Re: google authenticator doesnt work under staff_t confinement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Lukas,

i ran this 'ausearch -m ALL -ts 12:05:00 -te 12:18:00ausearch -m ALL -ts 12:05:00 -te 12:18:00' as  the above didnt provide any info related to the issue. the results are below(truncated). I'll also attach results of the ' ausearch -m AVC,USER_AVC -ts today' command. Thanks again for your assistance on this matter

Best Regards,
Sindano.
----
time->Fri Dec 15 12:05:09 2017
type=SERVICE_START msg=audit(1513332309.765:66831): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
----
time->Fri Dec 15 12:05:09 2017
type=PROCTITLE msg=audit(1513332309.528:66826): proctitle=7375646F002D69
type=PATH msg=audit(1513332309.528:66826): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332309.528:66826): item=0 name="/usr/bin/sudo" inode=7214676 dev=00:29 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332309.528:66826): cwd="/home/chira"
type=EXECVE msg=audit(1513332309.528:66826): argc=2 a0="sudo" a1="-i"
type=BPRM_FCAPS msg=audit(1513332309.528:66826): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 old_pa=0000000000000000 pp=0000003fffffffff pi=0000000000000000 pe=0000003fffffffff pa=0000000000000000
type=SYSCALL msg=audit(1513332309.528:66826): arch=c000003e syscall=59 success=yes exit=0 a0=55e88650f270 a1=55e886537a80 a2=55e88650a860 a3=8 items=2 ppid=6695 pid=7516 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:09 2017
type=PROCTITLE msg=audit(1513332309.574:66827): proctitle=7375646F002D69
type=PATH msg=audit(1513332309.574:66827): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332309.574:66827): cwd="/home/chira"
type=SYSCALL msg=audit(1513332309.574:66827): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55bb74a7e3c0 a2=0 a3=0 items=1 ppid=6695 pid=7516 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:09 2017
type=PROCTITLE msg=audit(1513332309.577:66828): proctitle=7375646F002D69
type=PATH msg=audit(1513332309.577:66828): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332309.577:66828): cwd="/home/chira"
type=SYSCALL msg=audit(1513332309.577:66828): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55bb74a7e3c0 a2=0 a3=0 items=1 ppid=6695 pid=7516 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:09 2017
type=PROCTITLE msg=audit(1513332309.593:66829): proctitle="(fprintd)"
type=SYSCALL msg=audit(1513332309.593:66829): arch=c000003e syscall=272 success=yes exit=0 a0=40000000 a1=7ffd173e7bb0 a2=ffffffffffffff38 a3=0 items=0 ppid=1 pid=7517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(fprintd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key="container-config"
----
time->Fri Dec 15 12:05:09 2017
type=PROCTITLE msg=audit(1513332309.691:66830): proctitle="(fprintd)"
type=SYSCALL msg=audit(1513332309.691:66830): arch=c000003e syscall=272 success=yes exit=0 a0=20000 a1=7ffd173e7578 a2=9 a3=0 items=0 ppid=1 pid=7517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(fprintd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key="container-config"
----
time->Fri Dec 15 12:05:09 2017
type=PROCTITLE msg=audit(1513332309.779:66832): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332309.779:66832): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332309.779:66832): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332309.779:66832): cwd="/home/chira"
type=EXECVE msg=audit(1513332309.779:66832): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332309.779:66832): arch=c000003e syscall=59 success=yes exit=0 a0=7f3d3a101b4a a1=7fffa5f88d30 a2=7f3d3a309060 a3=7f3d48dae2f0 items=2 ppid=7516 pid=7519 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:28 2017
type=USER_AUTH msg=audit(1513332328.960:66834): pid=7516 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:05:28 2017
type=PROCTITLE msg=audit(1513332328.922:66833): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332328.922:66833): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332328.922:66833): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332328.922:66833): cwd="/home/chira"
type=EXECVE msg=audit(1513332328.922:66833): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332328.922:66833): arch=c000003e syscall=59 success=yes exit=0 a0=7f3d3a101b4a a1=7fffa5f88cf0 a2=7f3d3a309060 a3=7f3d48dae2f0 items=2 ppid=7516 pid=7520 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:32 2017
type=USER_AUTH msg=audit(1513332332.823:66839): pid=7516 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:05:30 2017
type=PROCTITLE msg=audit(1513332330.776:66835): proctitle=7375646F002D69
type=PATH msg=audit(1513332330.776:66835): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332330.776:66835): cwd="/home/chira"
type=SYSCALL msg=audit(1513332330.776:66835): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55bb74aa24e0 a2=0 a3=0 items=1 ppid=6695 pid=7516 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:30 2017
type=PROCTITLE msg=audit(1513332330.777:66836): proctitle=7375646F002D69
type=PATH msg=audit(1513332330.777:66836): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332330.777:66836): cwd="/home/chira"
