exit=0 a0=557f685a7dd0 a1=557f685a7dd0 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.593:1065): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.593:1065): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.593:1065): item=1 name="/etc/subgid.7667" inode=4836620 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.593:1065): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.599:1066): arch=c000003e syscall=87 success=yes exit=0 a0=557f685a8590 a1=557f685a8590 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.599:1066): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.599:1066): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.599:1066): item=1 name="/etc/shadow.7667" inode=4836621 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.599:1066): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.599:1067): arch=c000003e syscall=257 success=yes exit=10 a0=ffffff9c a1=557f65335be0 a2=a0902 a3=0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.599:1067): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.599:1067): item=0 name="/etc/shadow" inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.599:1067): proctitle=75736572616464007465737475736572
+type=ADD_GROUP msg=audit(1672592440.600:1068): pid=7667 uid=0 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-group acct="testuser" exe="/usr/sbin/useradd" hostname=testhost addr=? terminal=pts/3 res=success'UID="root" AUID="newuser"
+type=ADD_USER msg=audit(1672592440.602:1069): pid=7667 uid=0 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-user acct="testuser" exe="/usr/sbin/useradd" hostname=testhost addr=? terminal=pts/3 res=success'UID="root" AUID="newuser"
+type=SYSCALL msg=audit(1672592440.604:1070): arch=c000003e syscall=93 success=yes exit=0 a0=c a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.604:1070): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.604:1070): item=0 name=(null) inode=4534412 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.604:1070): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.604:1071): arch=c000003e syscall=91 success=yes exit=0 a0=c a1=1b4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.604:1071): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.604:1071): item=0 name=(null) inode=4534412 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.604:1071): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.616:1072): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.616:1072): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.616:1072): item=0 name=(null) inode=4836622 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.616:1072): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.616:1073): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1b4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.616:1073): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.616:1073): item=0 name=(null) inode=4836622 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.616:1073): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.619:1074): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c910 a1=557f65336040 a2=7ffeab31c880 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.619:1074): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.619:1074): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.619:1074): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.619:1074): item=2 name="/etc/passwd+" inode=4836622 dev=fd:02 mode=0100664 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.619:1074): item=3 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.619:1074): item=4 name="/etc/passwd" inode=4836622 dev=fd:02 mode=0100664 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.619:1074): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.620:1075): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.620:1075): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.620:1075): item=0 name=(null) inode=4600516 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.620:1075): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.620:1076): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.620:1076): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.620:1076): item=0 name=(null) inode=4600516 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.620:1076): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.622:1077): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.622:1077): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.622:1077): item=0 name=(null) inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.622:1077): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.623:1078): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.623:1078): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.623:1078): item=0 name=(null) inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.623:1078): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.625:1079): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c910 a1=557f65335be0 a2=7ffeab31c880 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.625:1079): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.625:1079): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.625:1079): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.625:1079): item=2 name="/etc/shadow+" inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.625:1079): item=3 name="/etc/shadow" inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.625:1079): item=4 name="/etc/shadow" inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.625:1079): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.625:1080): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.625:1080): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.625:1080): item=0 name=(null) inode=4600514 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.625:1080): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.625:1081): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.625:1081): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.625:1081): item=0 name=(null) inode=4600514 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.625:1081): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.631:1082): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.631:1082): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.631:1082): item=0 name=(null) inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.631:1082): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.631:1083): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.631:1083): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.631:1083): item=0 name=(null) inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.631:1083): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.634:1084): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c8f0 a1=557f653364a0 a2=7ffeab31c860 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.634:1084): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.634:1084): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.634:1084): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.634:1084): item=2 name="/etc/group+" inode=4329594 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.634:1084): item=3 name="/etc/group" inode=4836610 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.634:1084): item=4 name="/etc/group" inode=4329594 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.634:1084): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.634:1085): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.634:1085): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.634:1085): item=0 name=(null) inode=4600515 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.634:1085): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.634:1086): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.634:1086): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.634:1086): item=0 name=(null) inode=4600515 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.634:1086): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.639:1087): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.639:1087): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.639:1087): item=0 name=(null) inode=4836610 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.639:1087): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.639:1088): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.639:1088): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.639:1088): item=0 name=(null) inode=4836610 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.639:1088): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.641:1089): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c8f0 a1=557f65336900 a2=7ffeab31c860 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.641:1089): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.641:1089): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.641:1089): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.641:1089): item=2 name="/etc/gshadow+" inode=4836610 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.641:1089): item=3 name="/etc/gshadow" inode=4836613 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.641:1089): item=4 name="/etc/gshadow" inode=4836610 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.641:1089): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.641:1090): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.641:1090): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.641:1090): item=0 name=(null) inode=4836615 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.641:1090): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.641:1091): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.641:1091): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.641:1091): item=0 name=(null) inode=4836615 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.641:1091): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.644:1092): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.644:1092): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.644:1092): item=0 name=(null) inode=4836613 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.644:1092): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.644:1093): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.644:1093): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.644:1093): item=0 name=(null) inode=4836613 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.644:1093): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.646:1094): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c910 a1=557f65336d60 a2=7ffeab31c880 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.646:1094): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.646:1094): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.646:1094): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.646:1094): item=2 name="/etc/subuid+" inode=4836613 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.646:1094): item=3 name="/etc/subuid" inode=4836616 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.646:1094): item=4 name="/etc/subuid" inode=4836613 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.646:1094): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.647:1095): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.647:1095): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.647:1095): item=0 name=(null) inode=4836617 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.647:1095): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.647:1096): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.647:1096): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.647:1096): item=0 name=(null) inode=4836617 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.647:1096): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.653:1097): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.653:1097): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.653:1097): item=0 name=(null) inode=4836616 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.653:1097): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.653:1098): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.653:1098): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.653:1098): item=0 name=(null) inode=4836616 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.653:1098): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1099): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c910 a1=557f653371c0 a2=7ffeab31c880 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1099): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1099): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1099): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1099): item=2 name="/etc/subgid+" inode=4836616 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1099): item=3 name="/etc/subgid" inode=4836618 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1099): item=4 name="/etc/subgid" inode=4836616 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1099): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1100): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c930 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1100): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1100): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1100): item=1 name="/etc/shadow.lock" inode=4836621 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1100): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1101): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c930 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1101): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1101): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1101): item=1 name="/etc/passwd.lock" inode=4194437 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1101): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1102): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c910 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1102): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1102): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1102): item=1 name="/etc/group.lock" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1102): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1103): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c910 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1103): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1103): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1103): item=1 name="/etc/gshadow.lock" inode=4836612 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1103): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1104): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c930 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1104): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1104): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1104): item=1 name="/etc/subuid.lock" inode=4836619 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1104): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1105): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c930 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1105): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1105): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592440.656:1105): item=1 name="/etc/subgid.lock" inode=4836620 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1105): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1106): arch=c000003e syscall=92 success=yes exit=0 a0=7ffeab31cc10 a1=0 a2=0 a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1106): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1106): item=0 name="/home/testuser" inode=33555919 dev=fd:02 mode=040000 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1106): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1107): arch=c000003e syscall=90 success=yes exit=0 a0=7ffeab31cc10 a1=1ed a2=0 a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1107): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1107): item=0 name="/home/testuser" inode=33555919 dev=fd:02 mode=040000 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1107): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1108): arch=c000003e syscall=92 success=yes exit=0 a0=557f6859d740 a1=3e9 a2=3e9 a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1108): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1108): item=0 name="/home/testuser" inode=33555919 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.656:1108): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.656:1109): arch=c000003e syscall=90 success=yes exit=0 a0=557f6859d740 a1=1c0 a2=0 a3=7f685bca7fe0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.656:1109): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.656:1109): item=0 name="/home/testuser" inode=33555919 dev=fd:02 mode=040755 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.656:1109): proctitle=75736572616464007465737475736572
+type=USER_MGMT msg=audit(1672592440.656:1110): pid=7667 uid=0 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-home-dir id=1001 exe="/usr/sbin/useradd" hostname=testhost addr=? terminal=pts/3 res=success'UID="root" AUID="newuser" ID="testuser"
+type=SYSCALL msg=audit(1672592440.658:1111): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1111): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1111): item=0 name=(null) inode=33555920 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.658:1111): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1112): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1112): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1112): item=0 name=(null) inode=33555920 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1112): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1113): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685a74b0 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1113): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1113): item=0 name=(null) inode=33555920 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1113): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1114): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1114): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1114): item=0 name=(null) inode=33555921 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.658:1114): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1115): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1115): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1115): item=0 name=(null) inode=33555921 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1115): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1116): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685a74b0 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1116): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1116): item=0 name=(null) inode=33555921 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1116): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1117): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1117): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1117): item=0 name=(null) inode=33555922 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.658:1117): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1118): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1118): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1118): item=0 name=(null) inode=33555922 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1118): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1119): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685ae860 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1119): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1119): item=0 name=(null) inode=33555922 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1119): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1120): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1120): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1120): item=0 name=(null) inode=33555923 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.658:1120): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1121): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1121): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1121): item=0 name=(null) inode=33555923 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1121): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1122): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685a74b0 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1122): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1122): item=0 name=(null) inode=33555923 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1122): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1123): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1123): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1123): item=0 name=(null) inode=33555924 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.658:1123): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1124): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1124): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1124): item=0 name=(null) inode=33555924 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1124): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.658:1125): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685ae860 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.658:1125): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.658:1125): item=0 name=(null) inode=33555924 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
+type=PROCTITLE msg=audit(1672592440.658:1125): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.661:1126): arch=c000003e syscall=93 success=yes exit=0 a0=4 a1=3e9 a2=c a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.661:1126): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.661:1126): item=0 name=(null) inode=9838121 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:mail_spool_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592440.661:1126): proctitle=75736572616464007465737475736572
+type=SYSCALL msg=audit(1672592440.661:1127): arch=c000003e syscall=91 success=yes exit=0 a0=4 a1=1b0 a2=c a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592440.661:1127): cwd="/home/newuser"
+type=PATH msg=audit(1672592440.661:1127): item=0 name=(null) inode=9838121 dev=fd:02 mode=0100000 ouid=1001 ogid=12 rdev=00:00 obj=system_u:object_r:mail_spool_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="mail"
+type=PROCTITLE msg=audit(1672592440.661:1127): proctitle=75736572616464007465737475736572
+type=USER_END msg=audit(1672592440.684:1128): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592440.684:1129): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CHAUTHTOK msg=audit(1672592446.279:1130): pid=7668 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=PAM:chauthtok grantors=? acct="newuser" exe="/usr/bin/passwd" hostname=testhost addr=? terminal=pts/2 res=failed'UID="newuser" AUID="newuser"
+type=SERVICE_STOP msg=audit(1672592447.096:1131): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SYSCALL msg=audit(1672592449.062:1132): arch=c000003e syscall=59 success=yes exit=0 a0=55c2885535c0 a1=55c288560ce0 a2=55c28855efc0 a3=55c28851e010 items=2 ppid=7576 pid=7673 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="pkexec" exe="/usr/bin/pkexec" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="maybe-escalation"ARCH=x86_64 SYSCALL=execve AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=EXECVE msg=audit(1672592449.062:1132): argc=2 a0="pkexec" a1="ls"
+type=CWD msg=audit(1672592449.062:1132): cwd="/home/newuser"
+type=PATH msg=audit(1672592449.062:1132): item=0 name="/usr/bin/pkexec" inode=8936895 dev=fd:02 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592449.062:1132): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=8617394 dev=fd:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592449.062:1132): proctitle=706B65786563006C73
+type=BPF msg=audit(1672592449.078:1133): prog-id=102 op=LOAD
+type=SERVICE_START msg=audit(1672592449.148:1134): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_AUTH msg=audit(1672592452.013:1135): pid=7697 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="newuser" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_ACCT msg=audit(1672592452.015:1136): pid=7697 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592452.025:1137): pid=7673 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/pkexec" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_ACCT msg=audit(1672592455.976:1138): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1672592455.977:1139): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd="visudo" exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592455.978:1140): arch=c000003e syscall=92 success=yes exit=0 a0=7fff230729d0 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7704 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592455.978:1140): cwd="/home/newuser"
+type=PATH msg=audit(1672592455.978:1140): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1672592455.978:1140): proctitle=7375646F0076697375646F
+type=CRED_REFR msg=audit(1672592455.978:1141): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592455.982:1142): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592455.988:1143): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7ffdf42576a0 a2=2 a3=0 items=1 ppid=7706 pid=7707 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="visudo" exe="/usr/sbin/visudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="actions"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592455.988:1143): cwd="/home/newuser"
+type=PATH msg=audit(1672592455.988:1143): item=0 name="/etc/sudoers" inode=4511443 dev=fd:02 mode=0100440 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592455.988:1143): proctitle="visudo"
+type=SYSCALL msg=audit(1672592456.012:1144): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f3d1ad0 a1=7ffc20aeaef0 a2=5 a3=180 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592456.012:1144): cwd="/home/newuser"
+type=PATH msg=audit(1672592456.012:1144): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592456.012:1144): item=1 name="/etc/.sudoers.tmp.swx" inode=4836612 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592456.012:1144): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592456.013:1145): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f6debc0 a1=7ffc20aeaef0 a2=5 a3=180 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592456.013:1145): cwd="/home/newuser"
+type=PATH msg=audit(1672592456.013:1145): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592456.013:1145): item=1 name="/etc/.sudoers.tmp.swp" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592456.013:1145): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592456.013:1146): arch=c000003e syscall=90 success=yes exit=0 a0=55df9f6debc0 a1=180 a2=55df9f6a2b30 a3=55df9f3cdd00 items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592456.013:1146): cwd="/home/newuser"
+type=PATH msg=audit(1672592456.013:1146): item=0 name="/etc/.sudoers.tmp.swp" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592456.013:1146): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.002:1147): arch=c000003e syscall=93 success=yes exit=0 a0=3 a1=0 a2=0 a3=81c0 items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.002:1147): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.002:1147): item=0 name=(null) inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.002:1147): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.003:1148): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f3c3690 a1=0 a2=0 a3=0 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.003:1148): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.003:1148): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.003:1148): item=1 name="/etc/4913" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.003:1148): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.003:1149): arch=c000003e syscall=87 success=no exit=-2 a0=55df9f6c1960 a1=55df9f6c1960 a2=fffffffffffffea0 a3=0 items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.003:1149): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.003:1149): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.003:1149): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.003:1150): arch=c000003e syscall=82 success=yes exit=0 a0=55df9f3d9550 a1=55df9f6c1960 a2=fffffffffffffea0 a3=0 items=4 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.003:1150): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.003:1150): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.003:1150): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.003:1150): item=2 name="/etc/sudoers.tmp" inode=4194437 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.003:1150): item=3 name="/etc/sudoers.tmp~" inode=4194437 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.003:1150): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.010:1151): arch=c000003e syscall=188 success=yes exit=0 a0=55df9f3d9550 a1=55df9f3f9b00 a2=55df9f6c1860 a3=1f items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=setxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.010:1151): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.010:1151): item=0 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.010:1151): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.010:1152): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=81c0 a2=7ffc20aea990 a3=0 items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.010:1152): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.010:1152): item=0 name=(null) inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.010:1152): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.010:1153): arch=c000003e syscall=188 success=yes exit=0 a0=55df9f3d9550 a1=7fbce5a11000 a2=55df9f6c1860 a3=1c items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=setxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.010:1153): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.010:1153): item=0 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.010:1153): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.010:1154): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f6c1960 a1=382d6674 a2=55df8762539d a3=0 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.010:1154): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.010:1154): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.010:1154): item=1 name="/etc/sudoers.tmp~" inode=4194437 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.010:1154): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.010:1155): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f3f9b40 a1=55df9f3f9b40 a2=7ffc20ae9db0 a3=0 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.010:1155): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.010:1155): item=0 name="/root/" inode=12583041 dev=fd:02 mode=040550 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:admin_home_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.010:1155): item=1 name="/root/.viminfo" inode=12587358 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:admin_home_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.010:1155): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.011:1156): arch=c000003e syscall=82 success=yes exit=0 a0=55df9f3f9ae0 a1=55df9f3f9b40 a2=7ffc20ae9db0 a3=0 items=4 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.011:1156): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.011:1156): item=0 name="/root/" inode=12583041 dev=fd:02 mode=040550 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:admin_home_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.011:1156): item=1 name="/root/" inode=12583041 dev=fd:02 mode=040550 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:admin_home_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.011:1156): item=2 name="/root/.viminfo.tmp" inode=12647010 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:admin_home_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.011:1156): item=3 name="/root/.viminfo" inode=12647010 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:admin_home_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.011:1156): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.011:1157): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f3d1ad0 a1=0 a2=0 a3=0 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.011:1157): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.011:1157): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.011:1157): item=1 name="/etc/.sudoers.tmp.swp" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.011:1157): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
+type=SYSCALL msg=audit(1672592460.012:1158): arch=c000003e syscall=92 success=yes exit=0 a0=559a3bbc9f20 a1=0 a2=0 a3=fff7ffffffffbff8 items=1 ppid=7706 pid=7707 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="visudo" exe="/usr/sbin/visudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.012:1158): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.012:1158): item=0 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.012:1158): proctitle="visudo"
+type=SYSCALL msg=audit(1672592460.012:1159): arch=c000003e syscall=90 success=yes exit=0 a0=559a3bbc9f20 a1=120 a2=0 a3=fff7ffffffffbff8 items=1 ppid=7706 pid=7707 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="visudo" exe="/usr/sbin/visudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.012:1159): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.012:1159): item=0 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.012:1159): proctitle="visudo"
+type=SYSCALL msg=audit(1672592460.012:1160): arch=c000003e syscall=82 success=yes exit=0 a0=559a3bbc9f20 a1=559a3bbc3010 a2=0 a3=fff7ffffffffbff8 items=5 ppid=7706 pid=7707 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="visudo" exe="/usr/sbin/visudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=CWD msg=audit(1672592460.012:1160): cwd="/home/newuser"
+type=PATH msg=audit(1672592460.012:1160): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.012:1160): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.012:1160): item=2 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100440 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.012:1160): item=3 name="/etc/sudoers" inode=4511443 dev=fd:02 mode=0100440 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592460.012:1160): item=4 name="/etc/sudoers" inode=4836612 dev=fd:02 mode=0100440 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592460.012:1160): proctitle="visudo"
+type=USER_END msg=audit(1672592460.014:1161): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592460.015:1162): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592464.763:1163): arch=c000003e syscall=59 success=yes exit=0 a0=55c288558b50 a1=55c288558880 a2=55c28855efc0 a3=55c28851e010 items=2 ppid=7576 pid=7725 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="systemd-run" exe="/usr/bin/systemd-run" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="maybe-escalation"ARCH=x86_64 SYSCALL=execve AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=EXECVE msg=audit(1672592464.763:1163): argc=4 a0="systemd-run" a1="--on-active=5" a2="echo" a3=4175646974206D65
+type=CWD msg=audit(1672592464.763:1163): cwd="/home/newuser"
+type=PATH msg=audit(1672592464.763:1163): item=0 name="/usr/bin/systemd-run" inode=8936561 dev=fd:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PATH msg=audit(1672592464.763:1163): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=8617394 dev=fd:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
+type=PROCTITLE msg=audit(1672592464.763:1163): proctitle=73797374656D642D72756E002D2D6F6E2D6163746976653D35006563686F004175646974206D65
+type=USER_AUTH msg=audit(1672592466.207:1164): pid=7741 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="newuser" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_ACCT msg=audit(1672592466.208:1165): pid=7741 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SERVICE_STOP msg=audit(1672592467.071:1166): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=BPF msg=audit(1672592467.079:1167): prog-id=99 op=UNLOAD
+type=USER_ACCT msg=audit(1672592469.735:1168): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_CMD msg=audit(1672592469.737:1169): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=6C73202F726F6F74 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
+type=SYSCALL msg=audit(1672592469.738:1170): arch=c000003e syscall=92 success=yes exit=0 a0=7ffdc8f31c30 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7752 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
+type=CWD msg=audit(1672592469.738:1170): cwd="/home/newuser"
+type=PATH msg=audit(1672592469.738:1170): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
+type=PROCTITLE msg=audit(1672592469.738:1170): proctitle=7375646F006C73002F726F6F74
+type=CRED_REFR msg=audit(1672592469.739:1171): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_START msg=audit(1672592469.742:1172): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=USER_END msg=audit(1672592469.750:1173): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=CRED_DISP msg=audit(1672592469.750:1174): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
+type=DAEMON_END msg=audit(1672592478.259:9626): op=terminate auid=0 uid=0 ses=6 pid=7765 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=successAUID="root" UID="root"

From 665008c6dd7d61494e12e5fee0baca5a1d58fc07 Mon Sep 17 00:00:00 2001
From: Cropi <alakatos@redhat.com>
Date: Tue, 17 Jun 2025 13:05:17 +0200
Subject: [PATCH 2/7] auparse_test: optionally interpret field value

Do not interpret all the values within the test suite,
especially in places where RAW audit format is used.
---
 auparse/test/auparse_test.c | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/auparse/test/auparse_test.c b/auparse/test/auparse_test.c
index 09af55d19..8925dbbd4 100644
--- a/auparse/test/auparse_test.c
+++ b/auparse/test/auparse_test.c
@@ -20,7 +20,7 @@ static const char *buf[] = {
 unsigned int walked_fields = 0;
 #define FIELDS_EXPECTED 403
 
-static void walk_test(auparse_state_t *au)
+static void walk_test(auparse_state_t *au, int interpret)
 {
 	int event_cnt = 1, record_cnt;
 
@@ -53,10 +53,16 @@ static void walk_test(auparse_state_t *au)
 				e->milli, e->serial, e->host ? e->host : "?");
 			auparse_first_field(au);
 			do {
-				printf("        %s=%s (%s)\n",
-						auparse_get_field_name(au),
-						auparse_get_field_str(au),
-						auparse_interpret_field(au));
+				if (interpret) {
+					printf("        %s=%s (%s)\n",
+							auparse_get_field_name(au),
+							auparse_get_field_str(au),
+							auparse_interpret_field(au));
+				} else {
+					printf("        %s=%s\n",
+							auparse_get_field_name(au),
+							auparse_get_field_str(au));
+				}
                 walked_fields++;
 			} while (auparse_next_field(au) > 0);
 			printf("\n");
@@ -304,7 +310,7 @@ int main(void)
 	/* Reset, now lets go to beginning and walk the list manually */
 	printf("Starting Test 2, walk events, records, and fields...\n");
 	auparse_reset(au);
-	walk_test(au);
+	walk_test(au, 1);
 	auparse_destroy(au);
 	printf("Test 2 Done\n\n");
 
@@ -325,7 +331,7 @@ int main(void)
 		printf("Error - %s\n", strerror(errno));
 		return 1;
 	}
-	walk_test(au);
+	walk_test(au, 0);
 	auparse_destroy(au);
 	printf("Test 4 Done\n\n");
 
@@ -335,7 +341,7 @@ int main(void)
 		printf("Error - %s\n", strerror(errno));
 		return 1;
 	}
-	walk_test(au);
+	walk_test(au, 0);
 	auparse_destroy(au);
 	printf("Test 5 Done\n\n");
 
@@ -473,7 +479,7 @@ int main(void)
 	}
 
 	walked_fields = 0;
-	walk_test(au);
+	walk_test(au, 0);
 	auparse_destroy(au);
 
 	if (walked_fields != FIELDS_EXPECTED) {

From d85579411717b2e0026e4708c7cf9a4417312978 Mon Sep 17 00:00:00 2001
From: Cropi <alakatos@redhat.com>
Date: Tue, 17 Jun 2025 13:07:01 +0200
Subject: [PATCH 3/7] auparse_test: optionally interpret field value in
 callback

Do not interpret all the values within the test suite, especially in
places where RAW audit format is used.
---
 auparse/test/auparse_test.c | 34 +++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 11 deletions(-)

diff --git a/auparse/test/auparse_test.c b/auparse/test/auparse_test.c
index 8925dbbd4..c346bfcff 100644
--- a/auparse/test/auparse_test.c
+++ b/auparse/test/auparse_test.c
@@ -227,9 +227,14 @@ void regex_search(const char *expr)
 	auparse_destroy(au);
 }
 
+typedef struct {
+	int *event_cnt;
+	int interpret;
+} callback_data_t;
+
 static void auparse_callback(auparse_state_t *au, auparse_cb_event_t cb_event_type, void *user_data)
 {
-	int *event_cnt = (int *)user_data;
+	callback_data_t *data = (callback_data_t *)user_data;
 	int record_cnt;
 
 	if (cb_event_type == AUPARSE_CB_EVENT_READY) {
@@ -237,7 +242,7 @@ static void auparse_callback(auparse_state_t *au, auparse_cb_event_t cb_event_ty
 			printf("can't get first record\n");
 			return;
 		}
-		printf("event %d has %u records\n", *event_cnt,
+		printf("event %d has %u records\n", *(data->event_cnt),
 					auparse_get_num_records(au));
 		record_cnt = 1;
 		do {
@@ -260,15 +265,21 @@ static void auparse_callback(auparse_state_t *au, auparse_cb_event_t cb_event_ty
 					e->host ? e->host : "?");
 			auparse_first_field(au);
 			do {
-				printf("        %s=%s (%s)\n",
-						auparse_get_field_name(au),
-						auparse_get_field_str(au),
-						auparse_interpret_field(au));
+				if (data->interpret) {
+					printf("        %s=%s (%s)\n",
+							auparse_get_field_name(au),
+							auparse_get_field_str(au),
+							auparse_interpret_field(au));
+				} else {
+					printf("        %s=%s\n",
+							auparse_get_field_name(au),
+							auparse_get_field_str(au));
+				}
 			} while (auparse_next_field(au) > 0);
 			printf("\n");
 			record_cnt++;
 		} while(auparse_next_record(au) > 0);
-		(*event_cnt)++;
+		(*(data->event_cnt))++;
         }
 }
 
@@ -415,12 +426,13 @@ int main(void)
 	printf("Starting Test 9, buffer feed...\n");
 	{
 		int event_cnt = 1;
+		callback_data_t cb_data = { &event_cnt, 1 };
 		size_t len, chunk_len = 3;
 		const char **cur_buf, *p_beg, *p_end, *p_chunk_beg,
 			*p_chunk_end;
 
 		au = auparse_init(AUSOURCE_FEED, 0);
-		auparse_add_callback(au, auparse_callback, &event_cnt, NULL);
+		auparse_add_callback(au, auparse_callback, &cb_data, NULL);
 		for (cur_buf = buf, p_beg = *cur_buf; *cur_buf;
 						 cur_buf++, p_beg = *cur_buf) {
 			len = strlen(p_beg);
@@ -447,15 +459,15 @@ int main(void)
 		/* Note: this should match Test 4 exactly */
 		printf("Starting Test 10, file feed...\n");
 	{
-		int *event_cnt = malloc(sizeof(int));
+		int event_cnt = 1;
+		callback_data_t cb_data = { &event_cnt, 0 };
 		size_t len;
 		char filename[] = "./test.log";
 		char buf[4];
 		FILE *fp;
 
-		*event_cnt = 1;
 		au = auparse_init(AUSOURCE_FEED, 0);
-		auparse_add_callback(au, auparse_callback, event_cnt, free);
+		auparse_add_callback(au, auparse_callback, &cb_data, NULL);
 		if ((fp = fopen(filename, "r")) == NULL) {
 			fprintf(stderr, "could not open '%s', %s\n",
 						filename, strerror(errno));

From 6b7396c2d5ed818452daf458cde9de5ff7db2cb6 Mon Sep 17 00:00:00 2001
From: Cropi <alakatos@redhat.com>
Date: Tue, 17 Jun 2025 13:17:54 +0200
Subject: [PATCH 4/7] Adjust reference output

---
 auparse/test/auparse_test.ref | 1950 ++++++++++++++++-----------------
 1 file changed, 975 insertions(+), 975 deletions(-)

diff --git a/auparse/test/auparse_test.ref b/auparse/test/auparse_test.ref
index dbeddf225..421ff5acf 100644
--- a/auparse/test/auparse_test.ref
+++ b/auparse/test/auparse_test.ref
@@ -85,199 +85,199 @@ event 1 has 4 records
     record 1 of type 1400(AVC) has 11 fields
     line=1 file=./test.log
     event time: 1170021493.977:293, host=?
-        type=AVC (AVC)
-        seresult=denied (denied)
-        seperms=read,write (read,write)
-        pid=13010 (13010)
-        comm="pickup" (pickup)
-        name="maildrop" (maildrop)
-        dev=hda7 (hda7)
-        ino=14911367 (14911367)
-        scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
-        tclass=dir (dir)
+        type=AVC
+        seresult=denied
+        seperms=read,write
+        pid=13010
+        comm="pickup"
+        name="maildrop"
+        dev=hda7
+        ino=14911367
+        scontext=system_u:system_r:postfix_pickup_t:s0
+        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0
+        tclass=dir
 
     record 2 of type 1300(SYSCALL) has 26 fields
     line=2 file=./test.log
     event time: 1170021493.977:293, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=2 (open)
-        success=no (no)
-        exit=-13 (EACCES(Permission denied))
-        a0=5555665d91b0 (0x5555665d91b0)
-        a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
-        a2=5555665d91b8 (0x5555665d91b8)
-        a3=0 (0x0)
-        items=1 (1)
-        ppid=2013 (2013)
-        pid=13010 (13010)
-        auid=4294967295 (unset)
-        uid=890 (unknown(890))
-        gid=890 (unknown(890))
-        euid=890 (unknown(890))
-        suid=890 (unknown(890))
-        fsuid=890 (unknown(890))
-        egid=890 (unknown(890))
-        sgid=890 (unknown(890))
-        fsgid=890 (unknown(890))
-        tty=(none) ((none))
-        comm="pickup" (pickup)
-        exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
-        subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=2
+        success=no
+        exit=-13
+        a0=5555665d91b0
+        a1=10800
+        a2=5555665d91b8
+        a3=0
+        items=1
+        ppid=2013
+        pid=13010
+        auid=4294967295
+        uid=890
+        gid=890
+        euid=890
+        suid=890
+        fsuid=890
+        egid=890
+        sgid=890
+        fsgid=890
+        tty=(none)
+        comm="pickup"
+        exe="/usr/libexec/postfix/pickup"
+        subj=system_u:system_r:postfix_pickup_t:s0
+        key=(null)
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=./test.log
     event time: 1170021493.977:293, host=?
-        type=CWD (CWD)
-        cwd="/var/spool/postfix" (/var/spool/postfix)
+        type=CWD
+        cwd="/var/spool/postfix"
 
     record 4 of type 1302(PATH) has 10 fields
     line=4 file=./test.log
     event time: 1170021493.977:293, host=?
-        type=PATH (PATH)
-        item=0 (0)
-        name="maildrop" (maildrop)
-        inode=14911367 (14911367)
-        dev=03:07 (03:07)
-        mode=040730 (dir,730)
-        ouid=890 (unknown(890))
-        ogid=891 (unknown(891))
-        rdev=00:00 (00:00)
-        obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
+        type=PATH
+        item=0
+        name="maildrop"
+        inode=14911367
+        dev=03:07
+        mode=040730
+        ouid=890
+        ogid=891
+        rdev=00:00
+        obj=system_u:object_r:postfix_spool_maildrop_t:s0
 
 event 2 has 1 records
     record 1 of type 1101(USER_ACCT) has 11 fields
     line=5 file=./test.log
     event time: 1170021601.340:294, host=?
-        type=USER_ACCT (USER_ACCT)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_ACCT
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 3 has 1 records
     record 1 of type 1103(CRED_ACQ) has 11 fields
     line=6 file=./test.log
     event time: 1170021601.342:295, host=?
-        type=CRED_ACQ (CRED_ACQ)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_ACQ
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 4 has 3 records
     record 1 of type 1006(LOGIN) has 10 fields
     line=7 file=./test.log
     event time: 1170021601.343:296, host=?
-        type=LOGIN (LOGIN)
-        pid=2288 (2288)
-        uid=0 (root)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        old-auid=4294967295 (unset)
-        auid=42 (gdm)
-        tty=(none) ((none))
-        old-ses=4294967295 (4294967295)
-        ses=1 (1)
-        res=1 (yes)
+        type=LOGIN
+        pid=2288
+        uid=0
+        subj=system_u:system_r:init_t:s0
+        old-auid=4294967295
+        auid=42
+        tty=(none)
+        old-ses=4294967295
+        ses=1
+        res=1
 
     record 2 of type 1300(SYSCALL) has 27 fields
     line=8 file=./test.log
     event time: 1170021601.343:296, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=1 (write)
-        success=yes (yes)
-        exit=2 (2)
-        a0=8 (0x8)
-        a1=7fffa7aede20 (0x7fffa7aede20)
-        a2=2 (0x2)
-        a3=0 (0x0)
-        items=0 (0)
-        ppid=1 (1)
-        pid=2288 (2288)
-        auid=42 (gdm)
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=(none) ((none))
-        ses=1 (1)
-        comm="(systemd)" ((systemd))
-        exe="/usr/lib/systemd/systemd" (/usr/lib/systemd/systemd)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=1
+        success=yes
+        exit=2
+        a0=8
+        a1=7fffa7aede20
+        a2=2
+        a3=0
+        items=0
+        ppid=1
+        pid=2288
+        auid=42
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=(none)
+        ses=1
+        comm="(systemd)"
+        exe="/usr/lib/systemd/systemd"
+        subj=system_u:system_r:init_t:s0
+        key=(null)
 
     record 3 of type 1327(PROCTITLE) has 2 fields
     line=9 file=./test.log
     event time: 1170021601.343:296, host=?
-        type=PROCTITLE (PROCTITLE)
-        proctitle="(systemd)" ((systemd))
+        type=PROCTITLE
+        proctitle="(systemd)"
 
 event 5 has 1 records
     record 1 of type 1105(USER_START) has 11 fields
     line=10 file=./test.log
     event time: 1170021601.344:297, host=?
-        type=USER_START (USER_START)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_START
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 6 has 1 records
     record 1 of type 1104(CRED_DISP) has 11 fields
     line=11 file=./test.log
     event time: 1170021601.364:298, host=?
-        type=CRED_DISP (CRED_DISP)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_DISP
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 7 has 1 records
     record 1 of type 1106(USER_END) has 11 fields
     line=12 file=./test.log
     event time: 1170021601.366:299, host=?
-        type=USER_END (USER_END)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_END
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 Test 4 Done
 
