audit.log - Job Arranger for Zabbix - Job Arranger Community Site

操作問い合わせ #3716 » audit.log

匿名ユーザー, 2024/01/24 13:37

       type=DAEMON_START msg=audit(1706070794.598:9483): op=start ver=3.0.7 format=enriched kernel=6.2.0-1017-aws auid=4294967295 pid=4398 uid=0 ses=4294967295 subj=unconfined  res=successAUID="unset" UID="root"
       type=CONFIG_CHANGE msg=audit(1706070794.619:41): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
       type=SYSCALL msg=audit(1706070794.619:41): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffdd53cb090 a2=3c a3=0 items=0 ppid=4401 pid=4411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
       type=PROCTITLE msg=audit(1706070794.619:41): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
       type=CONFIG_CHANGE msg=audit(1706070794.619:42): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
       type=SYSCALL msg=audit(1706070794.619:42): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffdd53cb090 a2=3c a3=0 items=0 ppid=4401 pid=4411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
       type=PROCTITLE msg=audit(1706070794.619:42): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
       type=CONFIG_CHANGE msg=audit(1706070794.619:43): op=set audit_backlog_wait_time=60000 old=15000 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
       type=SYSCALL msg=audit(1706070794.619:43): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffdd53cb090 a2=3c a3=0 items=0 ppid=4401 pid=4411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
       type=PROCTITLE msg=audit(1706070794.619:43): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
       type=SERVICE_START msg=audit(1706070794.623:44): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
       type=SERVICE_START msg=audit(1706070795.143:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
       type=USER_END msg=audit(1706070798.331:46): pid=4209 uid=1000 auid=1000 ses=11 subj=unconfined msg='op=PAM:session_close grantors=pam_limits,pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="ubuntu" AUID="ubuntu"
       type=CRED_DISP msg=audit(1706070798.331:47): pid=4209 uid=1000 auid=1000 ses=11 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="ubuntu" AUID="ubuntu"
       type=BPF msg=audit(1706070833.263:48): prog-id=92 op=LOAD
       type=BPF msg=audit(1706070833.263:49): prog-id=93 op=LOAD
       type=BPF msg=audit(1706070833.263:50): prog-id=94 op=LOAD
       type=SERVICE_START msg=audit(1706070833.359:51): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
       type=SERVICE_STOP msg=audit(1706070863.395:52): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
       type=BPF msg=audit(1706070863.415:53): prog-id=94 op=UNLOAD
       type=BPF msg=audit(1706070863.415:54): prog-id=93 op=UNLOAD
       type=BPF msg=audit(1706070863.415:55): prog-id=92 op=UNLOAD
       type=USER_AUTH msg=audit(1706070903.555:56): pid=4546 uid=1000 auid=1000 ses=11 subj=unconfined msg='op=PAM:authentication grantors=? acct="ubuntu" exe="/usr/libexec/polkit-agent-helper-1" hostname=ip-172-30-2-195 addr=? terminal=pts/1 res=failed'UID="ubuntu" AUID="ubuntu"
       type=USER_ACCT msg=audit(1706070938.823:57): pid=4554 uid=1000 auid=1000 ses=11 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="ubuntu" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="ubuntu" AUID="ubuntu"
       type=USER_CMD msg=audit(1706070938.823:58): pid=4554 uid=1000 auid=1000 ses=11 subj=unconfined msg='cwd="/var/log/audit" cmd=73657276696365206175646974642072657374617274 exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="ubuntu" AUID="ubuntu"
       type=CRED_REFR msg=audit(1706070938.823:59): pid=4554 uid=1000 auid=1000 ses=11 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="ubuntu" AUID="ubuntu"
       type=USER_START msg=audit(1706070938.823:60): pid=4554 uid=1000 auid=1000 ses=11 subj=unconfined msg='op=PAM:session_open grantors=pam_limits,pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="ubuntu" AUID="ubuntu"
       type=DAEMON_END msg=audit(1706070938.836:9484): op=terminate auid=0 pid=1 res=successAUID="root"
       type=DAEMON_START msg=audit(1706070938.907:6443): op=start ver=3.0.7 format=enriched kernel=6.2.0-1017-aws auid=4294967295 pid=4563 uid=0 ses=4294967295 subj=unconfined  res=successAUID="unset" UID="root"
       type=SYSCALL msg=audit(1706070938.903:64): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcdcb144c0 a2=3c a3=0 items=0 ppid=4561 pid=4563 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
       type=PROCTITLE msg=audit(1706070938.903:64): proctitle="/sbin/auditd"
       type=CONFIG_CHANGE msg=audit(1706070938.931:65): op=set audit_backlog_limit=8192 old=8192 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
       type=SYSCALL msg=audit(1706070938.931:65): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde592cac0 a2=3c a3=0 items=0 ppid=4566 pid=4576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
       type=PROCTITLE msg=audit(1706070938.931:65): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
       type=CONFIG_CHANGE msg=audit(1706070938.931:66): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
       type=SYSCALL msg=audit(1706070938.931:66): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde592cac0 a2=3c a3=0 items=0 ppid=4566 pid=4576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
       type=PROCTITLE msg=audit(1706070938.931:66): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
       type=CONFIG_CHANGE msg=audit(1706070938.931:67): op=set audit_backlog_wait_time=60000 old=60000 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
       type=SYSCALL msg=audit(1706070938.931:67): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffde592cac0 a2=3c a3=0 items=0 ppid=4566 pid=4576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
       type=PROCTITLE msg=audit(1706070938.931:67): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
       type=SERVICE_START msg=audit(1706070938.931:68): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
       type=USER_END msg=audit(1706070938.931:69): pid=4554 uid=1000 auid=1000 ses=11 subj=unconfined msg='op=PAM:session_close grantors=pam_limits,pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="ubuntu" AUID="ubuntu"
       type=CRED_DISP msg=audit(1706070938.931:70): pid=4554 uid=1000 auid=1000 ses=11 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="ubuntu" AUID="ubuntu"
       type=BPF msg=audit(1706070945.811:71): prog-id=95 op=LOAD
       type=BPF msg=audit(1706070945.811:72): prog-id=96 op=LOAD
       type=BPF msg=audit(1706070945.811:73): prog-id=97 op=LOAD
       type=SERVICE_START msg=audit(1706070945.915:74): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
       type=SERVICE_STOP msg=audit(1706070988.019:75): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
       type=BPF msg=audit(1706070988.035:76): prog-id=97 op=UNLOAD
       type=BPF msg=audit(1706070988.035:77): prog-id=96 op=UNLOAD
       type=BPF msg=audit(1706070988.035:78): prog-id=95 op=UNLOAD

(1-1/1)

プロジェクト

全般

プロフィール

Job Arranger for Zabbix

操作問い合わせ #3716 » audit.log