type=SYSCALL msg=audit(1513332330.777:66836): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55bb74aa24e0 a2=0 a3=0 items=1 ppid=6695 pid=7516 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:30 2017
type=PROCTITLE msg=audit(1513332330.792:66837): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332330.792:66837): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332330.792:66837): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332330.792:66837): cwd="/home/chira"
type=EXECVE msg=audit(1513332330.792:66837): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332330.792:66837): arch=c000003e syscall=59 success=yes exit=0 a0=7f3d3a101b4a a1=7fffa5f88d30 a2=7f3d3a309060 a3=7f3d48dae2f0 items=2 ppid=7516 pid=7521 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:32 2017
type=PROCTITLE msg=audit(1513332332.788:66838): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332332.788:66838): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332332.788:66838): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332332.788:66838): cwd="/home/chira"
type=EXECVE msg=audit(1513332332.788:66838): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332332.788:66838): arch=c000003e syscall=59 success=yes exit=0 a0=7f3d3a101b4a a1=7fffa5f88cf0 a2=7f3d3a309060 a3=7f3d48dae2f0 items=2 ppid=7516 pid=7522 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:36 2017
type=USER_AUTH msg=audit(1513332336.658:66844): pid=7516 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:05:34 2017
type=PROCTITLE msg=audit(1513332334.857:66841): proctitle=7375646F002D69
type=PATH msg=audit(1513332334.857:66841): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332334.857:66841): cwd="/home/chira"
type=SYSCALL msg=audit(1513332334.857:66841): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55bb74aa98d0 a2=0 a3=0 items=1 ppid=6695 pid=7516 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:34 2017
type=PROCTITLE msg=audit(1513332334.875:66842): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332334.875:66842): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332334.875:66842): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332334.875:66842): cwd="/home/chira"
type=EXECVE msg=audit(1513332334.875:66842): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332334.875:66842): arch=c000003e syscall=59 success=yes exit=0 a0=7f3d3a101b4a a1=7fffa5f88d30 a2=7f3d3a309060 a3=7f3d48dae2f0 items=2 ppid=7516 pid=7523 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:38 2017
type=USER_CMD msg=audit(1513332338.238:66845): pid=7516 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='cwd="/home/chira" cmd="/bin/bash" terminal=pts/3 res=failed'
----
time->Fri Dec 15 12:05:34 2017
type=PROCTITLE msg=audit(1513332334.855:66840): proctitle=7375646F002D69
type=PATH msg=audit(1513332334.855:66840): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332334.855:66840): cwd="/home/chira"
type=SYSCALL msg=audit(1513332334.855:66840): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55bb74aa98d0 a2=0 a3=0 items=1 ppid=6695 pid=7516 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:40 2017
type=SERVICE_STOP msg=audit(1513332340.458:66846): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
----
time->Fri Dec 15 12:05:36 2017
type=PROCTITLE msg=audit(1513332336.626:66843): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332336.626:66843): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332336.626:66843): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332336.626:66843): cwd="/home/chira"
type=EXECVE msg=audit(1513332336.626:66843): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332336.626:66843): arch=c000003e syscall=59 success=yes exit=0 a0=7f3d3a101b4a a1=7fffa5f88cf0 a2=7f3d3a309060 a3=7f3d48dae2f0 items=2 ppid=7516 pid=7524 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:45 2017
type=SERVICE_START msg=audit(1513332345.279:66852): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
----
time->Fri Dec 15 12:05:47 2017
type=USER_AUTH msg=audit(1513332347.617:66855): pid=7533 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:05:45 2017
type=PROCTITLE msg=audit(1513332345.058:66847): proctitle=7375646F002D69
type=PATH msg=audit(1513332345.058:66847): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332345.058:66847): item=0 name="/usr/bin/sudo" inode=7214676 dev=00:29 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332345.058:66847): cwd="/home/chira"
type=EXECVE msg=audit(1513332345.058:66847): argc=2 a0="sudo" a1="-i"
type=BPRM_FCAPS msg=audit(1513332345.058:66847): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 old_pa=0000000000000000 pp=0000003fffffffff pi=0000000000000000 pe=0000003fffffffff pa=0000000000000000
type=SYSCALL msg=audit(1513332345.058:66847): arch=c000003e syscall=59 success=yes exit=0 a0=55e8865367e0 a1=55e886536dd0 a2=55e88650a860 a3=8 items=2 ppid=6695 pid=7533 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:45 2017
type=PROCTITLE msg=audit(1513332345.100:66848): proctitle=7375646F002D69