@@ -286,397 +286,397 @@ event 1 has 4 records
     record 1 of type 1400(AVC) has 11 fields
     line=1 file=test2.log
     event time: 1170021493.977:283, host=?
-        type=AVC (AVC)
-        seresult=denied (denied)
-        seperms=read (read)
-        pid=13010 (13010)
-        comm="pickup" (pickup)
-        name="maildrop" (maildrop)
-        dev=hda7 (hda7)
-        ino=14911367 (14911367)
-        scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
-        tclass=dir (dir)
+        type=AVC
+        seresult=denied
+        seperms=read
+        pid=13010
+        comm="pickup"
+        name="maildrop"
+        dev=hda7
+        ino=14911367
+        scontext=system_u:system_r:postfix_pickup_t:s0
+        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0
+        tclass=dir
 
     record 2 of type 1300(SYSCALL) has 26 fields
     line=2 file=test2.log
     event time: 1170021493.977:283, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=2 (open)
-        success=no (no)
-        exit=-13 (EACCES(Permission denied))
-        a0=5555665d91b0 (0x5555665d91b0)
-        a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
-        a2=5555665d91b8 (0x5555665d91b8)
-        a3=0 (0x0)
-        items=1 (1)
-        ppid=2013 (2013)
-        pid=13010 (13010)
-        auid=4294967295 (unset)
-        uid=890 (unknown(890))
-        gid=890 (unknown(890))
-        euid=890 (unknown(890))
-        suid=890 (unknown(890))
-        fsuid=890 (unknown(890))
-        egid=890 (unknown(890))
-        sgid=890 (unknown(890))
-        fsgid=890 (unknown(890))
-        tty=(none) ((none))
-        comm="pickup" (pickup)
-        exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
-        subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=2
+        success=no
+        exit=-13
+        a0=5555665d91b0
+        a1=10800
+        a2=5555665d91b8
+        a3=0
+        items=1
+        ppid=2013
+        pid=13010
+        auid=4294967295
+        uid=890
+        gid=890
+        euid=890
+        suid=890
+        fsuid=890
+        egid=890
+        sgid=890
+        fsgid=890
+        tty=(none)
+        comm="pickup"
+        exe="/usr/libexec/postfix/pickup"
+        subj=system_u:system_r:postfix_pickup_t:s0
+        key=(null)
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=test2.log
     event time: 1170021493.977:283, host=?
-        type=CWD (CWD)
-        cwd="/var/spool/postfix" (/var/spool/postfix)
+        type=CWD
+        cwd="/var/spool/postfix"
 
     record 4 of type 1302(PATH) has 10 fields
     line=4 file=test2.log
     event time: 1170021493.977:283, host=?
-        type=PATH (PATH)
-        item=0 (0)
-        name="maildrop" (maildrop)
-        inode=14911367 (14911367)
-        dev=03:07 (03:07)
-        mode=040730 (dir,730)
-        ouid=890 (unknown(890))
-        ogid=891 (unknown(891))
-        rdev=00:00 (00:00)
-        obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
+        type=PATH
+        item=0
+        name="maildrop"
+        inode=14911367
+        dev=03:07
+        mode=040730
+        ouid=890
+        ogid=891
+        rdev=00:00
+        obj=system_u:object_r:postfix_spool_maildrop_t:s0
 
 event 2 has 1 records
     record 1 of type 1101(USER_ACCT) has 11 fields
     line=5 file=test2.log
     event time: 1170021601.340:284, host=?
-        type=USER_ACCT (USER_ACCT)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_ACCT
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 3 has 1 records
     record 1 of type 1103(CRED_ACQ) has 11 fields
     line=6 file=test2.log
     event time: 1170021601.342:285, host=?
-        type=CRED_ACQ (CRED_ACQ)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_ACQ
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 4 has 3 records
     record 1 of type 1006(LOGIN) has 10 fields
     line=7 file=test2.log
     event time: 1170021601.343:286, host=?
-        type=LOGIN (LOGIN)
-        pid=2288 (2288)
-        uid=0 (root)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        old-auid=4294967295 (unset)
-        auid=42 (gdm)
-        tty=(none) ((none))
-        old-ses=4294967295 (4294967295)
-        ses=1 (1)
-        res=1 (yes)
+        type=LOGIN
+        pid=2288
+        uid=0
+        subj=system_u:system_r:init_t:s0
+        old-auid=4294967295
+        auid=42
+        tty=(none)
+        old-ses=4294967295
+        ses=1
+        res=1
 
     record 2 of type 1300(SYSCALL) has 27 fields
     line=8 file=test2.log
     event time: 1170021601.343:286, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=1 (write)
-        success=yes (yes)
-        exit=2 (2)
-        a0=8 (0x8)
-        a1=7fffa7aede20 (0x7fffa7aede20)
-        a2=2 (0x2)
-        a3=0 (0x0)
-        items=0 (0)
-        ppid=1 (1)
-        pid=2288 (2288)
-        auid=42 (gdm)
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=(none) ((none))
-        ses=1 (1)
-        comm="(systemd)" ((systemd))
-        exe="/usr/lib/systemd/systemd" (/usr/lib/systemd/systemd)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=1
+        success=yes
+        exit=2
+        a0=8
+        a1=7fffa7aede20
+        a2=2
+        a3=0
+        items=0
+        ppid=1
+        pid=2288
+        auid=42
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=(none)
+        ses=1
+        comm="(systemd)"
+        exe="/usr/lib/systemd/systemd"
+        subj=system_u:system_r:init_t:s0
+        key=(null)
 
     record 3 of type 1327(PROCTITLE) has 2 fields
     line=9 file=test2.log
     event time: 1170021601.343:286, host=?
-        type=PROCTITLE (PROCTITLE)
-        proctitle="(systemd)" ((systemd))
+        type=PROCTITLE
+        proctitle="(systemd)"
 
 event 5 has 1 records
     record 1 of type 1105(USER_START) has 11 fields
     line=10 file=test2.log
     event time: 1170021601.344:287, host=?
-        type=USER_START (USER_START)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_START
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 6 has 1 records
     record 1 of type 1104(CRED_DISP) has 11 fields
     line=11 file=test2.log
     event time: 1170021601.364:288, host=?
-        type=CRED_DISP (CRED_DISP)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_DISP
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 7 has 1 records
     record 1 of type 1106(USER_END) has 11 fields
     line=12 file=test2.log
     event time: 1170021601.366:289, host=?
-        type=USER_END (USER_END)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_END
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 8 has 4 records
     record 1 of type 1400(AVC) has 11 fields
     line=1 file=test.log
     event time: 1170021493.977:293, host=?
-        type=AVC (AVC)
-        seresult=denied (denied)
-        seperms=read,write (read,write)
-        pid=13010 (13010)
-        comm="pickup" (pickup)
-        name="maildrop" (maildrop)
-        dev=hda7 (hda7)
-        ino=14911367 (14911367)
-        scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
-        tclass=dir (dir)
+        type=AVC
+        seresult=denied
+        seperms=read,write
+        pid=13010
+        comm="pickup"
+        name="maildrop"
+        dev=hda7
+        ino=14911367
+        scontext=system_u:system_r:postfix_pickup_t:s0
+        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0
+        tclass=dir
 
     record 2 of type 1300(SYSCALL) has 26 fields
     line=2 file=test.log
     event time: 1170021493.977:293, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=2 (open)
-        success=no (no)
-        exit=-13 (EACCES(Permission denied))
-        a0=5555665d91b0 (0x5555665d91b0)
-        a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
-        a2=5555665d91b8 (0x5555665d91b8)
-        a3=0 (0x0)
-        items=1 (1)
-        ppid=2013 (2013)
-        pid=13010 (13010)
-        auid=4294967295 (unset)
-        uid=890 (unknown(890))
-        gid=890 (unknown(890))
-        euid=890 (unknown(890))
-        suid=890 (unknown(890))
-        fsuid=890 (unknown(890))
-        egid=890 (unknown(890))
-        sgid=890 (unknown(890))
-        fsgid=890 (unknown(890))
-        tty=(none) ((none))
-        comm="pickup" (pickup)
-        exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
-        subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=2
+        success=no
+        exit=-13
+        a0=5555665d91b0
+        a1=10800
+        a2=5555665d91b8
+        a3=0
+        items=1
+        ppid=2013
+        pid=13010
+        auid=4294967295
+        uid=890
+        gid=890
+        euid=890
+        suid=890
+        fsuid=890
+        egid=890
+        sgid=890
+        fsgid=890
+        tty=(none)
+        comm="pickup"
+        exe="/usr/libexec/postfix/pickup"
+        subj=system_u:system_r:postfix_pickup_t:s0
+        key=(null)
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=test.log
     event time: 1170021493.977:293, host=?
-        type=CWD (CWD)
-        cwd="/var/spool/postfix" (/var/spool/postfix)
+        type=CWD
+        cwd="/var/spool/postfix"
 
     record 4 of type 1302(PATH) has 10 fields
     line=4 file=test.log
     event time: 1170021493.977:293, host=?
-        type=PATH (PATH)
-        item=0 (0)
-        name="maildrop" (maildrop)
-        inode=14911367 (14911367)
-        dev=03:07 (03:07)
-        mode=040730 (dir,730)
-        ouid=890 (unknown(890))
-        ogid=891 (unknown(891))
-        rdev=00:00 (00:00)
-        obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
+        type=PATH
+        item=0
+        name="maildrop"
+        inode=14911367
+        dev=03:07
+        mode=040730
+        ouid=890
+        ogid=891
+        rdev=00:00
+        obj=system_u:object_r:postfix_spool_maildrop_t:s0
 
 event 9 has 1 records
     record 1 of type 1101(USER_ACCT) has 11 fields
     line=5 file=test.log
     event time: 1170021601.340:294, host=?
-        type=USER_ACCT (USER_ACCT)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_ACCT
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 10 has 1 records
     record 1 of type 1103(CRED_ACQ) has 11 fields
     line=6 file=test.log
     event time: 1170021601.342:295, host=?
-        type=CRED_ACQ (CRED_ACQ)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_ACQ
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 11 has 3 records
     record 1 of type 1006(LOGIN) has 10 fields
     line=7 file=test.log
     event time: 1170021601.343:296, host=?
-        type=LOGIN (LOGIN)
-        pid=2288 (2288)
-        uid=0 (root)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        old-auid=4294967295 (unset)
-        auid=42 (gdm)
-        tty=(none) ((none))
-        old-ses=4294967295 (4294967295)
-        ses=1 (1)
-        res=1 (yes)
+        type=LOGIN
+        pid=2288
+        uid=0
+        subj=system_u:system_r:init_t:s0
+        old-auid=4294967295
+        auid=42
+        tty=(none)
+        old-ses=4294967295
+        ses=1
+        res=1
 
     record 2 of type 1300(SYSCALL) has 27 fields
     line=8 file=test.log
     event time: 1170021601.343:296, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=1 (write)
-        success=yes (yes)
-        exit=2 (2)
-        a0=8 (0x8)
-        a1=7fffa7aede20 (0x7fffa7aede20)
-        a2=2 (0x2)
-        a3=0 (0x0)
-        items=0 (0)
-        ppid=1 (1)
-        pid=2288 (2288)
-        auid=42 (gdm)
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=(none) ((none))
-        ses=1 (1)
-        comm="(systemd)" ((systemd))
-        exe="/usr/lib/systemd/systemd" (/usr/lib/systemd/systemd)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=1
+        success=yes
+        exit=2
+        a0=8
+        a1=7fffa7aede20
+        a2=2
+        a3=0
+        items=0
+        ppid=1
+        pid=2288
+        auid=42
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=(none)
+        ses=1
+        comm="(systemd)"
+        exe="/usr/lib/systemd/systemd"
+        subj=system_u:system_r:init_t:s0
+        key=(null)
 
     record 3 of type 1327(PROCTITLE) has 2 fields
     line=9 file=test.log
     event time: 1170021601.343:296, host=?
-        type=PROCTITLE (PROCTITLE)
-        proctitle="(systemd)" ((systemd))
+        type=PROCTITLE
+        proctitle="(systemd)"
 
 event 12 has 1 records
     record 1 of type 1105(USER_START) has 11 fields
     line=10 file=test.log
     event time: 1170021601.344:297, host=?
-        type=USER_START (USER_START)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_START
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 13 has 1 records
     record 1 of type 1104(CRED_DISP) has 11 fields
     line=11 file=test.log
     event time: 1170021601.364:298, host=?
-        type=CRED_DISP (CRED_DISP)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_DISP
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 14 has 1 records
     record 1 of type 1106(USER_END) has 11 fields
     line=12 file=test.log
     event time: 1170021601.366:299, host=?
-        type=USER_END (USER_END)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_END
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 Test 5 Done
 
@@ -771,199 +771,199 @@ event 1 has 4 records
     record 1 of type 1400(AVC) has 11 fields
     line=1 file=None
     event time: 1170021493.977:293, host=?
-        type=AVC (AVC)
-        seresult=denied (denied)
-        seperms=read,write (read,write)
-        pid=13010 (13010)
-        comm="pickup" (pickup)
-        name="maildrop" (maildrop)
-        dev=hda7 (hda7)
-        ino=14911367 (14911367)
-        scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
-        tclass=dir (dir)
+        type=AVC
+        seresult=denied
+        seperms=read,write
+        pid=13010
+        comm="pickup"
+        name="maildrop"
+        dev=hda7
+        ino=14911367
+        scontext=system_u:system_r:postfix_pickup_t:s0
+        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0
+        tclass=dir
 
     record 2 of type 1300(SYSCALL) has 26 fields
     line=2 file=None
     event time: 1170021493.977:293, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=2 (open)
-        success=no (no)
-        exit=-13 (EACCES(Permission denied))
-        a0=5555665d91b0 (0x5555665d91b0)
-        a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
-        a2=5555665d91b8 (0x5555665d91b8)
-        a3=0 (0x0)
-        items=1 (1)
-        ppid=2013 (2013)
-        pid=13010 (13010)
-        auid=4294967295 (unset)
-        uid=890 (unknown(890))
-        gid=890 (unknown(890))
-        euid=890 (unknown(890))
-        suid=890 (unknown(890))
-        fsuid=890 (unknown(890))
-        egid=890 (unknown(890))
-        sgid=890 (unknown(890))
-        fsgid=890 (unknown(890))
-        tty=(none) ((none))
-        comm="pickup" (pickup)
-        exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
-        subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=2
+        success=no
+        exit=-13
+        a0=5555665d91b0
+        a1=10800
+        a2=5555665d91b8
+        a3=0
+        items=1
+        ppid=2013
+        pid=13010
+        auid=4294967295
+        uid=890
+        gid=890
+        euid=890
+        suid=890
+        fsuid=890
+        egid=890
+        sgid=890
+        fsgid=890
+        tty=(none)
+        comm="pickup"
+        exe="/usr/libexec/postfix/pickup"
+        subj=system_u:system_r:postfix_pickup_t:s0
+        key=(null)
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=None
     event time: 1170021493.977:293, host=?
-        type=CWD (CWD)
-        cwd="/var/spool/postfix" (/var/spool/postfix)
+        type=CWD
+        cwd="/var/spool/postfix"
 
     record 4 of type 1302(PATH) has 10 fields
     line=4 file=None
     event time: 1170021493.977:293, host=?
-        type=PATH (PATH)
-        item=0 (0)
-        name="maildrop" (maildrop)
-        inode=14911367 (14911367)
-        dev=03:07 (03:07)
-        mode=040730 (dir,730)
-        ouid=890 (unknown(890))
-        ogid=891 (unknown(891))
-        rdev=00:00 (00:00)
-        obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
+        type=PATH
+        item=0
+        name="maildrop"
+        inode=14911367
+        dev=03:07
+        mode=040730
+        ouid=890
+        ogid=891
+        rdev=00:00
+        obj=system_u:object_r:postfix_spool_maildrop_t:s0
 
 event 2 has 1 records
     record 1 of type 1101(USER_ACCT) has 11 fields
     line=5 file=None
     event time: 1170021601.340:294, host=?
-        type=USER_ACCT (USER_ACCT)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_ACCT
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 3 has 1 records
     record 1 of type 1103(CRED_ACQ) has 11 fields
     line=6 file=None
     event time: 1170021601.342:295, host=?
-        type=CRED_ACQ (CRED_ACQ)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_ACQ
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 4 has 3 records
     record 1 of type 1006(LOGIN) has 10 fields
     line=7 file=None
     event time: 1170021601.343:296, host=?
-        type=LOGIN (LOGIN)
-        pid=2288 (2288)
-        uid=0 (root)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        old-auid=4294967295 (unset)
-        auid=42 (gdm)
-        tty=(none) ((none))
-        old-ses=4294967295 (4294967295)
-        ses=1 (1)
-        res=1 (yes)
+        type=LOGIN
+        pid=2288
+        uid=0
+        subj=system_u:system_r:init_t:s0
+        old-auid=4294967295
+        auid=42
+        tty=(none)
+        old-ses=4294967295
+        ses=1
+        res=1
 
     record 2 of type 1300(SYSCALL) has 27 fields
     line=8 file=None
     event time: 1170021601.343:296, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=1 (write)
-        success=yes (yes)
-        exit=2 (2)
-        a0=8 (0x8)
-        a1=7fffa7aede20 (0x7fffa7aede20)
-        a2=2 (0x2)
-        a3=0 (0x0)
-        items=0 (0)
-        ppid=1 (1)
-        pid=2288 (2288)
-        auid=42 (gdm)
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=(none) ((none))
-        ses=1 (1)
-        comm="(systemd)" ((systemd))
-        exe="/usr/lib/systemd/systemd" (/usr/lib/systemd/systemd)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=1
+        success=yes
+        exit=2
+        a0=8
+        a1=7fffa7aede20
+        a2=2
+        a3=0
+        items=0
+        ppid=1
+        pid=2288
+        auid=42
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=(none)
+        ses=1
+        comm="(systemd)"
+        exe="/usr/lib/systemd/systemd"
+        subj=system_u:system_r:init_t:s0
+        key=(null)
 
     record 3 of type 1327(PROCTITLE) has 2 fields
     line=9 file=None
     event time: 1170021601.343:296, host=?
-        type=PROCTITLE (PROCTITLE)
-        proctitle="(systemd)" ((systemd))
+        type=PROCTITLE
+        proctitle="(systemd)"
 
 event 5 has 1 records
     record 1 of type 1105(USER_START) has 11 fields
     line=10 file=None
     event time: 1170021601.344:297, host=?
-        type=USER_START (USER_START)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_START
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 6 has 1 records
     record 1 of type 1104(CRED_DISP) has 11 fields
     line=11 file=None
     event time: 1170021601.364:298, host=?
-        type=CRED_DISP (CRED_DISP)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_DISP
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 7 has 1 records
     record 1 of type 1106(USER_END) has 11 fields
     line=12 file=None
     event time: 1170021601.366:299, host=?
-        type=USER_END (USER_END)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_END
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 Test 10 Done
 
@@ -972,458 +972,458 @@ event 1 has 7 records
     record 1 of type 1300(SYSCALL) has 26 fields
     line=1 file=test4.log
     event time: 1655465398.534:25618, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=59 (execve)
-        success=yes (yes)
-        exit=0 (0)
-        a0=8c403a0 (0x8c403a0)
-        a1=8c3e8b0 (0x8c3e8b0)
-        a2=fffffb6cc5b0 (0xfffffb6cc5b0)
-        a3=0 (0x0)
-        items=3 (3)
-        ppid=105182 (105182)
-        pid=105183 (105183)
-        auid=573 (unknown(573))
-        uid=583 (unknown(583))
-        gid=583 (unknown(583))
-        euid=583 (unknown(583))
-        suid=583 (unknown(583))
-        fsuid=583 (unknown(583))
-        egid=583 (unknown(583))
-        sgid=583 (unknown(583))
-        fsgid=583 (unknown(583))
-        tty=pts2 (pts2)
-        ses=2632 (2632)
-        comm="ld" (ld)
-        exe="/bin/sh4" (/bin/sh4)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=59
+        success=yes
+        exit=0
+        a0=8c403a0
+        a1=8c3e8b0
+        a2=fffffb6cc5b0
+        a3=0
+        items=3
+        ppid=105182
+        pid=105183
+        auid=573
+        uid=583
+        gid=583
+        euid=583
+        suid=583
+        fsuid=583
+        egid=583
+        sgid=583
+        fsgid=583
+        tty=pts2
+        ses=2632
+        comm="ld"
+        exe="/bin/sh4"
+        key=(null)
 
     record 2 of type 1309(EXECVE) has 50 fields
     line=2 file=test4.log
     event time: 1655465398.534:25618, host=?
-        type=EXECVE (EXECVE)
-        argc=48 (48)
-        a0="/bin/sh" (/bin/sh)
-        a1="-efu" (-efu)
-        a2="/usr/bin/ld" (/usr/bin/ld)
-        a3="-plugin" (-plugin)
-        a4="/usr/libexec/gcc/aarch64-alt-linux/8/liblto_plugin.so" (/usr/libexec/gcc/aarch64-alt-linux/8/liblto_plugin.so)
-        a5="-plugin-opt=/usr/libexec/gcc/aarch64-alt-linux/8/lto-wrapper" (-plugin-opt=/usr/libexec/gcc/aarch64-alt-linux/8/lto-wrapper)
-        a6="-plugin-opt=-fresolution=/usr/src/tmp/cchyHiZN.res" (-plugin-opt=-fresolution=/usr/src/tmp/cchyHiZN.res)
-        a7="-plugin-opt=-pass-through=-lgcc" (-plugin-opt=-pass-through=-lgcc)
-        a8="-plugin-opt=-pass-through=-lgcc_s" (-plugin-opt=-pass-through=-lgcc_s)
-        a9="-plugin-opt=-pass-through=-lc" (-plugin-opt=-pass-through=-lc)
-        a10="-plugin-opt=-pass-through=-lgcc" (-plugin-opt=-pass-through=-lgcc)
-        a11="-plugin-opt=-pass-through=-lgcc_s" (-plugin-opt=-pass-through=-lgcc_s)
-        a12="--build-id" (--build-id)
-        a13="--no-add-needed" (--no-add-needed)
-        a14="--eh-frame-hdr" (--eh-frame-hdr)
-        a15="--hash-style=gnu" (--hash-style=gnu)
-        a16="--as-needed" (--as-needed)
-        a17="-shared" (-shared)
-        a18="-X" (-X)
-        a19="-EL" (-EL)
-        a20="-maarch64linux" (-maarch64linux)
-        a21="-o" (-o)
-        a22="ztest105133.so" (ztest105133.so)
-        a23="/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crti.o" (/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crti.o)
-        a24="/usr/lib64/gcc/aarch64-alt-linux/8/crtbeginS.o" (/usr/lib64/gcc/aarch64-alt-linux/8/crtbeginS.o)
-        a25="-L/usr/lib64/gcc/aarch64-alt-linux/8" (-L/usr/lib64/gcc/aarch64-alt-linux/8)
-        a26="-L/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64" (-L/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64)
-        a27="-L/lib/../lib64" (-L/lib/../lib64)
-        a28="-L/usr/lib/../lib64" (-L/usr/lib/../lib64)
-        a29="-L/usr/lib64/gcc/aarch64-alt-linux/8/../../.." (-L/usr/lib64/gcc/aarch64-alt-linux/8/../../..)
-        a30="-soname" (-soname)
-        a31="libz.so.1" (libz.so.1)
-        a32="--version-script" (--version-script)
-        a33="zlib.map" (zlib.map)
-        a34="ztest105133.o" (ztest105133.o)
-        a35="-lgcc" (-lgcc)
-        a36="--push-state" (--push-state)
-        a37="--as-needed" (--as-needed)
-        a38="-lgcc_s" (-lgcc_s)
-        a39="--pop-state" (--pop-state)
-        a40="-lc" (-lc)
-        a41="-lgcc" (-lgcc)
-        a42="--push-state" (--push-state)
-        a43="--as-needed" (--as-needed)
-        a44="-lgcc_s" (-lgcc_s)
-        a45="--pop-state" (--pop-state)
-        a46="/usr/lib64/gcc/aarch64-alt-linux/8/crtendS.o" (/usr/lib64/gcc/aarch64-alt-linux/8/crtendS.o)
-        a47="/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crtn.o" (/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crtn.o)
+        type=EXECVE
+        argc=48
+        a0="/bin/sh"
+        a1="-efu"
+        a2="/usr/bin/ld"
+        a3="-plugin"
+        a4="/usr/libexec/gcc/aarch64-alt-linux/8/liblto_plugin.so"
+        a5="-plugin-opt=/usr/libexec/gcc/aarch64-alt-linux/8/lto-wrapper"
+        a6="-plugin-opt=-fresolution=/usr/src/tmp/cchyHiZN.res"
+        a7="-plugin-opt=-pass-through=-lgcc"
+        a8="-plugin-opt=-pass-through=-lgcc_s"
+        a9="-plugin-opt=-pass-through=-lc"
+        a10="-plugin-opt=-pass-through=-lgcc"
+        a11="-plugin-opt=-pass-through=-lgcc_s"
+        a12="--build-id"
+        a13="--no-add-needed"
+        a14="--eh-frame-hdr"
+        a15="--hash-style=gnu"
+        a16="--as-needed"
+        a17="-shared"
+        a18="-X"
+        a19="-EL"
+        a20="-maarch64linux"
+        a21="-o"
+        a22="ztest105133.so"
+        a23="/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crti.o"
+        a24="/usr/lib64/gcc/aarch64-alt-linux/8/crtbeginS.o"
+        a25="-L/usr/lib64/gcc/aarch64-alt-linux/8"
+        a26="-L/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64"
+        a27="-L/lib/../lib64"
+        a28="-L/usr/lib/../lib64"
+        a29="-L/usr/lib64/gcc/aarch64-alt-linux/8/../../.."
+        a30="-soname"
+        a31="libz.so.1"
+        a32="--version-script"
+        a33="zlib.map"
+        a34="ztest105133.o"
+        a35="-lgcc"
+        a36="--push-state"
+        a37="--as-needed"
+        a38="-lgcc_s"
+        a39="--pop-state"
+        a40="-lc"
+        a41="-lgcc"
+        a42="--push-state"
+        a43="--as-needed"
+        a44="-lgcc_s"
+        a45="--pop-state"
+        a46="/usr/lib64/gcc/aarch64-alt-linux/8/crtendS.o"
+        a47="/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crtn.o"
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=test4.log
     event time: 1655465398.534:25618, host=?
-        type=CWD (CWD)
-        cwd="/usr/src/RPM/BUILD/zlib-1.2.11-alt1" (/usr/src/RPM/BUILD/zlib-1.2.11-alt1)
+        type=CWD
+        cwd="/usr/src/RPM/BUILD/zlib-1.2.11-alt1"
 
     record 4 of type 1302(PATH) has 15 fields
     line=4 file=test4.log
     event time: 1655465398.534:25618, host=?
-        type=PATH (PATH)
-        item=0 (0)
-        name="/usr/bin/ld" (/usr/bin/ld)
-        inode=40854 (40854)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=0
+        name="/usr/bin/ld"
+        inode=40854
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 5 of type 1302(PATH) has 15 fields
     line=5 file=test4.log
     event time: 1655465398.534:25618, host=?
-        type=PATH (PATH)
-        item=1 (1)
-        name="/bin/sh" (/bin/sh)
-        inode=33238 (33238)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=1
+        name="/bin/sh"
+        inode=33238
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 6 of type 1302(PATH) has 15 fields
     line=6 file=test4.log
     event time: 1655465398.534:25618, host=?
-        type=PATH (PATH)
-        item=2 (2)
-        name="/lib64/ld-linux-aarch64.so.1" (/lib64/ld-linux-aarch64.so.1)
-        inode=33874 (33874)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=2
+        name="/lib64/ld-linux-aarch64.so.1"
+        inode=33874
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 7 of type 1327(PROCTITLE) has 2 fields
     line=7 file=test4.log
     event time: 1655465398.534:25618, host=?
-        type=PROCTITLE (PROCTITLE)
-        proctitle=2F62696E2F7368002D656675002F7573722F62696E2F6C64002D706C7567696E002F7573722F6C6962657865632F6763632F616172636836342D616C742D6C696E75782F382F6C69626C746F5F706C7567696E2E736F002D706C7567696E2D6F70743D2F7573722F6C6962657865632F6763632F616172636836342D616C742D (/bin/sh -efu /usr/bin/ld -plugin /usr/libexec/gcc/aarch64-alt-linux/8/liblto_plugin.so -plugin-opt=/usr/libexec/gcc/aarch64-alt-)
+        type=PROCTITLE
+        proctitle=2F62696E2F7368002D656675002F7573722F62696E2F6C64002D706C7567696E002F7573722F6C6962657865632F6763632F616172636836342D616C742D6C696E75782F382F6C69626C746F5F706C7567696E2E736F002D706C7567696E2D6F70743D2F7573722F6C6962657865632F6763632F616172636836342D616C742D
 
 event 2 has 6 records
     record 1 of type 1300(SYSCALL) has 26 fields
     line=8 file=test4.log
     event time: 1655465404.819:27091, host=?
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=59 (execve)
-        success=yes (yes)
-        exit=0 (0)
-        a0=1a407f50 (0x1a407f50)
-        a1=1a401cd0 (0x1a401cd0)
-        a2=1a3ed090 (0x1a3ed090)
-        a3=0 (0x0)
-        items=2 (2)
-        ppid=105932 (105932)
-        pid=105933 (105933)
-        auid=573 (unknown(573))
-        uid=583 (unknown(583))
-        gid=583 (unknown(583))
-        euid=583 (unknown(583))
-        suid=583 (unknown(583))
-        fsuid=583 (unknown(583))
-        egid=583 (unknown(583))
-        sgid=583 (unknown(583))
-        fsgid=583 (unknown(583))
-        tty=pts2 (pts2)
-        ses=2632 (2632)
-        comm="m4" (m4)
-        exe="/usr/bin/m4" (/usr/bin/m4)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=59
+        success=yes
+        exit=0
+        a0=1a407f50
+        a1=1a401cd0
+        a2=1a3ed090
+        a3=0
+        items=2
+        ppid=105932
+        pid=105933
+        auid=573
+        uid=583
+        gid=583
+        euid=583
+        suid=583
+        fsuid=583
+        egid=583
+        sgid=583
+        fsgid=583
+        tty=pts2
+        ses=2632
+        comm="m4"
+        exe="/usr/bin/m4"
+        key=(null)
 