type=PATH msg=audit(1513332345.100:66848): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332345.100:66848): cwd="/home/chira"
type=SYSCALL msg=audit(1513332345.100:66848): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55c8306653c0 a2=0 a3=0 items=1 ppid=6695 pid=7533 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:45 2017
type=PROCTITLE msg=audit(1513332345.103:66849): proctitle=7375646F002D69
type=PATH msg=audit(1513332345.103:66849): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332345.103:66849): cwd="/home/chira"
type=SYSCALL msg=audit(1513332345.103:66849): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55c8306653c0 a2=0 a3=0 items=1 ppid=6695 pid=7533 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:45 2017
type=PROCTITLE msg=audit(1513332345.119:66850): proctitle="(fprintd)"
type=SYSCALL msg=audit(1513332345.119:66850): arch=c000003e syscall=272 success=yes exit=0 a0=40000000 a1=7ffd173e7bb0 a2=ffffffffffffff38 a3=0 items=0 ppid=1 pid=7534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(fprintd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key="container-config"
----
time->Fri Dec 15 12:05:45 2017
type=PROCTITLE msg=audit(1513332345.213:66851): proctitle="(fprintd)"
type=SYSCALL msg=audit(1513332345.213:66851): arch=c000003e syscall=272 success=yes exit=0 a0=20000 a1=7ffd173e7578 a2=9 a3=0 items=0 ppid=1 pid=7534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(fprintd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key="container-config"
----
time->Fri Dec 15 12:05:45 2017
type=PROCTITLE msg=audit(1513332345.298:66853): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332345.298:66853): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332345.298:66853): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332345.298:66853): cwd="/home/chira"
type=EXECVE msg=audit(1513332345.298:66853): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332345.298:66853): arch=c000003e syscall=59 success=yes exit=0 a0=7f702e269b4a a1=7ffcbcd528e0 a2=7f702e471060 a3=7f703cf162f0 items=2 ppid=7533 pid=7536 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:47 2017
type=PROCTITLE msg=audit(1513332347.578:66854): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332347.578:66854): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332347.578:66854): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332347.578:66854): cwd="/home/chira"
type=EXECVE msg=audit(1513332347.578:66854): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332347.578:66854): arch=c000003e syscall=59 success=yes exit=0 a0=7f702e269b4a a1=7ffcbcd528a0 a2=7f702e471060 a3=7f703cf162f0 items=2 ppid=7533 pid=7537 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:51 2017
type=USER_AUTH msg=audit(1513332351.811:66860): pid=7533 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:05:49 2017
type=PROCTITLE msg=audit(1513332349.043:66857): proctitle=7375646F002D69
type=PATH msg=audit(1513332349.043:66857): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332349.043:66857): cwd="/home/chira"
type=SYSCALL msg=audit(1513332349.043:66857): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55c8306894e0 a2=0 a3=0 items=1 ppid=6695 pid=7533 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:49 2017
type=PROCTITLE msg=audit(1513332349.059:66858): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332349.059:66858): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332349.059:66858): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332349.059:66858): cwd="/home/chira"
type=EXECVE msg=audit(1513332349.059:66858): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332349.059:66858): arch=c000003e syscall=59 success=yes exit=0 a0=7f702e269b4a a1=7ffcbcd528e0 a2=7f702e471060 a3=7f703cf162f0 items=2 ppid=7533 pid=7538 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:51 2017
type=PROCTITLE msg=audit(1513332351.778:66859): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332351.778:66859): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332351.778:66859): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332351.778:66859): cwd="/home/chira"
type=EXECVE msg=audit(1513332351.778:66859): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332351.778:66859): arch=c000003e syscall=59 success=yes exit=0 a0=7f702e269b4a a1=7ffcbcd528a0 a2=7f702e471060 a3=7f703cf162f0 items=2 ppid=7533 pid=7539 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:49 2017
type=PROCTITLE msg=audit(1513332349.042:66856): proctitle=7375646F002D69
type=PATH msg=audit(1513332349.042:66856): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332349.042:66856): cwd="/home/chira"
type=SYSCALL msg=audit(1513332349.042:66856): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55c8306894e0 a2=0 a3=0 items=1 ppid=6695 pid=7533 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:55 2017
type=USER_AUTH msg=audit(1513332355.583:66865): pid=7533 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:05:54 2017
type=PROCTITLE msg=audit(1513332354.122:66862): proctitle=7375646F002D69