     record 2 of type 1309(EXECVE) has 218 fields
     line=9 file=test4.log
     event time: 1655465404.819:27091, host=?
-        type=EXECVE (EXECVE)
-        argc=216 (216)
-        a0="/usr/bin/m4" (/usr/bin/m4)
-        a1="--nesting-limit=1024" (--nesting-limit=1024)
-        a2="--gnu" (--gnu)
-        a3="--include=/usr/share/autoconf-2.60" (--include=/usr/share/autoconf-2.60)
-        a4="--debug=aflq" (--debug=aflq)
-        a5="--fatal-warning" (--fatal-warning)
-        a6="--debugfile=autom4te.cache/traces.0t" (--debugfile=autom4te.cache/traces.0t)
-        a7="--trace=AC_CHECK_LIBM" (--trace=AC_CHECK_LIBM)
-        a8="--trace=AC_CONFIG_MACRO_DIR" (--trace=AC_CONFIG_MACRO_DIR)
-        a9="--trace=AC_CONFIG_MACRO_DIR_TRACE" (--trace=AC_CONFIG_MACRO_DIR_TRACE)
-        a10="--trace=AC_DEFUN" (--trace=AC_DEFUN)
-        a11="--trace=AC_DEFUN_ONCE" (--trace=AC_DEFUN_ONCE)
-        a12="--trace=AC_DEPLIBS_CHECK_METHOD" (--trace=AC_DEPLIBS_CHECK_METHOD)
-        a13="--trace=AC_DISABLE_FAST_INSTALL" (--trace=AC_DISABLE_FAST_INSTALL)
-        a14="--trace=AC_DISABLE_SHARED" (--trace=AC_DISABLE_SHARED)
-        a15="--trace=AC_DISABLE_STATIC" (--trace=AC_DISABLE_STATIC)
-        a16="--trace=AC_ENABLE_FAST_INSTALL" (--trace=AC_ENABLE_FAST_INSTALL)
-        a17="--trace=AC_ENABLE_SHARED" (--trace=AC_ENABLE_SHARED)
-        a18="--trace=AC_ENABLE_STATIC" (--trace=AC_ENABLE_STATIC)
-        a19="--trace=AC_LIBLTDL_CONVENIENCE" (--trace=AC_LIBLTDL_CONVENIENCE)
-        a20="--trace=AC_LIBLTDL_INSTALLABLE" (--trace=AC_LIBLTDL_INSTALLABLE)
-        a21="--trace=AC_LIBTOOL_COMPILER_OPTION" (--trace=AC_LIBTOOL_COMPILER_OPTION)
-        a22="--trace=AC_LIBTOOL_CONFIG" (--trace=AC_LIBTOOL_CONFIG)
-        a23="--trace=AC_LIBTOOL_CXX" (--trace=AC_LIBTOOL_CXX)
-        a24="--trace=AC_LIBTOOL_DLOPEN" (--trace=AC_LIBTOOL_DLOPEN)
-        a25="--trace=AC_LIBTOOL_DLOPEN_SELF" (--trace=AC_LIBTOOL_DLOPEN_SELF)
-        a26="--trace=AC_LIBTOOL_F77" (--trace=AC_LIBTOOL_F77)
-        a27="--trace=AC_LIBTOOL_FC" (--trace=AC_LIBTOOL_FC)
-        a28="--trace=AC_LIBTOOL_GCJ" (--trace=AC_LIBTOOL_GCJ)
-        a29="--trace=AC_LIBTOOL_LANG_CXX_CONFIG" (--trace=AC_LIBTOOL_LANG_CXX_CONFIG)
-        a30="--trace=AC_LIBTOOL_LANG_C_CONFIG" (--trace=AC_LIBTOOL_LANG_C_CONFIG)
-        a31="--trace=AC_LIBTOOL_LANG_F77_CONFIG" (--trace=AC_LIBTOOL_LANG_F77_CONFIG)
-        a32="--trace=AC_LIBTOOL_LANG_GCJ_CONFIG" (--trace=AC_LIBTOOL_LANG_GCJ_CONFIG)
-        a33="--trace=AC_LIBTOOL_LANG_RC_CONFIG" (--trace=AC_LIBTOOL_LANG_RC_CONFIG)
-        a34="--trace=AC_LIBTOOL_LINKER_OPTION" (--trace=AC_LIBTOOL_LINKER_OPTION)
-        a35="--trace=AC_LIBTOOL_OBJDIR" (--trace=AC_LIBTOOL_OBJDIR)
-        a36="--trace=AC_LIBTOOL_PICMODE" (--trace=AC_LIBTOOL_PICMODE)
-        a37="--trace=AC_LIBTOOL_POSTDEP_PREDEP" (--trace=AC_LIBTOOL_POSTDEP_PREDEP)
-        a38="--trace=AC_LIBTOOL_PROG_CC_C_O" (--trace=AC_LIBTOOL_PROG_CC_C_O)
-        a39="--trace=AC_LIBTOOL_PROG_COMPILER_NO_RTTI" (--trace=AC_LIBTOOL_PROG_COMPILER_NO_RTTI)
-        a40="--trace=AC_LIBTOOL_PROG_COMPILER_PIC" (--trace=AC_LIBTOOL_PROG_COMPILER_PIC)
-        a41="--trace=AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH" (--trace=AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH)
-        a42="--trace=AC_LIBTOOL_PROG_LD_SHLIBS" (--trace=AC_LIBTOOL_PROG_LD_SHLIBS)
-        a43="--trace=AC_LIBTOOL_RC" (--trace=AC_LIBTOOL_RC)
-        a44="--trace=AC_LIBTOOL_SETUP" (--trace=AC_LIBTOOL_SETUP)
-        a45="--trace=AC_LIBTOOL_SYS_DYNAMIC_LINKER" (--trace=AC_LIBTOOL_SYS_DYNAMIC_LINKER)
-        a46="--trace=AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE" (--trace=AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE)
-        a47="--trace=AC_LIBTOOL_SYS_HARD_LINK_LOCKS" (--trace=AC_LIBTOOL_SYS_HARD_LINK_LOCKS)
-        a48="--trace=AC_LIBTOOL_SYS_LIB_STRIP" (--trace=AC_LIBTOOL_SYS_LIB_STRIP)
-        a49="--trace=AC_LIBTOOL_SYS_MAX_CMD_LEN" (--trace=AC_LIBTOOL_SYS_MAX_CMD_LEN)
-        a50="--trace=AC_LIBTOOL_SYS_OLD_ARCHIVE" (--trace=AC_LIBTOOL_SYS_OLD_ARCHIVE)
-        a51="--trace=AC_LIBTOOL_WIN32_DLL" (--trace=AC_LIBTOOL_WIN32_DLL)
-        a52="--trace=AC_LIB_LTDL" (--trace=AC_LIB_LTDL)
-        a53="--trace=AC_LTDL_DLLIB" (--trace=AC_LTDL_DLLIB)
-        a54="--trace=AC_LTDL_DLSYM_USCORE" (--trace=AC_LTDL_DLSYM_USCORE)
-        a55="--trace=AC_LTDL_ENABLE_INSTALL" (--trace=AC_LTDL_ENABLE_INSTALL)
-        a56="--trace=AC_LTDL_OBJDIR" (--trace=AC_LTDL_OBJDIR)
-        a57="--trace=AC_LTDL_PREOPEN" (--trace=AC_LTDL_PREOPEN)
-        a58="--trace=AC_LTDL_SHLIBEXT" (--trace=AC_LTDL_SHLIBEXT)
-        a59="--trace=AC_LTDL_SHLIBPATH" (--trace=AC_LTDL_SHLIBPATH)
-        a60="--trace=AC_LTDL_SYMBOL_USCORE" (--trace=AC_LTDL_SYMBOL_USCORE)
-        a61="--trace=AC_LTDL_SYSSEARCHPATH" (--trace=AC_LTDL_SYSSEARCHPATH)
-        a62="--trace=AC_LTDL_SYS_DLOPEN_DEPLIBS" (--trace=AC_LTDL_SYS_DLOPEN_DEPLIBS)
-        a63="--trace=AC_PATH_MAGIC" (--trace=AC_PATH_MAGIC)
-        a64="--trace=AC_PATH_TOOL_PREFIX" (--trace=AC_PATH_TOOL_PREFIX)
-        a65="--trace=AC_PROG_EGREP" (--trace=AC_PROG_EGREP)
-        a66="--trace=AC_PROG_LD" (--trace=AC_PROG_LD)
-        a67="--trace=AC_PROG_LD_GNU" (--trace=AC_PROG_LD_GNU)
-        a68="--trace=AC_PROG_LD_RELOAD_FLAG" (--trace=AC_PROG_LD_RELOAD_FLAG)
-        a69="--trace=AC_PROG_LIBTOOL" (--trace=AC_PROG_LIBTOOL)
-        a70="--trace=AC_PROG_NM" (--trace=AC_PROG_NM)
-        a71="--trace=AC_WITH_LTDL" (--trace=AC_WITH_LTDL)
-        a72="--trace=AM_AUTOMAKE_VERSION" (--trace=AM_AUTOMAKE_VERSION)
-        a73="--trace=AM_AUX_DIR_EXPAND" (--trace=AM_AUX_DIR_EXPAND)
-        a74="--trace=AM_CONDITIONAL" (--trace=AM_CONDITIONAL)
-        a75="--trace=AM_DEP_TRACK" (--trace=AM_DEP_TRACK)
-        a76="--trace=AM_DISABLE_SHARED" (--trace=AM_DISABLE_SHARED)
-        a77="--trace=AM_DISABLE_STATIC" (--trace=AM_DISABLE_STATIC)
-        a78="--trace=AM_ENABLE_SHARED" (--trace=AM_ENABLE_SHARED)
-        a79="--trace=AM_ENABLE_STATIC" (--trace=AM_ENABLE_STATIC)
-        a80="--trace=AM_INIT_AUTOMAKE" (--trace=AM_INIT_AUTOMAKE)
-        a81="--trace=AM_MAKE_INCLUDE" (--trace=AM_MAKE_INCLUDE)
-        a82="--trace=AM_MISSING_HAS_RUN" (--trace=AM_MISSING_HAS_RUN)
-        a83="--trace=AM_MISSING_PROG" (--trace=AM_MISSING_PROG)
-        a84="--trace=AM_OUTPUT_DEPENDENCY_COMMANDS" (--trace=AM_OUTPUT_DEPENDENCY_COMMANDS)
-        a85="--trace=AM_PROG_CC_C_O" (--trace=AM_PROG_CC_C_O)
-        a86="--trace=AM_PROG_INSTALL_SH" (--trace=AM_PROG_INSTALL_SH)
-        a87="--trace=AM_PROG_INSTALL_STRIP" (--trace=AM_PROG_INSTALL_STRIP)
-        a88="--trace=AM_PROG_LD" (--trace=AM_PROG_LD)
-        a89="--trace=AM_PROG_LIBTOOL" (--trace=AM_PROG_LIBTOOL)
-        a90="--trace=AM_PROG_NM" (--trace=AM_PROG_NM)
-        a91="--trace=AM_RUN_LOG" (--trace=AM_RUN_LOG)
-        a92="--trace=AM_SANITY_CHECK" (--trace=AM_SANITY_CHECK)
-        a93="--trace=AM_SET_CURRENT_AUTOMAKE_VERSION" (--trace=AM_SET_CURRENT_AUTOMAKE_VERSION)
-        a94="--trace=AM_SET_DEPDIR" (--trace=AM_SET_DEPDIR)
-        a95="--trace=AM_SET_LEADING_DOT" (--trace=AM_SET_LEADING_DOT)
-        a96="--trace=AM_SILENT_RULES" (--trace=AM_SILENT_RULES)
-        a97="--trace=AM_SUBST_NOTMAKE" (--trace=AM_SUBST_NOTMAKE)
-        a98="--trace=AU_DEFUN" (--trace=AU_DEFUN)
-        a99="--trace=LTDL_CONVENIENCE" (--trace=LTDL_CONVENIENCE)
-        a100="--trace=LTDL_INIT" (--trace=LTDL_INIT)
-        a101="--trace=LTDL_INSTALLABLE" (--trace=LTDL_INSTALLABLE)
-        a102="--trace=LTOBSOLETE_VERSION" (--trace=LTOBSOLETE_VERSION)
-        a103="--trace=LTOPTIONS_VERSION" (--trace=LTOPTIONS_VERSION)
-        a104="--trace=LTSUGAR_VERSION" (--trace=LTSUGAR_VERSION)
-        a105="--trace=LTVERSION_VERSION" (--trace=LTVERSION_VERSION)
-        a106="--trace=LT_AC_PROG_EGREP" (--trace=LT_AC_PROG_EGREP)
-        a107="--trace=LT_AC_PROG_GCJ" (--trace=LT_AC_PROG_GCJ)
-        a108="--trace=LT_AC_PROG_RC" (--trace=LT_AC_PROG_RC)
-        a109="--trace=LT_AC_PROG_SED" (--trace=LT_AC_PROG_SED)
-        a110="--trace=LT_CMD_MAX_LEN" (--trace=LT_CMD_MAX_LEN)
-        a111="--trace=LT_CONFIG_LTDL_DIR" (--trace=LT_CONFIG_LTDL_DIR)
-        a112="--trace=LT_FUNC_ARGZ" (--trace=LT_FUNC_ARGZ)
-        a113="--trace=LT_FUNC_DLSYM_USCORE" (--trace=LT_FUNC_DLSYM_USCORE)
-        a114="--trace=LT_INIT" (--trace=LT_INIT)
-        a115="--trace=LT_LANG" (--trace=LT_LANG)
-        a116="--trace=LT_LIB_DLLOAD" (--trace=LT_LIB_DLLOAD)
-        a117="--trace=LT_LIB_M" (--trace=LT_LIB_M)
-        a118="--trace=LT_OUTPUT" (--trace=LT_OUTPUT)
-        a119="--trace=LT_PATH_LD" (--trace=LT_PATH_LD)
-        a120="--trace=LT_PATH_NM" (--trace=LT_PATH_NM)
-        a121="--trace=LT_PROG_GCJ" (--trace=LT_PROG_GCJ)
-        a122="--trace=LT_PROG_GO" (--trace=LT_PROG_GO)
-        a123="--trace=LT_PROG_RC" (--trace=LT_PROG_RC)
-        a124="--trace=LT_SUPPORTED_TAG" (--trace=LT_SUPPORTED_TAG)
-        a125="--trace=LT_SYS_DLOPEN_DEPLIBS" (--trace=LT_SYS_DLOPEN_DEPLIBS)
-        a126="--trace=LT_SYS_DLOPEN_SELF" (--trace=LT_SYS_DLOPEN_SELF)
-        a127="--trace=LT_SYS_DLSEARCH_PATH" (--trace=LT_SYS_DLSEARCH_PATH)
-        a128="--trace=LT_SYS_MODULE_EXT" (--trace=LT_SYS_MODULE_EXT)
-        a129="--trace=LT_SYS_MODULE_PATH" (--trace=LT_SYS_MODULE_PATH)
-        a130="--trace=LT_SYS_SYMBOL_USCORE" (--trace=LT_SYS_SYMBOL_USCORE)
-        a131="--trace=LT_WITH_LTDL" (--trace=LT_WITH_LTDL)
-        a132="--trace=_AC_AM_CONFIG_HEADER_HOOK" (--trace=_AC_AM_CONFIG_HEADER_HOOK)
-        a133="--trace=_AC_PROG_LIBTOOL" (--trace=_AC_PROG_LIBTOOL)
-        a134="--trace=_AM_AUTOCONF_VERSION" (--trace=_AM_AUTOCONF_VERSION)
-        a135="--trace=_AM_CONFIG_MACRO_DIRS" (--trace=_AM_CONFIG_MACRO_DIRS)
-        a136="--trace=_AM_DEPENDENCIES" (--trace=_AM_DEPENDENCIES)
-        a137="--trace=_AM_IF_OPTION" (--trace=_AM_IF_OPTION)
-        a138="--trace=_AM_MANGLE_OPTION" (--trace=_AM_MANGLE_OPTION)
-        a139="--trace=_AM_OUTPUT_DEPENDENCY_COMMANDS" (--trace=_AM_OUTPUT_DEPENDENCY_COMMANDS)
-        a140="--trace=_AM_PROG_CC_C_O" (--trace=_AM_PROG_CC_C_O)
-        a141="--trace=_AM_PROG_TAR" (--trace=_AM_PROG_TAR)
-        a142="--trace=_AM_SET_OPTION" (--trace=_AM_SET_OPTION)
-        a143="--trace=_AM_SET_OPTIONS" (--trace=_AM_SET_OPTIONS)
-        a144="--trace=_AM_SUBST_NOTMAKE" (--trace=_AM_SUBST_NOTMAKE)
-        a145="--trace=_LTDL_SETUP" (--trace=_LTDL_SETUP)
-        a146="--trace=_LT_AC_CHECK_DLFCN" (--trace=_LT_AC_CHECK_DLFCN)
-        a147="--trace=_LT_AC_FILE_LTDLL_C" (--trace=_LT_AC_FILE_LTDLL_C)
-        a148="--trace=_LT_AC_LANG_CXX" (--trace=_LT_AC_LANG_CXX)
-        a149="--trace=_LT_AC_LANG_CXX_CONFIG" (--trace=_LT_AC_LANG_CXX_CONFIG)
-        a150="--trace=_LT_AC_LANG_C_CONFIG" (--trace=_LT_AC_LANG_C_CONFIG)
-        a151="--trace=_LT_AC_LANG_F77" (--trace=_LT_AC_LANG_F77)
-        a152="--trace=_LT_AC_LANG_F77_CONFIG" (--trace=_LT_AC_LANG_F77_CONFIG)
-        a153="--trace=_LT_AC_LANG_GCJ" (--trace=_LT_AC_LANG_GCJ)
-        a154="--trace=_LT_AC_LANG_GCJ_CONFIG" (--trace=_LT_AC_LANG_GCJ_CONFIG)
-        a155="--trace=_LT_AC_LANG_RC_CONFIG" (--trace=_LT_AC_LANG_RC_CONFIG)
-        a156="--trace=_LT_AC_LOCK" (--trace=_LT_AC_LOCK)
-        a157="--trace=_LT_AC_PROG_CXXCPP" (--trace=_LT_AC_PROG_CXXCPP)
-        a158="--trace=_LT_AC_PROG_ECHO_BACKSLASH" (--trace=_LT_AC_PROG_ECHO_BACKSLASH)
-        a159="--trace=_LT_AC_SHELL_INIT" (--trace=_LT_AC_SHELL_INIT)
-        a160="--trace=_LT_AC_SYS_COMPILER" (--trace=_LT_AC_SYS_COMPILER)
-        a161="--trace=_LT_AC_SYS_LIBPATH_AIX" (--trace=_LT_AC_SYS_LIBPATH_AIX)
-        a162="--trace=_LT_AC_TAGCONFIG" (--trace=_LT_AC_TAGCONFIG)
-        a163="--trace=_LT_AC_TAGVAR" (--trace=_LT_AC_TAGVAR)
-        a164="--trace=_LT_AC_TRY_DLOPEN_SELF" (--trace=_LT_AC_TRY_DLOPEN_SELF)
-        a165="--trace=_LT_CC_BASENAME" (--trace=_LT_CC_BASENAME)
-        a166="--trace=_LT_COMPILER_BOILERPLATE" (--trace=_LT_COMPILER_BOILERPLATE)
-        a167="--trace=_LT_COMPILER_OPTION" (--trace=_LT_COMPILER_OPTION)
-        a168="--trace=_LT_DLL_DEF_P" (--trace=_LT_DLL_DEF_P)
-        a169="--trace=_LT_LIBOBJ" (--trace=_LT_LIBOBJ)
-        a170="--trace=_LT_LINKER_BOILERPLATE" (--trace=_LT_LINKER_BOILERPLATE)
-        a171="--trace=_LT_LINKER_OPTION" (--trace=_LT_LINKER_OPTION)
-        a172="--trace=_LT_PATH_TOOL_PREFIX" (--trace=_LT_PATH_TOOL_PREFIX)
-        a173="--trace=_LT_PREPARE_SED_QUOTE_VARS" (--trace=_LT_PREPARE_SED_QUOTE_VARS)
-        a174="--trace=_LT_PROG_CXX" (--trace=_LT_PROG_CXX)
-        a175="--trace=_LT_PROG_ECHO_BACKSLASH" (--trace=_LT_PROG_ECHO_BACKSLASH)
-        a176="--trace=_LT_PROG_F77" (--trace=_LT_PROG_F77)
-        a177="--trace=_LT_PROG_FC" (--trace=_LT_PROG_FC)
-        a178="--trace=_LT_PROG_LTMAIN" (--trace=_LT_PROG_LTMAIN)
-        a179="--trace=_LT_REQUIRED_DARWIN_CHECKS" (--trace=_LT_REQUIRED_DARWIN_CHECKS)
-        a180="--trace=_LT_WITH_SYSROOT" (--trace=_LT_WITH_SYSROOT)
-        a181="--trace=_m4_warn" (--trace=_m4_warn)
-        a182="--trace=include" (--trace=include)
-        a183="--trace=m4_include" (--trace=m4_include)
-        a184="--trace=m4_pattern_allow" (--trace=m4_pattern_allow)
-        a185="--trace=m4_pattern_forbid" (--trace=m4_pattern_forbid)
-        a186="--reload-state=/usr/share/autoconf-2.60/autoconf/autoconf.m4f" (--reload-state=/usr/share/autoconf-2.60/autoconf/autoconf.m4f)
-        a187="--undefine=__m4_version__" (--undefine=__m4_version__)
-        a188="-" (-)
-        a189="/usr/share/aclocal-1.16/internal/ac-config-macro-dirs.m4" (/usr/share/aclocal-1.16/internal/ac-config-macro-dirs.m4)
-        a190="/usr/share/libtool/aclocal/libtool.m4" (/usr/share/libtool/aclocal/libtool.m4)
-        a191="/usr/share/libtool/aclocal/ltargz.m4" (/usr/share/libtool/aclocal/ltargz.m4)
-        a192="/usr/share/libtool/aclocal/ltdl.m4" (/usr/share/libtool/aclocal/ltdl.m4)
-        a193="/usr/share/libtool/aclocal/ltoptions.m4" (/usr/share/libtool/aclocal/ltoptions.m4)
-        a194="/usr/share/libtool/aclocal/ltsugar.m4" (/usr/share/libtool/aclocal/ltsugar.m4)
-        a195="/usr/share/libtool/aclocal/ltversion.m4" (/usr/share/libtool/aclocal/ltversion.m4)
-        a196="/usr/share/libtool/aclocal/lt~obsolete.m4" (/usr/share/libtool/aclocal/lt~obsolete.m4)
-        a197="/usr/share/aclocal-1.16/amversion.m4" (/usr/share/aclocal-1.16/amversion.m4)
-        a198="/usr/share/aclocal-1.16/auxdir.m4" (/usr/share/aclocal-1.16/auxdir.m4)
-        a199="/usr/share/aclocal-1.16/cond.m4" (/usr/share/aclocal-1.16/cond.m4)
-        a200="/usr/share/aclocal-1.16/depend.m4" (/usr/share/aclocal-1.16/depend.m4)
-        a201="/usr/share/aclocal-1.16/depout.m4" (/usr/share/aclocal-1.16/depout.m4)
-        a202="/usr/share/aclocal-1.16/init.m4" (/usr/share/aclocal-1.16/init.m4)
-        a203="/usr/share/aclocal-1.16/install-sh.m4" (/usr/share/aclocal-1.16/install-sh.m4)
-        a204="/usr/share/aclocal-1.16/lead-dot.m4" (/usr/share/aclocal-1.16/lead-dot.m4)
-        a205="/usr/share/aclocal-1.16/make.m4" (/usr/share/aclocal-1.16/make.m4)
-        a206="/usr/share/aclocal-1.16/missing.m4" (/usr/share/aclocal-1.16/missing.m4)
-        a207="/usr/share/aclocal-1.16/options.m4" (/usr/share/aclocal-1.16/options.m4)
-        a208="/usr/share/aclocal-1.16/prog-cc-c-o.m4" (/usr/share/aclocal-1.16/prog-cc-c-o.m4)
-        a209="/usr/share/aclocal-1.16/runlog.m4" (/usr/share/aclocal-1.16/runlog.m4)
-        a210="/usr/share/aclocal-1.16/sanity.m4" (/usr/share/aclocal-1.16/sanity.m4)
-        a211="/usr/share/aclocal-1.16/silent.m4" (/usr/share/aclocal-1.16/silent.m4)
-        a212="/usr/share/aclocal-1.16/strip.m4" (/usr/share/aclocal-1.16/strip.m4)
-        a213="/usr/share/aclocal-1.16/substnot.m4" (/usr/share/aclocal-1.16/substnot.m4)
-        a214="/usr/share/aclocal-1.16/tar.m4" (/usr/share/aclocal-1.16/tar.m4)
-        a215="configure.ac" (configure.ac)
+        type=EXECVE
+        argc=216
+        a0="/usr/bin/m4"
+        a1="--nesting-limit=1024"
+        a2="--gnu"
+        a3="--include=/usr/share/autoconf-2.60"
+        a4="--debug=aflq"
+        a5="--fatal-warning"
+        a6="--debugfile=autom4te.cache/traces.0t"
+        a7="--trace=AC_CHECK_LIBM"
+        a8="--trace=AC_CONFIG_MACRO_DIR"
+        a9="--trace=AC_CONFIG_MACRO_DIR_TRACE"
+        a10="--trace=AC_DEFUN"
+        a11="--trace=AC_DEFUN_ONCE"
+        a12="--trace=AC_DEPLIBS_CHECK_METHOD"
+        a13="--trace=AC_DISABLE_FAST_INSTALL"
+        a14="--trace=AC_DISABLE_SHARED"
+        a15="--trace=AC_DISABLE_STATIC"
+        a16="--trace=AC_ENABLE_FAST_INSTALL"
+        a17="--trace=AC_ENABLE_SHARED"
+        a18="--trace=AC_ENABLE_STATIC"
+        a19="--trace=AC_LIBLTDL_CONVENIENCE"
+        a20="--trace=AC_LIBLTDL_INSTALLABLE"
+        a21="--trace=AC_LIBTOOL_COMPILER_OPTION"
+        a22="--trace=AC_LIBTOOL_CONFIG"
+        a23="--trace=AC_LIBTOOL_CXX"
+        a24="--trace=AC_LIBTOOL_DLOPEN"
+        a25="--trace=AC_LIBTOOL_DLOPEN_SELF"
+        a26="--trace=AC_LIBTOOL_F77"
+        a27="--trace=AC_LIBTOOL_FC"
+        a28="--trace=AC_LIBTOOL_GCJ"
+        a29="--trace=AC_LIBTOOL_LANG_CXX_CONFIG"
+        a30="--trace=AC_LIBTOOL_LANG_C_CONFIG"
+        a31="--trace=AC_LIBTOOL_LANG_F77_CONFIG"
+        a32="--trace=AC_LIBTOOL_LANG_GCJ_CONFIG"
+        a33="--trace=AC_LIBTOOL_LANG_RC_CONFIG"
+        a34="--trace=AC_LIBTOOL_LINKER_OPTION"
+        a35="--trace=AC_LIBTOOL_OBJDIR"
+        a36="--trace=AC_LIBTOOL_PICMODE"
+        a37="--trace=AC_LIBTOOL_POSTDEP_PREDEP"
+        a38="--trace=AC_LIBTOOL_PROG_CC_C_O"
+        a39="--trace=AC_LIBTOOL_PROG_COMPILER_NO_RTTI"
+        a40="--trace=AC_LIBTOOL_PROG_COMPILER_PIC"
+        a41="--trace=AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH"
+        a42="--trace=AC_LIBTOOL_PROG_LD_SHLIBS"
+        a43="--trace=AC_LIBTOOL_RC"
+        a44="--trace=AC_LIBTOOL_SETUP"
+        a45="--trace=AC_LIBTOOL_SYS_DYNAMIC_LINKER"
+        a46="--trace=AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE"
+        a47="--trace=AC_LIBTOOL_SYS_HARD_LINK_LOCKS"
+        a48="--trace=AC_LIBTOOL_SYS_LIB_STRIP"
+        a49="--trace=AC_LIBTOOL_SYS_MAX_CMD_LEN"
+        a50="--trace=AC_LIBTOOL_SYS_OLD_ARCHIVE"
+        a51="--trace=AC_LIBTOOL_WIN32_DLL"
+        a52="--trace=AC_LIB_LTDL"
+        a53="--trace=AC_LTDL_DLLIB"
+        a54="--trace=AC_LTDL_DLSYM_USCORE"
+        a55="--trace=AC_LTDL_ENABLE_INSTALL"
+        a56="--trace=AC_LTDL_OBJDIR"
+        a57="--trace=AC_LTDL_PREOPEN"
+        a58="--trace=AC_LTDL_SHLIBEXT"
+        a59="--trace=AC_LTDL_SHLIBPATH"
+        a60="--trace=AC_LTDL_SYMBOL_USCORE"
+        a61="--trace=AC_LTDL_SYSSEARCHPATH"
+        a62="--trace=AC_LTDL_SYS_DLOPEN_DEPLIBS"
+        a63="--trace=AC_PATH_MAGIC"
+        a64="--trace=AC_PATH_TOOL_PREFIX"
+        a65="--trace=AC_PROG_EGREP"
+        a66="--trace=AC_PROG_LD"
+        a67="--trace=AC_PROG_LD_GNU"
+        a68="--trace=AC_PROG_LD_RELOAD_FLAG"
+        a69="--trace=AC_PROG_LIBTOOL"
+        a70="--trace=AC_PROG_NM"
+        a71="--trace=AC_WITH_LTDL"
+        a72="--trace=AM_AUTOMAKE_VERSION"
+        a73="--trace=AM_AUX_DIR_EXPAND"
+        a74="--trace=AM_CONDITIONAL"
+        a75="--trace=AM_DEP_TRACK"
+        a76="--trace=AM_DISABLE_SHARED"
+        a77="--trace=AM_DISABLE_STATIC"
+        a78="--trace=AM_ENABLE_SHARED"
+        a79="--trace=AM_ENABLE_STATIC"
+        a80="--trace=AM_INIT_AUTOMAKE"
+        a81="--trace=AM_MAKE_INCLUDE"
+        a82="--trace=AM_MISSING_HAS_RUN"
+        a83="--trace=AM_MISSING_PROG"
+        a84="--trace=AM_OUTPUT_DEPENDENCY_COMMANDS"
+        a85="--trace=AM_PROG_CC_C_O"
+        a86="--trace=AM_PROG_INSTALL_SH"
+        a87="--trace=AM_PROG_INSTALL_STRIP"
+        a88="--trace=AM_PROG_LD"
+        a89="--trace=AM_PROG_LIBTOOL"
+        a90="--trace=AM_PROG_NM"
+        a91="--trace=AM_RUN_LOG"
+        a92="--trace=AM_SANITY_CHECK"
+        a93="--trace=AM_SET_CURRENT_AUTOMAKE_VERSION"
+        a94="--trace=AM_SET_DEPDIR"
+        a95="--trace=AM_SET_LEADING_DOT"
+        a96="--trace=AM_SILENT_RULES"
+        a97="--trace=AM_SUBST_NOTMAKE"
+        a98="--trace=AU_DEFUN"
+        a99="--trace=LTDL_CONVENIENCE"
+        a100="--trace=LTDL_INIT"
+        a101="--trace=LTDL_INSTALLABLE"
+        a102="--trace=LTOBSOLETE_VERSION"
+        a103="--trace=LTOPTIONS_VERSION"
+        a104="--trace=LTSUGAR_VERSION"
+        a105="--trace=LTVERSION_VERSION"
+        a106="--trace=LT_AC_PROG_EGREP"
+        a107="--trace=LT_AC_PROG_GCJ"
+        a108="--trace=LT_AC_PROG_RC"
+        a109="--trace=LT_AC_PROG_SED"
+        a110="--trace=LT_CMD_MAX_LEN"
+        a111="--trace=LT_CONFIG_LTDL_DIR"
+        a112="--trace=LT_FUNC_ARGZ"
+        a113="--trace=LT_FUNC_DLSYM_USCORE"
+        a114="--trace=LT_INIT"
+        a115="--trace=LT_LANG"
+        a116="--trace=LT_LIB_DLLOAD"
+        a117="--trace=LT_LIB_M"
+        a118="--trace=LT_OUTPUT"
+        a119="--trace=LT_PATH_LD"
+        a120="--trace=LT_PATH_NM"
+        a121="--trace=LT_PROG_GCJ"
+        a122="--trace=LT_PROG_GO"
+        a123="--trace=LT_PROG_RC"
+        a124="--trace=LT_SUPPORTED_TAG"
+        a125="--trace=LT_SYS_DLOPEN_DEPLIBS"
+        a126="--trace=LT_SYS_DLOPEN_SELF"
+        a127="--trace=LT_SYS_DLSEARCH_PATH"
+        a128="--trace=LT_SYS_MODULE_EXT"
+        a129="--trace=LT_SYS_MODULE_PATH"
+        a130="--trace=LT_SYS_SYMBOL_USCORE"
+        a131="--trace=LT_WITH_LTDL"
+        a132="--trace=_AC_AM_CONFIG_HEADER_HOOK"
+        a133="--trace=_AC_PROG_LIBTOOL"
+        a134="--trace=_AM_AUTOCONF_VERSION"
+        a135="--trace=_AM_CONFIG_MACRO_DIRS"
+        a136="--trace=_AM_DEPENDENCIES"
+        a137="--trace=_AM_IF_OPTION"
+        a138="--trace=_AM_MANGLE_OPTION"
+        a139="--trace=_AM_OUTPUT_DEPENDENCY_COMMANDS"
+        a140="--trace=_AM_PROG_CC_C_O"
+        a141="--trace=_AM_PROG_TAR"
+        a142="--trace=_AM_SET_OPTION"
+        a143="--trace=_AM_SET_OPTIONS"
+        a144="--trace=_AM_SUBST_NOTMAKE"
+        a145="--trace=_LTDL_SETUP"
+        a146="--trace=_LT_AC_CHECK_DLFCN"
+        a147="--trace=_LT_AC_FILE_LTDLL_C"
+        a148="--trace=_LT_AC_LANG_CXX"
+        a149="--trace=_LT_AC_LANG_CXX_CONFIG"
+        a150="--trace=_LT_AC_LANG_C_CONFIG"
+        a151="--trace=_LT_AC_LANG_F77"
+        a152="--trace=_LT_AC_LANG_F77_CONFIG"
+        a153="--trace=_LT_AC_LANG_GCJ"
+        a154="--trace=_LT_AC_LANG_GCJ_CONFIG"
+        a155="--trace=_LT_AC_LANG_RC_CONFIG"
+        a156="--trace=_LT_AC_LOCK"
+        a157="--trace=_LT_AC_PROG_CXXCPP"
+        a158="--trace=_LT_AC_PROG_ECHO_BACKSLASH"
+        a159="--trace=_LT_AC_SHELL_INIT"
+        a160="--trace=_LT_AC_SYS_COMPILER"
+        a161="--trace=_LT_AC_SYS_LIBPATH_AIX"
+        a162="--trace=_LT_AC_TAGCONFIG"
+        a163="--trace=_LT_AC_TAGVAR"
+        a164="--trace=_LT_AC_TRY_DLOPEN_SELF"
+        a165="--trace=_LT_CC_BASENAME"
+        a166="--trace=_LT_COMPILER_BOILERPLATE"
+        a167="--trace=_LT_COMPILER_OPTION"
+        a168="--trace=_LT_DLL_DEF_P"
+        a169="--trace=_LT_LIBOBJ"
+        a170="--trace=_LT_LINKER_BOILERPLATE"
+        a171="--trace=_LT_LINKER_OPTION"
+        a172="--trace=_LT_PATH_TOOL_PREFIX"
+        a173="--trace=_LT_PREPARE_SED_QUOTE_VARS"
+        a174="--trace=_LT_PROG_CXX"
+        a175="--trace=_LT_PROG_ECHO_BACKSLASH"
+        a176="--trace=_LT_PROG_F77"
+        a177="--trace=_LT_PROG_FC"
+        a178="--trace=_LT_PROG_LTMAIN"
+        a179="--trace=_LT_REQUIRED_DARWIN_CHECKS"
+        a180="--trace=_LT_WITH_SYSROOT"
+        a181="--trace=_m4_warn"
+        a182="--trace=include"
+        a183="--trace=m4_include"
+        a184="--trace=m4_pattern_allow"
+        a185="--trace=m4_pattern_forbid"
+        a186="--reload-state=/usr/share/autoconf-2.60/autoconf/autoconf.m4f"
+        a187="--undefine=__m4_version__"
+        a188="-"
+        a189="/usr/share/aclocal-1.16/internal/ac-config-macro-dirs.m4"
+        a190="/usr/share/libtool/aclocal/libtool.m4"
+        a191="/usr/share/libtool/aclocal/ltargz.m4"
+        a192="/usr/share/libtool/aclocal/ltdl.m4"
+        a193="/usr/share/libtool/aclocal/ltoptions.m4"
+        a194="/usr/share/libtool/aclocal/ltsugar.m4"
+        a195="/usr/share/libtool/aclocal/ltversion.m4"
+        a196="/usr/share/libtool/aclocal/lt~obsolete.m4"
+        a197="/usr/share/aclocal-1.16/amversion.m4"
+        a198="/usr/share/aclocal-1.16/auxdir.m4"
+        a199="/usr/share/aclocal-1.16/cond.m4"
+        a200="/usr/share/aclocal-1.16/depend.m4"
+        a201="/usr/share/aclocal-1.16/depout.m4"
+        a202="/usr/share/aclocal-1.16/init.m4"
+        a203="/usr/share/aclocal-1.16/install-sh.m4"
+        a204="/usr/share/aclocal-1.16/lead-dot.m4"
+        a205="/usr/share/aclocal-1.16/make.m4"
+        a206="/usr/share/aclocal-1.16/missing.m4"
+        a207="/usr/share/aclocal-1.16/options.m4"
+        a208="/usr/share/aclocal-1.16/prog-cc-c-o.m4"
+        a209="/usr/share/aclocal-1.16/runlog.m4"
+        a210="/usr/share/aclocal-1.16/sanity.m4"
+        a211="/usr/share/aclocal-1.16/silent.m4"
+        a212="/usr/share/aclocal-1.16/strip.m4"
+        a213="/usr/share/aclocal-1.16/substnot.m4"
+        a214="/usr/share/aclocal-1.16/tar.m4"
+        a215="configure.ac"
 