type=PATH msg=audit(1513332354.122:66862): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332354.122:66862): cwd="/home/chira"
type=SYSCALL msg=audit(1513332354.122:66862): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55c8306908d0 a2=0 a3=0 items=1 ppid=6695 pid=7533 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:54 2017
type=PROCTITLE msg=audit(1513332354.138:66863): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332354.138:66863): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332354.138:66863): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332354.138:66863): cwd="/home/chira"
type=EXECVE msg=audit(1513332354.138:66863): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332354.138:66863): arch=c000003e syscall=59 success=yes exit=0 a0=7f702e269b4a a1=7ffcbcd528e0 a2=7f702e471060 a3=7f703cf162f0 items=2 ppid=7533 pid=7540 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:05:54 2017
type=PROCTITLE msg=audit(1513332354.119:66861): proctitle=7375646F002D69
type=PATH msg=audit(1513332354.119:66861): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332354.119:66861): cwd="/home/chira"
type=SYSCALL msg=audit(1513332354.119:66861): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55c8306908d0 a2=0 a3=0 items=1 ppid=6695 pid=7533 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:05:57 2017
type=USER_CMD msg=audit(1513332357.910:66866): pid=7533 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='cwd="/home/chira" cmd="/bin/bash" terminal=pts/3 res=failed'
----
time->Fri Dec 15 12:05:55 2017
type=PROCTITLE msg=audit(1513332355.546:66864): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332355.546:66864): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332355.546:66864): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332355.546:66864): cwd="/home/chira"
type=EXECVE msg=audit(1513332355.546:66864): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332355.546:66864): arch=c000003e syscall=59 success=yes exit=0 a0=7f702e269b4a a1=7ffcbcd528a0 a2=7f702e471060 a3=7f703cf162f0 items=2 ppid=7533 pid=7541 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:03 2017
type=PROCTITLE msg=audit(1513332363.929:66867): proctitle=7375646F002D69
type=PATH msg=audit(1513332363.929:66867): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332363.929:66867): item=0 name="/usr/bin/sudo" inode=7214676 dev=00:29 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332363.929:66867): cwd="/home/chira"
type=EXECVE msg=audit(1513332363.929:66867): argc=2 a0="sudo" a1="-i"
type=BPRM_FCAPS msg=audit(1513332363.929:66867): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 old_pa=0000000000000000 pp=0000003fffffffff pi=0000000000000000 pe=0000003fffffffff pa=0000000000000000
type=SYSCALL msg=audit(1513332363.929:66867): arch=c000003e syscall=59 success=yes exit=0 a0=55e88654de60 a1=55e886553560 a2=55e88650a860 a3=8 items=2 ppid=6695 pid=7548 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:03 2017
type=PROCTITLE msg=audit(1513332363.969:66868): proctitle=7375646F002D69
type=PATH msg=audit(1513332363.969:66868): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332363.969:66868): cwd="/home/chira"
type=SYSCALL msg=audit(1513332363.969:66868): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=5597ac2a03c0 a2=0 a3=0 items=1 ppid=6695 pid=7548 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:03 2017
type=PROCTITLE msg=audit(1513332363.971:66869): proctitle=7375646F002D69
type=PATH msg=audit(1513332363.971:66869): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332363.971:66869): cwd="/home/chira"
type=SYSCALL msg=audit(1513332363.971:66869): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=5597ac2a03c0 a2=0 a3=0 items=1 ppid=6695 pid=7548 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:03 2017
type=PROCTITLE msg=audit(1513332363.984:66870): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332363.984:66870): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332363.984:66870): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332363.984:66870): cwd="/home/chira"
type=EXECVE msg=audit(1513332363.984:66870): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332363.984:66870): arch=c000003e syscall=59 success=yes exit=0 a0=7f367e481b4a a1=7fff18967320 a2=7f367e689060 a3=7f368d12e2f0 items=2 ppid=7548 pid=7549 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:06 2017
type=USER_AUTH msg=audit(1513332366.402:66872): pid=7548 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:06:06 2017
type=PROCTITLE msg=audit(1513332366.366:66871): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332366.366:66871): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332366.366:66871): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332366.366:66871): cwd="/home/chira"
type=EXECVE msg=audit(1513332366.366:66871): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332366.366:66871): arch=c000003e syscall=59 success=yes exit=0 a0=7f367e481b4a a1=7fff189672e0 a2=7f367e689060 a3=7f368d12e2f0 items=2 ppid=7548 pid=7550 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:10 2017