     record 3 of type 1307(CWD) has 2 fields
     line=10 file=test4.log
     event time: 1655465404.819:27091, host=?
-        type=CWD (CWD)
-        cwd="/usr/src/RPM/BUILD/zlib-1.2.11-alt1/contrib/minizip" (/usr/src/RPM/BUILD/zlib-1.2.11-alt1/contrib/minizip)
+        type=CWD
+        cwd="/usr/src/RPM/BUILD/zlib-1.2.11-alt1/contrib/minizip"
 
     record 4 of type 1302(PATH) has 15 fields
     line=11 file=test4.log
     event time: 1655465404.819:27091, host=?
-        type=PATH (PATH)
-        item=0 (0)
-        name="/usr/bin/m4" (/usr/bin/m4)
-        inode=40839 (40839)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=0
+        name="/usr/bin/m4"
+        inode=40839
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 5 of type 1302(PATH) has 15 fields
     line=12 file=test4.log
     event time: 1655465404.819:27091, host=?
-        type=PATH (PATH)
-        item=1 (1)
-        name="/lib64/ld-linux-aarch64.so.1" (/lib64/ld-linux-aarch64.so.1)
-        inode=33874 (33874)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=1
+        name="/lib64/ld-linux-aarch64.so.1"
+        inode=33874
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 6 of type 1327(PROCTITLE) has 2 fields
     line=13 file=test4.log
     event time: 1655465404.819:27091, host=?
-        type=PROCTITLE (PROCTITLE)
-        proctitle=2F7573722F62696E2F6D34002D2D6E657374696E672D6C696D69743D31303234002D2D676E75002D2D696E636C7564653D2F7573722F73686172652F6175746F636F6E662D322E3630002D2D64656275673D61666C71002D2D666174616C2D7761726E696E67002D2D646562756766696C653D6175746F6D3474652E63616368 (/usr/bin/m4 --nesting-limit=1024 --gnu --include=/usr/share/autoconf-2.60 --debug=aflq --fatal-warning --debugfile=autom4te.cach)
+        type=PROCTITLE
+        proctitle=2F7573722F62696E2F6D34002D2D6E657374696E672D6C696D69743D31303234002D2D676E75002D2D696E636C7564653D2F7573722F73686172652F6175746F636F6E662D322E3630002D2D64656275673D61666C71002D2D666174616C2D7761726E696E67002D2D646562756766696C653D6175746F6D3474652E63616368
 
 Test 11 Done
 

From 48b502bd3ba3f8c058959daf0ea13908bdbaacca Mon Sep 17 00:00:00 2001
From: Cropi <alakatos@redhat.com>
Date: Tue, 17 Jun 2025 13:22:37 +0200
Subject: [PATCH 5/7] Rename new test suite file

---
 auparse/test/auparse_test.enriched | 1127 ----------------------------
 1 file changed, 1127 deletions(-)
 delete mode 100644 auparse/test/auparse_test.enriched