type=USER_AUTH msg=audit(1513332370.085:66877): pid=7548 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:06:08 2017
type=PROCTITLE msg=audit(1513332368.298:66873): proctitle=7375646F002D69
type=PATH msg=audit(1513332368.298:66873): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332368.298:66873): cwd="/home/chira"
type=SYSCALL msg=audit(1513332368.298:66873): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=5597ac2c44e0 a2=0 a3=0 items=1 ppid=6695 pid=7548 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:08 2017
type=PROCTITLE msg=audit(1513332368.299:66874): proctitle=7375646F002D69
type=PATH msg=audit(1513332368.299:66874): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332368.299:66874): cwd="/home/chira"
type=SYSCALL msg=audit(1513332368.299:66874): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=5597ac2c44e0 a2=0 a3=0 items=1 ppid=6695 pid=7548 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:08 2017
type=PROCTITLE msg=audit(1513332368.316:66875): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332368.316:66875): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332368.316:66875): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332368.316:66875): cwd="/home/chira"
type=EXECVE msg=audit(1513332368.316:66875): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332368.316:66875): arch=c000003e syscall=59 success=yes exit=0 a0=7f367e481b4a a1=7fff18967320 a2=7f367e689060 a3=7f368d12e2f0 items=2 ppid=7548 pid=7551 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:10 2017
type=PROCTITLE msg=audit(1513332370.049:66876): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332370.049:66876): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332370.049:66876): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332370.049:66876): cwd="/home/chira"
type=EXECVE msg=audit(1513332370.049:66876): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332370.049:66876): arch=c000003e syscall=59 success=yes exit=0 a0=7f367e481b4a a1=7fff189672e0 a2=7f367e689060 a3=7f368d12e2f0 items=2 ppid=7548 pid=7552 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:13 2017
type=USER_AUTH msg=audit(1513332373.589:66882): pid=7548 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:06:12 2017
type=PROCTITLE msg=audit(1513332372.335:66879): proctitle=7375646F002D69
type=PATH msg=audit(1513332372.335:66879): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332372.335:66879): cwd="/home/chira"
type=SYSCALL msg=audit(1513332372.335:66879): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=5597ac2cb6b0 a2=0 a3=0 items=1 ppid=6695 pid=7548 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:12 2017
type=PROCTITLE msg=audit(1513332372.349:66880): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332372.349:66880): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332372.349:66880): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332372.349:66880): cwd="/home/chira"
type=EXECVE msg=audit(1513332372.349:66880): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332372.349:66880): arch=c000003e syscall=59 success=yes exit=0 a0=7f367e481b4a a1=7fff18967320 a2=7f367e689060 a3=7f368d12e2f0 items=2 ppid=7548 pid=7553 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:15 2017
type=SERVICE_STOP msg=audit(1513332375.461:66883): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
----
time->Fri Dec 15 12:06:12 2017
type=PROCTITLE msg=audit(1513332372.332:66878): proctitle=7375646F002D69
type=PATH msg=audit(1513332372.332:66878): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332372.332:66878): cwd="/home/chira"
type=SYSCALL msg=audit(1513332372.332:66878): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=5597ac2cb6b0 a2=0 a3=0 items=1 ppid=6695 pid=7548 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:15 2017
type=USER_CMD msg=audit(1513332375.720:66884): pid=7548 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='cwd="/home/chira" cmd="/bin/bash" terminal=pts/3 res=failed'
----
time->Fri Dec 15 12:06:13 2017
type=PROCTITLE msg=audit(1513332373.557:66881): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332373.557:66881): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332373.557:66881): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332373.557:66881): cwd="/home/chira"
type=EXECVE msg=audit(1513332373.557:66881): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332373.557:66881): arch=c000003e syscall=59 success=yes exit=0 a0=7f367e481b4a a1=7fff189672e0 a2=7f367e689060 a3=7f368d12e2f0 items=2 ppid=7548 pid=7554 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:17 2017
type=SERVICE_START msg=audit(1513332377.262:66890): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
----
time->Fri Dec 15 12:06:18 2017
type=USER_AUTH msg=audit(1513332378.818:66893): pid=7563 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:06:17 2017
type=PROCTITLE msg=audit(1513332377.044:66885): proctitle=7375646F002D69
type=PATH msg=audit(1513332377.044:66885): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332377.044:66885): item=0 name="/usr/bin/sudo" inode=7214676 dev=00:29 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332377.044:66885): cwd="/home/chira"
type=EXECVE msg=audit(1513332377.044:66885): argc=2 a0="sudo" a1="-i"
type=BPRM_FCAPS msg=audit(1513332377.044:66885): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 old_pa=0000000000000000 pp=0000003fffffffff pi=0000000000000000 pe=0000003fffffffff pa=0000000000000000
type=SYSCALL msg=audit(1513332377.044:66885): arch=c000003e syscall=59 success=yes exit=0 a0=55e886538c70 a1=55e886537a80 a2=55e88650a860 a3=8 items=2 ppid=6695 pid=7563 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:17 2017
type=PROCTITLE msg=audit(1513332377.083:66886): proctitle=7375646F002D69
type=PATH msg=audit(1513332377.083:66886): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332377.083:66886): cwd="/home/chira"
type=SYSCALL msg=audit(1513332377.083:66886): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=565522cf73c0 a2=0 a3=0 items=1 ppid=6695 pid=7563 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:17 2017
type=PROCTITLE msg=audit(1513332377.085:66887): proctitle=7375646F002D69
type=PATH msg=audit(1513332377.085:66887): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332377.085:66887): cwd="/home/chira"
type=SYSCALL msg=audit(1513332377.085:66887): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=565522cf73c0 a2=0 a3=0 items=1 ppid=6695 pid=7563 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:17 2017
type=PROCTITLE msg=audit(1513332377.102:66888): proctitle="(fprintd)"
type=SYSCALL msg=audit(1513332377.102:66888): arch=c000003e syscall=272 success=yes exit=0 a0=40000000 a1=7ffd173e7bb0 a2=ffffffffffffff38 a3=0 items=0 ppid=1 pid=7564 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(fprintd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key="container-config"
----
time->Fri Dec 15 12:06:17 2017
type=PROCTITLE msg=audit(1513332377.194:66889): proctitle="(fprintd)"
type=SYSCALL msg=audit(1513332377.194:66889): arch=c000003e syscall=272 success=yes exit=0 a0=20000 a1=7ffd173e7578 a2=9 a3=0 items=0 ppid=1 pid=7564 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(fprintd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key="container-config"
----
time->Fri Dec 15 12:06:17 2017
type=PROCTITLE msg=audit(1513332377.279:66891): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332377.279:66891): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332377.279:66891): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332377.279:66891): cwd="/home/chira"
type=EXECVE msg=audit(1513332377.279:66891): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332377.279:66891): arch=c000003e syscall=59 success=yes exit=0 a0=7efc4a799b4a a1=7fff04e73970 a2=7efc4a9a1060 a3=7efc594462f0 items=2 ppid=7563 pid=7566 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:20 2017
type=PROCTITLE msg=audit(1513332380.973:66895): proctitle=7375646F002D69
type=PATH msg=audit(1513332380.973:66895): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332380.973:66895): cwd="/home/chira"
type=SYSCALL msg=audit(1513332380.973:66895): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=565522d1b4e0 a2=0 a3=0 items=1 ppid=6695 pid=7563 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:20 2017
type=PROCTITLE msg=audit(1513332380.989:66896): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332380.989:66896): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332380.989:66896): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332380.989:66896): cwd="/home/chira"
type=EXECVE msg=audit(1513332380.989:66896): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332380.989:66896): arch=c000003e syscall=59 success=yes exit=0 a0=7efc4a799b4a a1=7fff04e73970 a2=7efc4a9a1060 a3=7efc594462f0 items=2 ppid=7563 pid=7568 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:18 2017
type=PROCTITLE msg=audit(1513332378.785:66892): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332378.785:66892): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332378.785:66892): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332378.785:66892): cwd="/home/chira"
type=EXECVE msg=audit(1513332378.785:66892): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332378.785:66892): arch=c000003e syscall=59 success=yes exit=0 a0=7efc4a799b4a a1=7fff04e73930 a2=7efc4a9a1060 a3=7efc594462f0 items=2 ppid=7563 pid=7567 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:20 2017
type=PROCTITLE msg=audit(1513332380.970:66894): proctitle=7375646F002D69
type=PATH msg=audit(1513332380.970:66894): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332380.970:66894): cwd="/home/chira"
type=SYSCALL msg=audit(1513332380.970:66894): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=565522d1b4e0 a2=0 a3=0 items=1 ppid=6695 pid=7563 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:24 2017
type=USER_AUTH msg=audit(1513332384.337:66898): pid=7563 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:06:24 2017