diff --git a/auparse/test/auparse_test.enriched b/auparse/test/auparse_test.enriched
deleted file mode 100644
index 0705632d3..000000000
--- a/auparse/test/auparse_test.enriched
+++ /dev/null
@@ -1,1127 +0,0 @@
-type=DAEMON_START msg=audit(1749816863.720:9625): op=start ver=4.0.3 format=enriched kernel=6.12.0-89.el10.x86_64 auid=4294967295 pid=7516 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root"
-type=SYSCALL msg=audit(1749816863.720:823): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcd478b270 a2=3c a3=0 items=0 ppid=7515 pid=7516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=system_u:system_r:auditd_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=PROCTITLE msg=audit(1749816863.720:823): proctitle="/usr/sbin/auditd"
-type=CONFIG_CHANGE msg=audit(1749816863.720:824): op=set audit_pid=7516 old=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.720:824): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcd4788f20 a2=3c a3=0 items=0 ppid=7515 pid=7516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=system_u:system_r:auditd_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=PROCTITLE msg=audit(1749816863.720:824): proctitle="/usr/sbin/auditd"
-type=SERVICE_START msg=audit(1749816863.722:825): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=CONFIG_CHANGE msg=audit(1749816863.766:826): op=set audit_backlog_limit=8192 old=8192 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.766:826): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde9a3b7d0 a2=3c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=PROCTITLE msg=audit(1749816863.766:826): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.766:827): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.766:827): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde9a3b7d0 a2=3c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=PROCTITLE msg=audit(1749816863.766:827): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:828): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:828): arch=c000003e syscall=44 success=yes exit=1068 a0=3 a1=7ffde9a3b880 a2=42c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=PROCTITLE msg=audit(1749816863.767:828): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:829): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:829): arch=c000003e syscall=44 success=yes exit=1068 a0=3 a1=7ffde9a3b880 a2=42c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:829): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.767:829): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:830): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:830): arch=c000003e syscall=44 success=yes exit=1068 a0=3 a1=7ffde9a3b880 a2=42c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:830): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.767:830): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:831): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:831): arch=c000003e syscall=44 success=yes exit=1068 a0=3 a1=7ffde9a3b880 a2=42c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:831): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.767:831): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:832): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:832): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:832): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.767:832): cwd="/"
-type=PATH msg=audit(1749816863.767:832): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.767:832): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:833): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="time-change" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:833): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:833): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.767:833): cwd="/"
-type=PATH msg=audit(1749816863.767:833): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.767:833): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:834): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:834): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:834): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.767:834): cwd="/"
-type=PATH msg=audit(1749816863.767:834): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.767:834): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:835): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:835): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:835): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.767:835): cwd="/"
-type=PATH msg=audit(1749816863.767:835): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.767:835): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:836): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:836): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:836): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.767:836): cwd="/"
-type=PATH msg=audit(1749816863.767:836): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.767:836): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:837): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:837): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:837): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.767:837): cwd="/"
-type=PATH msg=audit(1749816863.767:837): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.767:837): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.767:838): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.767:838): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.767:838): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.767:838): cwd="/"
-type=PATH msg=audit(1749816863.767:838): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.767:838): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:839): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:839): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:839): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:839): cwd="/"
-type=PATH msg=audit(1749816863.768:839): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:839): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:840): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:840): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:840): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:840): cwd="/"
-type=PATH msg=audit(1749816863.768:840): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:840): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:841): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:841): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:841): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:841): cwd="/"
-type=PATH msg=audit(1749816863.768:841): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:841): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:842): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:842): arch=c000003e syscall=44 success=yes exit=1088 a0=3 a1=7ffde9a3b880 a2=440 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:842): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:842): cwd="/"
-type=PATH msg=audit(1749816863.768:842): item=0 name="/etc/security/" inode=8766612 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:842): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:843): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="identity" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:843): arch=c000003e syscall=44 success=yes exit=1088 a0=3 a1=7ffde9a3b880 a2=440 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:843): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:843): cwd="/"
-type=PATH msg=audit(1749816863.768:843): item=0 name="/etc/security/" inode=8766612 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:843): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:844): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:844): arch=c000003e syscall=44 success=yes exit=1072 a0=3 a1=7ffde9a3b880 a2=430 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:844): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:844): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:845): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:845): arch=c000003e syscall=44 success=yes exit=1072 a0=3 a1=7ffde9a3b880 a2=430 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:845): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:845): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:846): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:846): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:846): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:846): cwd="/"
-type=PATH msg=audit(1749816863.768:846): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:846): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:847): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:847): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:847): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:847): cwd="/"
-type=PATH msg=audit(1749816863.768:847): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:847): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:848): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:848): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:848): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:848): cwd="/"
-type=PATH msg=audit(1749816863.768:848): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:848): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:849): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:849): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:849): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:849): cwd="/"
-type=PATH msg=audit(1749816863.768:849): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:849): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:850): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:850): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:850): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:850): cwd="/"
-type=PATH msg=audit(1749816863.768:850): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:850): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:851): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:851): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:851): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:851): cwd="/"
-type=PATH msg=audit(1749816863.768:851): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:851): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:852): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:852): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:852): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:852): cwd="/"
-type=PATH msg=audit(1749816863.768:852): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:852): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:853): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:853): arch=c000003e syscall=44 success=yes exit=1084 a0=3 a1=7ffde9a3b880 a2=43c a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:853): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:853): cwd="/"
-type=PATH msg=audit(1749816863.768:853): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:853): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:854): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:854): arch=c000003e syscall=44 success=yes exit=1092 a0=3 a1=7ffde9a3b880 a2=444 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:854): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:854): cwd="/"
-type=PATH msg=audit(1749816863.768:854): item=0 name="/etc/NetworkManager/" inode=4504980 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:NetworkManager_etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:854): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:855): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="system-locale" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:855): arch=c000003e syscall=44 success=yes exit=1092 a0=3 a1=7ffde9a3b880 a2=444 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:855): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:855): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:856): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="MAC-policy" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:856): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:856): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.768:856): cwd="/"
-type=PATH msg=audit(1749816863.768:856): item=0 name="/etc/selinux/" inode=264268 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:selinux_config_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.768:856): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:857): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="MAC-policy" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:857): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:857): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:857): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:858): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:858): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:858): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:858): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:859): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:859): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:859): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:859): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:860): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:860): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:860): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:860): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:861): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:861): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:861): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:861): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:862): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:862): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:862): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:862): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.768:863): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="perm_mod" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.768:863): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.768:863): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.768:863): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:864): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="access" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:864): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:864): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:864): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:865): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="access" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:865): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:865): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:865): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:866): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="access" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:866): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:866): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:866): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:867): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="access" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:867): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:867): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:867): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:868): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="export" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:868): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:868): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:868): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:869): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="export" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:869): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:869): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:869): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:870): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="delete" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:870): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:870): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:870): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:871): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="delete" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:871): arch=c000003e syscall=44 success=yes exit=1064 a0=3 a1=7ffde9a3b880 a2=428 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:871): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:871): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:872): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="actions" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:872): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:872): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.769:872): cwd="/"
-type=PATH msg=audit(1749816863.769:872): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.769:872): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:873): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="actions" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:873): arch=c000003e syscall=44 success=yes exit=1076 a0=3 a1=7ffde9a3b880 a2=434 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:873): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.769:873): cwd="/"
-type=PATH msg=audit(1749816863.769:873): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.769:873): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:874): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="actions" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:874): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:874): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.769:874): cwd="/"
-type=PATH msg=audit(1749816863.769:874): item=0 name="/etc/sudoers.d/" inode=14362654 dev=fd:02 mode=040750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.769:874): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:875): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="actions" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:875): arch=c000003e syscall=44 success=yes exit=1080 a0=3 a1=7ffde9a3b880 a2=438 a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:875): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:875): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:876): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:876): arch=c000003e syscall=44 success=yes exit=1092 a0=3 a1=7ffde9a3b880 a2=444 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:876): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.769:876): cwd="/"
-type=PATH msg=audit(1749816863.769:876): item=0 name="/usr/bin/" inode=8519818 dev=fd:02 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.769:876): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:877): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:877): arch=c000003e syscall=44 success=yes exit=1092 a0=3 a1=7ffde9a3b880 a2=444 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:877): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.769:877): cwd="/"
-type=PATH msg=audit(1749816863.769:877): item=0 name="/usr/bin/" inode=8519818 dev=fd:02 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.769:877): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:878): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:878): arch=c000003e syscall=44 success=yes exit=1088 a0=3 a1=7ffde9a3b880 a2=440 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:878): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.769:878): cwd="/"
-type=PATH msg=audit(1749816863.769:878): item=0 name="/usr/bin/" inode=8519818 dev=fd:02 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.769:878): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:879): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="maybe-escalation" list=4 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:879): arch=c000003e syscall=44 success=yes exit=1088 a0=3 a1=7ffde9a3b880 a2=440 a3=0 items=1 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:879): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=CWD msg=audit(1749816863.769:879): cwd="/"
-type=PATH msg=audit(1749816863.769:879): item=0 name="/usr/bin/" inode=8519818 dev=fd:02 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816863.769:879): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=CONFIG_CHANGE msg=audit(1749816863.769:880): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1AUID="unset"
-type=SYSCALL msg=audit(1749816863.769:880): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde9a3b7d0 a2=3c a3=0 items=0 ppid=7522 pid=7547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=system_u:system_r:unconfined_service_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=SOCKADDR msg=audit(1749816863.769:880): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
-type=PROCTITLE msg=audit(1749816863.769:880): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
-type=SERVICE_START msg=audit(1749816863.774:881): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=audit-rules comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=SERVICE_STOP msg=audit(1749816863.774:882): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=audit-rules comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=CRYPTO_KEY_USER msg=audit(1749816865.604:883): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:2a:b3:d8:02:9a:b3:b3:cf:f0:6f:b5:e5:28:cb:13:46:0f:1e:d7:31:b3:97:96:7b:4c:23:82:6a:26:93:d8:eb direction=? spid=7556 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
-type=CRYPTO_KEY_USER msg=audit(1749816865.604:884): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:55:3c:d2:20:05:94:06:52:a5:6e:20:b1:90:2d:56:4c:ee:27:bc:d6:9a:5c:3e:f1:4b:d1:6a:27:ea:a0:83:17 direction=? spid=7556 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
-type=CRYPTO_KEY_USER msg=audit(1749816865.604:885): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:37:63:70:14:0b:16:ef:e5:2c:12:d9:56:b5:01:ee:9c:cb:ce:ee:43:67:b3:28:00:b5:c3:80:dc:33:e9:97:9c direction=? spid=7556 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
-type=CRYPTO_SESSION msg=audit(1749816865.731:886): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=7556 suid=74 rport=34884 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
-type=CRYPTO_SESSION msg=audit(1749816865.731:887): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=7556 suid=74 rport=34884 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
-type=USER_AUTH msg=audit(1749816866.874:888): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=ssh res=failed'UID="root" AUID="unset"
-type=USER_AUTH msg=audit(1749816868.400:889): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=failed'UID="root" AUID="unset"
-type=CRYPTO_KEY_USER msg=audit(1749816872.643:890): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=7556 suid=74 rport=34884 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
-type=USER_LOGIN msg=audit(1749816872.644:891): pid=7555 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=ssh res=failed'UID="root" AUID="unset"
-type=CRYPTO_KEY_USER msg=audit(1749816873.508:892): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:2a:b3:d8:02:9a:b3:b3:cf:f0:6f:b5:e5:28:cb:13:46:0f:1e:d7:31:b3:97:96:7b:4c:23:82:6a:26:93:d8:eb direction=? spid=7559 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
-type=CRYPTO_KEY_USER msg=audit(1749816873.508:893): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:55:3c:d2:20:05:94:06:52:a5:6e:20:b1:90:2d:56:4c:ee:27:bc:d6:9a:5c:3e:f1:4b:d1:6a:27:ea:a0:83:17 direction=? spid=7559 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
-type=CRYPTO_KEY_USER msg=audit(1749816873.508:894): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:37:63:70:14:0b:16:ef:e5:2c:12:d9:56:b5:01:ee:9c:cb:ce:ee:43:67:b3:28:00:b5:c3:80:dc:33:e9:97:9c direction=? spid=7559 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="root"
-type=CRYPTO_SESSION msg=audit(1749816873.634:895): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=7559 suid=74 rport=43496 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
-type=CRYPTO_SESSION msg=audit(1749816873.634:896): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=7559 suid=74 rport=43496 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
-type=USER_AUTH msg=audit(1749816874.752:897): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=ssh res=failed'UID="root" AUID="unset"
-type=USER_AUTH msg=audit(1749816875.564:898): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="unset"
-type=USER_ACCT msg=audit(1749816875.589:899): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="unset"
-type=CRYPTO_KEY_USER msg=audit(1749816875.590:900): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=7559 suid=74 rport=43496 laddr=10.0.186.231 lport=22  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
-type=CRED_ACQ msg=audit(1749816875.592:901): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="unset"
-type=LOGIN msg=audit(1749816875.592:902): pid=7558 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=11 res=1UID="root" OLD-AUID="unset" AUID="newuser"
-type=SYSCALL msg=audit(1749816875.592:902): arch=c000003e syscall=1 success=yes exit=4 a0=5 a1=7ffc7843e8b0 a2=4 a3=0 items=0 ppid=5058 pid=7558 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd-session" exe="/usr/libexec/openssh/sshd-session" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=PROCTITLE msg=audit(1749816875.592:902): proctitle=737368642D73657373696F6E3A206E657775736572205B707269765D
-type=USER_ROLE_CHANGE msg=audit(1749816875.594:903): pid=7558 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="newuser"
-type=SERVICE_START msg=audit(1749816875.634:904): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=USER_ACCT msg=audit(1749816875.650:905): pid=7564 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=CRED_ACQ msg=audit(1749816875.650:906): pid=7564 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="newuser" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
-type=USER_ROLE_CHANGE msg=audit(1749816875.651:907): pid=7564 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=pam_selinux default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=LOGIN msg=audit(1749816875.651:908): pid=7564 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=12 res=1UID="root" OLD-AUID="unset" AUID="newuser"
-type=SYSCALL msg=audit(1749816875.651:908): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffd93263930 a2=4 a3=0 items=0 ppid=1 pid=7564 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=12 comm="(systemd)" exe="/usr/lib/systemd/systemd-executor" subj=system_u:system_r:init_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=PROCTITLE msg=audit(1749816875.651:908): proctitle="(systemd)"
-type=USER_START msg=audit(1749816875.657:909): pid=7564 uid=0 auid=1000 ses=12 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_umask,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="newuser" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'UID="root" AUID="newuser"
-type=SYSCALL msg=audit(1749816875.669:910): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffddcf7d6e0 a2=80000 a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.669:910): cwd="/"
-type=PATH msg=audit(1749816875.669:910): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.669:910): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.672:911): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=16d a2=55a009f15156 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.672:911): cwd="/"
-type=PATH msg=audit(1749816875.672:911): item=0 name=(null) inode=3 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.672:911): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.672:912): arch=c000003e syscall=91 success=yes exit=0 a0=4 a1=1a4 a2=55a553a46 a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.672:912): cwd="/"
-type=PATH msg=audit(1749816875.672:912): item=0 name=(null) inode=11 dev=00:2b mode=0100640 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.672:912): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.684:913): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffe34f53ac0 a2=80000 a3=0 items=1 ppid=7567 pid=7568 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="30-systemd-envi" exe="/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.684:913): cwd="/"
-type=PATH msg=audit(1749816875.684:913): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.684:913): proctitle="/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator"
-type=SYSCALL msg=audit(1749816875.692:914): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffd90913f80 a2=80000 a3=0 items=1 ppid=7569 pid=7570 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd-xdg-aut" exe="/usr/lib/systemd/user-generators/systemd-xdg-autostart-generator" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.692:914): cwd="/"
-type=PATH msg=audit(1749816875.692:914): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.692:914): proctitle=2F7573722F6C69622F73797374656D642F757365722D67656E657261746F72732F73797374656D642D7864672D6175746F73746172742D67656E657261746F72002F72756E2F757365722F313030302F73797374656D642F67656E657261746F72002F72756E2F757365722F313030302F73797374656D642F67656E65726174
-type=SYSCALL msg=audit(1749816875.695:915): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffddcf7d4a0 a2=80100 a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.695:915): cwd="/"
-type=PATH msg=audit(1749816875.695:915): item=0 name="/sys/module/fuse/uevent" inode=23603 dev=00:17 mode=0100200 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.695:915): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.695:916): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffddcf7d4a0 a2=80100 a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.695:916): cwd="/"
-type=PATH msg=audit(1749816875.695:916): item=0 name="/sys/module/configfs/uevent" inode=9728 dev=00:17 mode=0100200 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.695:916): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.720:917): arch=c000003e syscall=87 success=no exit=-2 a0=7ffddcf7d762 a1=1d a2=6c a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.720:917): cwd="/"
-type=PATH msg=audit(1749816875.720:917): item=0 name="/run/user/1000/systemd/" inode=2 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.720:917): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.720:918): arch=c000003e syscall=87 success=no exit=-2 a0=7ffddcf7d762 a1=1e a2=6c a3=0 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.720:918): cwd="/"
-type=PATH msg=audit(1749816875.720:918): item=0 name="/run/user/1000/systemd/" inode=2 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.720:918): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.729:919): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bce770 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.729:919): cwd="/"
-type=PATH msg=audit(1749816875.729:919): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.729:919): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.729:920): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bce770 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.729:920): cwd="/"
-type=PATH msg=audit(1749816875.729:920): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.729:920): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.729:921): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bce770 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.729:921): cwd="/"
-type=PATH msg=audit(1749816875.729:921): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.729:921): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.729:922): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.729:922): cwd="/"
-type=PATH msg=audit(1749816875.729:922): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/init.scope" inode=7591 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.729:922): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.729:923): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.729:923): cwd="/"
-type=PATH msg=audit(1749816875.729:923): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/init.scope" inode=7591 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.729:923): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.729:924): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.729:924): cwd="/"
-type=PATH msg=audit(1749816875.729:924): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/init.scope" inode=7591 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.729:924): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.730:925): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.730:925): cwd="/"
-type=PATH msg=audit(1749816875.730:925): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice" inode=7637 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.730:925): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.730:926): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.730:926): cwd="/"
-type=PATH msg=audit(1749816875.730:926): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice" inode=7637 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.730:926): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.730:927): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.730:927): cwd="/"
-type=PATH msg=audit(1749816875.730:927): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice" inode=7637 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.730:927): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.733:928): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.733:928): cwd="/"
-type=PATH msg=audit(1749816875.733:928): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/dbus.socket" inode=7683 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.733:928): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.733:929): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.733:929): cwd="/"
-type=PATH msg=audit(1749816875.733:929): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/dbus.socket" inode=7683 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.733:929): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.733:930): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d93f58 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.733:930): cwd="/"
-type=PATH msg=audit(1749816875.733:930): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/dbus.socket" inode=7683 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.733:930): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.733:931): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcd710 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.733:931): cwd="/"
-type=PATH msg=audit(1749816875.733:931): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/dbus.socket" inode=7683 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.733:931): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.733:932): arch=c000003e syscall=264 success=yes exit=0 a0=ffffff9c a1=55a553bb16a0 a2=ffffff9c a3=55a553bce0b0 items=4 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=renameat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.733:932): cwd="/"
-type=PATH msg=audit(1749816875.733:932): item=0 name="/run/user/1000/systemd/units/" inode=12 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PATH msg=audit(1749816875.733:932): item=1 name="/run/user/1000/systemd/units/" inode=12 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PATH msg=audit(1749816875.733:932): item=2 name="/run/user/1000/systemd/units/.#invocation:dbus.socket5e939d8a43598ad4" inode=19 dev=00:2b mode=0120777 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PATH msg=audit(1749816875.733:932): item=3 name="/run/user/1000/systemd/units/invocation:dbus.socket" inode=19 dev=00:2b mode=0120777 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.733:932): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.735:933): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcb230 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.735:933): cwd="/"
-type=PATH msg=audit(1749816875.735:933): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/systemd-tmpfiles-setup.service" inode=7722 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.735:933): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.735:934): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcb230 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.735:934): cwd="/"
-type=PATH msg=audit(1749816875.735:934): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/systemd-tmpfiles-setup.service" inode=7722 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.735:934): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.735:935): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcb230 a1=7f91a7d93f58 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.735:935): cwd="/"
-type=PATH msg=audit(1749816875.735:935): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/systemd-tmpfiles-setup.service" inode=7722 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.735:935): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.735:936): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bcb230 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.735:936): cwd="/"
-type=PATH msg=audit(1749816875.735:936): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/app.slice/systemd-tmpfiles-setup.service" inode=7722 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.735:936): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.735:937): arch=c000003e syscall=264 success=yes exit=0 a0=ffffff9c a1=55a553bb2aa0 a2=ffffff9c a3=55a553bb1880 items=4 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=renameat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.735:937): cwd="/"
-type=PATH msg=audit(1749816875.735:937): item=0 name="/run/user/1000/systemd/units/" inode=12 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PATH msg=audit(1749816875.735:937): item=1 name="/run/user/1000/systemd/units/" inode=12 dev=00:2b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PATH msg=audit(1749816875.735:937): item=2 name="/run/user/1000/systemd/units/.#invocation:systemd-tmpfiles-setup.servicecb04d43a9bf93964" inode=20 dev=00:2b mode=0120777 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PATH msg=audit(1749816875.735:937): item=3 name="/run/user/1000/systemd/units/invocation:systemd-tmpfiles-setup.service" inode=20 dev=00:2b mode=0120777 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.735:937): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.737:938): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bb1880 a1=7f91a7d83806 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.737:938): cwd="/"
-type=PATH msg=audit(1749816875.737:938): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.737:938): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.737:939): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bb1880 a1=7f91a7d837f7 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.737:939): cwd="/"
-type=PATH msg=audit(1749816875.737:939): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.737:939): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.737:940): arch=c000003e syscall=197 success=no exit=-61 a0=55a553bb1880 a1=7f91a7d83831 a2=0 a3=55a553a45010 items=1 ppid=1 pid=7564 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=removexattr AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.737:940): cwd="/"
-type=PATH msg=audit(1749816875.737:940): item=0 name="/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service" inode=7545 dev=00:1b mode=040755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:cgroup_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1749816875.737:940): proctitle="(systemd)"
-type=SYSCALL msg=audit(1749816875.740:941): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5642de9d5b24 a2=80101 a3=0 items=1 ppid=7564 pid=7571 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="9" exe="/usr/lib/systemd/systemd-executor" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=SYSCALL msg=audit(1749816875.740:942): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55a9e6ed7b24 a2=80101 a3=0 items=1 ppid=7564 pid=7572 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="9" exe="/usr/lib/systemd/systemd-executor" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.740:941): cwd="/"
-type=PATH msg=audit(1749816875.740:941): item=0 name="/dev/kmsg" inode=10 dev=00:06 mode=020644 ouid=0 ogid=0 rdev=01:0b obj=system_u:object_r:kmsg_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.740:941): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003332002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
-type=SYSCALL msg=audit(1749816875.740:943): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5642de9d07ab a2=80101 a3=0 items=1 ppid=7564 pid=7571 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="9" exe="/usr/lib/systemd/systemd-executor" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.740:943): cwd="/"
-type=PATH msg=audit(1749816875.740:943): item=0 name="/dev/console" inode=12 dev=00:06 mode=020620 ouid=0 ogid=5 rdev=05:01 obj=system_u:object_r:console_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1749816875.740:943): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003332002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
-type=CWD msg=audit(1749816875.740:942): cwd="/"
-type=PATH msg=audit(1749816875.740:942): item=0 name="/dev/kmsg" inode=10 dev=00:06 mode=020644 ouid=0 ogid=0 rdev=01:0b obj=system_u:object_r:kmsg_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.740:942): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003333002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
-type=SYSCALL msg=audit(1749816875.742:944): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55a9e6ed27ab a2=80101 a3=0 items=1 ppid=7564 pid=7572 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="9" exe="/usr/lib/systemd/systemd-executor" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.742:944): cwd="/"
-type=PATH msg=audit(1749816875.742:944): item=0 name="/dev/console" inode=12 dev=00:06 mode=020620 ouid=0 ogid=5 rdev=05:01 obj=system_u:object_r:console_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1749816875.742:944): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003333002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
-type=SYSCALL msg=audit(1749816875.750:945): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffde8eeeea0 a2=80000 a3=0 items=1 ppid=7564 pid=7572 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemd-tmpfile" exe="/usr/bin/systemd-tmpfiles" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=SYSCALL msg=audit(1749816875.750:946): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffeef5b2160 a2=80000 a3=0 items=1 ppid=7564 pid=7571 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.750:945): cwd="/home/newuser"
-type=PATH msg=audit(1749816875.750:945): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.750:945): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003333002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
-type=CWD msg=audit(1749816875.750:946): cwd="/home/newuser"
-type=PATH msg=audit(1749816875.750:946): item=0 name="/proc/1/environ" inode=2392 dev=00:16 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=system_u:system_r:init_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816875.750:946): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003332002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
-type=SYSCALL msg=audit(1749816875.752:947): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f0492b658a7 a2=280000 a3=0 items=1 ppid=7564 pid=7571 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=12 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816875.752:947): cwd="/home/newuser"
-type=PATH msg=audit(1749816875.752:947): item=0 name="/proc/1/root" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
-type=PROCTITLE msg=audit(1749816875.752:947): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D6578656375746F72002D2D646573657269616C697A65003332002D2D6C6F672D6C6576656C00696E666F002D2D6C6F672D746172676574006175746F
-type=SERVICE_START msg=audit(1749816875.761:948): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=USER_START msg=audit(1749816875.767:949): pid=7558 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="newuser"
-type=CRYPTO_KEY_USER msg=audit(1749816875.768:950): pid=7575 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:2a:b3:d8:02:9a:b3:b3:cf:f0:6f:b5:e5:28:cb:13:46:0f:1e:d7:31:b3:97:96:7b:4c:23:82:6a:26:93:d8:eb direction=? spid=7575 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="newuser" SUID="root"
-type=CRYPTO_KEY_USER msg=audit(1749816875.768:951): pid=7575 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:55:3c:d2:20:05:94:06:52:a5:6e:20:b1:90:2d:56:4c:ee:27:bc:d6:9a:5c:3e:f1:4b:d1:6a:27:ea:a0:83:17 direction=? spid=7575 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="newuser" SUID="root"
-type=CRYPTO_KEY_USER msg=audit(1749816875.768:952): pid=7575 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:37:63:70:14:0b:16:ef:e5:2c:12:d9:56:b5:01:ee:9c:cb:ce:ee:43:67:b3:28:00:b5:c3:80:dc:33:e9:97:9c direction=? spid=7575 suid=0  exe="/usr/libexec/openssh/sshd-session" hostname=? addr=10.45.224.176 terminal=? res=success'UID="root" AUID="newuser" SUID="root"
-type=CRED_ACQ msg=audit(1749816875.769:953): pid=7575 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="newuser" exe="/usr/libexec/openssh/sshd-session" hostname=10.45.224.176 addr=10.45.224.176 terminal=ssh res=success'UID="root" AUID="newuser"
-type=SYSCALL msg=audit(1749816876.065:954): arch=c000003e syscall=188 success=yes exit=0 a0=5594d870a9bc a1=7f50cd8191ac a2=5594d8728430 a3=27 items=1 ppid=5058 pid=7558 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd-session" exe="/usr/libexec/openssh/sshd-session" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=setxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816876.065:954): cwd="/"
-type=PATH msg=audit(1749816876.065:954): item=0 name="/dev/pts/2" inode=5 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:02 obj=system_u:object_r:sshd_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1749816876.065:954): proctitle=737368642D73657373696F6E3A206E657775736572205B707269765D
-type=SYSCALL msg=audit(1749816876.066:955): arch=c000003e syscall=92 success=yes exit=0 a0=5594d870a9bc a1=3e8 a2=5 a3=5594c8c061cf items=1 ppid=5058 pid=7558 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd-session" exe="/usr/libexec/openssh/sshd-session" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816876.066:955): cwd="/"
-type=PATH msg=audit(1749816876.066:955): item=0 name="/dev/pts/2" inode=5 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:02 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1749816876.066:955): proctitle=737368642D73657373696F6E3A206E657775736572205B707269765D
-type=USER_LOGIN msg=audit(1749816876.066:956): pid=7558 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/libexec/openssh/sshd-session" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=10.45.224.176 terminal=/dev/pts/2 res=success'UID="root" AUID="newuser" ID="newuser"
-type=USER_START msg=audit(1749816876.066:957): pid=7558 uid=0 auid=1000 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/libexec/openssh/sshd-session" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=10.45.224.176 terminal=/dev/pts/2 res=success'UID="root" AUID="newuser" ID="newuser"
-type=BPF msg=audit(1749816876.080:958): prog-id=95 op=UNLOAD
-type=BPF msg=audit(1749816876.080:959): prog-id=94 op=UNLOAD
-type=BPF msg=audit(1749816876.081:960): prog-id=96 op=LOAD
-type=BPF msg=audit(1749816876.082:961): prog-id=97 op=LOAD
-type=BPF msg=audit(1749816876.082:962): prog-id=98 op=LOAD
-type=SERVICE_START msg=audit(1749816876.145:963): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=USER_AUTH msg=audit(1749816880.463:964): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_ACCT msg=audit(1749816880.465:965): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1749816880.467:966): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=757365726D6F64202D6320546573742075736572206E657775736572 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1749816880.468:967): arch=c000003e syscall=92 success=yes exit=0 a0=7fff7a155c50 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7607 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816880.468:967): cwd="/home/newuser"
-type=PATH msg=audit(1749816880.468:967): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1749816880.468:967): proctitle=7375646F00757365726D6F64002D6300546573742075736572006E657775736572
-type=CRED_REFR msg=audit(1749816880.469:968): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1749816880.473:969): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_END msg=audit(1749816880.479:970): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1749816880.479:971): pid=7607 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_ACCT msg=audit(1749816885.822:972): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1749816885.824:973): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=757365726D6F64202D632054657374206E65772075736572206E657775736572 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1749816885.825:974): arch=c000003e syscall=92 success=yes exit=0 a0=7fffd398f050 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7613 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816885.825:974): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.825:974): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1749816885.825:974): proctitle=7375646F00757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=CRED_REFR msg=audit(1749816885.825:975): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1749816885.828:976): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1749816885.834:977): arch=c000003e syscall=87 success=yes exit=0 a0=55c8a544e770 a1=55c8a544e770 a2=0 a3=0 items=2 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.834:977): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.834:977): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1749816885.834:977): item=1 name="/etc/passwd.7616" inode=4836609 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.834:977): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.834:978): arch=c000003e syscall=257 success=yes exit=5 a0=ffffff9c a1=55c871d48320 a2=a0902 a3=0 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.834:978): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.834:978): item=0 name="/etc/passwd" inode=4836612 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.834:978): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.838:979): arch=c000003e syscall=87 success=yes exit=0 a0=55c8a54557f0 a1=55c8a54557f0 a2=0 a3=0 items=2 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.838:979): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.838:979): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1749816885.838:979): item=1 name="/etc/shadow.7616" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.838:979): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.838:980): arch=c000003e syscall=257 success=yes exit=6 a0=ffffff9c a1=55c871d49040 a2=a0902 a3=0 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.838:980): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.838:980): item=0 name="/etc/shadow" inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.838:980): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=USER_MGMT msg=audit(1749816885.838:981): pid=7616 uid=0 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-comment id=1000 exe="/usr/sbin/usermod" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=pts/3 res=success'UID="root" AUID="newuser" ID="newuser"
-type=SYSCALL msg=audit(1749816885.841:982): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=0 a2=0 a3=1b6 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.841:982): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.841:982): item=0 name=(null) inode=4534412 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.841:982): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.842:983): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=0 a3=1b6 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.842:983): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.842:983): item=0 name=(null) inode=4534412 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.842:983): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.846:984): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.846:984): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.846:984): item=0 name=(null) inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.846:984): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.846:985): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.846:985): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.846:985): item=0 name=(null) inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.846:985): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.848:986): arch=c000003e syscall=82 success=yes exit=0 a0=7ffee06d3050 a1=55c871d48320 a2=7ffee06d2fc0 a3=100 items=5 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.848:986): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.848:986): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1749816885.848:986): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1749816885.848:986): item=2 name="/etc/passwd+" inode=4836614 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1749816885.848:986): item=3 name="/etc/passwd" inode=4836612 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1749816885.848:986): item=4 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.848:986): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.849:987): arch=c000003e syscall=87 success=yes exit=0 a0=7ffee06d3070 a1=6b636f6c a2=0 a3=0 items=2 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.849:987): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.849:987): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1749816885.849:987): item=1 name="/etc/shadow.lock" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.849:987): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=SYSCALL msg=audit(1749816885.849:988): arch=c000003e syscall=87 success=yes exit=0 a0=7ffee06d3070 a1=6b636f6c a2=0 a3=0 items=2 ppid=7615 pid=7616 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1749816885.849:988): cwd="/home/newuser"
-type=PATH msg=audit(1749816885.849:988): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1749816885.849:988): item=1 name="/etc/passwd.lock" inode=4836609 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1749816885.849:988): proctitle=757365726D6F64002D630054657374206E65772075736572006E657775736572
-type=USER_END msg=audit(1749816885.851:989): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1749816885.851:990): pid=7613 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_ACCT msg=audit(1749816889.489:991): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1749816889.491:992): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=64617465202D7320323032332D30312D30312031323A30303A3030 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1749816889.492:993): arch=c000003e syscall=92 success=yes exit=0 a0=7ffe6cc2e070 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7617 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1749816889.492:993): cwd="/home/newuser"
-type=PATH msg=audit(1749816889.492:993): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1749816889.492:993): proctitle=7375646F0064617465002D7300323032332D30312D30312031323A30303A3030
-type=CRED_REFR msg=audit(1749816889.493:994): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1749816889.497:995): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1749816889.499:996): arch=c000003e syscall=227 success=yes exit=0 a0=0 a1=7ffcb4b0f630 a2=0 a3=7ffcb4b0f5e0 items=0 ppid=7619 pid=7620 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="date" exe="/usr/bin/date" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="time-change"ARCH=x86_64 SYSCALL=clock_settime AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=TIME_INJOFFSET msg=audit(1749816889.499:996): sec=-77224490 nsec=499251461
-type=PROCTITLE msg=audit(1749816889.499:996): proctitle=64617465002D7300323032332D30312D30312031323A30303A3030
-type=USER_END msg=audit(1672592400.001:997): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592400.001:998): pid=7617 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SERVICE_START msg=audit(1672592400.500:999): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=SERVICE_STOP msg=audit(1672592400.500:1000): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=SYSCALL msg=audit(1672592410.288:1001): arch=c000003e syscall=268 success=no exit=-1 a0=ffffff9c a1=55f34ea94620 a2=1ff a3=0 items=1 ppid=7576 pid=7624 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="chmod" exe="/usr/bin/chmod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=fchmodat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592410.288:1001): cwd="/home/newuser"
-type=PATH msg=audit(1672592410.288:1001): item=0 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592410.288:1001): proctitle=63686D6F6400373737002F6574632F706173737764
-type=USER_ACCT msg=audit(1672592416.454:1002): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1672592416.456:1003): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=63686D6F6420373737202F6574632F706173737764 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592416.457:1004): arch=c000003e syscall=92 success=yes exit=0 a0=7ffc9a06e190 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7625 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592416.457:1004): cwd="/home/newuser"
-type=PATH msg=audit(1672592416.457:1004): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1672592416.457:1004): proctitle=7375646F0063686D6F6400373737002F6574632F706173737764
-type=CRED_REFR msg=audit(1672592416.457:1005): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592416.460:1006): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592416.462:1007): arch=c000003e syscall=268 success=yes exit=0 a0=ffffff9c a1=5615d2f57620 a2=1ff a3=0 items=1 ppid=7627 pid=7628 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="chmod" exe="/usr/bin/chmod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=fchmodat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592416.462:1007): cwd="/home/newuser"
-type=PATH msg=audit(1672592416.462:1007): item=0 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592416.462:1007): proctitle=63686D6F6400373737002F6574632F706173737764
-type=USER_END msg=audit(1672592416.463:1008): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592416.464:1009): pid=7625 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SERVICE_STOP msg=audit(1672592416.664:1010): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=BPF msg=audit(1672592416.670:1011): prog-id=96 op=UNLOAD
-type=USER_ACCT msg=audit(1672592420.638:1012): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1672592420.640:1013): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=63686F776E206E6577757365723A6E657775736572202F686F6D652F6E6577757365722F2E626173687263 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592420.641:1014): arch=c000003e syscall=92 success=yes exit=0 a0=7ffd872a24b0 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7633 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592420.641:1014): cwd="/home/newuser"
-type=PATH msg=audit(1672592420.641:1014): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1672592420.641:1014): proctitle=7375646F0063686F776E006E6577757365723A6E657775736572002F686F6D652F6E6577757365722F2E626173687263
-type=CRED_REFR msg=audit(1672592420.642:1015): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592420.645:1016): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592420.650:1017): arch=c000003e syscall=260 success=yes exit=0 a0=ffffff9c a1=562a658976e0 a2=3e8 a3=3e8 items=1 ppid=7635 pid=7636 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="chown" exe="/usr/bin/chown" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchownat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592420.650:1017): cwd="/home/newuser"
-type=PATH msg=audit(1672592420.650:1017): item=0 name="/home/newuser/.bashrc" inode=20971709 dev=fd:02 mode=0100644 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1672592420.650:1017): proctitle=63686F776E006E6577757365723A6E657775736572002F686F6D652F6E6577757365722F2E626173687263
-type=USER_END msg=audit(1672592420.651:1018): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592420.651:1019): pid=7633 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592423.207:1020): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffe31d8253a a2=0 a3=0 items=1 ppid=7576 pid=7637 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="cat" exe="/usr/bin/cat" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592423.207:1020): cwd="/home/newuser"
-type=PATH msg=audit(1672592423.207:1020): item=0 name="/root/secret.txt" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
-type=PROCTITLE msg=audit(1672592423.207:1020): proctitle=636174002F726F6F742F7365637265742E747874
-type=SYSCALL msg=audit(1672592427.603:1021): arch=c000003e syscall=263 success=yes exit=0 a0=ffffff9c a1=5560cbcd05f0 a2=0 a3=200 items=2 ppid=7576 pid=7638 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlinkat AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592427.603:1021): cwd="/home/newuser"
-type=PATH msg=audit(1672592427.603:1021): item=0 name="/home/newuser/" inode=20971706 dev=fd:02 mode=040700 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PATH msg=audit(1672592427.603:1021): item=1 name="/home/newuser/.bashrc" inode=20971709 dev=fd:02 mode=0100644 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="newuser" OGID="newuser"
-type=PROCTITLE msg=audit(1672592427.603:1021): proctitle=726D002F686F6D652F6E6577757365722F2E626173687263
-type=USER_ACCT msg=audit(1672592430.992:1022): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1672592430.994:1023): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=6D6F756E74202F6465762F73646231202F6D6E74 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592430.995:1024): arch=c000003e syscall=92 success=yes exit=0 a0=7ffd3b023070 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7639 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592430.995:1024): cwd="/home/newuser"
-type=PATH msg=audit(1672592430.995:1024): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1672592430.995:1024): proctitle=7375646F006D6F756E74002F6465762F73646231002F6D6E74
-type=CRED_REFR msg=audit(1672592430.995:1025): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592430.997:1026): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_END msg=audit(1672592431.114:1027): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592431.115:1028): pid=7639 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_ACCT msg=audit(1672592434.391:1029): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1672592434.392:1030): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=746565202D61202F6574632F686F737473 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592434.393:1031): arch=c000003e syscall=92 success=yes exit=0 a0=7ffe10ab2b10 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7646 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592434.393:1031): cwd="/home/newuser"
-type=PATH msg=audit(1672592434.393:1031): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1672592434.393:1031): proctitle=7375646F00746565002D61002F6574632F686F737473
-type=CRED_REFR msg=audit(1672592434.394:1032): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592434.396:1033): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592434.398:1034): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7ffd911c5734 a2=441 a3=1b6 items=1 ppid=7648 pid=7649 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="tee" exe="/usr/bin/tee" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="system-locale"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592434.398:1034): cwd="/home/newuser"
-type=PATH msg=audit(1672592434.398:1034): item=0 name="/etc/hosts" inode=4329581 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:net_conf_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592434.398:1034): proctitle=746565002D61002F6574632F686F737473
-type=USER_END msg=audit(1672592434.399:1035): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592434.399:1036): pid=7646 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_ACCT msg=audit(1672592436.989:1037): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1672592436.990:1038): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=686F73746E616D6563746C207365742D686F73746E616D652074657374686F7374 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592436.991:1039): arch=c000003e syscall=92 success=yes exit=0 a0=7ffd9445d8d0 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7650 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592436.991:1039): cwd="/home/newuser"
-type=PATH msg=audit(1672592436.991:1039): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1672592436.991:1039): proctitle=7375646F00686F73746E616D6563746C007365742D686F73746E616D650074657374686F7374
-type=CRED_REFR msg=audit(1672592436.992:1040): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592436.994:1041): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=BPF msg=audit(1672592437.000:1042): prog-id=98 op=UNLOAD
-type=BPF msg=audit(1672592437.000:1043): prog-id=97 op=UNLOAD
-type=BPF msg=audit(1672592437.001:1044): prog-id=99 op=LOAD
-type=BPF msg=audit(1672592437.002:1045): prog-id=100 op=LOAD
-type=BPF msg=audit(1672592437.002:1046): prog-id=101 op=LOAD
-type=SERVICE_START msg=audit(1672592437.049:1047): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=SYSCALL msg=audit(1672592437.053:1048): arch=c000003e syscall=264 success=yes exit=0 a0=ffffff9c a1=55fcb015a910 a2=ffffff9c a3=55fca8a5c01c items=5 ppid=1 pid=7654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hostnam" exe="/usr/lib/systemd/systemd-hostnamed" subj=system_u:system_r:systemd_hostnamed_t:s0 key="system-locale"ARCH=x86_64 SYSCALL=renameat AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592437.053:1048): cwd="/"
-type=PATH msg=audit(1672592437.053:1048): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592437.053:1048): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592437.053:1048): item=2 name="/etc/.#hostnameee111b086543a43a" inode=4836608 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592437.053:1048): item=3 name="/etc/hostname" inode=4836982 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592437.053:1048): item=4 name="/etc/hostname" inode=4836608 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592437.053:1048): proctitle="/usr/lib/systemd/systemd-hostnamed"
-type=SYSCALL msg=audit(1672592437.053:1049): arch=c000003e syscall=170 success=yes exit=0 a0=55fcb015a650 a1=8 a2=55fcb0142 a3=55fcb0142010 items=0 ppid=1 pid=7654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hostnam" exe="/usr/lib/systemd/systemd-hostnamed" subj=system_u:system_r:systemd_hostnamed_t:s0 key="system-locale"ARCH=x86_64 SYSCALL=sethostname AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=PROCTITLE msg=audit(1672592437.053:1049): proctitle="/usr/lib/systemd/systemd-hostnamed"
-type=USER_END msg=audit(1672592437.058:1050): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592437.058:1051): pid=7650 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=prereserve-1mt-rhel-10.1-20250602.1-4575-2025-06-13-09-57 addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SERVICE_START msg=audit(1672592437.079:1052): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=USER_ACCT msg=audit(1672592440.565:1053): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1672592440.567:1054): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=75736572616464207465737475736572 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592440.568:1055): arch=c000003e syscall=92 success=yes exit=0 a0=7ffd772a1290 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7664 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592440.568:1055): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.568:1055): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1672592440.568:1055): proctitle=7375646F0075736572616464007465737475736572
-type=CRED_REFR msg=audit(1672592440.569:1056): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592440.571:1057): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592440.580:1058): arch=c000003e syscall=87 success=yes exit=0 a0=557f68591230 a1=557f68591230 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.580:1058): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.580:1058): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.580:1058): item=1 name="/etc/passwd.7667" inode=4194437 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.580:1058): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.580:1059): arch=c000003e syscall=257 success=yes exit=5 a0=ffffff9c a1=557f65336040 a2=a0902 a3=0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.580:1059): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.580:1059): item=0 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.580:1059): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.583:1060): arch=c000003e syscall=87 success=yes exit=0 a0=557f6859ef40 a1=557f6859ef40 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.583:1060): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.583:1060): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.583:1060): item=1 name="/etc/group.7667" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.583:1060): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.583:1061): arch=c000003e syscall=257 success=yes exit=6 a0=ffffff9c a1=557f653364a0 a2=a0902 a3=0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.583:1061): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.583:1061): item=0 name="/etc/group" inode=4836610 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.583:1061): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.587:1062): arch=c000003e syscall=87 success=yes exit=0 a0=557f6857b5a0 a1=557f6857b5a0 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.587:1062): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.587:1062): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.587:1062): item=1 name="/etc/gshadow.7667" inode=4836612 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.587:1062): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.587:1063): arch=c000003e syscall=257 success=yes exit=7 a0=ffffff9c a1=557f65336900 a2=a0902 a3=0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.587:1063): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.587:1063): item=0 name="/etc/gshadow" inode=4836613 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.587:1063): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.589:1064): arch=c000003e syscall=87 success=yes exit=0 a0=557f685a29c0 a1=557f685a29c0 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.589:1064): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.589:1064): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.589:1064): item=1 name="/etc/subuid.7667" inode=4836619 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.589:1064): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.593:1065): arch=c000003e syscall=87 success=yes exit=0 a0=557f685a7dd0 a1=557f685a7dd0 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.593:1065): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.593:1065): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.593:1065): item=1 name="/etc/subgid.7667" inode=4836620 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.593:1065): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.599:1066): arch=c000003e syscall=87 success=yes exit=0 a0=557f685a8590 a1=557f685a8590 a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.599:1066): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.599:1066): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.599:1066): item=1 name="/etc/shadow.7667" inode=4836621 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.599:1066): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.599:1067): arch=c000003e syscall=257 success=yes exit=10 a0=ffffff9c a1=557f65335be0 a2=a0902 a3=0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.599:1067): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.599:1067): item=0 name="/etc/shadow" inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.599:1067): proctitle=75736572616464007465737475736572
-type=ADD_GROUP msg=audit(1672592440.600:1068): pid=7667 uid=0 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-group acct="testuser" exe="/usr/sbin/useradd" hostname=testhost addr=? terminal=pts/3 res=success'UID="root" AUID="newuser"
-type=ADD_USER msg=audit(1672592440.602:1069): pid=7667 uid=0 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-user acct="testuser" exe="/usr/sbin/useradd" hostname=testhost addr=? terminal=pts/3 res=success'UID="root" AUID="newuser"
-type=SYSCALL msg=audit(1672592440.604:1070): arch=c000003e syscall=93 success=yes exit=0 a0=c a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.604:1070): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.604:1070): item=0 name=(null) inode=4534412 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.604:1070): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.604:1071): arch=c000003e syscall=91 success=yes exit=0 a0=c a1=1b4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.604:1071): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.604:1071): item=0 name=(null) inode=4534412 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.604:1071): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.616:1072): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.616:1072): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.616:1072): item=0 name=(null) inode=4836622 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.616:1072): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.616:1073): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1b4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.616:1073): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.616:1073): item=0 name=(null) inode=4836622 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.616:1073): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.619:1074): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c910 a1=557f65336040 a2=7ffeab31c880 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.619:1074): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.619:1074): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.619:1074): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.619:1074): item=2 name="/etc/passwd+" inode=4836622 dev=fd:02 mode=0100664 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.619:1074): item=3 name="/etc/passwd" inode=4836614 dev=fd:02 mode=0100777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.619:1074): item=4 name="/etc/passwd" inode=4836622 dev=fd:02 mode=0100664 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.619:1074): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.620:1075): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.620:1075): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.620:1075): item=0 name=(null) inode=4600516 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.620:1075): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.620:1076): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.620:1076): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.620:1076): item=0 name=(null) inode=4600516 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.620:1076): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.622:1077): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.622:1077): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.622:1077): item=0 name=(null) inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.622:1077): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.623:1078): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.623:1078): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.623:1078): item=0 name=(null) inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.623:1078): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.625:1079): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c910 a1=557f65335be0 a2=7ffeab31c880 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.625:1079): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.625:1079): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.625:1079): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.625:1079): item=2 name="/etc/shadow+" inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.625:1079): item=3 name="/etc/shadow" inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.625:1079): item=4 name="/etc/shadow" inode=4836614 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.625:1079): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.625:1080): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.625:1080): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.625:1080): item=0 name=(null) inode=4600514 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.625:1080): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.625:1081): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.625:1081): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.625:1081): item=0 name=(null) inode=4600514 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.625:1081): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.631:1082): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.631:1082): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.631:1082): item=0 name=(null) inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.631:1082): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.631:1083): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.631:1083): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.631:1083): item=0 name=(null) inode=4329594 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.631:1083): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.634:1084): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c8f0 a1=557f653364a0 a2=7ffeab31c860 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.634:1084): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.634:1084): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.634:1084): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.634:1084): item=2 name="/etc/group+" inode=4329594 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.634:1084): item=3 name="/etc/group" inode=4836610 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.634:1084): item=4 name="/etc/group" inode=4329594 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.634:1084): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.634:1085): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.634:1085): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.634:1085): item=0 name=(null) inode=4600515 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.634:1085): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.634:1086): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.634:1086): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.634:1086): item=0 name=(null) inode=4600515 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.634:1086): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.639:1087): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.639:1087): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.639:1087): item=0 name=(null) inode=4836610 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.639:1087): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.639:1088): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.639:1088): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.639:1088): item=0 name=(null) inode=4836610 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.639:1088): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.641:1089): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c8f0 a1=557f65336900 a2=7ffeab31c860 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="identity"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.641:1089): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.641:1089): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.641:1089): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.641:1089): item=2 name="/etc/gshadow+" inode=4836610 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.641:1089): item=3 name="/etc/gshadow" inode=4836613 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.641:1089): item=4 name="/etc/gshadow" inode=4836610 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.641:1089): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.641:1090): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.641:1090): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.641:1090): item=0 name=(null) inode=4836615 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.641:1090): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.641:1091): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.641:1091): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.641:1091): item=0 name=(null) inode=4836615 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.641:1091): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.644:1092): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.644:1092): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.644:1092): item=0 name=(null) inode=4836613 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.644:1092): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.644:1093): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.644:1093): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.644:1093): item=0 name=(null) inode=4836613 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.644:1093): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.646:1094): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c910 a1=557f65336d60 a2=7ffeab31c880 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.646:1094): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.646:1094): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.646:1094): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.646:1094): item=2 name="/etc/subuid+" inode=4836613 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.646:1094): item=3 name="/etc/subuid" inode=4836616 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.646:1094): item=4 name="/etc/subuid" inode=4836613 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.646:1094): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.647:1095): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.647:1095): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.647:1095): item=0 name=(null) inode=4836617 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.647:1095): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.647:1096): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.647:1096): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.647:1096): item=0 name=(null) inode=4836617 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.647:1096): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.653:1097): arch=c000003e syscall=93 success=yes exit=0 a0=5 a1=0 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.653:1097): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.653:1097): item=0 name=(null) inode=4836616 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.653:1097): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.653:1098): arch=c000003e syscall=91 success=yes exit=0 a0=5 a1=1a4 a2=0 a3=1b6 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.653:1098): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.653:1098): item=0 name=(null) inode=4836616 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.653:1098): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1099): arch=c000003e syscall=82 success=yes exit=0 a0=7ffeab31c910 a1=557f653371c0 a2=7ffeab31c880 a3=100 items=5 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1099): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1099): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1099): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1099): item=2 name="/etc/subgid+" inode=4836616 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1099): item=3 name="/etc/subgid" inode=4836618 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1099): item=4 name="/etc/subgid" inode=4836616 dev=fd:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1099): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1100): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c930 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1100): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1100): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1100): item=1 name="/etc/shadow.lock" inode=4836621 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1100): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1101): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c930 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1101): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1101): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1101): item=1 name="/etc/passwd.lock" inode=4194437 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1101): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1102): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c910 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1102): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1102): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1102): item=1 name="/etc/group.lock" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1102): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1103): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c910 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1103): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1103): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1103): item=1 name="/etc/gshadow.lock" inode=4836612 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1103): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1104): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c930 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1104): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1104): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1104): item=1 name="/etc/subuid.lock" inode=4836619 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1104): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1105): arch=c000003e syscall=87 success=yes exit=0 a0=7ffeab31c930 a1=6b636f6c a2=0 a3=0 items=2 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1105): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1105): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592440.656:1105): item=1 name="/etc/subgid.lock" inode=4836620 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1105): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1106): arch=c000003e syscall=92 success=yes exit=0 a0=7ffeab31cc10 a1=0 a2=0 a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1106): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1106): item=0 name="/home/testuser" inode=33555919 dev=fd:02 mode=040000 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1106): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1107): arch=c000003e syscall=90 success=yes exit=0 a0=7ffeab31cc10 a1=1ed a2=0 a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1107): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1107): item=0 name="/home/testuser" inode=33555919 dev=fd:02 mode=040000 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1107): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1108): arch=c000003e syscall=92 success=yes exit=0 a0=557f6859d740 a1=3e9 a2=3e9 a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1108): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1108): item=0 name="/home/testuser" inode=33555919 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.656:1108): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.656:1109): arch=c000003e syscall=90 success=yes exit=0 a0=557f6859d740 a1=1c0 a2=0 a3=7f685bca7fe0 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.656:1109): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.656:1109): item=0 name="/home/testuser" inode=33555919 dev=fd:02 mode=040755 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.656:1109): proctitle=75736572616464007465737475736572
-type=USER_MGMT msg=audit(1672592440.656:1110): pid=7667 uid=0 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-home-dir id=1001 exe="/usr/sbin/useradd" hostname=testhost addr=? terminal=pts/3 res=success'UID="root" AUID="newuser" ID="testuser"
-type=SYSCALL msg=audit(1672592440.658:1111): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1111): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1111): item=0 name=(null) inode=33555920 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.658:1111): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1112): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1112): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1112): item=0 name=(null) inode=33555920 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1112): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1113): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685a74b0 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1113): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1113): item=0 name=(null) inode=33555920 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1113): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1114): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1114): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1114): item=0 name=(null) inode=33555921 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.658:1114): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1115): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1115): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1115): item=0 name=(null) inode=33555921 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1115): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1116): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685a74b0 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1116): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1116): item=0 name=(null) inode=33555921 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1116): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1117): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1117): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1117): item=0 name=(null) inode=33555922 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.658:1117): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1118): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1118): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1118): item=0 name=(null) inode=33555922 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1118): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1119): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685ae860 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1119): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1119): item=0 name=(null) inode=33555922 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1119): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1120): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1120): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1120): item=0 name=(null) inode=33555923 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.658:1120): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1121): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1121): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1121): item=0 name=(null) inode=33555923 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1121): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1122): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685a74b0 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1122): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1122): item=0 name=(null) inode=33555923 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1122): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1123): arch=c000003e syscall=93 success=yes exit=0 a0=7 a1=3e9 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1123): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1123): item=0 name=(null) inode=33555924 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.658:1123): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1124): arch=c000003e syscall=91 success=yes exit=0 a0=7 a1=1a4 a2=3e9 a3=180 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1124): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1124): item=0 name=(null) inode=33555924 dev=fd:02 mode=0100600 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1124): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.658:1125): arch=c000003e syscall=190 success=yes exit=0 a0=7 a1=7f685bd26000 a2=557f685ae860 a3=1c items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fsetxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.658:1125): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.658:1125): item=0 name=(null) inode=33555924 dev=fd:02 mode=0100644 ouid=1001 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="testuser"
-type=PROCTITLE msg=audit(1672592440.658:1125): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.661:1126): arch=c000003e syscall=93 success=yes exit=0 a0=4 a1=3e9 a2=c a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.661:1126): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.661:1126): item=0 name=(null) inode=9838121 dev=fd:02 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:mail_spool_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592440.661:1126): proctitle=75736572616464007465737475736572
-type=SYSCALL msg=audit(1672592440.661:1127): arch=c000003e syscall=91 success=yes exit=0 a0=4 a1=1b0 a2=c a3=557f68576010 items=1 ppid=7666 pid=7667 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592440.661:1127): cwd="/home/newuser"
-type=PATH msg=audit(1672592440.661:1127): item=0 name=(null) inode=9838121 dev=fd:02 mode=0100000 ouid=1001 ogid=12 rdev=00:00 obj=system_u:object_r:mail_spool_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="testuser" OGID="mail"
-type=PROCTITLE msg=audit(1672592440.661:1127): proctitle=75736572616464007465737475736572
-type=USER_END msg=audit(1672592440.684:1128): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592440.684:1129): pid=7664 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CHAUTHTOK msg=audit(1672592446.279:1130): pid=7668 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=PAM:chauthtok grantors=? acct="newuser" exe="/usr/bin/passwd" hostname=testhost addr=? terminal=pts/2 res=failed'UID="newuser" AUID="newuser"
-type=SERVICE_STOP msg=audit(1672592447.096:1131): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=SYSCALL msg=audit(1672592449.062:1132): arch=c000003e syscall=59 success=yes exit=0 a0=55c2885535c0 a1=55c288560ce0 a2=55c28855efc0 a3=55c28851e010 items=2 ppid=7576 pid=7673 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="pkexec" exe="/usr/bin/pkexec" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="maybe-escalation"ARCH=x86_64 SYSCALL=execve AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=EXECVE msg=audit(1672592449.062:1132): argc=2 a0="pkexec" a1="ls"
-type=CWD msg=audit(1672592449.062:1132): cwd="/home/newuser"
-type=PATH msg=audit(1672592449.062:1132): item=0 name="/usr/bin/pkexec" inode=8936895 dev=fd:02 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592449.062:1132): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=8617394 dev=fd:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592449.062:1132): proctitle=706B65786563006C73
-type=BPF msg=audit(1672592449.078:1133): prog-id=102 op=LOAD
-type=SERVICE_START msg=audit(1672592449.148:1134): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=USER_AUTH msg=audit(1672592452.013:1135): pid=7697 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="newuser" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_ACCT msg=audit(1672592452.015:1136): pid=7697 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592452.025:1137): pid=7673 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/pkexec" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_ACCT msg=audit(1672592455.976:1138): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1672592455.977:1139): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd="visudo" exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592455.978:1140): arch=c000003e syscall=92 success=yes exit=0 a0=7fff230729d0 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7704 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592455.978:1140): cwd="/home/newuser"
-type=PATH msg=audit(1672592455.978:1140): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1672592455.978:1140): proctitle=7375646F0076697375646F
-type=CRED_REFR msg=audit(1672592455.978:1141): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592455.982:1142): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592455.988:1143): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7ffdf42576a0 a2=2 a3=0 items=1 ppid=7706 pid=7707 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="visudo" exe="/usr/sbin/visudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="actions"ARCH=x86_64 SYSCALL=openat AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592455.988:1143): cwd="/home/newuser"
-type=PATH msg=audit(1672592455.988:1143): item=0 name="/etc/sudoers" inode=4511443 dev=fd:02 mode=0100440 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592455.988:1143): proctitle="visudo"
-type=SYSCALL msg=audit(1672592456.012:1144): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f3d1ad0 a1=7ffc20aeaef0 a2=5 a3=180 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592456.012:1144): cwd="/home/newuser"
-type=PATH msg=audit(1672592456.012:1144): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592456.012:1144): item=1 name="/etc/.sudoers.tmp.swx" inode=4836612 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592456.012:1144): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592456.013:1145): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f6debc0 a1=7ffc20aeaef0 a2=5 a3=180 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592456.013:1145): cwd="/home/newuser"
-type=PATH msg=audit(1672592456.013:1145): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592456.013:1145): item=1 name="/etc/.sudoers.tmp.swp" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592456.013:1145): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592456.013:1146): arch=c000003e syscall=90 success=yes exit=0 a0=55df9f6debc0 a1=180 a2=55df9f6a2b30 a3=55df9f3cdd00 items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592456.013:1146): cwd="/home/newuser"
-type=PATH msg=audit(1672592456.013:1146): item=0 name="/etc/.sudoers.tmp.swp" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592456.013:1146): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.002:1147): arch=c000003e syscall=93 success=yes exit=0 a0=3 a1=0 a2=0 a3=81c0 items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.002:1147): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.002:1147): item=0 name=(null) inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.002:1147): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.003:1148): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f3c3690 a1=0 a2=0 a3=0 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.003:1148): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.003:1148): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.003:1148): item=1 name="/etc/4913" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.003:1148): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.003:1149): arch=c000003e syscall=87 success=no exit=-2 a0=55df9f6c1960 a1=55df9f6c1960 a2=fffffffffffffea0 a3=0 items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.003:1149): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.003:1149): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.003:1149): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.003:1150): arch=c000003e syscall=82 success=yes exit=0 a0=55df9f3d9550 a1=55df9f6c1960 a2=fffffffffffffea0 a3=0 items=4 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.003:1150): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.003:1150): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.003:1150): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.003:1150): item=2 name="/etc/sudoers.tmp" inode=4194437 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.003:1150): item=3 name="/etc/sudoers.tmp~" inode=4194437 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.003:1150): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.010:1151): arch=c000003e syscall=188 success=yes exit=0 a0=55df9f3d9550 a1=55df9f3f9b00 a2=55df9f6c1860 a3=1f items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=setxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.010:1151): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.010:1151): item=0 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.010:1151): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.010:1152): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=81c0 a2=7ffc20aea990 a3=0 items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=fchmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.010:1152): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.010:1152): item=0 name=(null) inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.010:1152): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.010:1153): arch=c000003e syscall=188 success=yes exit=0 a0=55df9f3d9550 a1=7fbce5a11000 a2=55df9f6c1860 a3=1c items=1 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=setxattr AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.010:1153): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.010:1153): item=0 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.010:1153): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.010:1154): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f6c1960 a1=382d6674 a2=55df8762539d a3=0 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.010:1154): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.010:1154): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.010:1154): item=1 name="/etc/sudoers.tmp~" inode=4194437 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.010:1154): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.010:1155): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f3f9b40 a1=55df9f3f9b40 a2=7ffc20ae9db0 a3=0 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.010:1155): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.010:1155): item=0 name="/root/" inode=12583041 dev=fd:02 mode=040550 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:admin_home_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.010:1155): item=1 name="/root/.viminfo" inode=12587358 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:admin_home_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.010:1155): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.011:1156): arch=c000003e syscall=82 success=yes exit=0 a0=55df9f3f9ae0 a1=55df9f3f9b40 a2=7ffc20ae9db0 a3=0 items=4 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.011:1156): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.011:1156): item=0 name="/root/" inode=12583041 dev=fd:02 mode=040550 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:admin_home_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.011:1156): item=1 name="/root/" inode=12583041 dev=fd:02 mode=040550 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:admin_home_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.011:1156): item=2 name="/root/.viminfo.tmp" inode=12647010 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:admin_home_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.011:1156): item=3 name="/root/.viminfo" inode=12647010 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:admin_home_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.011:1156): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.011:1157): arch=c000003e syscall=87 success=yes exit=0 a0=55df9f3d1ad0 a1=0 a2=0 a3=0 items=2 ppid=7707 pid=7708 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=unlink AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.011:1157): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.011:1157): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.011:1157): item=1 name="/etc/.sudoers.tmp.swp" inode=4836611 dev=fd:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.011:1157): proctitle=2F7573722F62696E2F76696D002D2D002F6574632F7375646F6572732E746D70
-type=SYSCALL msg=audit(1672592460.012:1158): arch=c000003e syscall=92 success=yes exit=0 a0=559a3bbc9f20 a1=0 a2=0 a3=fff7ffffffffbff8 items=1 ppid=7706 pid=7707 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="visudo" exe="/usr/sbin/visudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.012:1158): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.012:1158): item=0 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.012:1158): proctitle="visudo"
-type=SYSCALL msg=audit(1672592460.012:1159): arch=c000003e syscall=90 success=yes exit=0 a0=559a3bbc9f20 a1=120 a2=0 a3=fff7ffffffffbff8 items=1 ppid=7706 pid=7707 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="visudo" exe="/usr/sbin/visudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chmod AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.012:1159): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.012:1159): item=0 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.012:1159): proctitle="visudo"
-type=SYSCALL msg=audit(1672592460.012:1160): arch=c000003e syscall=82 success=yes exit=0 a0=559a3bbc9f20 a1=559a3bbc3010 a2=0 a3=fff7ffffffffbff8 items=5 ppid=7706 pid=7707 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=11 comm="visudo" exe="/usr/sbin/visudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"ARCH=x86_64 SYSCALL=rename AUID="newuser" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=CWD msg=audit(1672592460.012:1160): cwd="/home/newuser"
-type=PATH msg=audit(1672592460.012:1160): item=0 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.012:1160): item=1 name="/etc/" inode=4194433 dev=fd:02 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.012:1160): item=2 name="/etc/sudoers.tmp" inode=4836612 dev=fd:02 mode=0100440 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.012:1160): item=3 name="/etc/sudoers" inode=4511443 dev=fd:02 mode=0100440 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592460.012:1160): item=4 name="/etc/sudoers" inode=4836612 dev=fd:02 mode=0100440 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:etc_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592460.012:1160): proctitle="visudo"
-type=USER_END msg=audit(1672592460.014:1161): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592460.015:1162): pid=7704 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592464.763:1163): arch=c000003e syscall=59 success=yes exit=0 a0=55c288558b50 a1=55c288558880 a2=55c28855efc0 a3=55c28851e010 items=2 ppid=7576 pid=7725 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="systemd-run" exe="/usr/bin/systemd-run" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="maybe-escalation"ARCH=x86_64 SYSCALL=execve AUID="newuser" UID="newuser" GID="newuser" EUID="newuser" SUID="newuser" FSUID="newuser" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=EXECVE msg=audit(1672592464.763:1163): argc=4 a0="systemd-run" a1="--on-active=5" a2="echo" a3=4175646974206D65
-type=CWD msg=audit(1672592464.763:1163): cwd="/home/newuser"
-type=PATH msg=audit(1672592464.763:1163): item=0 name="/usr/bin/systemd-run" inode=8936561 dev=fd:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PATH msg=audit(1672592464.763:1163): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=8617394 dev=fd:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1672592464.763:1163): proctitle=73797374656D642D72756E002D2D6F6E2D6163746976653D35006563686F004175646974206D65
-type=USER_AUTH msg=audit(1672592466.207:1164): pid=7741 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="newuser" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_ACCT msg=audit(1672592466.208:1165): pid=7741 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=testhost addr=? terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SERVICE_STOP msg=audit(1672592467.071:1166): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=BPF msg=audit(1672592467.079:1167): prog-id=99 op=UNLOAD
-type=USER_ACCT msg=audit(1672592469.735:1168): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="newuser" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_CMD msg=audit(1672592469.737:1169): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/newuser" cmd=6C73202F726F6F74 exe="/usr/bin/sudo" terminal=pts/2 res=success'UID="newuser" AUID="newuser"
-type=SYSCALL msg=audit(1672592469.738:1170): arch=c000003e syscall=92 success=yes exit=0 a0=7ffdc8f31c30 a1=0 a2=5 a3=0 items=1 ppid=7576 pid=7752 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=11 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"ARCH=x86_64 SYSCALL=chown AUID="newuser" UID="newuser" GID="newuser" EUID="root" SUID="root" FSUID="root" EGID="newuser" SGID="newuser" FSGID="newuser"
-type=CWD msg=audit(1672592469.738:1170): cwd="/home/newuser"
-type=PATH msg=audit(1672592469.738:1170): item=0 name="/dev/pts/3" inode=6 dev=00:19 mode=020620 ouid=0 ogid=5 rdev=88:03 obj=unconfined_u:object_r:user_devpts_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="tty"
-type=PROCTITLE msg=audit(1672592469.738:1170): proctitle=7375646F006C73002F726F6F74
-type=CRED_REFR msg=audit(1672592469.739:1171): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_START msg=audit(1672592469.742:1172): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=USER_END msg=audit(1672592469.750:1173): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=CRED_DISP msg=audit(1672592469.750:1174): pid=7752 uid=1000 auid=1000 ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=testhost addr=? terminal=/dev/pts/2 res=success'UID="newuser" AUID="newuser"
-type=DAEMON_END msg=audit(1672592478.259:9626): op=terminate auid=0 uid=0 ses=6 pid=7765 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=successAUID="root" UID="root"