type=PROCTITLE msg=audit(1513332384.303:66897): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332384.303:66897): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332384.303:66897): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332384.303:66897): cwd="/home/chira"
type=EXECVE msg=audit(1513332384.303:66897): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332384.303:66897): arch=c000003e syscall=59 success=yes exit=0 a0=7efc4a799b4a a1=7fff04e73930 a2=7efc4a9a1060 a3=7efc594462f0 items=2 ppid=7563 pid=7569 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:28 2017
type=USER_AUTH msg=audit(1513332388.292:66903): pid=7563 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:06:26 2017
type=PROCTITLE msg=audit(1513332386.569:66899): proctitle=7375646F002D69
type=PATH msg=audit(1513332386.569:66899): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332386.569:66899): cwd="/home/chira"
type=SYSCALL msg=audit(1513332386.569:66899): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=565522d228d0 a2=0 a3=0 items=1 ppid=6695 pid=7563 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:26 2017
type=PROCTITLE msg=audit(1513332386.570:66900): proctitle=7375646F002D69
type=PATH msg=audit(1513332386.570:66900): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332386.570:66900): cwd="/home/chira"
type=SYSCALL msg=audit(1513332386.570:66900): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=565522d228d0 a2=0 a3=0 items=1 ppid=6695 pid=7563 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:30 2017
type=USER_CMD msg=audit(1513332390.680:66904): pid=7563 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='cwd="/home/chira" cmd="/bin/bash" terminal=pts/3 res=failed'
----
time->Fri Dec 15 12:06:26 2017
type=PROCTITLE msg=audit(1513332386.586:66901): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332386.586:66901): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332386.586:66901): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332386.586:66901): cwd="/home/chira"
type=EXECVE msg=audit(1513332386.586:66901): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332386.586:66901): arch=c000003e syscall=59 success=yes exit=0 a0=7efc4a799b4a a1=7fff04e73970 a2=7efc4a9a1060 a3=7efc594462f0 items=2 ppid=7563 pid=7570 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:28 2017
type=PROCTITLE msg=audit(1513332388.258:66902): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332388.258:66902): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332388.258:66902): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332388.258:66902): cwd="/home/chira"
type=EXECVE msg=audit(1513332388.258:66902): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332388.258:66902): arch=c000003e syscall=59 success=yes exit=0 a0=7efc4a799b4a a1=7fff04e73930 a2=7efc4a9a1060 a3=7efc594462f0 items=2 ppid=7563 pid=7571 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:34 2017
type=USER_AUTH msg=audit(1513332394.742:66910): pid=7578 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=failed'
----
time->Fri Dec 15 12:06:32 2017
type=PROCTITLE msg=audit(1513332392.624:66905): proctitle=7375646F002D69
type=PATH msg=audit(1513332392.624:66905): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332392.624:66905): item=0 name="/usr/bin/sudo" inode=7214676 dev=00:29 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332392.624:66905): cwd="/home/chira"
type=EXECVE msg=audit(1513332392.624:66905): argc=2 a0="sudo" a1="-i"
type=BPRM_FCAPS msg=audit(1513332392.624:66905): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 old_pa=0000000000000000 pp=0000003fffffffff pi=0000000000000000 pe=0000003fffffffff pa=0000000000000000
type=SYSCALL msg=audit(1513332392.624:66905): arch=c000003e syscall=59 success=yes exit=0 a0=55e886539de0 a1=55e88653a210 a2=55e88650a860 a3=8 items=2 ppid=6695 pid=7578 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:32 2017
type=PROCTITLE msg=audit(1513332392.662:66906): proctitle=7375646F002D69
type=PATH msg=audit(1513332392.662:66906): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332392.662:66906): cwd="/home/chira"
type=SYSCALL msg=audit(1513332392.662:66906): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55754d1023c0 a2=0 a3=0 items=1 ppid=6695 pid=7578 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:32 2017
type=PROCTITLE msg=audit(1513332392.663:66907): proctitle=7375646F002D69
type=PATH msg=audit(1513332392.663:66907): item=0 name="/var/lib/google-authenticator/chira" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332392.663:66907): cwd="/home/chira"
type=SYSCALL msg=audit(1513332392.663:66907): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=55754d1023c0 a2=0 a3=0 items=1 ppid=6695 pid=7578 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="access"
----
time->Fri Dec 15 12:06:32 2017
type=PROCTITLE msg=audit(1513332392.676:66908): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1513332392.676:66908): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=7086541 dev=00:29 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513332392.676:66908): item=0 name="/usr/sbin/unix_chkpwd" inode=7115186 dev=00:29 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513332392.676:66908): cwd="/home/chira"