From a9987bb80cc33599dcdfd548755ed8cf8282abda Mon Sep 17 00:00:00 2001
From: Cropi <alakatos@redhat.com>
Date: Tue, 17 Jun 2025 13:23:47 +0200
Subject: [PATCH 6/7] Enable test suite for all currently available distros

---
 .github/workflows/ci.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cc4735c01..76ec28530 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -60,6 +60,4 @@ jobs:
           make -j$(nproc)
 
       - name: Run tests
-        # Temporarily disable for Ubuntu
-        if: matrix.container != 'ubuntu:latest'
         run: make check

From c7063c3b04b579f24d1a07db6f1d3413f49faa42 Mon Sep 17 00:00:00 2001
From: Cropi <alakatos@redhat.com>
Date: Tue, 17 Jun 2025 13:43:43 +0200
Subject: [PATCH 7/7] auparse_test.py: Disable interpretation in RAW audit logs

---
 auparse/test/auparse_test.py     |   20 +-
 auparse/test/auparse_test.ref.py | 2028 +++++++++++++++---------------
 2 files changed, 1027 insertions(+), 1021 deletions(-)

diff --git a/auparse/test/auparse_test.py b/auparse/test/auparse_test.py
index 11200d76d..e863a1739 100755
--- a/auparse/test/auparse_test.py
+++ b/auparse/test/auparse_test.py
@@ -26,7 +26,7 @@ def none_to_null(s):
 walked_fields = 0
 FIELDS_EXPECTED = 403
 
-def walk_test(au):
+def walk_test(au, interpret=False):
     global walked_fields
     event_cnt = 1
 
@@ -53,7 +53,10 @@ def walk_test(au):
             print("    event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
             au.first_field()
             while True:
-                print("        %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
+                if interpret:
+                    print("        %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
+                else:
+                    print("        %s=%s" % (au.get_field_name(), au.get_field_str()))
                 walked_fields += 1
                 if not au.next_field(): break
             print("")
@@ -123,7 +126,7 @@ def compound_search(au, how):
     else:
         print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
 
-def feed_callback(au, cb_event_type, event_cnt):
+def feed_callback(au, cb_event_type, event_cnt, interpret=False):
     if cb_event_type == auparse.AUPARSE_CB_EVENT_READY:
         if not au.first_record():
             print("Error getting first record")
@@ -146,7 +149,10 @@ def feed_callback(au, cb_event_type, event_cnt):
             print("    event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
             au.first_field()
             while True:
-                print("        %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
+                if interpret:
+                    print("        %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
+                else:
+                    print("        %s=%s" % (au.get_field_name(), au.get_field_str()))
                 if not au.next_field(): break
             print("")
             record_cnt += 1
@@ -166,7 +172,7 @@ def feed_callback(au, cb_event_type, event_cnt):
 
 # Reset, now lets go to beginning and walk the list manually */
 print("Starting Test 2, walk events, records, and fields...")
-walk_test(au)
+walk_test(au, interpret=True)
 print("Test 2 Done\n")
 
 # Reset, now lets go to beginning and walk the list manually */
@@ -234,7 +240,7 @@ def feed_callback(au, cb_event_type, event_cnt):
 print("Starting Test 9, buffer feed...")
 au = auparse.AuParser(auparse.AUSOURCE_FEED);
 event_cnt = 1
-au.add_callback(feed_callback, [event_cnt])
+au.add_callback(lambda au, cb_event_type, event_cnt: feed_callback(au, cb_event_type, event_cnt, interpret=False), [event_cnt])
 chunk_len = 3
 for s in buf:
     s_len = len(s)
@@ -251,7 +257,7 @@ def feed_callback(au, cb_event_type, event_cnt):
 print("Starting Test 10, file feed...")
 au = auparse.AuParser(auparse.AUSOURCE_FEED);
 event_cnt = 1
-au.add_callback(feed_callback, [event_cnt])
+au.add_callback(lambda au, cb_event_type, event_cnt: feed_callback(au, cb_event_type, event_cnt, interpret=False), [event_cnt])
 f = open(srcdir + "/test.log");
 while True:
     data = f.read(4)
diff --git a/auparse/test/auparse_test.ref.py b/auparse/test/auparse_test.ref.py
index 83dc47ad9..bb1b4b6dc 100644
--- a/auparse/test/auparse_test.ref.py
+++ b/auparse/test/auparse_test.ref.py
@@ -77,199 +77,199 @@
     record 1 of type 1400(AVC) has 11 fields
     line=1 file=test.log
     event time: 1170021493.977:293, host=(null)
-        type=AVC (AVC)
-        seresult=denied (denied)
-        seperms=read,write (read,write)
-        pid=13010 (13010)
-        comm="pickup" (pickup)
-        name="maildrop" (maildrop)
-        dev=hda7 (hda7)
-        ino=14911367 (14911367)
-        scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
-        tclass=dir (dir)
+        type=AVC
+        seresult=denied
+        seperms=read,write
+        pid=13010
+        comm="pickup"
+        name="maildrop"
+        dev=hda7
+        ino=14911367
+        scontext=system_u:system_r:postfix_pickup_t:s0
+        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0
+        tclass=dir
 
     record 2 of type 1300(SYSCALL) has 26 fields
     line=2 file=test.log
     event time: 1170021493.977:293, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=2 (open)
-        success=no (no)
-        exit=-13 (EACCES(Permission denied))
-        a0=5555665d91b0 (0x5555665d91b0)
-        a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
-        a2=5555665d91b8 (0x5555665d91b8)
-        a3=0 (0x0)
-        items=1 (1)
-        ppid=2013 (2013)
-        pid=13010 (13010)
-        auid=4294967295 (unset)
-        uid=890 (unknown(890))
-        gid=890 (unknown(890))
-        euid=890 (unknown(890))
-        suid=890 (unknown(890))
-        fsuid=890 (unknown(890))
-        egid=890 (unknown(890))
-        sgid=890 (unknown(890))
-        fsgid=890 (unknown(890))
-        tty=(none) ((none))
-        comm="pickup" (pickup)
-        exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
-        subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=2
+        success=no
+        exit=-13
+        a0=5555665d91b0
+        a1=10800
+        a2=5555665d91b8
+        a3=0
+        items=1
+        ppid=2013
+        pid=13010
+        auid=4294967295
+        uid=890
+        gid=890
+        euid=890
+        suid=890
+        fsuid=890
+        egid=890
+        sgid=890
+        fsgid=890
+        tty=(none)
+        comm="pickup"
+        exe="/usr/libexec/postfix/pickup"
+        subj=system_u:system_r:postfix_pickup_t:s0
+        key=(null)
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=test.log
     event time: 1170021493.977:293, host=(null)
-        type=CWD (CWD)
-        cwd="/var/spool/postfix" (/var/spool/postfix)
+        type=CWD
+        cwd="/var/spool/postfix"
 
     record 4 of type 1302(PATH) has 10 fields
     line=4 file=test.log
     event time: 1170021493.977:293, host=(null)
-        type=PATH (PATH)
-        item=0 (0)
-        name="maildrop" (maildrop)
-        inode=14911367 (14911367)
-        dev=03:07 (03:07)
-        mode=040730 (dir,730)
-        ouid=890 (unknown(890))
-        ogid=891 (unknown(891))
-        rdev=00:00 (00:00)
-        obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
+        type=PATH
+        item=0
+        name="maildrop"
+        inode=14911367
+        dev=03:07
+        mode=040730
+        ouid=890
+        ogid=891
+        rdev=00:00
+        obj=system_u:object_r:postfix_spool_maildrop_t:s0
 
 event 2 has 1 records
     record 1 of type 1101(USER_ACCT) has 11 fields
     line=5 file=test.log
     event time: 1170021601.340:294, host=(null)
-        type=USER_ACCT (USER_ACCT)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_ACCT
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 3 has 1 records
     record 1 of type 1103(CRED_ACQ) has 11 fields
     line=6 file=test.log
     event time: 1170021601.342:295, host=(null)
-        type=CRED_ACQ (CRED_ACQ)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_ACQ
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 4 has 3 records
     record 1 of type 1006(LOGIN) has 10 fields
     line=7 file=test.log
     event time: 1170021601.343:296, host=(null)
-        type=LOGIN (LOGIN)
-        pid=2288 (2288)
-        uid=0 (root)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        old-auid=4294967295 (unset)
-        auid=42 (gdm)
-        tty=(none) ((none))
-        old-ses=4294967295 (4294967295)
-        ses=1 (1)
-        res=1 (yes)
+        type=LOGIN
+        pid=2288
+        uid=0
+        subj=system_u:system_r:init_t:s0
+        old-auid=4294967295
+        auid=42
+        tty=(none)
+        old-ses=4294967295
+        ses=1
+        res=1
 
     record 2 of type 1300(SYSCALL) has 27 fields
     line=8 file=test.log
     event time: 1170021601.343:296, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=1 (write)
-        success=yes (yes)
-        exit=2 (2)
-        a0=8 (0x8)
-        a1=7fffa7aede20 (0x7fffa7aede20)
-        a2=2 (0x2)
-        a3=0 (0x0)
-        items=0 (0)
-        ppid=1 (1)
-        pid=2288 (2288)
-        auid=42 (gdm)
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=(none) ((none))
-        ses=1 (1)
-        comm="(systemd)" ((systemd))
-        exe="/usr/lib/systemd/systemd" (/usr/lib/systemd/systemd)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=1
+        success=yes
+        exit=2
+        a0=8
+        a1=7fffa7aede20
+        a2=2
+        a3=0
+        items=0
+        ppid=1
+        pid=2288
+        auid=42
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=(none)
+        ses=1
+        comm="(systemd)"
+        exe="/usr/lib/systemd/systemd"
+        subj=system_u:system_r:init_t:s0
+        key=(null)
 
     record 3 of type 1327(PROCTITLE) has 2 fields
     line=9 file=test.log
     event time: 1170021601.343:296, host=(null)
-        type=PROCTITLE (PROCTITLE)
-        proctitle="(systemd)" ((systemd))
+        type=PROCTITLE
+        proctitle="(systemd)"
 
 event 5 has 1 records
     record 1 of type 1105(USER_START) has 11 fields
     line=10 file=test.log
     event time: 1170021601.344:297, host=(null)
-        type=USER_START (USER_START)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_START
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 6 has 1 records
     record 1 of type 1104(CRED_DISP) has 11 fields
     line=11 file=test.log
     event time: 1170021601.364:298, host=(null)
-        type=CRED_DISP (CRED_DISP)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_DISP
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 7 has 1 records
     record 1 of type 1106(USER_END) has 11 fields
     line=12 file=test.log
     event time: 1170021601.366:299, host=(null)
-        type=USER_END (USER_END)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_END
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 Test 4 Done
 
@@ -278,397 +278,397 @@
     record 1 of type 1400(AVC) has 11 fields
     line=1 file=test2.log
     event time: 1170021493.977:283, host=(null)
-        type=AVC (AVC)
-        seresult=denied (denied)
-        seperms=read (read)
-        pid=13010 (13010)
-        comm="pickup" (pickup)
-        name="maildrop" (maildrop)
-        dev=hda7 (hda7)
-        ino=14911367 (14911367)
-        scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
-        tclass=dir (dir)
+        type=AVC
+        seresult=denied
+        seperms=read
+        pid=13010
+        comm="pickup"
+        name="maildrop"
+        dev=hda7
+        ino=14911367
+        scontext=system_u:system_r:postfix_pickup_t:s0
+        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0
+        tclass=dir
 
     record 2 of type 1300(SYSCALL) has 26 fields
     line=2 file=test2.log
     event time: 1170021493.977:283, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=2 (open)
-        success=no (no)
-        exit=-13 (EACCES(Permission denied))
-        a0=5555665d91b0 (0x5555665d91b0)
-        a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
-        a2=5555665d91b8 (0x5555665d91b8)
-        a3=0 (0x0)
-        items=1 (1)
-        ppid=2013 (2013)
-        pid=13010 (13010)
-        auid=4294967295 (unset)
-        uid=890 (unknown(890))
-        gid=890 (unknown(890))
-        euid=890 (unknown(890))
-        suid=890 (unknown(890))
-        fsuid=890 (unknown(890))
-        egid=890 (unknown(890))
-        sgid=890 (unknown(890))
-        fsgid=890 (unknown(890))
-        tty=(none) ((none))
-        comm="pickup" (pickup)
-        exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
-        subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=2
+        success=no
+        exit=-13
+        a0=5555665d91b0
+        a1=10800
+        a2=5555665d91b8
+        a3=0
+        items=1
+        ppid=2013
+        pid=13010
+        auid=4294967295
+        uid=890
+        gid=890
+        euid=890
+        suid=890
+        fsuid=890
+        egid=890
+        sgid=890
+        fsgid=890
+        tty=(none)
+        comm="pickup"
+        exe="/usr/libexec/postfix/pickup"
+        subj=system_u:system_r:postfix_pickup_t:s0
+        key=(null)
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=test2.log
     event time: 1170021493.977:283, host=(null)
-        type=CWD (CWD)
-        cwd="/var/spool/postfix" (/var/spool/postfix)
+        type=CWD
+        cwd="/var/spool/postfix"
 
     record 4 of type 1302(PATH) has 10 fields
     line=4 file=test2.log
     event time: 1170021493.977:283, host=(null)
-        type=PATH (PATH)
-        item=0 (0)
-        name="maildrop" (maildrop)
-        inode=14911367 (14911367)
-        dev=03:07 (03:07)
-        mode=040730 (dir,730)
-        ouid=890 (unknown(890))
-        ogid=891 (unknown(891))
-        rdev=00:00 (00:00)
-        obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
+        type=PATH
+        item=0
+        name="maildrop"
+        inode=14911367
+        dev=03:07
+        mode=040730
+        ouid=890
+        ogid=891
+        rdev=00:00
+        obj=system_u:object_r:postfix_spool_maildrop_t:s0
 
 event 2 has 1 records
     record 1 of type 1101(USER_ACCT) has 11 fields
     line=5 file=test2.log
     event time: 1170021601.340:284, host=(null)
-        type=USER_ACCT (USER_ACCT)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_ACCT
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 3 has 1 records
     record 1 of type 1103(CRED_ACQ) has 11 fields
     line=6 file=test2.log
     event time: 1170021601.342:285, host=(null)
-        type=CRED_ACQ (CRED_ACQ)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_ACQ
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 4 has 3 records
     record 1 of type 1006(LOGIN) has 10 fields
     line=7 file=test2.log
     event time: 1170021601.343:286, host=(null)
-        type=LOGIN (LOGIN)
-        pid=2288 (2288)
-        uid=0 (root)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        old-auid=4294967295 (unset)
-        auid=42 (gdm)
-        tty=(none) ((none))
-        old-ses=4294967295 (4294967295)
-        ses=1 (1)
-        res=1 (yes)
+        type=LOGIN
+        pid=2288
+        uid=0
+        subj=system_u:system_r:init_t:s0
+        old-auid=4294967295
+        auid=42
+        tty=(none)
+        old-ses=4294967295
+        ses=1
+        res=1
 
     record 2 of type 1300(SYSCALL) has 27 fields
     line=8 file=test2.log
     event time: 1170021601.343:286, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=1 (write)
-        success=yes (yes)
-        exit=2 (2)
-        a0=8 (0x8)
-        a1=7fffa7aede20 (0x7fffa7aede20)
-        a2=2 (0x2)
-        a3=0 (0x0)
-        items=0 (0)
-        ppid=1 (1)
-        pid=2288 (2288)
-        auid=42 (gdm)
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=(none) ((none))
-        ses=1 (1)
-        comm="(systemd)" ((systemd))
-        exe="/usr/lib/systemd/systemd" (/usr/lib/systemd/systemd)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=1
+        success=yes
+        exit=2
+        a0=8
+        a1=7fffa7aede20
+        a2=2
+        a3=0
+        items=0
+        ppid=1
+        pid=2288
+        auid=42
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=(none)
+        ses=1
+        comm="(systemd)"
+        exe="/usr/lib/systemd/systemd"
+        subj=system_u:system_r:init_t:s0
+        key=(null)
 
     record 3 of type 1327(PROCTITLE) has 2 fields
     line=9 file=test2.log
     event time: 1170021601.343:286, host=(null)
-        type=PROCTITLE (PROCTITLE)
-        proctitle="(systemd)" ((systemd))
+        type=PROCTITLE
+        proctitle="(systemd)"
 
 event 5 has 1 records
     record 1 of type 1105(USER_START) has 11 fields
     line=10 file=test2.log
     event time: 1170021601.344:287, host=(null)
-        type=USER_START (USER_START)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_START
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 6 has 1 records
     record 1 of type 1104(CRED_DISP) has 11 fields
     line=11 file=test2.log
     event time: 1170021601.364:288, host=(null)
-        type=CRED_DISP (CRED_DISP)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_DISP
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 7 has 1 records
     record 1 of type 1106(USER_END) has 11 fields
     line=12 file=test2.log
     event time: 1170021601.366:289, host=(null)
-        type=USER_END (USER_END)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_END
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 8 has 4 records
     record 1 of type 1400(AVC) has 11 fields
     line=1 file=test.log
     event time: 1170021493.977:293, host=(null)
-        type=AVC (AVC)
-        seresult=denied (denied)
-        seperms=read,write (read,write)
-        pid=13010 (13010)
-        comm="pickup" (pickup)
-        name="maildrop" (maildrop)
-        dev=hda7 (hda7)
-        ino=14911367 (14911367)
-        scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
-        tclass=dir (dir)
+        type=AVC
+        seresult=denied
+        seperms=read,write
+        pid=13010
+        comm="pickup"
+        name="maildrop"
+        dev=hda7
+        ino=14911367
+        scontext=system_u:system_r:postfix_pickup_t:s0
+        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0
+        tclass=dir
 
     record 2 of type 1300(SYSCALL) has 26 fields
     line=2 file=test.log
     event time: 1170021493.977:293, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=2 (open)
-        success=no (no)
-        exit=-13 (EACCES(Permission denied))
-        a0=5555665d91b0 (0x5555665d91b0)
-        a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
-        a2=5555665d91b8 (0x5555665d91b8)
-        a3=0 (0x0)
-        items=1 (1)
-        ppid=2013 (2013)
-        pid=13010 (13010)
-        auid=4294967295 (unset)
-        uid=890 (unknown(890))
-        gid=890 (unknown(890))
-        euid=890 (unknown(890))
-        suid=890 (unknown(890))
-        fsuid=890 (unknown(890))
-        egid=890 (unknown(890))
-        sgid=890 (unknown(890))
-        fsgid=890 (unknown(890))
-        tty=(none) ((none))
-        comm="pickup" (pickup)
-        exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
-        subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=2
+        success=no
+        exit=-13
+        a0=5555665d91b0
+        a1=10800
+        a2=5555665d91b8
+        a3=0
+        items=1
+        ppid=2013
+        pid=13010
+        auid=4294967295
+        uid=890
+        gid=890
+        euid=890
+        suid=890
+        fsuid=890
+        egid=890
+        sgid=890
+        fsgid=890
+        tty=(none)
+        comm="pickup"
+        exe="/usr/libexec/postfix/pickup"
+        subj=system_u:system_r:postfix_pickup_t:s0
+        key=(null)
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=test.log
     event time: 1170021493.977:293, host=(null)
-        type=CWD (CWD)
-        cwd="/var/spool/postfix" (/var/spool/postfix)
+        type=CWD
+        cwd="/var/spool/postfix"
 
     record 4 of type 1302(PATH) has 10 fields
     line=4 file=test.log
     event time: 1170021493.977:293, host=(null)
-        type=PATH (PATH)
-        item=0 (0)
-        name="maildrop" (maildrop)
-        inode=14911367 (14911367)
-        dev=03:07 (03:07)
-        mode=040730 (dir,730)
-        ouid=890 (unknown(890))
-        ogid=891 (unknown(891))
-        rdev=00:00 (00:00)
-        obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
+        type=PATH
+        item=0
+        name="maildrop"
+        inode=14911367
+        dev=03:07
+        mode=040730
+        ouid=890
+        ogid=891
+        rdev=00:00
+        obj=system_u:object_r:postfix_spool_maildrop_t:s0
 
 event 9 has 1 records
     record 1 of type 1101(USER_ACCT) has 11 fields
     line=5 file=test.log
     event time: 1170021601.340:294, host=(null)
-        type=USER_ACCT (USER_ACCT)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_ACCT
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 10 has 1 records
     record 1 of type 1103(CRED_ACQ) has 11 fields
     line=6 file=test.log
     event time: 1170021601.342:295, host=(null)
-        type=CRED_ACQ (CRED_ACQ)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_ACQ
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 11 has 3 records
     record 1 of type 1006(LOGIN) has 10 fields
     line=7 file=test.log
     event time: 1170021601.343:296, host=(null)
-        type=LOGIN (LOGIN)
-        pid=2288 (2288)
-        uid=0 (root)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        old-auid=4294967295 (unset)
-        auid=42 (gdm)
-        tty=(none) ((none))
-        old-ses=4294967295 (4294967295)
-        ses=1 (1)
-        res=1 (yes)
+        type=LOGIN
+        pid=2288
+        uid=0
+        subj=system_u:system_r:init_t:s0
+        old-auid=4294967295
+        auid=42
+        tty=(none)
+        old-ses=4294967295
+        ses=1
+        res=1
 
     record 2 of type 1300(SYSCALL) has 27 fields
     line=8 file=test.log
     event time: 1170021601.343:296, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=1 (write)
-        success=yes (yes)
-        exit=2 (2)
-        a0=8 (0x8)
-        a1=7fffa7aede20 (0x7fffa7aede20)
-        a2=2 (0x2)
-        a3=0 (0x0)
-        items=0 (0)
-        ppid=1 (1)
-        pid=2288 (2288)
-        auid=42 (gdm)
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=(none) ((none))
-        ses=1 (1)
-        comm="(systemd)" ((systemd))
-        exe="/usr/lib/systemd/systemd" (/usr/lib/systemd/systemd)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=1
+        success=yes
+        exit=2
+        a0=8
+        a1=7fffa7aede20
+        a2=2
+        a3=0
+        items=0
+        ppid=1
+        pid=2288
+        auid=42
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=(none)
+        ses=1
+        comm="(systemd)"
+        exe="/usr/lib/systemd/systemd"
+        subj=system_u:system_r:init_t:s0
+        key=(null)
 
     record 3 of type 1327(PROCTITLE) has 2 fields
     line=9 file=test.log
     event time: 1170021601.343:296, host=(null)
-        type=PROCTITLE (PROCTITLE)
-        proctitle="(systemd)" ((systemd))
+        type=PROCTITLE
+        proctitle="(systemd)"
 
 event 12 has 1 records
     record 1 of type 1105(USER_START) has 11 fields
     line=10 file=test.log
     event time: 1170021601.344:297, host=(null)
-        type=USER_START (USER_START)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_START
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 13 has 1 records
     record 1 of type 1104(CRED_DISP) has 11 fields
     line=11 file=test.log
     event time: 1170021601.364:298, host=(null)
-        type=CRED_DISP (CRED_DISP)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_DISP
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 14 has 1 records
     record 1 of type 1106(USER_END) has 11 fields
     line=12 file=test.log
     event time: 1170021601.366:299, host=(null)
-        type=USER_END (USER_END)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_END
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 Test 5 Done
 
@@ -704,55 +704,55 @@
     record 1 of type 1006(LOGIN) has 5 fields
     line=1 file=None
     event time: 1143146623.787:142, host=(null)
-        type=LOGIN (LOGIN)
-        pid=2027 (2027)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        auid=848 (unknown(848))
+        type=LOGIN
+        pid=2027
+        uid=0
+        auid=4294967295
+        auid=848
 
 event 2 has 1 records
     record 1 of type 1300(SYSCALL) has 24 fields
     line=2 file=None
     event time: 1143146623.875:143, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=188 (setxattr)
-        success=yes (yes)
-        exit=0 (0)
-        a0=7fffffa9a9f0 (0x7fffffa9a9f0)
-        a1=3958d11333 (0x3958d11333)
-        a2=5131f0 (0x5131f0)
-        a3=20 (0x20)
-        items=1 (1)
-        pid=2027 (2027)
-        auid=848 (unknown(848))
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=tty3 (tty3)
-        comm="login" (login)
-        exe="/bin/login" (/bin/login)
-        subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255)
+        type=SYSCALL
+        arch=c000003e
+        syscall=188
+        success=yes
+        exit=0
+        a0=7fffffa9a9f0
+        a1=3958d11333
+        a2=5131f0
+        a3=20
+        items=1
+        pid=2027
+        auid=848
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=tty3
+        comm="login"
+        exe="/bin/login"
+        subj=system_u:system_r:local_login_t:s0-s0:c0.c255
 
 event 3 has 1 records
     record 1 of type 1112(USER_LOGIN) has 10 fields
     line=3 file=None
     event time: 1143146623.879:146, host=(null)
-        type=USER_LOGIN (USER_LOGIN)
-        pid=2027 (2027)
-        uid=0 (root)
-        auid=848 (unknown(848))
-        uid=848 (unknown(848))
-        exe="/bin/login" (/bin/login)
-        hostname=? (?)
-        addr=? (?)
-        terminal=tty3 (tty3)
-        res=success (success)
+        type=USER_LOGIN
+        pid=2027
+        uid=0
+        auid=848
+        uid=848
+        exe="/bin/login"
+        hostname=?
+        addr=?
+        terminal=tty3
+        res=success
 
 Test 9 Done
 
@@ -761,199 +761,199 @@
     record 1 of type 1400(AVC) has 11 fields
     line=1 file=None
     event time: 1170021493.977:293, host=(null)
-        type=AVC (AVC)
-        seresult=denied (denied)
-        seperms=read,write (read,write)
-        pid=13010 (13010)
-        comm="pickup" (pickup)
-        name="maildrop" (maildrop)
-        dev=hda7 (hda7)
-        ino=14911367 (14911367)
-        scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
-        tclass=dir (dir)
+        type=AVC
+        seresult=denied
+        seperms=read,write
+        pid=13010
+        comm="pickup"
+        name="maildrop"
+        dev=hda7
+        ino=14911367
+        scontext=system_u:system_r:postfix_pickup_t:s0
+        tcontext=system_u:object_r:postfix_spool_maildrop_t:s0
+        tclass=dir
 
     record 2 of type 1300(SYSCALL) has 26 fields
     line=2 file=None
     event time: 1170021493.977:293, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=2 (open)
-        success=no (no)
-        exit=-13 (EACCES(Permission denied))
-        a0=5555665d91b0 (0x5555665d91b0)
-        a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
-        a2=5555665d91b8 (0x5555665d91b8)
-        a3=0 (0x0)
-        items=1 (1)
-        ppid=2013 (2013)
-        pid=13010 (13010)
-        auid=4294967295 (unset)
-        uid=890 (unknown(890))
-        gid=890 (unknown(890))
-        euid=890 (unknown(890))
-        suid=890 (unknown(890))
-        fsuid=890 (unknown(890))
-        egid=890 (unknown(890))
-        sgid=890 (unknown(890))
-        fsgid=890 (unknown(890))
-        tty=(none) ((none))
-        comm="pickup" (pickup)
-        exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
-        subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=2
+        success=no
+        exit=-13
+        a0=5555665d91b0
+        a1=10800
+        a2=5555665d91b8
+        a3=0
+        items=1
+        ppid=2013
+        pid=13010
+        auid=4294967295
+        uid=890
+        gid=890
+        euid=890
+        suid=890
+        fsuid=890
+        egid=890
+        sgid=890
+        fsgid=890
+        tty=(none)
+        comm="pickup"
+        exe="/usr/libexec/postfix/pickup"
+        subj=system_u:system_r:postfix_pickup_t:s0
+        key=(null)
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=None
     event time: 1170021493.977:293, host=(null)
-        type=CWD (CWD)
-        cwd="/var/spool/postfix" (/var/spool/postfix)
+        type=CWD
+        cwd="/var/spool/postfix"
 
     record 4 of type 1302(PATH) has 10 fields
     line=4 file=None
     event time: 1170021493.977:293, host=(null)
-        type=PATH (PATH)
-        item=0 (0)
-        name="maildrop" (maildrop)
-        inode=14911367 (14911367)
-        dev=03:07 (03:07)
-        mode=040730 (dir,730)
-        ouid=890 (unknown(890))
-        ogid=891 (unknown(891))
-        rdev=00:00 (00:00)
-        obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
+        type=PATH
+        item=0
+        name="maildrop"
+        inode=14911367
+        dev=03:07
+        mode=040730
+        ouid=890
+        ogid=891
+        rdev=00:00
+        obj=system_u:object_r:postfix_spool_maildrop_t:s0
 
 event 2 has 1 records
     record 1 of type 1101(USER_ACCT) has 11 fields
     line=5 file=None
     event time: 1170021601.340:294, host=(null)
-        type=USER_ACCT (USER_ACCT)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_ACCT
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 3 has 1 records
     record 1 of type 1103(CRED_ACQ) has 11 fields
     line=6 file=None
     event time: 1170021601.342:295, host=(null)
-        type=CRED_ACQ (CRED_ACQ)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=4294967295 (unset)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_ACQ
+        pid=13015
+        uid=0
+        auid=4294967295
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 4 has 3 records
     record 1 of type 1006(LOGIN) has 10 fields
     line=7 file=None
     event time: 1170021601.343:296, host=(null)
-        type=LOGIN (LOGIN)
-        pid=2288 (2288)
-        uid=0 (root)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        old-auid=4294967295 (unset)
-        auid=42 (gdm)
-        tty=(none) ((none))
-        old-ses=4294967295 (4294967295)
-        ses=1 (1)
-        res=1 (yes)
+        type=LOGIN
+        pid=2288
+        uid=0
+        subj=system_u:system_r:init_t:s0
+        old-auid=4294967295
+        auid=42
+        tty=(none)
+        old-ses=4294967295
+        ses=1
+        res=1
 
     record 2 of type 1300(SYSCALL) has 27 fields
     line=8 file=None
     event time: 1170021601.343:296, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=1 (write)
-        success=yes (yes)
-        exit=2 (2)
-        a0=8 (0x8)
-        a1=7fffa7aede20 (0x7fffa7aede20)
-        a2=2 (0x2)
-        a3=0 (0x0)
-        items=0 (0)
-        ppid=1 (1)
-        pid=2288 (2288)
-        auid=42 (gdm)
-        uid=0 (root)
-        gid=0 (root)
-        euid=0 (root)
-        suid=0 (root)
-        fsuid=0 (root)
-        egid=0 (root)
-        sgid=0 (root)
-        fsgid=0 (root)
-        tty=(none) ((none))
-        ses=1 (1)
-        comm="(systemd)" ((systemd))
-        exe="/usr/lib/systemd/systemd" (/usr/lib/systemd/systemd)
-        subj=system_u:system_r:init_t:s0 (system_u:system_r:init_t:s0)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=1
+        success=yes
+        exit=2
+        a0=8
+        a1=7fffa7aede20
+        a2=2
+        a3=0
+        items=0
+        ppid=1
+        pid=2288
+        auid=42
+        uid=0
+        gid=0
+        euid=0
+        suid=0
+        fsuid=0
+        egid=0
+        sgid=0
+        fsgid=0
+        tty=(none)
+        ses=1
+        comm="(systemd)"
+        exe="/usr/lib/systemd/systemd"
+        subj=system_u:system_r:init_t:s0
+        key=(null)
 
     record 3 of type 1327(PROCTITLE) has 2 fields
     line=9 file=None
     event time: 1170021601.343:296, host=(null)
-        type=PROCTITLE (PROCTITLE)
-        proctitle="(systemd)" ((systemd))
+        type=PROCTITLE
+        proctitle="(systemd)"
 
 event 5 has 1 records
     record 1 of type 1105(USER_START) has 11 fields
     line=10 file=None
     event time: 1170021601.344:297, host=(null)
-        type=USER_START (USER_START)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_START
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 6 has 1 records
     record 1 of type 1104(CRED_DISP) has 11 fields
     line=11 file=None
     event time: 1170021601.364:298, host=(null)
-        type=CRED_DISP (CRED_DISP)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=CRED_DISP
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 event 7 has 1 records
     record 1 of type 1106(USER_END) has 11 fields
     line=12 file=None
     event time: 1170021601.366:299, host=(null)
-        type=USER_END (USER_END)
-        pid=13015 (13015)
-        uid=0 (root)
-        auid=0 (root)
-        subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
-        acct=root (root)
-        exe="/usr/sbin/crond" (/usr/sbin/crond)
-        hostname=? (?)
-        addr=? (?)
-        terminal=cron (cron)
-        res=success (success)
+        type=USER_END
+        pid=13015
+        uid=0
+        auid=0
+        subj=system_u:system_r:crond_t:s0-s0:c0.c1023
+        acct=root
+        exe="/usr/sbin/crond"
+        hostname=?
+        addr=?
+        terminal=cron
+        res=success
 
 Test 10 Done
 
@@ -962,458 +962,458 @@
     record 1 of type 1300(SYSCALL) has 26 fields
     line=1 file=test4.log
     event time: 1655465398.534:25618, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=59 (execve)
-        success=yes (yes)
-        exit=0 (0)
-        a0=8c403a0 (0x8c403a0)
-        a1=8c3e8b0 (0x8c3e8b0)
-        a2=fffffb6cc5b0 (0xfffffb6cc5b0)
-        a3=0 (0x0)
-        items=3 (3)
-        ppid=105182 (105182)
-        pid=105183 (105183)
-        auid=573 (unknown(573))
-        uid=583 (unknown(583))
-        gid=583 (unknown(583))
-        euid=583 (unknown(583))
-        suid=583 (unknown(583))
-        fsuid=583 (unknown(583))
-        egid=583 (unknown(583))
-        sgid=583 (unknown(583))
-        fsgid=583 (unknown(583))
-        tty=pts2 (pts2)
-        ses=2632 (2632)
-        comm="ld" (ld)
-        exe="/bin/sh4" (/bin/sh4)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=59
+        success=yes
+        exit=0
+        a0=8c403a0
+        a1=8c3e8b0
+        a2=fffffb6cc5b0
+        a3=0
+        items=3
+        ppid=105182
+        pid=105183
+        auid=573
+        uid=583
+        gid=583
+        euid=583
+        suid=583
+        fsuid=583
+        egid=583
+        sgid=583
+        fsgid=583
+        tty=pts2
+        ses=2632
+        comm="ld"
+        exe="/bin/sh4"
+        key=(null)
 
     record 2 of type 1309(EXECVE) has 50 fields
     line=2 file=test4.log
     event time: 1655465398.534:25618, host=(null)
-        type=EXECVE (EXECVE)
-        argc=48 (48)
-        a0="/bin/sh" (/bin/sh)
-        a1="-efu" (-efu)
-        a2="/usr/bin/ld" (/usr/bin/ld)
-        a3="-plugin" (-plugin)
-        a4="/usr/libexec/gcc/aarch64-alt-linux/8/liblto_plugin.so" (/usr/libexec/gcc/aarch64-alt-linux/8/liblto_plugin.so)
-        a5="-plugin-opt=/usr/libexec/gcc/aarch64-alt-linux/8/lto-wrapper" (-plugin-opt=/usr/libexec/gcc/aarch64-alt-linux/8/lto-wrapper)
-        a6="-plugin-opt=-fresolution=/usr/src/tmp/cchyHiZN.res" (-plugin-opt=-fresolution=/usr/src/tmp/cchyHiZN.res)
-        a7="-plugin-opt=-pass-through=-lgcc" (-plugin-opt=-pass-through=-lgcc)
-        a8="-plugin-opt=-pass-through=-lgcc_s" (-plugin-opt=-pass-through=-lgcc_s)
-        a9="-plugin-opt=-pass-through=-lc" (-plugin-opt=-pass-through=-lc)
-        a10="-plugin-opt=-pass-through=-lgcc" (-plugin-opt=-pass-through=-lgcc)
-        a11="-plugin-opt=-pass-through=-lgcc_s" (-plugin-opt=-pass-through=-lgcc_s)
-        a12="--build-id" (--build-id)
-        a13="--no-add-needed" (--no-add-needed)
-        a14="--eh-frame-hdr" (--eh-frame-hdr)
-        a15="--hash-style=gnu" (--hash-style=gnu)
-        a16="--as-needed" (--as-needed)
-        a17="-shared" (-shared)
-        a18="-X" (-X)
-        a19="-EL" (-EL)
-        a20="-maarch64linux" (-maarch64linux)
-        a21="-o" (-o)
-        a22="ztest105133.so" (ztest105133.so)
-        a23="/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crti.o" (/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crti.o)
-        a24="/usr/lib64/gcc/aarch64-alt-linux/8/crtbeginS.o" (/usr/lib64/gcc/aarch64-alt-linux/8/crtbeginS.o)
-        a25="-L/usr/lib64/gcc/aarch64-alt-linux/8" (-L/usr/lib64/gcc/aarch64-alt-linux/8)
-        a26="-L/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64" (-L/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64)
-        a27="-L/lib/../lib64" (-L/lib/../lib64)
-        a28="-L/usr/lib/../lib64" (-L/usr/lib/../lib64)
-        a29="-L/usr/lib64/gcc/aarch64-alt-linux/8/../../.." (-L/usr/lib64/gcc/aarch64-alt-linux/8/../../..)
-        a30="-soname" (-soname)
-        a31="libz.so.1" (libz.so.1)
-        a32="--version-script" (--version-script)
-        a33="zlib.map" (zlib.map)
-        a34="ztest105133.o" (ztest105133.o)
-        a35="-lgcc" (-lgcc)
-        a36="--push-state" (--push-state)
-        a37="--as-needed" (--as-needed)
-        a38="-lgcc_s" (-lgcc_s)
-        a39="--pop-state" (--pop-state)
-        a40="-lc" (-lc)
-        a41="-lgcc" (-lgcc)
-        a42="--push-state" (--push-state)
-        a43="--as-needed" (--as-needed)
-        a44="-lgcc_s" (-lgcc_s)
-        a45="--pop-state" (--pop-state)
-        a46="/usr/lib64/gcc/aarch64-alt-linux/8/crtendS.o" (/usr/lib64/gcc/aarch64-alt-linux/8/crtendS.o)
-        a47="/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crtn.o" (/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crtn.o)
+        type=EXECVE
+        argc=48
+        a0="/bin/sh"
+        a1="-efu"
+        a2="/usr/bin/ld"
+        a3="-plugin"
+        a4="/usr/libexec/gcc/aarch64-alt-linux/8/liblto_plugin.so"
+        a5="-plugin-opt=/usr/libexec/gcc/aarch64-alt-linux/8/lto-wrapper"
+        a6="-plugin-opt=-fresolution=/usr/src/tmp/cchyHiZN.res"
+        a7="-plugin-opt=-pass-through=-lgcc"
+        a8="-plugin-opt=-pass-through=-lgcc_s"
+        a9="-plugin-opt=-pass-through=-lc"
+        a10="-plugin-opt=-pass-through=-lgcc"
+        a11="-plugin-opt=-pass-through=-lgcc_s"
+        a12="--build-id"
+        a13="--no-add-needed"
+        a14="--eh-frame-hdr"
+        a15="--hash-style=gnu"
+        a16="--as-needed"
+        a17="-shared"
+        a18="-X"
+        a19="-EL"
+        a20="-maarch64linux"
+        a21="-o"
+        a22="ztest105133.so"
+        a23="/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crti.o"
+        a24="/usr/lib64/gcc/aarch64-alt-linux/8/crtbeginS.o"
+        a25="-L/usr/lib64/gcc/aarch64-alt-linux/8"
+        a26="-L/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64"
+        a27="-L/lib/../lib64"
+        a28="-L/usr/lib/../lib64"
+        a29="-L/usr/lib64/gcc/aarch64-alt-linux/8/../../.."
+        a30="-soname"
+        a31="libz.so.1"
+        a32="--version-script"
+        a33="zlib.map"
+        a34="ztest105133.o"
+        a35="-lgcc"
+        a36="--push-state"
+        a37="--as-needed"
+        a38="-lgcc_s"
+        a39="--pop-state"
+        a40="-lc"
+        a41="-lgcc"
+        a42="--push-state"
+        a43="--as-needed"
+        a44="-lgcc_s"
+        a45="--pop-state"
+        a46="/usr/lib64/gcc/aarch64-alt-linux/8/crtendS.o"
+        a47="/usr/lib64/gcc/aarch64-alt-linux/8/../../../../lib64/crtn.o"
 
     record 3 of type 1307(CWD) has 2 fields
     line=3 file=test4.log
     event time: 1655465398.534:25618, host=(null)
-        type=CWD (CWD)
-        cwd="/usr/src/RPM/BUILD/zlib-1.2.11-alt1" (/usr/src/RPM/BUILD/zlib-1.2.11-alt1)
+        type=CWD
+        cwd="/usr/src/RPM/BUILD/zlib-1.2.11-alt1"
 
     record 4 of type 1302(PATH) has 15 fields
     line=4 file=test4.log
     event time: 1655465398.534:25618, host=(null)
-        type=PATH (PATH)
-        item=0 (0)
-        name="/usr/bin/ld" (/usr/bin/ld)
-        inode=40854 (40854)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=0
+        name="/usr/bin/ld"
+        inode=40854
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 5 of type 1302(PATH) has 15 fields
     line=5 file=test4.log
     event time: 1655465398.534:25618, host=(null)
-        type=PATH (PATH)
-        item=1 (1)
-        name="/bin/sh" (/bin/sh)
-        inode=33238 (33238)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=1
+        name="/bin/sh"
+        inode=33238
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 6 of type 1302(PATH) has 15 fields
     line=6 file=test4.log
     event time: 1655465398.534:25618, host=(null)
-        type=PATH (PATH)
-        item=2 (2)
-        name="/lib64/ld-linux-aarch64.so.1" (/lib64/ld-linux-aarch64.so.1)
-        inode=33874 (33874)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=2
+        name="/lib64/ld-linux-aarch64.so.1"
+        inode=33874
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 7 of type 1327(PROCTITLE) has 2 fields
     line=7 file=test4.log
     event time: 1655465398.534:25618, host=(null)
-        type=PROCTITLE (PROCTITLE)
-        proctitle=2F62696E2F7368002D656675002F7573722F62696E2F6C64002D706C7567696E002F7573722F6C6962657865632F6763632F616172636836342D616C742D6C696E75782F382F6C69626C746F5F706C7567696E2E736F002D706C7567696E2D6F70743D2F7573722F6C6962657865632F6763632F616172636836342D616C742D (/bin/sh -efu /usr/bin/ld -plugin /usr/libexec/gcc/aarch64-alt-linux/8/liblto_plugin.so -plugin-opt=/usr/libexec/gcc/aarch64-alt-)
+        type=PROCTITLE
+        proctitle=2F62696E2F7368002D656675002F7573722F62696E2F6C64002D706C7567696E002F7573722F6C6962657865632F6763632F616172636836342D616C742D6C696E75782F382F6C69626C746F5F706C7567696E2E736F002D706C7567696E2D6F70743D2F7573722F6C6962657865632F6763632F616172636836342D616C742D
 
 event 2 has 6 records
     record 1 of type 1300(SYSCALL) has 26 fields
     line=8 file=test4.log
     event time: 1655465404.819:27091, host=(null)
-        type=SYSCALL (SYSCALL)
-        arch=c000003e (x86_64)
-        syscall=59 (execve)
-        success=yes (yes)
-        exit=0 (0)
-        a0=1a407f50 (0x1a407f50)
-        a1=1a401cd0 (0x1a401cd0)
-        a2=1a3ed090 (0x1a3ed090)
-        a3=0 (0x0)
-        items=2 (2)
-        ppid=105932 (105932)
-        pid=105933 (105933)
-        auid=573 (unknown(573))
-        uid=583 (unknown(583))
-        gid=583 (unknown(583))
-        euid=583 (unknown(583))
-        suid=583 (unknown(583))
-        fsuid=583 (unknown(583))
-        egid=583 (unknown(583))
-        sgid=583 (unknown(583))
-        fsgid=583 (unknown(583))
-        tty=pts2 (pts2)
-        ses=2632 (2632)
-        comm="m4" (m4)
-        exe="/usr/bin/m4" (/usr/bin/m4)
-        key=(null) ((null))
+        type=SYSCALL
+        arch=c000003e
+        syscall=59
+        success=yes
+        exit=0
+        a0=1a407f50
+        a1=1a401cd0
+        a2=1a3ed090
+        a3=0
+        items=2
+        ppid=105932
+        pid=105933
+        auid=573
+        uid=583
+        gid=583
+        euid=583
+        suid=583
+        fsuid=583
+        egid=583
+        sgid=583
+        fsgid=583
+        tty=pts2
+        ses=2632
+        comm="m4"
+        exe="/usr/bin/m4"
+        key=(null)
 
     record 2 of type 1309(EXECVE) has 218 fields
     line=9 file=test4.log
     event time: 1655465404.819:27091, host=(null)
-        type=EXECVE (EXECVE)
-        argc=216 (216)
-        a0="/usr/bin/m4" (/usr/bin/m4)
-        a1="--nesting-limit=1024" (--nesting-limit=1024)
-        a2="--gnu" (--gnu)
-        a3="--include=/usr/share/autoconf-2.60" (--include=/usr/share/autoconf-2.60)
-        a4="--debug=aflq" (--debug=aflq)
-        a5="--fatal-warning" (--fatal-warning)
-        a6="--debugfile=autom4te.cache/traces.0t" (--debugfile=autom4te.cache/traces.0t)
-        a7="--trace=AC_CHECK_LIBM" (--trace=AC_CHECK_LIBM)
-        a8="--trace=AC_CONFIG_MACRO_DIR" (--trace=AC_CONFIG_MACRO_DIR)
-        a9="--trace=AC_CONFIG_MACRO_DIR_TRACE" (--trace=AC_CONFIG_MACRO_DIR_TRACE)
-        a10="--trace=AC_DEFUN" (--trace=AC_DEFUN)
-        a11="--trace=AC_DEFUN_ONCE" (--trace=AC_DEFUN_ONCE)
-        a12="--trace=AC_DEPLIBS_CHECK_METHOD" (--trace=AC_DEPLIBS_CHECK_METHOD)
-        a13="--trace=AC_DISABLE_FAST_INSTALL" (--trace=AC_DISABLE_FAST_INSTALL)
-        a14="--trace=AC_DISABLE_SHARED" (--trace=AC_DISABLE_SHARED)
-        a15="--trace=AC_DISABLE_STATIC" (--trace=AC_DISABLE_STATIC)
-        a16="--trace=AC_ENABLE_FAST_INSTALL" (--trace=AC_ENABLE_FAST_INSTALL)
-        a17="--trace=AC_ENABLE_SHARED" (--trace=AC_ENABLE_SHARED)
-        a18="--trace=AC_ENABLE_STATIC" (--trace=AC_ENABLE_STATIC)
-        a19="--trace=AC_LIBLTDL_CONVENIENCE" (--trace=AC_LIBLTDL_CONVENIENCE)
-        a20="--trace=AC_LIBLTDL_INSTALLABLE" (--trace=AC_LIBLTDL_INSTALLABLE)
-        a21="--trace=AC_LIBTOOL_COMPILER_OPTION" (--trace=AC_LIBTOOL_COMPILER_OPTION)
-        a22="--trace=AC_LIBTOOL_CONFIG" (--trace=AC_LIBTOOL_CONFIG)
-        a23="--trace=AC_LIBTOOL_CXX" (--trace=AC_LIBTOOL_CXX)
-        a24="--trace=AC_LIBTOOL_DLOPEN" (--trace=AC_LIBTOOL_DLOPEN)
-        a25="--trace=AC_LIBTOOL_DLOPEN_SELF" (--trace=AC_LIBTOOL_DLOPEN_SELF)
-        a26="--trace=AC_LIBTOOL_F77" (--trace=AC_LIBTOOL_F77)
-        a27="--trace=AC_LIBTOOL_FC" (--trace=AC_LIBTOOL_FC)
-        a28="--trace=AC_LIBTOOL_GCJ" (--trace=AC_LIBTOOL_GCJ)
-        a29="--trace=AC_LIBTOOL_LANG_CXX_CONFIG" (--trace=AC_LIBTOOL_LANG_CXX_CONFIG)
-        a30="--trace=AC_LIBTOOL_LANG_C_CONFIG" (--trace=AC_LIBTOOL_LANG_C_CONFIG)
-        a31="--trace=AC_LIBTOOL_LANG_F77_CONFIG" (--trace=AC_LIBTOOL_LANG_F77_CONFIG)
-        a32="--trace=AC_LIBTOOL_LANG_GCJ_CONFIG" (--trace=AC_LIBTOOL_LANG_GCJ_CONFIG)
-        a33="--trace=AC_LIBTOOL_LANG_RC_CONFIG" (--trace=AC_LIBTOOL_LANG_RC_CONFIG)
-        a34="--trace=AC_LIBTOOL_LINKER_OPTION" (--trace=AC_LIBTOOL_LINKER_OPTION)
-        a35="--trace=AC_LIBTOOL_OBJDIR" (--trace=AC_LIBTOOL_OBJDIR)
-        a36="--trace=AC_LIBTOOL_PICMODE" (--trace=AC_LIBTOOL_PICMODE)
-        a37="--trace=AC_LIBTOOL_POSTDEP_PREDEP" (--trace=AC_LIBTOOL_POSTDEP_PREDEP)
-        a38="--trace=AC_LIBTOOL_PROG_CC_C_O" (--trace=AC_LIBTOOL_PROG_CC_C_O)
-        a39="--trace=AC_LIBTOOL_PROG_COMPILER_NO_RTTI" (--trace=AC_LIBTOOL_PROG_COMPILER_NO_RTTI)
-        a40="--trace=AC_LIBTOOL_PROG_COMPILER_PIC" (--trace=AC_LIBTOOL_PROG_COMPILER_PIC)
-        a41="--trace=AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH" (--trace=AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH)
-        a42="--trace=AC_LIBTOOL_PROG_LD_SHLIBS" (--trace=AC_LIBTOOL_PROG_LD_SHLIBS)
-        a43="--trace=AC_LIBTOOL_RC" (--trace=AC_LIBTOOL_RC)
-        a44="--trace=AC_LIBTOOL_SETUP" (--trace=AC_LIBTOOL_SETUP)
-        a45="--trace=AC_LIBTOOL_SYS_DYNAMIC_LINKER" (--trace=AC_LIBTOOL_SYS_DYNAMIC_LINKER)
-        a46="--trace=AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE" (--trace=AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE)
-        a47="--trace=AC_LIBTOOL_SYS_HARD_LINK_LOCKS" (--trace=AC_LIBTOOL_SYS_HARD_LINK_LOCKS)
-        a48="--trace=AC_LIBTOOL_SYS_LIB_STRIP" (--trace=AC_LIBTOOL_SYS_LIB_STRIP)
-        a49="--trace=AC_LIBTOOL_SYS_MAX_CMD_LEN" (--trace=AC_LIBTOOL_SYS_MAX_CMD_LEN)
-        a50="--trace=AC_LIBTOOL_SYS_OLD_ARCHIVE" (--trace=AC_LIBTOOL_SYS_OLD_ARCHIVE)
-        a51="--trace=AC_LIBTOOL_WIN32_DLL" (--trace=AC_LIBTOOL_WIN32_DLL)
-        a52="--trace=AC_LIB_LTDL" (--trace=AC_LIB_LTDL)
-        a53="--trace=AC_LTDL_DLLIB" (--trace=AC_LTDL_DLLIB)
-        a54="--trace=AC_LTDL_DLSYM_USCORE" (--trace=AC_LTDL_DLSYM_USCORE)
-        a55="--trace=AC_LTDL_ENABLE_INSTALL" (--trace=AC_LTDL_ENABLE_INSTALL)
-        a56="--trace=AC_LTDL_OBJDIR" (--trace=AC_LTDL_OBJDIR)
-        a57="--trace=AC_LTDL_PREOPEN" (--trace=AC_LTDL_PREOPEN)
-        a58="--trace=AC_LTDL_SHLIBEXT" (--trace=AC_LTDL_SHLIBEXT)
-        a59="--trace=AC_LTDL_SHLIBPATH" (--trace=AC_LTDL_SHLIBPATH)
-        a60="--trace=AC_LTDL_SYMBOL_USCORE" (--trace=AC_LTDL_SYMBOL_USCORE)
-        a61="--trace=AC_LTDL_SYSSEARCHPATH" (--trace=AC_LTDL_SYSSEARCHPATH)
-        a62="--trace=AC_LTDL_SYS_DLOPEN_DEPLIBS" (--trace=AC_LTDL_SYS_DLOPEN_DEPLIBS)
-        a63="--trace=AC_PATH_MAGIC" (--trace=AC_PATH_MAGIC)
-        a64="--trace=AC_PATH_TOOL_PREFIX" (--trace=AC_PATH_TOOL_PREFIX)
-        a65="--trace=AC_PROG_EGREP" (--trace=AC_PROG_EGREP)
-        a66="--trace=AC_PROG_LD" (--trace=AC_PROG_LD)
-        a67="--trace=AC_PROG_LD_GNU" (--trace=AC_PROG_LD_GNU)
-        a68="--trace=AC_PROG_LD_RELOAD_FLAG" (--trace=AC_PROG_LD_RELOAD_FLAG)
-        a69="--trace=AC_PROG_LIBTOOL" (--trace=AC_PROG_LIBTOOL)
-        a70="--trace=AC_PROG_NM" (--trace=AC_PROG_NM)
-        a71="--trace=AC_WITH_LTDL" (--trace=AC_WITH_LTDL)
-        a72="--trace=AM_AUTOMAKE_VERSION" (--trace=AM_AUTOMAKE_VERSION)
-        a73="--trace=AM_AUX_DIR_EXPAND" (--trace=AM_AUX_DIR_EXPAND)
-        a74="--trace=AM_CONDITIONAL" (--trace=AM_CONDITIONAL)
-        a75="--trace=AM_DEP_TRACK" (--trace=AM_DEP_TRACK)
-        a76="--trace=AM_DISABLE_SHARED" (--trace=AM_DISABLE_SHARED)
-        a77="--trace=AM_DISABLE_STATIC" (--trace=AM_DISABLE_STATIC)
-        a78="--trace=AM_ENABLE_SHARED" (--trace=AM_ENABLE_SHARED)
-        a79="--trace=AM_ENABLE_STATIC" (--trace=AM_ENABLE_STATIC)
-        a80="--trace=AM_INIT_AUTOMAKE" (--trace=AM_INIT_AUTOMAKE)
-        a81="--trace=AM_MAKE_INCLUDE" (--trace=AM_MAKE_INCLUDE)
-        a82="--trace=AM_MISSING_HAS_RUN" (--trace=AM_MISSING_HAS_RUN)
-        a83="--trace=AM_MISSING_PROG" (--trace=AM_MISSING_PROG)
-        a84="--trace=AM_OUTPUT_DEPENDENCY_COMMANDS" (--trace=AM_OUTPUT_DEPENDENCY_COMMANDS)
-        a85="--trace=AM_PROG_CC_C_O" (--trace=AM_PROG_CC_C_O)
-        a86="--trace=AM_PROG_INSTALL_SH" (--trace=AM_PROG_INSTALL_SH)
-        a87="--trace=AM_PROG_INSTALL_STRIP" (--trace=AM_PROG_INSTALL_STRIP)
-        a88="--trace=AM_PROG_LD" (--trace=AM_PROG_LD)
-        a89="--trace=AM_PROG_LIBTOOL" (--trace=AM_PROG_LIBTOOL)
-        a90="--trace=AM_PROG_NM" (--trace=AM_PROG_NM)
-        a91="--trace=AM_RUN_LOG" (--trace=AM_RUN_LOG)
-        a92="--trace=AM_SANITY_CHECK" (--trace=AM_SANITY_CHECK)
-        a93="--trace=AM_SET_CURRENT_AUTOMAKE_VERSION" (--trace=AM_SET_CURRENT_AUTOMAKE_VERSION)
-        a94="--trace=AM_SET_DEPDIR" (--trace=AM_SET_DEPDIR)
-        a95="--trace=AM_SET_LEADING_DOT" (--trace=AM_SET_LEADING_DOT)
-        a96="--trace=AM_SILENT_RULES" (--trace=AM_SILENT_RULES)
-        a97="--trace=AM_SUBST_NOTMAKE" (--trace=AM_SUBST_NOTMAKE)
-        a98="--trace=AU_DEFUN" (--trace=AU_DEFUN)
-        a99="--trace=LTDL_CONVENIENCE" (--trace=LTDL_CONVENIENCE)
-        a100="--trace=LTDL_INIT" (--trace=LTDL_INIT)
-        a101="--trace=LTDL_INSTALLABLE" (--trace=LTDL_INSTALLABLE)
-        a102="--trace=LTOBSOLETE_VERSION" (--trace=LTOBSOLETE_VERSION)
-        a103="--trace=LTOPTIONS_VERSION" (--trace=LTOPTIONS_VERSION)
-        a104="--trace=LTSUGAR_VERSION" (--trace=LTSUGAR_VERSION)
-        a105="--trace=LTVERSION_VERSION" (--trace=LTVERSION_VERSION)
-        a106="--trace=LT_AC_PROG_EGREP" (--trace=LT_AC_PROG_EGREP)
-        a107="--trace=LT_AC_PROG_GCJ" (--trace=LT_AC_PROG_GCJ)
-        a108="--trace=LT_AC_PROG_RC" (--trace=LT_AC_PROG_RC)
-        a109="--trace=LT_AC_PROG_SED" (--trace=LT_AC_PROG_SED)
-        a110="--trace=LT_CMD_MAX_LEN" (--trace=LT_CMD_MAX_LEN)
-        a111="--trace=LT_CONFIG_LTDL_DIR" (--trace=LT_CONFIG_LTDL_DIR)
-        a112="--trace=LT_FUNC_ARGZ" (--trace=LT_FUNC_ARGZ)
-        a113="--trace=LT_FUNC_DLSYM_USCORE" (--trace=LT_FUNC_DLSYM_USCORE)
-        a114="--trace=LT_INIT" (--trace=LT_INIT)
-        a115="--trace=LT_LANG" (--trace=LT_LANG)
-        a116="--trace=LT_LIB_DLLOAD" (--trace=LT_LIB_DLLOAD)
-        a117="--trace=LT_LIB_M" (--trace=LT_LIB_M)
-        a118="--trace=LT_OUTPUT" (--trace=LT_OUTPUT)
-        a119="--trace=LT_PATH_LD" (--trace=LT_PATH_LD)
-        a120="--trace=LT_PATH_NM" (--trace=LT_PATH_NM)
-        a121="--trace=LT_PROG_GCJ" (--trace=LT_PROG_GCJ)
-        a122="--trace=LT_PROG_GO" (--trace=LT_PROG_GO)
-        a123="--trace=LT_PROG_RC" (--trace=LT_PROG_RC)
-        a124="--trace=LT_SUPPORTED_TAG" (--trace=LT_SUPPORTED_TAG)
-        a125="--trace=LT_SYS_DLOPEN_DEPLIBS" (--trace=LT_SYS_DLOPEN_DEPLIBS)
-        a126="--trace=LT_SYS_DLOPEN_SELF" (--trace=LT_SYS_DLOPEN_SELF)
-        a127="--trace=LT_SYS_DLSEARCH_PATH" (--trace=LT_SYS_DLSEARCH_PATH)
-        a128="--trace=LT_SYS_MODULE_EXT" (--trace=LT_SYS_MODULE_EXT)
-        a129="--trace=LT_SYS_MODULE_PATH" (--trace=LT_SYS_MODULE_PATH)
-        a130="--trace=LT_SYS_SYMBOL_USCORE" (--trace=LT_SYS_SYMBOL_USCORE)
-        a131="--trace=LT_WITH_LTDL" (--trace=LT_WITH_LTDL)
-        a132="--trace=_AC_AM_CONFIG_HEADER_HOOK" (--trace=_AC_AM_CONFIG_HEADER_HOOK)
-        a133="--trace=_AC_PROG_LIBTOOL" (--trace=_AC_PROG_LIBTOOL)
-        a134="--trace=_AM_AUTOCONF_VERSION" (--trace=_AM_AUTOCONF_VERSION)
-        a135="--trace=_AM_CONFIG_MACRO_DIRS" (--trace=_AM_CONFIG_MACRO_DIRS)
-        a136="--trace=_AM_DEPENDENCIES" (--trace=_AM_DEPENDENCIES)
-        a137="--trace=_AM_IF_OPTION" (--trace=_AM_IF_OPTION)
-        a138="--trace=_AM_MANGLE_OPTION" (--trace=_AM_MANGLE_OPTION)
-        a139="--trace=_AM_OUTPUT_DEPENDENCY_COMMANDS" (--trace=_AM_OUTPUT_DEPENDENCY_COMMANDS)
-        a140="--trace=_AM_PROG_CC_C_O" (--trace=_AM_PROG_CC_C_O)
-        a141="--trace=_AM_PROG_TAR" (--trace=_AM_PROG_TAR)
-        a142="--trace=_AM_SET_OPTION" (--trace=_AM_SET_OPTION)
-        a143="--trace=_AM_SET_OPTIONS" (--trace=_AM_SET_OPTIONS)
-        a144="--trace=_AM_SUBST_NOTMAKE" (--trace=_AM_SUBST_NOTMAKE)
-        a145="--trace=_LTDL_SETUP" (--trace=_LTDL_SETUP)
-        a146="--trace=_LT_AC_CHECK_DLFCN" (--trace=_LT_AC_CHECK_DLFCN)
-        a147="--trace=_LT_AC_FILE_LTDLL_C" (--trace=_LT_AC_FILE_LTDLL_C)
-        a148="--trace=_LT_AC_LANG_CXX" (--trace=_LT_AC_LANG_CXX)
-        a149="--trace=_LT_AC_LANG_CXX_CONFIG" (--trace=_LT_AC_LANG_CXX_CONFIG)
-        a150="--trace=_LT_AC_LANG_C_CONFIG" (--trace=_LT_AC_LANG_C_CONFIG)
-        a151="--trace=_LT_AC_LANG_F77" (--trace=_LT_AC_LANG_F77)
-        a152="--trace=_LT_AC_LANG_F77_CONFIG" (--trace=_LT_AC_LANG_F77_CONFIG)
-        a153="--trace=_LT_AC_LANG_GCJ" (--trace=_LT_AC_LANG_GCJ)
-        a154="--trace=_LT_AC_LANG_GCJ_CONFIG" (--trace=_LT_AC_LANG_GCJ_CONFIG)
-        a155="--trace=_LT_AC_LANG_RC_CONFIG" (--trace=_LT_AC_LANG_RC_CONFIG)
-        a156="--trace=_LT_AC_LOCK" (--trace=_LT_AC_LOCK)
-        a157="--trace=_LT_AC_PROG_CXXCPP" (--trace=_LT_AC_PROG_CXXCPP)
-        a158="--trace=_LT_AC_PROG_ECHO_BACKSLASH" (--trace=_LT_AC_PROG_ECHO_BACKSLASH)
-        a159="--trace=_LT_AC_SHELL_INIT" (--trace=_LT_AC_SHELL_INIT)
-        a160="--trace=_LT_AC_SYS_COMPILER" (--trace=_LT_AC_SYS_COMPILER)
-        a161="--trace=_LT_AC_SYS_LIBPATH_AIX" (--trace=_LT_AC_SYS_LIBPATH_AIX)
-        a162="--trace=_LT_AC_TAGCONFIG" (--trace=_LT_AC_TAGCONFIG)
-        a163="--trace=_LT_AC_TAGVAR" (--trace=_LT_AC_TAGVAR)
-        a164="--trace=_LT_AC_TRY_DLOPEN_SELF" (--trace=_LT_AC_TRY_DLOPEN_SELF)
-        a165="--trace=_LT_CC_BASENAME" (--trace=_LT_CC_BASENAME)
-        a166="--trace=_LT_COMPILER_BOILERPLATE" (--trace=_LT_COMPILER_BOILERPLATE)
-        a167="--trace=_LT_COMPILER_OPTION" (--trace=_LT_COMPILER_OPTION)
-        a168="--trace=_LT_DLL_DEF_P" (--trace=_LT_DLL_DEF_P)
-        a169="--trace=_LT_LIBOBJ" (--trace=_LT_LIBOBJ)
-        a170="--trace=_LT_LINKER_BOILERPLATE" (--trace=_LT_LINKER_BOILERPLATE)
-        a171="--trace=_LT_LINKER_OPTION" (--trace=_LT_LINKER_OPTION)
-        a172="--trace=_LT_PATH_TOOL_PREFIX" (--trace=_LT_PATH_TOOL_PREFIX)
-        a173="--trace=_LT_PREPARE_SED_QUOTE_VARS" (--trace=_LT_PREPARE_SED_QUOTE_VARS)
-        a174="--trace=_LT_PROG_CXX" (--trace=_LT_PROG_CXX)
-        a175="--trace=_LT_PROG_ECHO_BACKSLASH" (--trace=_LT_PROG_ECHO_BACKSLASH)
-        a176="--trace=_LT_PROG_F77" (--trace=_LT_PROG_F77)
-        a177="--trace=_LT_PROG_FC" (--trace=_LT_PROG_FC)
-        a178="--trace=_LT_PROG_LTMAIN" (--trace=_LT_PROG_LTMAIN)
-        a179="--trace=_LT_REQUIRED_DARWIN_CHECKS" (--trace=_LT_REQUIRED_DARWIN_CHECKS)
-        a180="--trace=_LT_WITH_SYSROOT" (--trace=_LT_WITH_SYSROOT)
-        a181="--trace=_m4_warn" (--trace=_m4_warn)
-        a182="--trace=include" (--trace=include)
-        a183="--trace=m4_include" (--trace=m4_include)
-        a184="--trace=m4_pattern_allow" (--trace=m4_pattern_allow)
-        a185="--trace=m4_pattern_forbid" (--trace=m4_pattern_forbid)
-        a186="--reload-state=/usr/share/autoconf-2.60/autoconf/autoconf.m4f" (--reload-state=/usr/share/autoconf-2.60/autoconf/autoconf.m4f)
-        a187="--undefine=__m4_version__" (--undefine=__m4_version__)
-        a188="-" (-)
-        a189="/usr/share/aclocal-1.16/internal/ac-config-macro-dirs.m4" (/usr/share/aclocal-1.16/internal/ac-config-macro-dirs.m4)
-        a190="/usr/share/libtool/aclocal/libtool.m4" (/usr/share/libtool/aclocal/libtool.m4)
-        a191="/usr/share/libtool/aclocal/ltargz.m4" (/usr/share/libtool/aclocal/ltargz.m4)
-        a192="/usr/share/libtool/aclocal/ltdl.m4" (/usr/share/libtool/aclocal/ltdl.m4)
-        a193="/usr/share/libtool/aclocal/ltoptions.m4" (/usr/share/libtool/aclocal/ltoptions.m4)
-        a194="/usr/share/libtool/aclocal/ltsugar.m4" (/usr/share/libtool/aclocal/ltsugar.m4)
-        a195="/usr/share/libtool/aclocal/ltversion.m4" (/usr/share/libtool/aclocal/ltversion.m4)
-        a196="/usr/share/libtool/aclocal/lt~obsolete.m4" (/usr/share/libtool/aclocal/lt~obsolete.m4)
-        a197="/usr/share/aclocal-1.16/amversion.m4" (/usr/share/aclocal-1.16/amversion.m4)
-        a198="/usr/share/aclocal-1.16/auxdir.m4" (/usr/share/aclocal-1.16/auxdir.m4)
-        a199="/usr/share/aclocal-1.16/cond.m4" (/usr/share/aclocal-1.16/cond.m4)
-        a200="/usr/share/aclocal-1.16/depend.m4" (/usr/share/aclocal-1.16/depend.m4)
-        a201="/usr/share/aclocal-1.16/depout.m4" (/usr/share/aclocal-1.16/depout.m4)
-        a202="/usr/share/aclocal-1.16/init.m4" (/usr/share/aclocal-1.16/init.m4)
-        a203="/usr/share/aclocal-1.16/install-sh.m4" (/usr/share/aclocal-1.16/install-sh.m4)
-        a204="/usr/share/aclocal-1.16/lead-dot.m4" (/usr/share/aclocal-1.16/lead-dot.m4)
-        a205="/usr/share/aclocal-1.16/make.m4" (/usr/share/aclocal-1.16/make.m4)
-        a206="/usr/share/aclocal-1.16/missing.m4" (/usr/share/aclocal-1.16/missing.m4)
-        a207="/usr/share/aclocal-1.16/options.m4" (/usr/share/aclocal-1.16/options.m4)
-        a208="/usr/share/aclocal-1.16/prog-cc-c-o.m4" (/usr/share/aclocal-1.16/prog-cc-c-o.m4)
-        a209="/usr/share/aclocal-1.16/runlog.m4" (/usr/share/aclocal-1.16/runlog.m4)
-        a210="/usr/share/aclocal-1.16/sanity.m4" (/usr/share/aclocal-1.16/sanity.m4)
-        a211="/usr/share/aclocal-1.16/silent.m4" (/usr/share/aclocal-1.16/silent.m4)
-        a212="/usr/share/aclocal-1.16/strip.m4" (/usr/share/aclocal-1.16/strip.m4)
-        a213="/usr/share/aclocal-1.16/substnot.m4" (/usr/share/aclocal-1.16/substnot.m4)
-        a214="/usr/share/aclocal-1.16/tar.m4" (/usr/share/aclocal-1.16/tar.m4)
-        a215="configure.ac" (configure.ac)
+        type=EXECVE
+        argc=216
+        a0="/usr/bin/m4"
+        a1="--nesting-limit=1024"
+        a2="--gnu"
+        a3="--include=/usr/share/autoconf-2.60"
+        a4="--debug=aflq"
+        a5="--fatal-warning"
+        a6="--debugfile=autom4te.cache/traces.0t"
+        a7="--trace=AC_CHECK_LIBM"
+        a8="--trace=AC_CONFIG_MACRO_DIR"
+        a9="--trace=AC_CONFIG_MACRO_DIR_TRACE"
+        a10="--trace=AC_DEFUN"
+        a11="--trace=AC_DEFUN_ONCE"
+        a12="--trace=AC_DEPLIBS_CHECK_METHOD"
+        a13="--trace=AC_DISABLE_FAST_INSTALL"
+        a14="--trace=AC_DISABLE_SHARED"
+        a15="--trace=AC_DISABLE_STATIC"
+        a16="--trace=AC_ENABLE_FAST_INSTALL"
+        a17="--trace=AC_ENABLE_SHARED"
+        a18="--trace=AC_ENABLE_STATIC"
+        a19="--trace=AC_LIBLTDL_CONVENIENCE"
+        a20="--trace=AC_LIBLTDL_INSTALLABLE"
+        a21="--trace=AC_LIBTOOL_COMPILER_OPTION"
+        a22="--trace=AC_LIBTOOL_CONFIG"
+        a23="--trace=AC_LIBTOOL_CXX"
+        a24="--trace=AC_LIBTOOL_DLOPEN"
+        a25="--trace=AC_LIBTOOL_DLOPEN_SELF"
+        a26="--trace=AC_LIBTOOL_F77"
+        a27="--trace=AC_LIBTOOL_FC"
+        a28="--trace=AC_LIBTOOL_GCJ"
+        a29="--trace=AC_LIBTOOL_LANG_CXX_CONFIG"
+        a30="--trace=AC_LIBTOOL_LANG_C_CONFIG"
+        a31="--trace=AC_LIBTOOL_LANG_F77_CONFIG"
+        a32="--trace=AC_LIBTOOL_LANG_GCJ_CONFIG"
+        a33="--trace=AC_LIBTOOL_LANG_RC_CONFIG"
+        a34="--trace=AC_LIBTOOL_LINKER_OPTION"
+        a35="--trace=AC_LIBTOOL_OBJDIR"
+        a36="--trace=AC_LIBTOOL_PICMODE"
+        a37="--trace=AC_LIBTOOL_POSTDEP_PREDEP"
+        a38="--trace=AC_LIBTOOL_PROG_CC_C_O"
+        a39="--trace=AC_LIBTOOL_PROG_COMPILER_NO_RTTI"
+        a40="--trace=AC_LIBTOOL_PROG_COMPILER_PIC"
+        a41="--trace=AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH"
+        a42="--trace=AC_LIBTOOL_PROG_LD_SHLIBS"
+        a43="--trace=AC_LIBTOOL_RC"
+        a44="--trace=AC_LIBTOOL_SETUP"
+        a45="--trace=AC_LIBTOOL_SYS_DYNAMIC_LINKER"
+        a46="--trace=AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE"
+        a47="--trace=AC_LIBTOOL_SYS_HARD_LINK_LOCKS"
+        a48="--trace=AC_LIBTOOL_SYS_LIB_STRIP"
+        a49="--trace=AC_LIBTOOL_SYS_MAX_CMD_LEN"
+        a50="--trace=AC_LIBTOOL_SYS_OLD_ARCHIVE"
+        a51="--trace=AC_LIBTOOL_WIN32_DLL"
+        a52="--trace=AC_LIB_LTDL"
+        a53="--trace=AC_LTDL_DLLIB"
+        a54="--trace=AC_LTDL_DLSYM_USCORE"
+        a55="--trace=AC_LTDL_ENABLE_INSTALL"
+        a56="--trace=AC_LTDL_OBJDIR"
+        a57="--trace=AC_LTDL_PREOPEN"
+        a58="--trace=AC_LTDL_SHLIBEXT"
+        a59="--trace=AC_LTDL_SHLIBPATH"
+        a60="--trace=AC_LTDL_SYMBOL_USCORE"
+        a61="--trace=AC_LTDL_SYSSEARCHPATH"
+        a62="--trace=AC_LTDL_SYS_DLOPEN_DEPLIBS"
+        a63="--trace=AC_PATH_MAGIC"
+        a64="--trace=AC_PATH_TOOL_PREFIX"
+        a65="--trace=AC_PROG_EGREP"
+        a66="--trace=AC_PROG_LD"
+        a67="--trace=AC_PROG_LD_GNU"
+        a68="--trace=AC_PROG_LD_RELOAD_FLAG"
+        a69="--trace=AC_PROG_LIBTOOL"
+        a70="--trace=AC_PROG_NM"
+        a71="--trace=AC_WITH_LTDL"
+        a72="--trace=AM_AUTOMAKE_VERSION"
+        a73="--trace=AM_AUX_DIR_EXPAND"
+        a74="--trace=AM_CONDITIONAL"
+        a75="--trace=AM_DEP_TRACK"
+        a76="--trace=AM_DISABLE_SHARED"
+        a77="--trace=AM_DISABLE_STATIC"
+        a78="--trace=AM_ENABLE_SHARED"
+        a79="--trace=AM_ENABLE_STATIC"
+        a80="--trace=AM_INIT_AUTOMAKE"
+        a81="--trace=AM_MAKE_INCLUDE"
+        a82="--trace=AM_MISSING_HAS_RUN"
+        a83="--trace=AM_MISSING_PROG"
+        a84="--trace=AM_OUTPUT_DEPENDENCY_COMMANDS"
+        a85="--trace=AM_PROG_CC_C_O"
+        a86="--trace=AM_PROG_INSTALL_SH"
+        a87="--trace=AM_PROG_INSTALL_STRIP"
+        a88="--trace=AM_PROG_LD"
+        a89="--trace=AM_PROG_LIBTOOL"
+        a90="--trace=AM_PROG_NM"
+        a91="--trace=AM_RUN_LOG"
+        a92="--trace=AM_SANITY_CHECK"
+        a93="--trace=AM_SET_CURRENT_AUTOMAKE_VERSION"
+        a94="--trace=AM_SET_DEPDIR"
+        a95="--trace=AM_SET_LEADING_DOT"
+        a96="--trace=AM_SILENT_RULES"
+        a97="--trace=AM_SUBST_NOTMAKE"
+        a98="--trace=AU_DEFUN"
+        a99="--trace=LTDL_CONVENIENCE"
+        a100="--trace=LTDL_INIT"
+        a101="--trace=LTDL_INSTALLABLE"
+        a102="--trace=LTOBSOLETE_VERSION"
+        a103="--trace=LTOPTIONS_VERSION"
+        a104="--trace=LTSUGAR_VERSION"
+        a105="--trace=LTVERSION_VERSION"
+        a106="--trace=LT_AC_PROG_EGREP"
+        a107="--trace=LT_AC_PROG_GCJ"
+        a108="--trace=LT_AC_PROG_RC"
+        a109="--trace=LT_AC_PROG_SED"
+        a110="--trace=LT_CMD_MAX_LEN"
+        a111="--trace=LT_CONFIG_LTDL_DIR"
+        a112="--trace=LT_FUNC_ARGZ"
+        a113="--trace=LT_FUNC_DLSYM_USCORE"
+        a114="--trace=LT_INIT"
+        a115="--trace=LT_LANG"
+        a116="--trace=LT_LIB_DLLOAD"
+        a117="--trace=LT_LIB_M"
+        a118="--trace=LT_OUTPUT"
+        a119="--trace=LT_PATH_LD"
+        a120="--trace=LT_PATH_NM"
+        a121="--trace=LT_PROG_GCJ"
+        a122="--trace=LT_PROG_GO"
+        a123="--trace=LT_PROG_RC"
+        a124="--trace=LT_SUPPORTED_TAG"
+        a125="--trace=LT_SYS_DLOPEN_DEPLIBS"
+        a126="--trace=LT_SYS_DLOPEN_SELF"
+        a127="--trace=LT_SYS_DLSEARCH_PATH"
+        a128="--trace=LT_SYS_MODULE_EXT"
+        a129="--trace=LT_SYS_MODULE_PATH"
+        a130="--trace=LT_SYS_SYMBOL_USCORE"
+        a131="--trace=LT_WITH_LTDL"
+        a132="--trace=_AC_AM_CONFIG_HEADER_HOOK"
+        a133="--trace=_AC_PROG_LIBTOOL"
+        a134="--trace=_AM_AUTOCONF_VERSION"
+        a135="--trace=_AM_CONFIG_MACRO_DIRS"
+        a136="--trace=_AM_DEPENDENCIES"
+        a137="--trace=_AM_IF_OPTION"
+        a138="--trace=_AM_MANGLE_OPTION"
+        a139="--trace=_AM_OUTPUT_DEPENDENCY_COMMANDS"
+        a140="--trace=_AM_PROG_CC_C_O"
+        a141="--trace=_AM_PROG_TAR"
+        a142="--trace=_AM_SET_OPTION"
+        a143="--trace=_AM_SET_OPTIONS"
+        a144="--trace=_AM_SUBST_NOTMAKE"
+        a145="--trace=_LTDL_SETUP"
+        a146="--trace=_LT_AC_CHECK_DLFCN"
+        a147="--trace=_LT_AC_FILE_LTDLL_C"
+        a148="--trace=_LT_AC_LANG_CXX"
+        a149="--trace=_LT_AC_LANG_CXX_CONFIG"
+        a150="--trace=_LT_AC_LANG_C_CONFIG"
+        a151="--trace=_LT_AC_LANG_F77"
+        a152="--trace=_LT_AC_LANG_F77_CONFIG"
+        a153="--trace=_LT_AC_LANG_GCJ"
+        a154="--trace=_LT_AC_LANG_GCJ_CONFIG"
+        a155="--trace=_LT_AC_LANG_RC_CONFIG"
+        a156="--trace=_LT_AC_LOCK"
+        a157="--trace=_LT_AC_PROG_CXXCPP"
+        a158="--trace=_LT_AC_PROG_ECHO_BACKSLASH"
+        a159="--trace=_LT_AC_SHELL_INIT"
+        a160="--trace=_LT_AC_SYS_COMPILER"
+        a161="--trace=_LT_AC_SYS_LIBPATH_AIX"
+        a162="--trace=_LT_AC_TAGCONFIG"
+        a163="--trace=_LT_AC_TAGVAR"
+        a164="--trace=_LT_AC_TRY_DLOPEN_SELF"
+        a165="--trace=_LT_CC_BASENAME"
+        a166="--trace=_LT_COMPILER_BOILERPLATE"
+        a167="--trace=_LT_COMPILER_OPTION"
+        a168="--trace=_LT_DLL_DEF_P"
+        a169="--trace=_LT_LIBOBJ"
+        a170="--trace=_LT_LINKER_BOILERPLATE"
+        a171="--trace=_LT_LINKER_OPTION"
+        a172="--trace=_LT_PATH_TOOL_PREFIX"
+        a173="--trace=_LT_PREPARE_SED_QUOTE_VARS"
+        a174="--trace=_LT_PROG_CXX"
+        a175="--trace=_LT_PROG_ECHO_BACKSLASH"
+        a176="--trace=_LT_PROG_F77"
+        a177="--trace=_LT_PROG_FC"
+        a178="--trace=_LT_PROG_LTMAIN"
+        a179="--trace=_LT_REQUIRED_DARWIN_CHECKS"
+        a180="--trace=_LT_WITH_SYSROOT"
+        a181="--trace=_m4_warn"
+        a182="--trace=include"
+        a183="--trace=m4_include"
+        a184="--trace=m4_pattern_allow"
+        a185="--trace=m4_pattern_forbid"
+        a186="--reload-state=/usr/share/autoconf-2.60/autoconf/autoconf.m4f"
+        a187="--undefine=__m4_version__"
+        a188="-"
+        a189="/usr/share/aclocal-1.16/internal/ac-config-macro-dirs.m4"
+        a190="/usr/share/libtool/aclocal/libtool.m4"
+        a191="/usr/share/libtool/aclocal/ltargz.m4"
+        a192="/usr/share/libtool/aclocal/ltdl.m4"
+        a193="/usr/share/libtool/aclocal/ltoptions.m4"
+        a194="/usr/share/libtool/aclocal/ltsugar.m4"
+        a195="/usr/share/libtool/aclocal/ltversion.m4"
+        a196="/usr/share/libtool/aclocal/lt~obsolete.m4"
+        a197="/usr/share/aclocal-1.16/amversion.m4"
+        a198="/usr/share/aclocal-1.16/auxdir.m4"
+        a199="/usr/share/aclocal-1.16/cond.m4"
+        a200="/usr/share/aclocal-1.16/depend.m4"
+        a201="/usr/share/aclocal-1.16/depout.m4"
+        a202="/usr/share/aclocal-1.16/init.m4"
+        a203="/usr/share/aclocal-1.16/install-sh.m4"
+        a204="/usr/share/aclocal-1.16/lead-dot.m4"
+        a205="/usr/share/aclocal-1.16/make.m4"
+        a206="/usr/share/aclocal-1.16/missing.m4"
+        a207="/usr/share/aclocal-1.16/options.m4"
+        a208="/usr/share/aclocal-1.16/prog-cc-c-o.m4"
+        a209="/usr/share/aclocal-1.16/runlog.m4"
+        a210="/usr/share/aclocal-1.16/sanity.m4"
+        a211="/usr/share/aclocal-1.16/silent.m4"
+        a212="/usr/share/aclocal-1.16/strip.m4"
+        a213="/usr/share/aclocal-1.16/substnot.m4"
+        a214="/usr/share/aclocal-1.16/tar.m4"
+        a215="configure.ac"
 
     record 3 of type 1307(CWD) has 2 fields
     line=10 file=test4.log
     event time: 1655465404.819:27091, host=(null)
-        type=CWD (CWD)
-        cwd="/usr/src/RPM/BUILD/zlib-1.2.11-alt1/contrib/minizip" (/usr/src/RPM/BUILD/zlib-1.2.11-alt1/contrib/minizip)
+        type=CWD
+        cwd="/usr/src/RPM/BUILD/zlib-1.2.11-alt1/contrib/minizip"
 
     record 4 of type 1302(PATH) has 15 fields
     line=11 file=test4.log
     event time: 1655465404.819:27091, host=(null)
-        type=PATH (PATH)
-        item=0 (0)
-        name="/usr/bin/m4" (/usr/bin/m4)
-        inode=40839 (40839)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=0
+        name="/usr/bin/m4"
+        inode=40839
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 5 of type 1302(PATH) has 15 fields
     line=12 file=test4.log
     event time: 1655465404.819:27091, host=(null)
-        type=PATH (PATH)
-        item=1 (1)
-        name="/lib64/ld-linux-aarch64.so.1" (/lib64/ld-linux-aarch64.so.1)
-        inode=33874 (33874)
-        dev=00:30 (00:30)
-        mode=0100755 (file,755)
-        ouid=582 (unknown(582))
-        ogid=582 (unknown(582))
-        rdev=00:00 (00:00)
-        nametype=NORMAL (NORMAL)
-        cap_fp=0 (none)
-        cap_fi=0 (none)
-        cap_fe=0 (0)
-        cap_fver=0 (0)
-        cap_frootid=0 (0)
+        type=PATH
+        item=1
+        name="/lib64/ld-linux-aarch64.so.1"
+        inode=33874
+        dev=00:30
+        mode=0100755
+        ouid=582
+        ogid=582
+        rdev=00:00
+        nametype=NORMAL
+        cap_fp=0
+        cap_fi=0
+        cap_fe=0
+        cap_fver=0
+        cap_frootid=0
 
     record 6 of type 1327(PROCTITLE) has 2 fields
     line=13 file=test4.log
     event time: 1655465404.819:27091, host=(null)
-        type=PROCTITLE (PROCTITLE)
-        proctitle=2F7573722F62696E2F6D34002D2D6E657374696E672D6C696D69743D31303234002D2D676E75002D2D696E636C7564653D2F7573722F73686172652F6175746F636F6E662D322E3630002D2D64656275673D61666C71002D2D666174616C2D7761726E696E67002D2D646562756766696C653D6175746F6D3474652E63616368 (/usr/bin/m4 --nesting-limit=1024 --gnu --include=/usr/share/autoconf-2.60 --debug=aflq --fatal-warning --debugfile=autom4te.cach)
+        type=PROCTITLE
+        proctitle=2F7573722F62696E2F6D34002D2D6E657374696E672D6C696D69743D31303234002D2D676E75002D2D696E636C7564653D2F7573722F73686172652F6175746F636F6E662D322E3630002D2D64656275673D61666C71002D2D666174616C2D7761726E696E67002D2D646562756766696C653D6175746F6D3474652E63616368
 
 Test 11 Done