type=EXECVE msg=audit(1513332392.676:66908): argc=3 a0="/usr/sbin/unix_chkpwd" a1="chira" a2="nullok"
type=SYSCALL msg=audit(1513332392.676:66908): arch=c000003e syscall=59 success=yes exit=0 a0=7f20a1181b4a a1=7fff06090c70 a2=7f20a1389060 a3=7f20afe2e2f0 items=2 ppid=7578 pid=7579 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=staff_u:staff_r:chkpwd_t:s0-s0:c0.c1023 key="privileged"
----
time->Fri Dec 15 12:06:34 2017
type=PROCTITLE msg=audit(1513332394.709:66909): proctitle=2F7573722F7362696E2F756E69785F63686B707764006368697261006E756C6C6F6B
type=PATH msg=audit(1

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 ausearch -m AVC,USER_AVC -ts today
----
time->Fri Dec 15 01:27:22 2017
type=USER_AVC msg=audit(1513294042.955:390): pid=2554 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=3234 scontext=staff_u:staff_r:staff_gkeyringd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus permissive=0  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
time->Fri Dec 15 01:27:22 2017
type=PROCTITLE msg=audit(1513294042.650:385): proctitle=2F7573722F6C69622F73797374656D642F73797374656D64002D2D75736572
type=SYSCALL msg=audit(1513294042.650:385): arch=c000003e syscall=41 success=no exit=-13 a0=1 a1=80801 a2=0 a3=62645f6666617473 items=0 ppid=1 pid=3217 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=3 comm="systemd" exe="/usr/lib/systemd/systemd" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513294042.650:385): avc:  denied  { create } for  pid=3217 comm="systemd" scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0
----
time->Fri Dec 15 01:27:27 2017
type=PROCTITLE msg=audit(1513294047.185:444): proctitle=2F7573722F62696E2F70756C7365617564696F002D2D7374617274002D2D6C6F672D7461726765743D7379736C6F67
type=MMAP msg=audit(1513294047.185:444): fd=11 flags=0x1
type=SYSCALL msg=audit(1513294047.185:444): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=3000 a2=3 a3=1 items=0 ppid=3419 pid=3420 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=staff_u:staff_r:pulseaudio_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513294047.185:444): avc:  denied  { map } for  pid=3420 comm="pulseaudio" path="/home/chira/.config/pulse/46c27513f12e42fc815010aac1e1f3e8-stream-volumes.tdb" dev="dm-1" ino=308 scontext=staff_u:staff_r:pulseaudio_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:pulseaudio_home_t:s0 tclass=file permissive=0
----
time->Fri Dec 15 01:27:27 2017
type=PROCTITLE msg=audit(1513294047.198:445): proctitle=2F7573722F62696E2F70756C7365617564696F002D2D7374617274002D2D6C6F672D7461726765743D7379736C6F67
type=MMAP msg=audit(1513294047.198:445): fd=12 flags=0x1
type=SYSCALL msg=audit(1513294047.198:445): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=3000 a2=3 a3=1 items=0 ppid=3419 pid=3420 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=staff_u:staff_r:pulseaudio_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513294047.198:445): avc:  denied  { map } for  pid=3420 comm="pulseaudio" path="/home/chira/.config/pulse/46c27513f12e42fc815010aac1e1f3e8-card-database.tdb" dev="dm-1" ino=309 scontext=staff_u:staff_r:pulseaudio_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:pulseaudio_home_t:s0 tclass=file permissive=0
----
time->Fri Dec 15 01:27:27 2017
type=PROCTITLE msg=audit(1513294047.122:443): proctitle=2F7573722F62696E2F70756C7365617564696F002D2D7374617274002D2D6C6F672D7461726765743D7379736C6F67
type=MMAP msg=audit(1513294047.122:443): fd=10 flags=0x1
type=SYSCALL msg=audit(1513294047.122:443): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=3000 a2=3 a3=1 items=0 ppid=3419 pid=3420 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=staff_u:staff_r:pulseaudio_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513294047.122:443): avc:  denied  { map } for  pid=3420 comm="pulseaudio" path="/home/chira/.config/pulse/46c27513f12e42fc815010aac1e1f3e8-device-volumes.tdb" dev="dm-1" ino=307 scontext=staff_u:staff_r:pulseaudio_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:pulseaudio_home_t:s0 tclass=file permissive=0
----
time->Fri Dec 15 01:27:40 2017
type=PROCTITLE msg=audit(1513294060.848:517): proctitle="/usr/libexec/gsd-color"
type=MMAP msg=audit(1513294060.848:517): fd=17 flags=0x1
type=SYSCALL msg=audit(1513294060.848:517): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=73a3a6 a2=1 a3=1 items=0 ppid=3247 pid=3583 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty2 ses=2 comm="gsd-color" exe="/usr/libexec/gsd-color" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513294060.848:517): avc:  denied  { map } for  pid=3583 comm="gsd-color" path="/etc/udev/hwdb.bin" dev="dm-1" ino=7734170 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_hwdb_etc_t:s0 tclass=file permissive=0
----
time->Fri Dec 15 11:30:53 2017
type=USER_AVC msg=audit(1513330253.428:55465): pid=2554 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received policyload notice (seqno=2)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux